:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/55395011/download_20170622_113924.1498156579.jpg)
Google says governments should overhaul their laws for carrying out requests for private user data as part of investigations.
Normally, when a government or its law enforcement agencies seek data held on a server abroad, it must first request that data through official channels within the country where that server is located to help obtain the information.
The process can be overly bureaucratic and in some instances may be unclear.
Google thinks governments should be able to make these kinds of requests directly to the companies that have access to the data. As part of Google’s proposal, it suggests that in order to qualify for this kind of direct access, countries would have to adhere to certain standards of due process, human rights and privacy. The exact nature of these standards was not immediately clear.
The changes would change how investigations into crimes and terrorist activity are carried out. Without the changes, the cost to maintain that information could increase by requiring cloud providers to maintain more data centers in more countries when servers might otherwise be more consolidated in fewer locations.
Google general counsel Kent Walker outlined reasons for the proposed change Thursday in Washington, D.C., at conservative think tank Heritage Foundation.
“We believe these reforms would not only help law enforcement conduct more effective investigations but also encourage countries to improve and align on privacy and due process standards,” Walker said.
Why Google thinks the process should change:
- Slower investigations. Having to go through a foreign country to obtain data from servers adds extra steps to a process that could otherwise be more direct and move more quickly.
- Catch 22 for companies. Because the current process to obtain data internationally can delay investigations, countries seeking information will sometimes attempt to assert their laws over the company holding that data. This puts companies in a position where they may not be able to avoid violating either the laws of where they are located, or of the requesting country.
- Pricier cloud services. Countries have tried to require that certain types of data be housed within their borders, which Walker said would raise the cost of cloud computing services.
- Security issues. The kinds of “small, one-off data centers” companies might build in countries to comply with data-housing requirements could be more exposed to security threats like hacking, putting data security and privacy at risk. This can also make it easier for hackers to guess where the data they are seeking is located, for example if there is a smaller data center required by law in a certain country that would contain that data.
This article originally appeared on Recode.net.
