CHAPTER 11: SERVICE PROVIDERS
British requests are difficult to interpret. Some may be rejected because the data does
not exist, though the UK authorities will also suppress demand where they feel that it
will not be met. Companies will reject requests which they feel are illegal in their host
jurisdiction, or which they believe it would be unethical to meet, for example where the
interests of a third country might be adversely impacted. I was shown evidence from
a British agency that at one point in 2014 about 75% of the desired intelligence
coverage for a particular operation could not be obtained from service providers.
11.21. In their discussions with me, the US companies advocated the adoption of the Reform
Government Surveillance Principles,16 which they have been creating as part of the
Global Network Initiative, a multi-stakeholder group of companies, civil society
organisations investors and academics “working to protect and advance freedom of
expression and privacy in the information communications and technology sector”.17
11.22. The companies argue that the challenges articulated by the British government are
global problems and require a global solution. The Reform Government Surveillance
Principles are not directed specifically at the UK. Nevertheless aspects of current
British law and practice (most obviously, bulk collection) would not meet the principles.
11.23. The US companies emphasised to me that the UK is influential and should lead
internationally in this sphere. But its influence should be exerted at the intergovernmental level, not by unilateral acts such as the assertion of extraterritorial effect
or requiring the local storage of data (data localisation), which would carry security
risks, impose huge costs in terms of compliance, network architecture and engineering
and render the internet slower and less efficient.
11.24. The jurisdictional position is indeed complicated. Although many of the companies
concerned point to inhibitions in US law, which prevent automatic cooperation with
British government requests, some keep data relevant to UK customers in third
countries: for example Yahoo and Microsoft do so in Ireland. The companies point out
the pressure that they are under to ensure that their operations are human rightscompliant, for example through the United Nations Human Rights Council’s adoption,
with UK and US support, of the Ruggie principles.18 They expressed concerns that
unqualified cooperation with the British government would lead to expectations of
similar cooperation with authoritarian governments, which would not be in their
customers’, their own corporate or democratic governments’ interests.
11.25. Improvements to the MLAT process to obtain intercept and communications data are
strongly advocated by the US companies, who would prefer to see the problem
resolved by negotiations between governments: “We are under no illusions that it is
perfect. But it would be premature to rule it out as part of the solution.” They claimed
16
17
18
These can be found at https://www.reformgovernmentsurveillance.com/, and cover (1) limiting
governments’ authority to collect users’ information (including a statement that governments “should
not undertake bulk collection of internet communications”); (2) oversight and accountability; (3)
transparency about government demands; (4) respecting the free flow of information (e.g. by not
requiring infrastructure to be located locally); and (5) avoiding conflicts among governments (e.g. by
MLAT processes).
Global Network Initiative submission.
See the UN Office of the High Commissioner, “Guiding Principles on Business and Human Rights”,
2011, HR/PUB/11/04.
208