“Data is the new oil.” Or so say the pundits. If it is, then we are about to experience the first great international data transformation, much as oil transformed transportation.
Indeed, we are on the cusp of one of the most significant transitions in international governance since the fall of the Berlin Wall heralded the end of Communism. Perhaps that is an overstatement for dramatic effect, but if it is, the degree of excess is rather small.
Today, we face nothing less than the disruption of settled systems of nation state control that have been at the core of international law for nearly 400 years. Since the Peace of Westphalia, principles of international law have been governed by the idea of a nation state. And nations, in turn, have been defined by borders, by geography, and by the assertion of control (or, in legal terms, jurisdiction) within those boundaries.
The cyber network being developed and deployed globally is the very opposite of the bounded concept of a nation state. The logical layer of the network has no inherent borders, no settled geography, and no delimited areas of legal and jurisdictional control.
The bordered world and the borderless network collide across many dimensions. The dissonance between the two has implications for everything from the laws of armed conflict in time of war to the rules for the protection of intellectual property.
One of the most significant areas of law where the cross-currents collide lies in how data (or “oil” in this metaphor) gets collected and used. The keystone lies in the area of law enforcement and government access to data that may be evidence of a crime. Before the expansion of the network, criminal evidence was likely held domestically and subject to the law of the country where the crime is alleged to have occurred. Today, by contrast, digital evidence of criminality may be distributed in a cloud-based architecture and stored far from the shores of the nation where the crime took place.
To make the theoretical discussion more practical, consider a plausible case: Child pornography sold in America may be stored in Ireland on behalf of a Romanian national featuring children from Turkey. Whose law applies in this context and how do, say, law enforcement agencies gain access to the data that is at the heart of their case?
The answers to these questions are of critical importance to the structure of international governance. On one side we have national governments, and their law enforcement agencies, who have very real and substantial interests in the prosecution of crime. On the other side, we have other national governments with equally significant interests in the privacy and liberty interests of their citizens. And on a third side (or perhaps caught in the middle) we have transnational digital companies with interests, operations and employees across the globe, who face conflicting legal demands and their own economic imperative to provide their customers with the goods and services that the customers want – irrespective of legal demands by national governments.
In the United States, this three-sided debate will soon be coming to a head “ in the courts, in the legislature, and in public discourse. This past month saw two events that highlighted the challenge of resolving the issue and also the necessity of addressing these questions sooner rather than later.
First, was the government’s decision to seek Supreme Court review of a case involving Microsoft and data held overseas in Ireland. The government had argued that Microsoft, as an American company, was required by a warrant to bring data back to the U.S. from Ireland for law enforcement to take possession of. The Second Circuit court of appeals in New York disagreed and said that American law did not apply to data held in Ireland.
Now the government has raised the stakes. In its request for Supreme Court review, the U.S. argued that limiting the ability of the government to collect evidence was causing “immediate, grave, and ongoing harm to public safety, national security, and the enforcement of our laws.” If the Supreme Court reviews the case and rules for the government it will have wide-ranging effects on how tech companies store data.
The second major development last month was the growing engagement of tech companies from Silicon Valley in an effort to find a legislative solution. The Heritage Foundation hosted an event featuring a keynote address by Kent Walker, the Senior Vice President and General Counsel of Google. [Full disclosure: In his capacity as a Visiting Fellow at Heritage, the author served as moderator for the event.]
Walker took the opportunity to announce Google’s support for legislative and international solutions to the conundrum of global data based, broadly speaking, on two principles: First, data exchange should be readily permitted between countries that honor baseline principles of privacy, human rights, and due process when the crimes in question involve the citizens of a single country for events within its own borders. And, second, as to those countries the United States should agree to streamlined processes for the exchange of information with those qualifying foreign governments.
The substance of Walker’s intervention is generally sound. What is, perhaps, far more significant is that it reflects a newly invigorated commitment by Google to seeking a legislative solution. Google now joins other tech companies as an active campaigner for reform.
The combination of these two factors – the legal uncertainty of the Microsoft case and the economic incentives for reform animating tech companies – creates a unique moment in time when the ferment of ideas can, and should, be harnessed to offer new, constructive solutions.
Happily, some in Congress are starting to think in that direction. Senator Orin Hatch introduced a bipartisan proposal called the International Communications Privacy Act last year and he plans to reintroduce the bill again in this Congress. The Senate held a hearing on the issue in late May and the House had a hearing in June.
Taken together, these developments offer the hope of a constructive approach to the problem. There is a growing consensus that global digital data cannot be subject to a world-wide free-fire zone of access. At the same time, the trend toward tighter data controls that prohibit data flows is a barrier to effective law enforcement and derogates legitimate national interests.
As Kent Walker put it, it is time for governments across the globe (or at least like-minded members of the liberal Western democracies) to “up their game” and find a balanced, nuanced way of enabling global data flows while protecting civil liberties and privacy. The U.S. is poised to lead the way in resolving this tension. We need a new set of international rules regarding the collection, distribution, and use of the “new oil” and now is the time to start.
