MLATs and TorBrowser: Mutual Legal Assistance Treaties in Online Anonymity Technology and Domestic Surveillance

Abstract

Since 2004, privacy-protecting, anonymous web browsers, like Tor Browser, have allowed users to hide their identities online. Law enforcement agencies (LEA) responded in contradictory ways to these technologies and tools. On the one hand, LEA have become extensive users to pursue criminals anonymously. On the other, LEAs seek to demonize the technology and break the underlying encryption, which was invented by the Navy in 1998. For example, slides Edward Snowden leaked revealed the NSA undertook a project, “Egotistical Giraffe,” to break Tor encryption and privacy protections. Tor usage significantly increased after Edward Snowden recommended its use as one of his “top tips” for whistleblowers and ordinary people to protect their privacy and anonymity online. Policymakers are becoming aware of Tor’s role in protecting online identity and anonymity, and seek to understand the role of this technology in legal cases. The documents released by Snowden reveal far greater levels of US and other government surveillance than previously known, including surveillance outside the US and across multiple country borders. This startlingly far-reaching surveillance includes online data and telecommunications, much of it culled from third party communication service providers (CSPs). It reveals that government attempts to apply pressure on CSPs now extends across US and other borders, as well. Some contend that much of this surveillance, often referred to by LEAs as “Lawful Intercept (LI), is actually “Un-”Lawful.Mutual Legal Assistance Treaties, or MLATs, are little-noticed legal instruments that enable legal pressure on CSPs worldwide, and so offer a significant vector to attempt to “break” Tor or its underlying encryption. Legal pressure on CSPs like Facebook and Google by foreign governments to locate surveillance-enabled servers in their countries, has led CSPs to seek to incorporate into MLATs the automation of remote global surveillance. Their industry groups, like the International Chamber of Commerce (ICC), seek to incorporate technical standards for automated surveillance LI into MLATs, through remote “dynamic triggering.” A multi-stakeholder group, the Global Network Initiative, announced on January 28, 2015 its public policy agenda, “Data Beyond Borders: Mutual Legal Assistance in the Internet Era,” which sets forth a public policy agenda to further shape MLAT policy. Little-noticed MLATs have eroded fundamental civil liberties both abroad and in the US. Ignored largely due to a perception that MLATs primarily affect “foreign” individuals, the MLAT “devil’s bargain” is rebounding increasingly against US citizens. In this paper, we review the quiet but dramatic expansion, both in number and in scope, of MLATs in recent years. We review recent decisions, including the September 30, 2014 and 2013 Second Circuit rulings in US v. Getto, and the September 2013 First Circuit rulings in Boston College Trustees. In these cases, the executive branch is playing out a quiet struggle to maintain MLAT supremacy over the small, but increasing pushback of the judicial branch. These cases appear to have split approaches in the different circuits, and have all the earmarks of being headed to a higher court in the near future. We review how the benefits MLATs conferred in the 1970s to combat money laundering and narcotics have impacted fundamental civil liberties, to lay the groundwork for understanding their impact on surveillance and global communications networks, and internet privacy and anonymity. Representatives of Global Intelligence Agencies (“GIAs”) have asserted since Snowden’s revelations that their activities are lawful. So far, the legal basis is unclear. We demonstrate the ways little-observed but versatile MLATs contribute to a legal basis for global surveillance. We review the international silver platter doctrine and compare it with MLAT provisions, finding a close fit, which offers further clues as to a “legal” basis for mass global surveillance. In this Article, we offer a number of new contributions, including: demonstrating a new category of attack against Tor, an attack through law; demonstrating a new (MLAT) attack against Tor in this new category, completing the first global MLAT map, using the first comprehensive MLAT database. We believe we are the first to link MLATs to increased surveillance by GIAs, the first to quantify measures of the MLAT “hostility factor,” and the first to offer and analysis of MLATs’ effect on technology, i.e. anonymous network communications.