UK Home Office

Playing catch-up in a connected world

Digital communication applications like WhatsApp and Snapchat, whilst brilliant at keeping people connected, have created a crime-fighting headache. Offenders are now more likely to communicate through these platforms than use traditional methods like texting or calls over telecoms’ networks.

Until recently, authorised UK law enforcers investigating crimes have not been able to directly request access to data from such platforms, specifically where they’re US companies bound by US laws. Typically, they’ve relied on slow, bureaucratic government-to-government mutual legal assistance processes.

This makes criminals – behind everything from drug smuggling and serious fraud, to people trafficking and terrorism – harder to track down and prosecute, because investigators can’t get the evidence they need.

We worked closely with the Home Office, alongside its US counterpart, in creating and implementing a new legal framework, pursuant to the US CLOUD Act. The framework enables cross-border access to data for the prevention, detection, investigation, and prosecution of serious crime: the UK-US Data Access Agreement (DAA).

Denying criminals safe spaces online

In 2018, the US passed new legislation, the CLOUD Act, that made it lawful for its telecoms service providers to directly respond to requests for data from another government, but only where there is a specific international agreement between the two countries. Robert Deedman, technology expert at PA, explained: “Our role was to work alongside the Home Office in shaping and negotiating the international agreement for how those exchanges should happen and to then bring it into force by dealing with the challenges of implementing it.”

Our design, change, and technology experts engaged and collaborated with multiple government departments and bodies to map out and build the new processes to make the deal work in practice.

The implications of operating the DAA touched many UK organisations, from the various warrant granting authorities to the Investigatory Powers Commissioner’s Office, and each of the many agencies who will use the DAA. Deedman said: “That’s why we brought the stakeholders in to be integral to the design process. Having them collectively agree new ways of working was essential. Each organisation jointly owned the required outcomes and committed to their role in its implementation. This was key to its success.”

In parallel to the operating model design, we helped develop the architecture that integrates secure technologies to verify requests and process the data for law enforcement. The technology had to work with both sides of the Atlantic to ensure that the data exchanges could be done in a safe and secure manner, while following the operating model that was being developed.

Creating safer societies

With the DAA in place, UK law enforcement now wait only days for data after having a request approved. Under the previous process it took an average of ten months, with some requests taking considerably longer.

In a joint ‘entry into force’ statement released by the UK and US governments, the parties noted: “The Data Access Agreement will allow information and evidence that is held by service providers within each of our nations and relates to the prevention, detection, investigation or prosecution of serious crime to be accessed more quickly than ever before. This will help, for example, our law enforcement agencies gain more effective access to the evidence they need to bring offenders to justice, including terrorists and child abuse offenders, thereby preventing further victimisation.”

Since coming into force, the UK has made over 10,000 DAA requests. The data obtained has already kept numerous children out of harm, taken significant quantities of drugs off the streets, and helped keep the UK safe from terrorism.