The world's cyber network is growing exponentially. As it grows, criminality and malfeasance have followed. But law enforcement is, unfortunately, still mired in a nation-based system of police cooperation - the Mutual Legal Assistance Treaty process - that has not kept up with the pace of the new domain. It is as if the police were using a 1930s Ford to chase a 2015 Tesla. Unless the MLAT process is updated and modernized, law enforcement will remain hopelessly behind, mired in the past.
See Also: 12 Top Cloud Threats of 2016
The cyber network today is a reflection of global reality. Growing by leaps and bounds, the network spans the entire world. From a small, four-node network, the system has expanded to touch more than a third of the world's population. Nearly 3 billion people are attached to the network and, by some estimates, as many as 8 billion objects. And the size and scope of the network is only going to grow. In 2010, for the first time in human history, we created over a zettabyte of new data (a zettabyte is 1 billion terabytes). By 2020, that will have increased 35-fold, and we expect more than 35 zettabytes of new information to be created on an annual basis.
It is as if the police were using a 1930s Ford to chase a 2015 Tesla.
And that means that the scope and scale of criminality in the cyber domain has been and will continue to increase at the same pace. There is no reason at all to expect that malicious actors will adapt to the Web less quickly than beneficent actors - and, indeed, every reason to think the opposite. Criminality leads innovation; it doesn't trail it. The data we have back up that instinct. While precise numbers are, of course, difficult to come by, the most recent estimate from the Center for Strategic and International Studies is that the global costs of cyber criminality are $375 billion to $575 billion annually. For comparison sake, that is approximately the same value as the annual trade in illegal narcotics.
But the MLAT process - the system by which law enforcement cooperates across borders - has not kept pace with the growth in global criminality. As a recent CSIS and Global Network Initiative report on data flows across borders notes, response times are measured in months, if not years. The president's Review Group on Intelligence and Communications Technology reports that the average length of time it takes for the U.S. to secure a response to its requests for evidence from foreign police partners is 10 months. And doubtless the converse is true as well - American responsiveness is also turgid. None of this is adequate in today's era of warp-speed network connectivity.
The LEADS Act
The question is: how to fix it? Fortunately, Congress has begun to consider the matter as part of a broader review of international data access issues. The LEADS Act (The Law Enforcement Access to Data Stored Abroad Act), a bipartisan measure introduced in the Senate, would make changes to the Mutual Legal Assistance Treaty process by providing greater accessibility, transparency and accountability. A similar bill has been introduced in the House.
First, the bill would require the attorney general to create an online intake form and docketing system, which would allow foreign governments to submit MLAT requests electronically and track the status of their MLAT requests. Second, it would require the Department of Justice to annually publish statistics on the number of MLAT requests it makes and receives, along with their average processing time. These measures would modernize the way in which governments have access to data stored around the world and establish a framework for the U.S. government to effectively request information abroad.
Collateral Benefits of Global Teamwork
As Congress considers these reforms, it should supplement its initial draft by highlighting the need for reciprocity of MLAT reform. American improvements will be insufficient if they are not matched by our partners around the globe. In this vision, nations would make reciprocal commitments as to the exclusivity of the MLAT mechanism and as to its responsiveness. In other words, the U.S. could agree to use non-unilateral MLAT means of evidentiary exchange as to matters within the jurisdiction of another nation, but only if that nation reciprocally agreed to do likewise with respect to evidence within American jurisdiction and if it, similarly, bound itself to respond to MLAT requests from the U.S. in a timely manner (a promise that the U.S. would also make and which will surely require the federal government to improve its own responsiveness to foreign inquiries).
An improved and functioning MLAT process would also have the collateral benefit of incentivizing nations to forego the exercise of unilateral evidentiary collection methods. Today, disputes of that sort are growing. Germany, for example, may assert control over data stored on German servers, but that is a jurisdictional assertion that other countries (like the U.S. and Great Britain) do not necessarily recognize. The result is law enforcement investigative gridlock - and the good guys are fighting the other good guys, instead of focusing on catching the crooks.
A nimble and effective MLAT process can fix that problem and bring law enforcement into the 21st century. Kudos to those in Congress who recognize that the process needs fixing.
Paul Rosenzweig, former deputy assistant secretary for policy at the Department of Homeland Security, is a senior adviser to The Chertoff Group, a global security advisory firm.