wordpress blog stats
Connect with us

Hi, what are you looking for?

US-UK Data Access Agreement, signed on Oct 3, is an executive agreement under CLOUD Act


Update (October 4, 10:25 am): The US and UK signed the world’s first executive agreement under the CLOUD Act on October 3. US Attorney General William Barr and UK Home Secretary Priti Patel signed the Data Access Agreement in Washington, DC, which will allow the two countries, in cases of serious crimes, to demand electronic data from tech companies based in the other country without legal barriers. We first reported on this yesterday (read the story below).

You’re reading it here first: As numerous people around the world suspected, the Data Access Agreement which will be signed between the US and the UK later this month is an executive agreement under the American CLOUD Act, a Justice Department official confirmed to MediaNama. This means that contrary to what was initially reported by The Times, social media companies such as WhatsApp will not be mandated to decrypt encrypted communication even if the British government orders them to do so. This will not have an impact on the WhatsApp traceability case in India.

Statement from Justice Department Official:

“For the past several years, the United States and the United Kingdom have been in negotiations to reach a cross-border electronic evidence access agreement. In March 2018, Congress passed the CLOUD Act, which authorizes the United States to enter into bilateral executive agreements with rights-respecting partners that lift each party’s legal barriers to the other party’s access to electronic data for criminal investigations. Such information is critical to investigations of serious crime by authorities around the world, ranging from terrorism and violent crime to sexual exploitation of children and cybercrime.

“The CLOUD Act does not require providers to decrypt data in response to law enforcement requests nor does it create any new authority for law enforcement to compel service providers to decrypt communications. The CLOUD Act also does not prevent service providers from assisting in such decryption, or prevent countries from addressing decryption requirements in their own domestic laws.”

What does this basically mean? It means that if two British residents are communicating with each other in the course of committing a crime, but the data is stored by a provider based in the US, a UK order, rather than a US warrant, can be used to obtain the evidence directly from the provider. Such an order doesn’t need to routed through the American government anymore.

Advertisement. Scroll to continue reading.

So can UK ask WhatsApp to decrypt communication? Theoretically, it could, BUT, the CLOUD Act is encryption-neutral, that is, it will depend on the British law in this case. So, the UK could apply the Investigatory Powers Act 2016 (Snooper’s Charter) and ask WhatsApp to decrypt data.

So The Times was right! Not entirely. There is plenty of ambiguity around what the Snooper’s Charter actually means by encrypted data. “IPA 2016 allows you to order decryption of encrypted data, but there is debate around whether such encrypted data includes end-to-end encrypted communications. This issue was brought up in the UK Parliament’s Joint Committee Report on the IPA Bill, but the final act had no clear protections for such platforms except for the requirement of taking into account the technical feasibility and costs,” explains Sangh Rakshita, an analyst at NLU Delhi’s Centre for Communication Governance. And WhatsApp could just refuse to comply with a British order!

What! WhatsApp can just refuse to comply with a British order? Yes. As per American laws, including the CLOUD Act, an American service provider does not have to comply with a foreign order. “While it is within the realm of possibility that the UK could order WhatsApp to decrypt communication by applying IPA, as IPA does not disclaim construction of back doors or measures that undermine encryption standards. Though how these events will unfold will have to be tracked on a case to case basis. Such a British order could be challenged by WhatsApp, or any other such company, in the European Court of Human Rights, where IPA has been challenged in the past,” explained Rakshita.

How is an agreement under CLOUD Act different from MLAT? CLOUD Act deals with information related to serious criminal investigations such as terrorism, violent crime, sexual exploitation of children and cybercrime. For all other data requests, and in the absence of such an agreement, MLAT (mutual legal assistance treaty) will still remain the way.

Will this have any bearing on the WhatsApp traceability case now? Honestly, no. If it weren’t an executive agreement under the CLOUD Act, then perhaps it could have, but there is no requirement for decryption under the CLOUD Act.

Then could India enter such an executive agreement with the US to get information from WhatsApp, etc.? It seems unlikely because as per the CLOUD Act, the Attorney General of the US has to certify to the Congress that the partner country “has in its laws, and implements in practice, robust substantive and procedural protections for privacy and civil liberties”. These include:

Advertisement. Scroll to continue reading.
  • adequate substantive and procedural laws on cybercrime and electronic evidence
  • clear legal mandates and procedures governing the collection, retention, use and sharing of electronic data
  • mechanisms for accountability and transparency regarding the collection and use of electronic data
  • a demonstrated commitment to the free flow of information and a global Internet

As India currently does not have a data protection or privacy law, and has opposed cross border data flow at G20, it doesn’t seem that India fits the necessary criteria.

This agreement will be signed by British Home Secretary Priti Patel later this month, as per The Times report. We had earlier reported on this and considered its impact on the WhatsApp traceability case in Madras High Court. There were a number of unanswered questions, most of which have been resolved now.

Update (October 4, 10:25 am): This story was updated with details about the signed agreement. Story was originally published on October 3, 2019 at 2:34 pm.

Written By

Send me tips at aditi@medianama.com. Email for Signal/WhatsApp.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ