Client Story

UK Home Office

Revolutionising law enforcement’s fight against crime with a ground-breaking data access agreement

Digital communication apps hosted overseas give criminals an edge over law enforcement due to cross-border legal conflicts. Such conflicts make it hard for investigators to lawfully access crucial data, thus limiting vital intelligence. We worked with the UK Home Office to solve the problem through negotiating a ground-breaking treaty with the US, as well as designing the operating model and infrastructure to implement it.

Playing catch-up in a connected world

Digital communication applications like WhatsApp and Snapchat, whilst brilliant at keeping people connected, have created a crime-fighting headache. Offenders are now more likely to communicate through these platforms than use traditional methods like texting or calls over telecoms’ networks.

Until recently, authorised UK law enforcers investigating crimes have not been able to directly request access to data from such platforms, specifically where they’re US companies bound by US laws. Typically, they’ve relied on slow, bureaucratic government-to-government mutual legal assistance processes.

This makes criminals – behind everything from drug smuggling and serious fraud, to people trafficking and terrorism – harder to track down and prosecute, because investigators can’t get the evidence they need.

We worked closely with the Home Office, alongside its US counterpart, in creating and implementing a new legal framework, pursuant to the US CLOUD Act. The framework enables cross-border access to data for the prevention, detection, investigation, and prosecution of serious crime: the UK-US Data Access Agreement (DAA).

The existing mechanism for law enforcement bodies to request data is too slow. We needed a new way to get access to the data for tackling serious crime. The DAA was a world first, meaning its implementation put us in uncharted territory.”
Deputy Director Investigatory Powers Unit, Home Office

Denying criminals safe spaces online

In 2018, the US passed new legislation, the CLOUD Act, that made it lawful for its telecoms service providers to directly respond to requests for data from another government, but only where there is a specific international agreement between the two countries. Robert Deedman, technology expert at PA, explained: “Our role was to work alongside the Home Office in shaping and negotiating the international agreement for how those exchanges should happen and to then bring it into force by dealing with the challenges of implementing it.”

Our design, change, and technology experts engaged and collaborated with multiple government departments and bodies to map out and build the new processes to make the deal work in practice.

Agreeing a treaty is only part of the problem. Both sides have to be able to implement it. For the UK, that’s meant designing an entirely new operating model – essentially the processes and systems to make it a technological and organisational reality, involving everyone who would use it, or whose wider relationships it might affect. At the same time, we needed to ensure it was technically and practically feasible and compatible with relevant laws and policies.”
Technology expert at PA

The implications of operating the DAA touched many UK organisations, from the various warrant granting authorities to the Investigatory Powers Commissioner’s Office, and each of the many agencies who will use the DAA. Deedman said: “That’s why we brought the stakeholders in to be integral to the design process. Having them collectively agree new ways of working was essential. Each organisation jointly owned the required outcomes and committed to their role in its implementation. This was key to its success.”

In parallel to the operating model design, we helped develop the architecture that integrates secure technologies to verify requests and process the data for law enforcement. The technology had to work with both sides of the Atlantic to ensure that the data exchanges could be done in a safe and secure manner, while following the operating model that was being developed.

Creating safer societies

With the DAA in place, UK law enforcement now wait only days for data after having a request approved. Under the previous process it took an average of ten months, with some requests taking considerably longer.

In a joint ‘entry into force’ statement released by the UK and US governments, the parties noted: “The Data Access Agreement will allow information and evidence that is held by service providers within each of our nations and relates to the prevention, detection, investigation or prosecution of serious crime to be accessed more quickly than ever before. This will help, for example, our law enforcement agencies gain more effective access to the evidence they need to bring offenders to justice, including terrorists and child abuse offenders, thereby preventing further victimisation.”

Since coming into force, the UK has made over 10,000 DAA requests. The data obtained has already kept numerous children out of harm, taken significant quantities of drugs off the streets, and helped keep the UK safe from terrorism.

The benefits the UK are seeing from the DAA are game-changing for law enforcement. PA’s ability to work alongside us, collaboratively helping solve our most complex challenges has been a real success.”
Deputy Director Investigatory Powers Unit, Home Office

Explore more

Contact the team

We look forward to hearing from you.

Get actionable insight straight to your inbox via our monthly newsletter.