Washington, D.C. – House Judiciary Committee Chairman Bob Goodlatte (R-Va.) today delivered the following remarks during the House Judiciary Committee’s hearing on “Data Stored Abroad: Ensuring Lawful Access and Protecting Privacy in the Digital Era.”
Chairman Goodlatte: Today’s hearing will examine various issues related to digital data, including international conflicts of law, storage and transmission practices, governmental acquisition challenges, and protection of consumer information. This hearing brings together a diverse array of interests, including law enforcement, technology companies, the economy, and the importance of individual privacy and civil liberties throughout the world.
In the digital age, U.S. technology companies have flourished and provide services to customers across the globe. However, the rapid growth of international communications infrastructure has presented challenges as well as opportunities. For example, there is a growing tension between U.S. law and foreign law, often with U.S. technology companies at the center.
U.S. law restricts access to data by foreign countries, making it difficult, if not impossible in some instances, for foreign governments to obtain evidence of crimes or terror plots carried out by their own citizens. This has resulted in foreign governments enacting their own legislation to address the problem, including laws requiring U.S. companies, as a prerequisite for doing business, to comply with foreign government requests for data. Others are considering legislation that would require U.S. providers to locate servers in the foreign country to ensure foreign jurisdiction over the U.S. provider. This is sometimes referred to as “data localization.”
Moreover, certain foreign countries prohibit the removal of data from their boundaries. U.S. law, by contrast, makes no distinction between data stored domestically and data stored abroad, nor with regard to the nationality or location of the customer. The result of these conflicts is that U.S. technology companies find themselves having to comply with either U.S. law or foreign law, as it is often impossible to comply with both. This is an untenable situation.
The last time this committee considered these important issues was prior to the Second Circuit’s 2016 decision in Microsoft v. United States, where the court ruled that the Stored Communications Act “does not authorize courts to issue and enforce against U.S.-based service providers warrants for the seizure of customer e-mail content that is stored exclusively on foreign servers.” Microsoft had refused to comply with a search warrant for email content, on the basis that Microsoft stored the email data on a server in Ireland rather than in the United States.
In the wake of the Microsoft decision, other providers have refused to comply with warrants on the basis that some or all of the data pertaining to the subject of an investigation is stored on servers located outside of the United States. In the courts, however, five recently-issued opinions diverge from the Second Circuit’s ruling, concluding that data must be disclosed pursuant to lawful process, regardless of the location of the data being sought. It is clear that Congress must find a contemporary solution that embraces the modern manner in which data is stored and acquired internationally. A legislative fix to the Stored Communications Act is necessary to remedy the problem made clear by the Microsoft decision.
Furthermore, Congress should take additional steps to resolve the conflict of laws issues. Various options exist on this score. A formal, multilateral treaty could result in broadly raising international privacy standards to more closely match the United States’ rigorous probable cause standard, and would comport to the Founders’ insistence that broad international agreements affecting many parties require Senate consent and ratification.
Another option is bilateral agreements. The U.S. and the United Kingdom are currently engaged in negotiations on a bilateral agreement that would authorize the U.K. government to request data directly from U.S. companies in criminal and national security investigations not involving U.S. persons. To ensure clarity on this point – any international agreement that provides access by a foreign government to communications stored or flowing through the United States will NOT authorize that foreign government to wiretap or target U.S. persons or those located in the U.S. This restriction applies even to our closest ally in the U.K. Such an agreement could only be used to obtain evidence on non-U.S. persons located abroad.
The potential US-UK bilateral agreement may serve as a model for future agreements, relieve some of the international pressure on U.S. tech companies, and help to alleviate any conflicts of law relating to requests by the U.S. for data stored abroad by U.S. companies. In order for an international agreement of this kind to take effect, Congress must first change U.S. law to grant specific authority for U.S. companies to respond to direct requests by foreign authorities and prescribe the criteria that must be met by the foreign government.
These are not the only options available to Congress. In addition, there are legislative proposals that would attempt to resolve conflicts by basing the authority to obtain information on the nationality of the targeted individual. The Committee will continue to explore all of these aforementioned options.
Once again, the House Judiciary Committee finds itself at the forefront of a pressing issue that impacts personal privacy, national security and public safety, economic viability, and the rule of law. Members of this committee will continue to examine all options for a thoughtful and balanced resolution to this problem.
I appreciate our distinguished witnesses testifying today. I want to particularly thank one of our first witnesses, Mr. Paddy McGuinness, for agreeing to travel to our country during such a difficult period in the U.K., which has suffered multiple terrorist attacks in recent months. We greatly appreciate your presence and your vital perspective on the challenges with new forms of digital data storage and transmission.
Thank you to all our witnesses, and I look forward to your testimony.