By Devlin Barrett in Washington and Julian E. Barnes and Valentina Pop in Brussels
European counterterrorism officials say American laws and
corporate policies are hampering their efforts to prevent the next
attack, because legal procedures for getting international evidence
from U.S.-based social-media firms are dangerously outdated.
European police officials who face a lengthy process to get data
from companies such as Facebook, Twitter, YouTube and WhatsApp want
to make American technology firms more responsive to overseas
requests.
An online posting just days after the Paris attacks in November
made clear how acute those tensions are. In it, a suspected Islamic
State supporter boasted that a similar attack would occur the
following Sunday in Brussels, people familiar with the incident
said.
But when Belgian police sought to find out who was behind the
account, the unidentified U.S. firm in question decided it would
provide the subscriber data only if the company could notify the
suspect of the search and give him the contact information of the
police official involved.
Belgian officials resisted that demand, fearing it could
compromise the investigation and potentially endanger the police
official, according to officials familiar with the discussions. The
fight became tense enough that the U.S. Justice Department had to
weigh in. That led to what one official called "a long discussion"
that ultimately persuaded the company to give the Belgians the
information.
On Nov. 21, just over a week after the Paris killings, Belgium
raised its security alert to the highest level and warned of an
imminent threat, closing the subway system and schools and
canceling events. Belgian officials wouldn't say whether the online
posting influenced the four-day lockdown.
With domestic investigations, American companies are required to
cooperate with U.S. court orders to comply with such requests. But
in many cases, U.S. law expressly forbids companies to provide
intercepted communications to foreign police officials, unless it
is through a diplomatic review process. People on all sides agree
any significant change for European access would have to come by
changing U.S. law.
In the wake of the Paris and Brussels attacks, "people are
pretty quick to point to the intelligence failures between France
and Belgium, but in fact there's a very good chance there was
information they couldn't get, " said Terry Cunningham, president
of the International Association of Chiefs of Police, which has
pressed Congress on the issue. Other officials say leads in
European terror cases can languish for as much as a year.
Even when European police believe suspects are plotting a
terrorist attack on European soil, they can't get access to the
suspects' real-time Internet conversations on American-owned
social-media sites. Under U.S. law, authorities can't conduct a
legally valid intercept of communications if the suspected activity
doesn't involve American interests.
In other words, if a terror plot doesn't potentially threaten
Americans in some way, European officials can't get legal authority
to monitor the suspects' communications on an American social-media
site.
Many U.S. Internet companies agree there is a problem. But they
say their options are limited under current law.
A spokeswoman for Facebook, which also owns WhatsApp, said the
legal process for international evidence requests can be "slow and
cumbersome, " adding that the firm is "actively pushing the U.S.
and other governments for reforms."
Meanwhile, she said Facebook has "well-developed processes" for
responding to international law-enforcement requests, including
those that don't require a monthslong diplomatic review process.
Emergency requests get priority, she added, and the company is
often able to respond within hours or, if necessary, even
minutes.
"Our legal and safety teams worked around the clock to respond
to law-enforcement requests following the recent terrorist
attacks," she said.
A spokeswoman for Google, which owns YouTube, said it responds
to valid legal requests for user data from abroad "when they are
consistent with the laws of the requesting country and the U.S.,
our policies, and international norms," a position echoed by
Twitter.
Beyond U.S. legal restrictions, officials at social-media
companies say a number of factors can complicate such requests.
Some foreign requests may fall short of generally accepted legal
practices in the U.S., they say, and sometimes investigators are
just very unfamiliar with the proper department to contact at a
particular company.
But Belgian and other European officials say American Internet
companies could be doing more, such as providing basic customer
details in emergency situations.
European investigators say the difficulty in getting timely
information about suspects not only hampered European police in the
lead-up to the March Brussels attacks, but is also hindering the
current investigation of those attacks.
Koen Geens, Belgium's justice minister, said the problem needs
to be urgently addressed. "The level of cooperation strongly
differs from provider to provider, but generally it is largely
unsatisfactory and it endangers investigations and, by consequence,
people's security," he said.
Many complaints focus on a diplomatic tool called Mutual Legal
Assistance Treaties, or MLATs, which guide the exchange of evidence
in criminal matters between the U.S. and other countries, including
requests put to Internet companies. Because of legal and
bureaucratic steps, it can take nearly a year under an MLAT for a
European detective to obtain evidence.
By the time the search is approved, European officials said, the
critical information has often been deleted, because many U.S.
companies retain it for only a limited period. "It takes so long,
by the time it's approved there's no data left," said one Belgian
official.
American police agencies are engaged in their own struggle with
Silicon Valley over issues of privacy and security, but the
international dimension adds another layer of tension. As the
European complaints illustrate, technology and terrorism are
entirely international, adding to the challenges of officials
limited by borders.
The growing use of encryption, for example, increasingly means
that an in-country wiretap may be useless because the only
unencrypted version of a conversation between European suspects may
reside in a computer server on U.S. soil.
Some U.S. law-enforcement officials see merit in the European
complaints. But they also say Europe sends mixed signals when it
comes to privacy: On the one hand, European law-enforcement
officials demand firms provide quicker access to suspects'
information, and retain that data longer; on the other, European
civil rights authorities insist on concepts such as "the right to
be forgotten," which allows for some Internet data on individuals
to disappear if it is deemed an infringement on privacy.
European law-enforcement officials said they are sensitive to
accusations that they are blaming U.S. companies for their own
failures. But they said they had been pushing for policy changes
since well before the Paris and Brussels attacks.
Alejandro Mayorkas, U.S. deputy secretary of the homeland
security, said the MLAT system is under review. "The MLATs are
unworkable given the customary time frame -- sometimes months," he
said in an interview.
Even with a law change, though, specific agreements would likely
have to be negotiated with numerous countries. The Justice
Department recently struck a deal to speed up the process for one
country, the U.K., but that change still requires congressional
approval.
Meanwhile, European law-enforcement agencies' demands are
growing. Since 2000, according to the Justice Department, the MLAT
requests from foreign countries for electronic evidence has risen
10-fold.
--Matthias Verbergt in Stockholm and Anton Troianovski in Berlin
contributed to this article.
(END) Dow Jones Newswires
May 01, 2016 05:44 ET (09:44 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Apr 2024 to May 2024
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From May 2023 to May 2024