The views expressed by contributors are their own and not the view of The Hill

National security shouldn’t come at the cost of our privacy and liberty

by Patrick Forrest, opinion contributor - 07/22/17 10:00 AM ET

The inverse relationship between security and privacy is almost as immutable as the laws of physics. When one is enhanced, the other is often sacrificed. A strong democracy demands a steady balance between the two, where neither is sacrificed for the other. However, the U.S. government’s enforcement of outdated data security laws violates newly established global treaties and neglects this need for a fundamental balance between security and privacy.

Congressional action to pass the bipartisan International Communications Privacy Act would mark an important movement toward fixing the problem. Through mutual legal assistance treaties, countries are able to assist each other in combating crimes, like drug trafficking, while respecting each nation’s sovereignty and the privacy of each nation’s citizens. Each party’s respective investigative agencies are required to follow certain protocols protecting the delicate balance between information sharing and privacy.

{mosads}However, by using the antiquated Stored Communications Act, the U.S. Department of Justice has attempted to undermine its own mutual legal assistance treaties in order to acquire an American corporation’s email content located in a foreign nation through a domestic warrant. This action by the U.S. government degrades the framework essential for the balance between information sharing and privacy. Furthermore, this approach opens the U.S. government, and more importantly its citizens, up to retaliation as foreign nations utilize the same kinds of invasive actions and undermine U.S. citizens’ privacy.

In addition to the possible long-term damages to U.S. citizens, the government’s actions will also negatively impact businesses by dismantling the vital trust between foreign companies subject to U.S. law and the U.S. citizens who trust them with personal data. The National Association of Manufacturers Center for Legal Action argues that the information companies and individuals store with data services providers consists of the most confidential information about their business plans and personal lives.

The Justice Department’s actions would significantly threaten the ability of businesses, including manufacturers, to use cloud storage services confidently, which have become an essential tool of modern commerce. That means that U.S. businesses would lose out on the benefits of cloud computing, cheaper and more flexible data services, and enhanced security, while reduced equipment costs will not be realized. This will make companies less competitive, threaten economic growth and force the United States to lose foreign market share.

The International Communications Privacy Act is a modernization of data security laws that has received the support of the National Association of Manufacturers. The bill authorizes the use of search warrants for data collection in foreign nations only if the foreign nation at issue does not have an mutual legal assistance treaty in force with the United States, or if the foreign nation at issue does not object to disclosure. The ICPA addresses the important needs of law enforcement with privacy protection and international rule of law.

Respect for our international agreements will facilitate the flow of data across borders for investigative purposes, while making sure foreign nations are not acquiring U.S. citizens’ data unjustly. Furthermore, the International Communications Privacy Act will encourage the development of more mutual legal assistance treaties between the United States and foreign nations because it will enhance respect for these agreements while embedding the benefits of these agreements into U.S. law.

Congress needs to act on the issue of data security now, as the European Union moves to implement its General Data Protection Regulation by May 2018. This framework imposes new rules on organizations that offer services to people in the EU, or that analyze data in connection with people in the EU. The regulation will modernize and unify data security laws across all EU member nations, and it will impact how the EU cooperates on information sharing internationally. Meanwhile, the U.S. continues to fall behind on legislative solutions and the Justice Department persists in its attempts to undermine mutual legal assistance treaties in the court system.

In the Justice Department’s recent appeal of the U.S. Court of Appeals for the Second Circuit’s decision in Microsoft v. United States, the Justice Department is defending a domestic warrant issued under the Stored Communications Act ordering Microsoft to produce the contents of a customer’s email account stored in Ireland. Warrants are regularly used in the U.S. legal system to search private records; however, generally they have no application in foreign countries. The Second Circuit understood this foundational principle in the Stored Communications Act and held that U.S. warrants cannot be applied to information in a foreign country.

To hold otherwise would create a conflict in U.S. laws and require businesses to ignore more than 50 treaties negotiated by the United States related to foreign data acquisition. Now, the Supreme Court may hear the case, but this will not lead to needed legislation. Additionally, any decision by the Supreme Court will likely come far after other nations, particularly members of the European Union, have implemented their data security regulations, leaving the U.S. behind.

If the U.S. government wishes to preserve a crucial balance between information sharing and preserving individual liberty, it must support legislation that provides much-needed clarity regarding U.S. government access to digitally-stored data belonging to foreign nationals. Only congressional action will achieve the balance between the real and very important needs of law enforcement and securing individual privacy.