Preventing real-world harm while complying with legal orders and regulations requires a wide range of teams, staffed by people with a myriad of skill sets and expertise. Bear in mind the exact structure of these teams varies from organization to organization; there are many variables to consider when deciding how to structure a law enforcement response team.
As noted, law enforcement response teams review and respond to law enforcement data requests and may make proactive data disclosures to law enforcement in some circumstances. It is beneficial to have teams with functional knowledge of laws and regulations such as Electronic Communications Privacy Act (ECPA) and Stored Communications Act (SCA) in the U.S. and The General Data Protection Regulation (GDPR) and The Data Protection Law Enforcement Directive in Europe. (Note: This list is not exhaustive and will vary by jurisdiction and country.)
A key factor in how a law enforcement response team will be set up and operate is tied to the business group with which the team works. For example, a team in a legal organization may have a closer relationship with attorneys but may not have functional operational expertise. A team in a product organization may be able to better institute a safety by design approach thus mitigating abuse that warrants law enforcement involvement but they may not have the expertise to advise on legal matters. Being a part of an engineering organization may garner better access to tools and technology but this team may not have legal or operations knowledge and expertise. A security organization may prioritize data privacy but be lacking in legal expertise too. Sitting in a T&S organization can offer operational expertise but may result in difficulty securing resources and staff.
When setting up a law enforcement response function, it’s important to consider the types of requests for user data the team will be receiving. United States law enforcement may submit legal processes such as subpoenas, court orders, search warrants, National Security letters (NSLs) and even Foreign Intelligence Surveillance Act (FISA) orders. Non-U.S law enforcement may submit all manner of requests such as French Réquisitions and Investigatory Powers Act (IPA) Forms from the United Kingdom. The current or expected volume of these requests will also be a factor in determining how to set up and staff the team.
Another consideration when setting up this function is how much the company wants to share externally about the relationship with law enforcement. It’s become common for companies to publish guidelines for law enforcement to use when trying to obtain information about the company’s users on their website. These law enforcement guidelines can be as minimal or robust as the company wants and can include specific information on what user data is available, how to obtain data, how a user can use the service, and how to contact the law enforcement response team.
The team will also most likely also support emergency disclosure requests from multiple regions. Staffing for this function is critical and will require familiarity with many types of law enforcement agencies, possibly non-English language support, and ideally geographically diverse teams to support a follow-the-sun model of coverage.
There may be other teams to establish that could augment and work alongside the law enforcement response team. For instance:
- Law enforcement outreach: Outreach teams manage the relationship between an organization and law enforcement entities. They may offer training and provide education to law enforcement about the organization and product.
- Investigation: Teams that investigate and analyze the content, users, or networks whose activity triggers legal reporting requirements, and proactive law enforcement referrals.
- Program/project management/data support: Teams responsible for planning and executing projects that affect law enforcement, and for monitoring and analyzing their effectiveness.
- Engineering teams: Teams that provide technology solutions to enable an organization to operate efficiently such as: case management, data production, content review, securely receiving tips and referrals to law enforcement agencies.
- Legal/Content Policy teams: Teams that work with operations teams to determine how abusive content is enforced and provide legal advice regarding law enforcement data requests and regulations affecting law enforcement/government requests.