Check-in and access this session from the IGF Schedule.

IGF 2022 WS #403 Cross-Border Data Sharing for Public Safety

    Time
    Thursday, 1st December, 2022 (10:50 UTC) - Thursday, 1st December, 2022 (12:20 UTC)
    Room
    CR6

    Organizer 1: Carolina Caeiro, Oxford Information Labs
    Organizer 2: Emily Taylor, Oxford Information Labs Limited
    Organizer 3: Georgia Osborn, Senior Research Analyst
    Organizer 4: Marjorie Buchser, Chatham House

    Speaker 1: Marjorie Buchser, Civil Society, Western European and Others Group (WEOG)
    Speaker 2: Bertrand de La Chapelle, Civil Society, Western European and Others Group (WEOG)
    Speaker 3: Theodore CHRISTAKIS, Civil Society, Western European and Others Group (WEOG)
    Speaker 4: Javier Pallero, Civil Society, Latin American and Caribbean Group (GRULAC)
    Speaker 5: Aisling Kelly, Private Sector, Western European and Others Group (WEOG)

    Moderator

    Emily Taylor, Technical Community, Western European and Others Group (WEOG)

    Online Moderator

    Carolina Caeiro, Private Sector, Latin American and Caribbean Group (GRULAC)

    Rapporteur

    Georgia Osborn, Private Sector, Western European and Others Group (WEOG)

    Format

    Round Table - U-shape - 90 Min

    Policy Question(s)

    What conditions and criteria are required to enhance trust in standards and approaches to cross-border data transfers and what mechanisms might facilitate trust and open dialogue between the different stakeholders involved? What are the points of convergence and divergence between the different stakeholders involved–including governments, national security and law enforcement agencies, private sector and civil society? What are strategies to incorporate a collaborative stakeholder approach and multi-stakeholder perspective on what have so far been intergovernmental discussions? How can future agreements on how to govern national security and law enforcement cross-border data sharing factor in transparency, proportionality and other relevant international human rights standards? What are inclusive principles for governing cross-border data flows for national security and law enforcement –such as transparency mechanisms and options for legal redress— and how can they be applied to existing regulatory frameworks?

    Connection with previous Messages:

    SDGs

    9.1
    17.6

    Targets: The proposal links to SDG 9.1 in that it seeks to foster a conversation about the governance of transborder infrastructure and data flows which are crucial for the operation of the Internet. The roundtable’s objectives also link to SDG 17.6 in that the activity seeks to explore avenues for international cooperation around cross-border sharing practices in relation to national security and law enforcement challenges that require special collaboration between nations and sectors to uphold peace and institutions.

    Description:

    Proposed Session Title. To share or not share: Cross-Border Data Sharing for National Security and Law Enforcement The session will explore cross border data sharing for national security and law enforcement purposes. The increasing digital nature of crime and national security threats have rendered cross-border data requests a growing, prominent part of global national security and law enforcement investigations across the world. While data requests from governments to the private sector have become increasingly more structured and regulated, existing frameworks do not adequately cover all aspects of cross-border data transfers and tensions still loom about implications for the integrity and the protection of citizens’ privacy. This roundtable will first explore the current status of affairs, including legal frameworks in place, the evolution of cross-border sharing practices since the Snowden revelations and most salient challenges to safeguarding privacy. Departing from that diagnosis, the roundtable will discuss multi-stakeholder perspectives on innovative approaches to build greater trust and transparency between the various stakeholders involved in cross-border data sharing in national security and law enforcement contexts –including governments, national security units, regulators, private sector and civil society– and the criteria under which governments should have access to personal data held by the private sector. The roundtable will take into account ongoing discussions in the OECD and across the Global South, as well as international standards, including human rights.

    Expected Outcomes

    The roundtable discussion will build into multiple, existing processes. OECD countries are holding intergovernmental discussions on the question of law enforcement and security-related cross-border data sharing, which include the drafting of seven principles by the OECD Committee on Digital Economic Policy (CDEP) and ongoing Track-1 process at the OECD on Government Access to Personal Data held by the Private Sector. Across the Global South, while intergovernmental debates are less advanced, cross-border data requests are common, leading to the development of local practices and frameworks which the roundtable will also seek to touch upon. The extraterritoriality effects of governance frameworks in EU, US and OECD countries is likely to impact countries across the global south, reinforcing the importance of holding these conversations at international fora such as the IGF. The workshop findings are expected to facilitate critical dialogue between key stakeholders engaged in cross-border data sharing debates and encourage the incorporation of multi-stakeholder and Global South perspectives into these conversations. The discussion will additionally contribute to an ongoing initiative by Chatham House, with the research support of Oxford Information Labs, on national security and law enforcement cross-border data sharing in liberal democracies, which is expected to complement ongoing intergovernmental, multilateral discussions. In particular, Chatham House and Oxford Information Labs will jointly produce an Expert Comment drawing on the roundtable conversations and key takeaways to disseminate the findings and positions documented in the session.

    Hybrid Format: To embrace the hybrid nature of the event, the roundtable discussion will begin with a series of fire-starter remarks by both in-person and online speakers: this is expected to generate a dynamic of open interaction between those present in Addis Ababa and online participants. In addition, session co-organizers, Chatham House and Oxford Information Labs will advertise the session among relevant audiences highlighting the goal of encouraging a roundtable conversation among participants. The moderator will be provided a list of both remote and in-person participants in the audience, with the goal of inviting remarks from different stakeholders and encouraging the participation of those online. Chatham House staff in particular is trained in moderation strategies for online settings to maximise interactions during remote and hybrid convenings. The session will be broken up into two segments to encourage the prompt transitions to roundtable conversations. The first segment of the session will touch upon current status quo with national security and law enforcement cross-border data sharing across the global north and global south, with focus on existing regulatory frameworks, current practices surrounding data requests and existing tensions. Following initial remarks by two speakers (Marjorie Buchser and Betrand De La Chapelle), the moderator will move to open the floor. The second segment will focus on encouraging participants to share their perspectives on approaches to build greater trust and transparency between the various stakeholders involved in cross-border data sharing in national security and law enforcement contexts. Three additional speakers (Javier Pallero, Aisling Kelly and Theodore Christakis) will share their views on the subject before opening the floor for discussion again. The moderation may include a brief survey at the onset of the session to prompt thinking and discussion with statements about how to govern cross-border data sharing, using digital platforms for audience interaction such as Slido.

    Online Participation

     

    Usage of IGF Official Tool.

     

    Key Takeaways (* deadline at the end of the session day)

    Efficient cross-border data sharing is essential for public safety and so is striking the balance between protecting our fundamental rights to privacy. Multi-stakeholder discussions and participation can improve understanding of this topic and where current mechanisms fall short. Despite the complications, the cost of doing nothing on this issue will lead to further lawlessness.

    Session Report (* deadline 9 January) - click on the ? symbol for instructions

    This roundtable discussion outlined the importance of the role of cross-border data sharing for public safety and highlighted the difficulties surrounding it. The moderator of the roundtable, Emily Taylor, CEO of Oxford Information Lab introduced the significance of this topic, focusing on the fundamental premise of the Internet enabling the free flow of data and information across borders. With mass uptake of the digital network, we have seen an emergence of new patterns including cross-border data sharing.

    Marjorie Buchser, Executive Director of the Digital Society Initiative at Chatham House who is leading a project on cross-border sharing, set the scene at the beginning of the discussion as to why this is important for public safety. Traditionally, crime was analogue in nature and was investigated locally. In the digital age, an increasing portion of our activities include an online aspect. Most crime today has a digital dimension and therefore has a digital trace. Buchser highlighted the importance of the multi-stakeholder approach and in broadening the debate to improve inclusivity, understanding and trust. It is essential to have a multi-stakeholder discussion because there is a balance between the benefits we get from our public safety authorities having access to the data they need for criminal investigations,  and the importance of the protection of privacy and fundamental rights. This balance should not only be resolved by states and online platforms, it also requires civil engagement to develop trust and accountability.

    The second speaker, Aisling Kelly, Assistant General Counsel for Law Enforcement and National Security at Microsoft agreed on the importance of the multi-stakeholder approach. Kelly described the current mechanisms in place to address this issue and the shortfalls of this current outdated system. The MLAT (The Mutual Legal Assistance Treaty) was designed originally to protect sovereignty to stop one country’s law enforcement agents going into another country’s territory and interfering with sensitive matters. Kelly asserted that although sovereignty remains to be an important factor in this issue, the system is unfit for purpose in the modern world. Sovereignty, however, continues to arise in the debate and Kelly illustrated an example of this in her own state in Ireland, whereby the Chinese government attempted to open a Chinese police station there, which was abruptly prevented as it infringed on sovereignty.

    Kelly, who has witnessed both sides of this debate in action, as she was previously a Public Prosecutor, also addressed the key tensions between the public authorities and the actors involved in these criminal investigations. These actors are not used to working together and can include police forces and online platforms or cloud providers which can lead to a gap in trust. In addition, there is often a barrier of understanding in terms of the type of language and terminology that we use to describe the issues. For example, the title of this roundtable describes cross-border data sharing, which law enforcement agents would call digital evidence sharing or “e-evidence”. The absence of a common language to describe the problem is also a barrier to effective cross-border data sharing for public safety.

    Bertrand De La Chappelle, Executive Director and Co-Founder of the Internet and Jurisdiction Policy Network highlighted the evolution of how we see data and evidence for the purpose of public safety investigations. Electronic evidence is not only needed for cybercrime, but also for every type of criminal investigation, such as in a theft or a murder with any type of digital trace that can be used as evidence. A few decades ago, these investigations required evidence which were in the form of documents or papers that were taken in a safe or as an inquiry that required a warrant for an investigation in a particular house. Today, most of these elements are available online or in digital form, and in most cases, it is stored by large companies that can be cloud providers or service providers such as emails. Because of the distribution of international actors in the digital space, those actors are often located outside of the country where the investigation is taking place. 

    The discussion around the current mechanisms and how they fall short to solve the issues of cross-border data for public safety was given more context by the fourth speaker, Dr. Theodore Christakis, Professor of International European and European Law. In Europe, more than 85% of criminal investigations are reliant on digital evidence with over 55% of this data being located beyond the borders that the crime took place in. Human behaviour and practices have changed drastically in the last few decades and while there are signs of progress, existing frameworks today do not yet adequately cover all aspects of international transfers. In addition, there remains to be tension around the implications for the integrity and protection for the citizens privacy. An example of how they tried to solve these issues is with the e-evidence regulation or the Second Additional Protocol to the Budapest Convention. Christakis described the progress of the e-Evidence regulation and the lengthy process as well as the debates around language that have delayed real progress. Discussions around the e-Evidence Regulation in the European Union started six years ago, and although there are hopes this will be adopted it is still under discussion, highlighting the complexity and polarising nature of the debate.

    Despite this complex landscape in cross-border data sharing, there is hope amongst the speakers for newer mechanisms to address not only the issue of sovereignty, but also the balance between the importance of accessing data for public safety purposes and our fundamental rights to privacy. The speakers concluded outlining the complexities of cross-border data sharing for public safety and agreed on many of the problems and shortfalls of the current system. Despite the difficulties, it was determined by the speakers that the cost of doing nothing was only going to lead to further lawlessness. These issues can affect real people’s efforts to get justice for horrendous crimes. Amongst the technical and legal debates around language and definitions or process and mechanisms, real people can be affected. It is still early in the technological explosion in the digital age and there is much more that can be done to effect real change to make it easier for cross-border data sharing for public safety. One of the areas agreed upon by the panel is the significance in multi stakeholder discussions such as the IGF roundtable which can improve understanding, and therefore improve outcomes. It is therefore important to have further multi-stakeholder debates as well as improving transparency, inclusivity and oversight which can improve trust.