IGF 2018 WS #393 CLOUD Act & e-Evidence: implications for the Global South

Format: 

Round Table - 90 Min

Organizer 1: Hartmut Glaser, Brazilian Internet Steering Committee (CGI.br)
Organizer 2: Luiza Brandão, Instituto de Referência em Internet e Sociedade (IRIS)
Organizer 3: Paloma Carmo, Instituto de Referência em Internet e Sociedade (IRIS)
Organizer 4: Thiago Tavares, Safernet Brazil
Organizer 5: Nathalia Patrício, NIC.br

Speaker 1: Fernanda Domingos, Government, Latin American and Caribbean Group (GRULAC)
Speaker 2: Malavika Jayaram, Civil Society, Asia-Pacific Group
Speaker 3: Paul Fehlinger, Civil Society, Eastern European Group
Speaker 4: Luiza Brandão, Civil Society, Latin American and Caribbean Group (GRULAC)

Relevance: 

The development and spread of the Internet worldwide have reinforced traditional discussions about jurisdiction, as cross-border data flows aspects increase in scale and complexity. The adoption of data protection laws in more than 120 countries over the world has also raised a challenge in terms of legal harmonization and judicial cooperation to mitigate conflict of laws that have proliferated in recent years and to enforce judicial decisions transnationally as revealed by the Internet & Jurisdiction Observatory database. Besides those general aspects, the issue is extremely relevant from a global south point of view, given the concentration of Internet platforms in the developed countries and the fact that law enforcement standards and data protection frameworks are generally built around the experience of the developed north. As more countries from the developing south become integrated to the Internet ecosystem traditional global political and economic imbalances tend to be aggravated by the diffusion of formal and informal norms and practices related to the access to data for criminal persecution by domestic and foreign authorities. This session aims to entertain the debate among different stakeholders groups and the IGF community as a whole about the following policy questions: a) What are the implications of recent institutional solutions adopted in countries in the global north to reconcile the protection of privacy and access to data to address crime and how will they affect the Internet ecosystem in general? What are the implications of those developments for countries in the global south? b) Bearing in mind the position of developing countries in the global Internet economy, how can the protection of fundamental rights of users be reconciled with lawful access to data in the context of criminal persecution by domestic and foreign authorities? What are the challenges and opportunities for the creation of legal interoperability between developed and developing countries in a mutually-agreeable and negotiated way (considering both the synergies and the incompatibilities of intergovernmentalism and multistakeholderism)? How to build a global scenario of balanced and coexisting jurisdictions?

Session Content: 

Jurisdictional tensions were one of the key issues identified with the future of Internet governance by the NETmundial Multi-Stakeholder Statement. The jurisdictional problem (as adequately captured by the work of the Internet & Jurisdiction Policy Network) has mainly affected three issue-areas of the overarching IG policy agenda: (1) the reconciliation of transnational data flows and the protection of privacy be with lawful access requirements to address crime; (2) the global availability of content in light of the diversity of local legal orders and norms applicable to online activities; and (3) the preservation of the functionality and stability of the global Internet’s addressing system (mainly the DNS) in light of different local laws applicable to local operators. While the three of them are interrelated and represent pressing issues in contemporary Internet policy debates, there has been a considerable amount of institutional development around the first item on the list as a way of updating legal frameworks that apply to the access to data (including cross-border access) in the context of criminal persecution. The issue is not new, however some very recent developments (e.g.: the expedited adoption of the CLOUD Act in the United States against the backdrop of the US versus Microsoft case before the United States Supreme Court and the beginning of parliamentary discussions about the e-Evidence Framework within the context of the European Union) have raised the stakes in discussions regarding the currently valid MLAT agreements and the political consequences of legal provisions that expand the reach of one country’s jurisdiction and law enforcement prerogatives (either in terms of surveillance and access to data to inform criminal investigations and procedures or in terms of privacy and personal data protection, such as in the case of the European GDPR). As the majority of those initiatives stem from developed nations, this workshop aims at fostering discussion about the impacts in the Global South for countries to exercise their sovereignty and jurisdictional prerrogatives, for peoples to access justice and have their personal data protected, and for businesses to operate within solid and predictable legal environments.

Interventions: 

The format chosen to this session enables both interventions from selected experts representing the full range of the multistakholder Internet community as well as for the general IGF audience. The onsite moderators will start the workshop by explaining the flow of the session (5min). The keynote speaker will make a short presentation on the topic of the session (10min). The following segments are structured around two segments, which will be dedicated to the discussion of the policy questions presented above (70min). In each segment (35min), the moderators will give the floor in a random fashion to four selected participants for a 5-minutes intervention each (20min). The remaining time in each segment (15min) will open the microphone for 2-minutes intervention from the audience / other participants. The second segment will repeat the format and length of the first one, but will deal with the second policy question presented above. That format is believed to enable both a controlled as well as a free style of multistakeholder dialogue and aim at providing an overarching conversation by a very plural group of participants on all of the aspects inherent to the international cross border access to data. The last five minutes of the session will be used by the moderators to summarize discussions. 

Diversity: 

The list of confirmed and prospective speakers comprises people from all stakeholder groups and individuals who have convergent and divergent economic, political and social perspectives on the policy questions proposed. The panel will comprise a majority of women among the speakers and follows a 50/50 gender balance in the moderation. Moderators and speakers come from countries in the Global South, some of them being newcomers to the IGF space.

Online Participation: 

Online participation and interaction will rely on the WebEx platform. Those joining the session using WebEx (either invited members of the round-table or the general audience) will be granted the floor in the Q&A segment of the workshop. People in charge of the moderation will strive to entertain onsite and remote participation indiscriminately. Social media (twitter and facebook) will also be employed by the online moderator who will be in charge of browsing social media using some hashtags (to be defined).

Discussion Facilitation: 

The discussion will be facilitated by the onsite moderators who will guide the debate in each of the proposed “rounds” for the workshop as well as during the Q&A and comments session. The online moderator will make sure the remote participants are represented in the debate.

Onsite Moderator: 

Luiza Brandão (Technical Community, Brazil), Thiago Tavares (Civil Society, Brazil)

Online Moderator: 

Paloma Carmo (Technical Community, Brazil)

Rapporteur: 

Nathalia Sautchuk (Technical Community, Brazil)

Report: 

- Session Type (Workshop, Open Forum, etc.): Round-table

- Title: WS #393 CLOUD Act & e-Evidence: implications for the Global South

- Date & Time: 13/11/2018, 11:50 – 13:20

- Organizer(s): CGI.br & IRIS BH

- Chair/Moderator: Thiago Tavares (CGI.br)

- Rapporteur/Notetaker: Diego R. Canabarro (NIC.br / CGI.br)

 

- List of speakers and their institutional affiliations (Indicate male/female/ transgender male/ transgender female/gender variant/prefer not to answer):

  • Ms Lani Cossette, Microsoft, Business, female;
  • Ms Fernanda Domingos, Federal Prosecution Service in Brazil, Government, female;
  • Ms Monica Rosina, Facebook, Business, female;
  • Ms Luiza Brandão, IRIS BH, Scientific Community & Academia, female;
  • Mr Bertrand de la Chapelle, Internet & Jurisdiction, Civil Society, male.

 

- Theme (as listed here): Cybersecurity, Trust and Privacy

- Subtheme (as listed here):  Legal & Regulatory Issues

- Please state no more than three (3) key messages of the discussion.

  1. New unilateral, bilateral and multilateral solutions to balance the protection of privacy and access to data to address crime have reconcile three main objectives: fighting abuses and crime, while respecting human rights and fostering the digital economy.
  2. Participants noted that the majority of cases of international cooperation today have some sort of connection with the jurisdiction of the United States. Institutional solutions developed in the Global North - disregarding the contextual aspects inherent to the Global South -  have the potential to marginalize countries in the latter. A proper equilibrium between the needs and characteristics of every country should guide discussions about the development of institutional solutions to balance the protection of privacy and access to data to address crime.
  3. There was a recognition that the MLATs system is ill-suited for the dynamics of the Internet. However, participants also underscored the importance of procedural and substantial rights inherent to the MLATs system, which is something that should not be abandoned in future modalities of cooperation. Scalability and interoperability are the main tenets for moving forward in discussions related to the matter.

 

- Please elaborate on the discussion held, specifically on areas of agreement and divergence.  

Three institutional approaches were presented by the keynote: CLOUD Act, e-Evidence Framework, Additional Protocol to the Budapest Convention. The differences among them were explained. Some of the challenges inherent to each initiative were raised: challenges inherent to scalability of unilateral (e-evidence), bilateral solutions (CLOUD Act), as well as the multilateral approach (Budapest Convention). The first can be emulated (raising the risk of conflict of laws); the second can create casts of "recognized and unrecognized" states; and the third involves very different sets of interests that might complicate the achievement of consensus. A fundamental question that guided discussions was: “why (and what sort of cooperation is needed) in an international system?" There was consensus among the participants that cooperation as it stands today is more of an obstacle (talking about MLATs) instead of a sound instrument for enabling cooperation. However,  participants also underscored the importance of procedural and substantial rights inherent to the MLATs system, which is something that should not be abandoned in future modalities of cooperation. One participant contended that due process and respect of human rights are fundamental linchpins to discussions regarding the evolution of international cooperation. Another participant explained that the global north has asserted its jurisdiction over data regardless of where it is located. Countries in the Global South could follow the same path and increase the complexity of the current landscape. Panelists underlined the importance of thinking of legal interoperability when discussing all this initiatives. There was a clear recognition that it is imperative to move away from the idea that location of data is relevant to allow for access or not to it in an interconnected World. All participants seemed to agree with the notion put forward by one of the panelists that independent judicial oversight is a sine qua non requisite for Law Enforcement Agencies to use data and information. Discussion with the audience covered the following topics: the role of independent judicial oversight for access to data; the fragmentation of national and international legal orders; and the perils inherent to data localization laws.

 

- Please describe any policy recommendations or suggestions regarding the way forward/potential next steps.

One participant criticized the unilateralism of some of the initiatives under discussion and called for a more cooperative approach to the topic. Another one explained that uncoordinated initiatives can increase conflict of laws. One of the big challenges to be tackled by all stakeholders according to the participants is “how to provide human rights protection across borders”. Multi-stakeholder cooperation, especially for the Global South, was recognized as a means to assure that intergovernmental solution will not marginalize relevant actors that could help craft solutions that might avoid conflict of Laws. Additionally, agreeing on fundamental principles to guide cooperation and the development of institutional solutions was perceived as a fundamental step in moving forward towards scalable and interoperable solutions. The role of the private sector in working collaboratively with governments as well as in pushing back abusive behaviour by countries was highlighted. Additionally, some participants highlighted the importance of expanding the array of people involved in discussions such as the ones enabled by the session: from Law Enforcement Agencies and private companies to International Organizations, journalists, data and privacy protection community, academia, etc.

 

- What ideas surfaced in the discussion with respect to how the IGF ecosystem might make progress on this issue?

This topic was not covered by discussions that took place during the session.

 

- Please estimate the total number of participants: 63.

- Please estimate the total number of women and gender-variant individuals present: 32

- To what extent did the session discuss gender issues, and if to any extent, what was the discussion?

Gender issues were not within the scope of the discussions. However, all panelists took note and commended the session organizers for putting together an almost-all female panel for the discussion of Internet & Jurisdiction at the 2018 IGF.

- Session outputs and other relevant links (URLs): Not applicable.

Session Time: 
Tuesday, 13 November, 2018 - 11:50 to 13:20
Room: 
Salle VI

Contact Information

United Nations
Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage
Palais des Nations,
CH-1211 Geneva 10
Switzerland

igf [at] un [dot] org
+41 (0) 229 173 678