Vivek Krishnamurthy “Cloudy with a Conflict of Laws”
As more and more of our lives are lived online, so too are those who live lives of crime. Like everyone else, criminals of all stripes are increasingly using online services of all kinds to plan and commit their wrongful acts. Evidence of crime that not so long ago was on-the-ground and physical is now increasingly in-the-cloud and digital. All this has thrown the law parcelling the authority to search and seize among different jurisdictions into confusion, as clouds of data — like those in the sky — are everywhere and nowhere at once. Unless some clarity is brought to this situation and soon, the future of cloud computing as a unified global phenomenon may be hazy indeed.
This paper describes how the fractal complexity of cloud computing’s physical geography has fractured the system of Mutual Legal Assistance Treaties (MLATs) that arose during the jet age to help shuttle evidence of crime across borders. It explains why the territorially-based MLAT system fundamentally doesn’t work with the physical, technological, and corporate structures that are used to deliver cloud-based services, and how the resulting problems threaten their continued global nature. It highlights the role played by US laws, companies, and government institutions in exacerbating these difficulties that, ironically, have now been visited on the US government itself in the Microsoft Ireland case. It then finally sketches some elements of a potential solution based on principled US leadership that recognizes the legitimate interests of other governments.
This paper is hardly the first to examine what’s wrong with the MLAT system or what should be done to fix it. Since the Microsoft Ireland case first started to make headlines nearly two years ago, there has been a flurry of writing on this issue from a range of perspectives. What I hope this paper will contribute is a fuller description of why the MLAT system and cloud computing as we know them are fundamentally irreconcilable, and what are the minimum requirements of an alternative regime that can prevent the splintering of these services along national geographic lines.
This paper has grown out of my participation first in a symposium on this issue hosted here at the Berkman Center for Internet & Society in June 2015, which was generously supported by the MacArthur Foundation and Microsoft Corporation, and then by my ongoing involvement in an ad-hoc Cross-Border Data Requests (CBDR) working group of US-based stakeholders that is devising solutions to the problems my paper discusses. My views on this topic are entirely my own and do not represent those of the Berkman Center, the participants in and sponsors of the June 2015 event, or my CBDR co-collaborators — all of whom I thank for informing and inspiring this work.