A better way to fight terror with tech

Tension between the tech community and U.S. law enforcement agencies over privacy versus security is on the rise. But it's time for everyone to step back and take some of the drama out of the debate. There is much that the tech community and law enforcement can agree on. They can agree that we need a smooth, efficient legal process in place to provide law enforcement with access to information it needs to do its job. They can agree on the value of protecting end user privacy. And, they can agree that, in the long run, the globalized nature of the network requires us to forge international agreements that facilitate these two outcomes across international borders.

Success in the endeavor is not optional. The essential goals of preventing terrorism, combatting crime and protecting individual privacy and rights are intrinsic to a functioning society, not merely pleasant extrinsic objectives that are "nice to have."

Former Homeland Security secretary and Chairman, Committee of Conscience, US Holocaust Memorial Museum, Michael Chertoff.
Mandel Ngan | AFP | Getty Images
Former Homeland Security secretary and Chairman, Committee of Conscience, US Holocaust Memorial Museum, Michael Chertoff.

Given the global economy, the necessity for international cooperation is palpable. After all, legislation that is focused exclusively on American companies will be ineffective in a globalized network. Worse yet, American-only legislation would put American companies at a competitive disadvantage to foreign competitors – without any commensurate security benefit.

FBI Director Jim Comey was, therefore, quite right when he recently said: "There's no doubt the international component of [the security discussion] has to be a feature of whatever set of solutions we come up with … we are having productive conversations internationally ..."

So what does that international cooperation look like? Here are two building blocks for the discussion:

First, we need to reform the way we exchange information across borders for law enforcement purposes. Today, much of that exchange happens through the Mutual Legal Assistance Treaty (or MLAT) process.

But the MLAT process is outdated. It hasn't kept pace with changing technology. Response times to formal requests for assistance are often measured in months, if not years, according to research from The Global Network Initiative. Likewise, the President's Review Group on Intelligence and Communications Technology reported that it takes 10 months on average for the U.S. to secure a response to its requests for evidence from foreign police partners. Today, the network operates at the speed of light – but our cross-border law enforcement assistance paradigm is firmly rooted in the age of the horse and buggy.

How to fix it? The answer is partly statutory and partly technical. Congress has begun to consider the matter of MLAT reform as part of a broader review of international data access issues. The LEADS Act, a bipartisan measure introduced in the Senate, is a useful step in proposing changes to the Mutual Legal Assistance Treaty (MLAT) process by providing greater accessibility, transparency, and accountability.

Meanwhile, the tech community can provide part of the answer. There are any number of process improvements that can automate the exchange of data and improve both the speed with which it happens and the auditability of the interchange. Technologists interested in advancing effective law enforcement while protecting privacy should consider making such systems a priority.

Second, we need international agreement on legal standards for data access. It won't help to speed the process if we don't agree on the substance of what can be requested and why. Today, the real challenge is that in the cyber domain nobody knows whose law applies. The cyber network has no real borders – but national jurisdiction and national law are premised on the existence of boundaries that define the scope of applicable authority. Given the uncertainty we need agreement on a set of meta-rules about how to decide which nation's laws take precedence.

An improved and functioning MLAT process combined with international agreement on the choice-of-law rules would incentivize nations to forego the exercise of unilateral evidentiary collection methods. It would also show that law enforcement and the tech community need not be at odds.

Will a streamlined MLAT process be truly global? Unlikely. Authoritarian countries like China present legal and diplomatic challenges – but at a minimum we can reduce, or eliminate, the conflict between Western democracies and the most vibrant economic sector that fuels their growth. Our governments and the tech community owe their fellow citizens nothing less.

Commentary by Michael Chertoff who served as secretary of homeland security from 2005 to 2009. He is currently co-founder and executive director of The Chertoff Group, a premier advisory firm focused exclusively on security and risk management. Follow @ChertoffGroup on Twitter.