British police and intelligence agencies will be able to demand suspects’ social media data directly from American technology giants under a new agreement signed with the US government.
But campaigners said the treaty, which was implemented using a law known as the Cloud Act in the US, is part of a wider push against privacy.
The home secretary has also issued a direct appeal to Mark Zuckerberg appealing for him to halt plans to implement end-to-end encryption across its messaging services.
British law enforcement agencies currently request data from firms like Facebook and Google under “mutual legal assistance” (MLA) agreements with the US government.
The Home Office said that process takes between six months and two years on average, while the new agreement will reduce the time to days or weeks and speed up investigations.
Officials expect the change to affect dozens of cases a year, and say it would have sped up investigations into paedophiles including Matthew Falder, Darren Williams and Richard Huckle.
Priti Patel said: “Terrorists and paedophiles continue to exploit the internet to spread their messages of hate, plan attacks on our citizens and target the most vulnerable.
“This historic agreement will dramatically speed up investigations, allowing our law enforcement agencies to protect the public.”
Caroline Wilson Palow, general counsel for Privacy International, called the agreement a “step backward for privacy”.
She said time delays could have been solved by the US government investing in the staff needed to stop a backlog of requests, adding: “End-to-end encryption protects the communications of people across the world; from protestors in Hong Kong, to journalists in Colombia, to human rights defenders in Egypt.
“Encryption protects all of them. Either it is turned on for everyone, or broken for everyone.”
The National Police Chiefs’ Council said quick access to online communications was particularly “vital” in child sex abuse cases.
“Technological advances have given criminals easy ways to target and groom children,” said chief constable Simon Bailey, the lead for child protection.
“This evidence can help us secure prosecutions but more importantly, find victims and end their exploitation.”
The UK-US Bilateral Data Access Agreement was signed with US attorney general William Barr in Washington, where the home secretary met security partners.
The US will have reciprocal access to data from UK communication service providers, and the British government said it had obtained assurances meaning that the death penalty would not be used against any criminals convicted as a result.
- Read more
Mr Barr said: “Only by addressing the problem of timely access to electronic evidence of a crime committed in one country that is stored in another, can we hope to keep pace with twenty-first-century threats.
“This agreement will make the citizens of both countries safer, while at the same time assuring robust protections for privacy and civil liberties.”
Officials said data requests for the US must be “proportionate” and made in accordance with British laws including the Regulation of Investigatory Powers Act.
“Any request for data will be subject to independent oversight or review by a court, judge, magistrate or other independent authority,” a Home Office spokesperson said. “The agreement does not change anything about the way companies can use encryption and does not stop companies from encrypting data.”
It gives effect to the Crime (Overseas Production Orders) Act 2019 and the American Cloud Act, which allows similar agreements to be made with other nations with required privacy and legal protections.
Technology firms have previously said they want to help law enforcement agencies, but were constrained by American privacy and data laws.
- Read more
Separately, Ms Patel, Mr Barr, the acting US homeland security secretary and Australia’s ministers for home affairs wrote an open letter to Mark Zuckerberg opposing plans to encrypt messaging services.
It calls for a halt to the proposals unless the company can provide assurances that law enforcement will be able to “access content in exceptional circumstances in order to protect the public”.
The politicians argued that although many communication platforms, including WhatsApp, are already encrypted, Facebook’s plans would have a significant impact on efforts to tackle paedophiles and terrorists.
“Tech companies like Facebook have a responsibility to balance privacy with the safety of the public,” Ms Patel said. “So far nothing we have seen from Facebook reassures me that their plans for end-to-end encryption will not act as a barrier to the identification and pursuit of criminals operating on their platforms.”
The National Crime Agency (NCA) estimates that child sex abuse referrals from Facebook have led to more than 2,500 arrests in 2018 and almost 3,000 children safeguarded.
Rob Jones, its director of threat leadership, said the current end-to-end encryption proposals “could place key information about what their users say and do out of the reach of law enforcement investigations”.
The NSPCC said Facebook’s plans would send efforts to combat child abuse “back to the digital dark ages”.
The charity’s head of child safety online, Tony Stower, said: “It’s an absolute scandal that Facebook are actively choosing to provide offenders with a way to hide in the shadows on their platform, seamlessly able to target, groom and abuse children completely undetected.”
Facebook has not yet responded to The Independent‘s request for comment.