Published by The Lawfare Institute
in Cooperation With
In recent scholarship and an article on Lawfare, Steve Koh highlighted the foreign relations tensions that can arise when U.S. federal prosecutors pursue cases that foreign governments subjectively, objectively or pretextually deem to intrude on their own sovereign interests. The vaunted independence of U.S. prosecutors provides considerable cover when U.S. foreign policy officials are called to answer for “their” government’s actions. Still, the recent international incident arising out of the arrest of Huawei Chief Financial Officer Meng Wanzhou, followed by the ham-handed suggestion by former President Trump that he might use her prosecution for trade negotiation leverage with China highlighted the fragility of the balance between the Department of Justice’s insulation and the need for whole-of-government consideration of foreign policy ramifications. And it raises the question of how prosecutors can improve their situational awareness without unduly compromising their independence. The Justice Department has institutional structures for promoting just such awareness, but the fragmentation and decentralization of federal enforcement activity will inevitably challenge such structures.
Any inquiry into the likelihood that federal enforcers will consider foreign equities must recognize how informational restraints on U.S. prosecutions have long promoted such consideration. But it must also recognize how that restraint is now diminishing.
Cases raising foreign hackles do not always rely on the cooperation of foreign authorities. The U.S. Attorney’s Office for the Southern District of New York probably didn’t need any help from Indian authorities when, in 2013, it charged Indian Deputy Consul General Devyani Khobragade with visa fraud relating to an Indian national she brought to the United States as a housekeeper. Indeed, the centrality of U.S. financial institutions to transactions around the globe and the regularity with which foreign visitors transit through the U.S. (opening themselves up to device searches or arrest) make it entirely possible for U.S. enforcers to pursue domestically a variety of investigations that can implicate foreign sovereign interests.
Still, a wide range of cases with foreign affairs dimensions have historically required the cooperation or at least acquiescence of foreign authorities when investigations depend on obtaining local information in their control. Such cooperation is certainly needed when federal prosecutors pursue evidence via a mutual legal assistance treaty or letters rogatory, or when they seek the assistance of foreign police for physical searches and arrests on their soil. And cooperation has regularly gone well beyond such episodic engagements to include sustained joint operations by American agencies with foreign authorities—with American narcotics-interdiction activities in Central and South America (which regularly implicate high foreign officials) a particularly dramatic example.
From the perspective of American enforcers, such dependence on foreign authorities will come not just with the normal bureaucratic transaction costs—letters rogatory are a nightmare—but also with an explicit or implicit obligation to consider the viewpoint and sensibilities of those authorities. Even when foreign police agencies or judicial authorities do not fully internalize the views of their governments, their cooperation will inevitably increase the alignment of the investigation with governmental preferences.
From an external perspective, this dependence may lead to the crippling of normatively valuable U.S. investigations that touch on the corrupt interest of foreign officials, thus extending to the U.S. an impunity the officials enjoy at home. Yet it should also provide comfort to those concerned about the costs that relatively autonomous American criminal enforcement efforts can impose on bilateral relationships. (This assumes that the kind of foreign interests implicated by foreign affairs prosecutions will be protected by foreign officials, but that may not always be true.)
The historical dynamic between federal and local authorities in the U.S. reveals the informational accountability of criminal law enforcers. That federal dependence on local police for information and resources has indelibly shaped federal priorities and tactics. This was especially true when federal agencies were just standing up. Sarah Seo and I recently wrote about how the FBI’s dependence on the local knowledge and manpower of police massively shaped its priorities, leading it to concentrate on Mann Act and car theft cases in the 1920s through 1960s, and contributed to the blind spot the bureau had for civil rights prosecutions of police officers and private actors. While federal agencies, including the FBI, have developed a degree of informational independence since then, they continue to rely on—and to consider the political and institutional sensibilities of—the local police when cases can’t be made without local knowledge, particularly in the violent crime and counterterrorism areas. (Immigration cases have their own dynamic, as they can often be made easily by federal authorities alone but have nonetheless occasioned severe pushback from local authorities in many localities).
Dependence on foreign informational and material resources often does not play out in particularized case-specific foreign gatekeeping. Some of the most sustained and fruitful cooperation of foreign authorities comes in the context of institutionalized relationships like the Five Eyes Law Enforcement Group (which coordinates close cooperation among American, Canadian, British, New Zealand and Australian enforcers), bilateral liaison arrangements, or organizations like the Egmont Group of Financial Intelligence Units, to name a diverse handful. Such avenues for wholesale cooperation, however, may come with formal or informal mechanisms for raising case-specific concerns that would promote more prosecutorial attention to foreign sensibilities.
That historical informational accountability has not necessarily led to some optimal balance between American enforcement equities and foreign sensibilities in the context of U.S. transborder enforcement. Indeed, Koh’s work cogently suggests suboptimality. But whatever balance has existed—which differs across countries, and perhaps across case types—is bound to face disruption by the increasing ability of U.S. authorities to obtain foreign investigative data, conduct searches or even suppress cross-border criminal activity without relying on foreign authorities.
Perhaps the most dramatic example of such long-arm investigations can be found in the use of network investigative techniques (NITs, also known as government hacking) to search computers located abroad of suspects who use internet anonymizing measures like Tor. While the government has not asserted that courts issuing warrants for searches using NITs have the authority to license searches abroad, the “the practical reality of the underlying technology,” as Ahmed Ghappour has explained, “means overseas searches will be both unavoidable and frequent.” And he worries that these searches not only will be “in tension with international norms” but also will be executed without any of the internal deliberation that normally precedes international evidentiary forays: “By allowing rank-and-file officials to control how hacking warrants are executed, the existing legal process effectively allows the circumstances of the immediate investigation to dictate foreign policy interests in cultivating soft power.”
Orin Kerr and Sean Murphy think such fears are overblown. It’s far from clear, they argue, that NITs, lacking any physical intrusion, violate international law or norms. Indeed “one government’s use of NITs to investigate crimes on the dark web is generally welcomed by other governments rather than feared.” I suspect, as does Asaf Lubin, that the peculiarities of the dark web will, at least in the medium term, largely shape norms favoring unilateral action. Lubin notes:
[A] sovereign has no good faith cooperation, consultation, or negotiation obligations towards a phantom. In a situation where the location of the data sought is unknown, especially where the perpetrator has utilized tools of concealment to avoid geographical detection, why must a sovereign be required to show restraint? And towards whom?
What remains to be seen is whether these dark web investigatory norms will remain stable and, more importantly, the degree to which the sort of unilateral penetration and surveillance of targets abroad that is par for the course in spying will bleed into criminal enforcement uses. Considerable outrage attended revelations in the U.S. that the Israeli NSO Group’s tools—which, by targeting devices, allow the circumvention of data encryption efforts—had been used by a number of unsavory governments to monitor political opponents and human rights groups. The FBI has said it bought but never deployed NSO’s technology. However, it is inconceivable that the bureau has eschewed similar technologies (perhaps homemade or purchased from other foreign providers) to address what it has called its “Going Dark” problem, the increasing inability to access data by means of legal process because of default encryption on standard platforms. Such is the inevitable fallout of the standoff in the “Going Dark” debate, in which technologists opposing any formalized regime of government access to encrypted communications would regularly point to hacking as a solution to governmental concerns. U.S. agencies will certainly be using these tools; it’s just unclear how much unilateral deployment in criminal cases we will see.
If “unilateral” is taken to include access to foreign criminal evidence mediated only by American legal process and judicial authorities, it goes far beyond hacking and can be quite overt. Under the 2018 Clarifying Lawful Overseas Use of Data (CLOUD) Act, U.S. authorities can rely on domestic legal processes to obtain data controlled by U.S.-accessible tech platforms but stored abroad. The Department of Justice asserts that the act simply ensures “consistency with U.S. obligations under Article 18(1) of the Budapest Cybercrime Convention, aligning the United States with the more than 60 other parties to the Convention.” To the extent that foreign law regulates provider compliance, particularly where the data of a foreign national is involved, the U.S. stands open to exploring specific executive agreements, of the sort it entered into with the U.K. and Australia, that allow providers to raise certain challenges. But absent such agreements, a provider’s only recourse, when confronted by a foreign blocking statute, is a common law comity analysis—in which a U.S. court is unlikely to adequately consider a foreign sovereign’s sensibilities.
A similar effort to leverage U.S. presence into governmental access to financial records can be found in the Anti-Money Laundering Act of 2020 (AMLA)—which expanded Patriot Act authority and gave federal prosecutors the power to subpoena the records of foreign banks with correspondent accounts in the U.S. The recourse for those foreign banks in U.S. proceedings will again be common law comity doctrine. U.S. courts “have been ready to quash subpoenas on comity grounds in civil litigation,” at least on a showing that the foreign blocking statute is actually enforced. However, “they have typically rebuffed such challenges in the context of criminal investigations, finding that the domestic interest in enforcing the criminal laws trumped the foreign data privacy interests involved.”
This is not to suggest that U.S. prosecutors will boldly go forth exercising untrammeled authority in the absence of the formal state intermediation required in the past. Consider some moderating forces:
- Platforms and financial institutions will probably recruit foreign governments from time to time when fending off U.S. informational demands that pose legal conflicts. One can imagine a subpoena to a foreign bank getting escalated to foreign governmental authorities and putting a U.S. criminal investigation on their radar screen, perhaps sparking better internalization of foreign policies considerations within the Department of Justice.
- Even when they don’t recruit foreign governments, U.S. platforms might mount their own resistance to imprudent informational demands and perhaps trigger the mobilization of governmental actors outside the prosecution team and perhaps outside the Department of Justice.
- The Department of Justice may continue to develop its internal regulatory regime so that the historical balance between line prosecutor autonomy and centralized oversight of informational access affecting foreign states remains about the same.
- Physical and human aspects of transnational prosecutions—physical searches abroad, the apprehension of suspects, the need for foreign authorities to pressure individuals abroad to cooperate—will continue to require the cooperation of foreign enforcers and give them some gatekeeping authority over U.S. investigative processes.
- Cooperation over a range of investigative projects and in the context of multiple transnational institutions will generate norms of moderation and perhaps consultation across cases.
- Some range of foreign states will surely pursue their own unmediated investigatory measures that leverage American presence (doing business or otherwise) in their jurisdiction to obtain data that U.S. authorities might challenge as extraterritorial. (I don’t imagine U.S. views on data sovereignty are likely to be symmetrical.) One can imagine that in the face of such efforts (and in the shadow of the U.S.’s own blocking statute, the Stored Communications Act), U.S. and foreign authorities might develop formal or informal understandings on a continuum on which CLOUD Act agreements are endpoints.
- The temptation of U.S. prosecutors to push hard on their new investigative powers will be particularly great when the relevant foreign authorities have a poor record on cooperation, like China and Russia. While the dense legal interactions between the U.S. and the EU—and the extent to which the Court of Justice of the European Union has limited the development of transborder enforcement reciprocity—thus may generate (and support) noisy conflicts and disputes arising out of new unmediated authorities, the most operationally significant activity will likely arise in cases connected to China and Russia. Perhaps the involvement of such geopolitical rivals might come with (or soon come with) a baked-in interagency consultative process that, at the very least, could ensure that U.S. enforcers internalize foreign affairs considerations more than usual.
These offsetting forces make it challenging to predict the extent to which expanded investigative autonomy will increase the likelihood of foreign affairs prosecutions and the conflicts arising from them. Yet such an increase ought to be expected. The reduction of informational dependence frees U.S. enforcers from internalization of foreign sensibilities (or at least those of foreign police services). In the short term, or in the context of a particular case, such liberation will surely be celebrated. In the longer term, the world of transnational criminal enforcement might become even less stable.