Anchoring the need to revise cross-border access to e-evidence

: In April 2018 the European Commission presented an e-evidence package including a Proposal for a Regulation on a European Production and Preservation Orders for electronic evidence in criminal matters and a Proposal for a Directive on the appointment of legal representatives. The e-evidence package was accompanied by an impact assessment. This assessment asserts that e-evidence is requested in half of all investigations (first premise), that the mutual legal assistance treaties (MLAT) system is an inefficient channel for that purpose (second premise), and that as a result, two thirds of crimes cannot be effectively investigated (third premise). I challenge the empirical soundness of these three findings and argue that the percentages and figures used frame the problem fundamentally on technical and efficiency grounds. There is no reference to the political and economic motivations behind the promotion of a policy shift from MLAT to direct cooperation, which in my view, is the fourth and lost premise.

evidence") for law enforcement authorities investigating or prosecuting crime. Since EU citizens' data is mainly processed by service providers and digital platforms headquartered in the US, its storage and location often depend on business architecture choices rather than a traditional investigative jurisdiction (see de Hert et al., 2018;Svantesson, 2017).
According to the European Commission (the Commission), in the EU "crimes cannot be effectively investigated and prosecuted because of the challenges in cross-border access to electronic evidence" (European Commission, 2018, p.9). These challenges are often linked to the channels currently used to request e-evidence across borders, which are regarded as cumbersome, too lengthy or simply inadequate. With the aim of improving cross-border access to e-evidence, in April 2018 the Commission presented the so-called e-evidence package, that included: a Regulation on European Production and Preservation Orders (EPOs) for electronic evidence in criminal matters (EPO Regulation); and a Directive on the appointment of legal representatives (LR Directive). In short, departing from a mutual legal assistance treaty (MLAT) model, the proposed e-evidence package presents new rules aimed at enhancing direct cooperation between law enforcement authorities (LEAs) 1 and service providers. 2 On the one hand, the EPO Regulation grants EU authorities the possibility to issue production and preservation orders for e-evidence directly to service providers established in another EU member state. On the other hand, the LR Directive imposes the obligation on service providers 3 offering services in the EU to appoint a legal representative in order to receive, comply and enforce evidence requests from EU LEAs. 4 The package is accompanied by a regulatory impact assessment, an extensive report of 282 pages, drafted by the Commission.
Impact assessments are one of the most relevant tools available to EU institutions to reach wellinformed decisions in policy making (Keyaerts, 2012;Alemmano, 2011). In the context of the Commission's legislative action, impact assessments belong to the set of common principles and processes, enumerated in its Better regulation: guidelines and toolbox. As such, impact assessments represent an instrument to support the justification of the EU's policy and legislative initiatives against claims of arbitrariness (Keyaerts, 2012). Among the objectives of a regulatory impact assessment, there is verifying that a problem exists, identifying who is affected by it, estimating the problem's scale, analysing its causes and consequences, and assessing the problem's evolution in the absence of EU policy intervention (Better Regulation Toolbox, 2017). Due to their authoritative and conferred probative value, regulatory impact assessments have the operational capacity to institutionalise views of reality and therefore help to justify or undermine particular policies. It is in that sense that impact assessments have been recognised as relevant tools by the Court of Justice of the European Union (CJEU) when examining the justification for EU legislation under necessity and proportionality criteria (Keyaerts, 2010;Alemanno, 2009).
In the case of the e-evidence package, the Commission's impact assessment defines the problem faced by LEAs when requesting access to e-evidence stored or located abroad based on the following three findings (European Commission, 2018): More than half of all investigations include a cross-border access request to e-evidence; 1.
Less than half of all the requests to service providers are fulfilled; 2.
Almost two thirds of crimes involving cross-border access to e-evidence cannot be effectively 3.
investigated or prosecuted.
Each of these findings implies a premise that characterises the definition and the magnitude of the problem of investigating crime where e-evidence is involved. In that respect, the first finding Anchoring the need to revise cross-border access to e-evidence Internet Policy Review | http://policyreview.info 4 September 2020 | Volume 9 | Issue 3 First, in the impact assessment e-evidence is defined as "electronic data", a neutral term that is alternatively replaced in the EPO Regulation by the notion of "evidence". In that way the Regulation grants a prima facie qualification of "evidence" to the data requested through it, and therefore acknowledges by default the probative value of electronic data in the context of criminal proceedings (European Parliament, 2019b, p. 147).
Second, in the EPO Regulation the material scope of e-evidence is delimited by reference to a narrowed list of service providers, while the impact assessment refers to a more general notion of "digital services". The EPO Regulation solely covers electronic data "stored or processed by or on behalf" of a service provider offering either electronic communication services, information society services or internet infrastructure services (European Commission, 2017, Article 2). The definition of these service providers is at the same time based on those definitions offered by the

MUTUAL LEGAL ASSISTANCE MODEL VS DIRECT COOPERATION MODEL IN THE CONTEXT OF E-EVIDENCE
Today, LEAs seeking to access data located extraterritorially can either issue a request to the authorities of the foreign country where the data is located (via mutual legal assistance) or, if their domestic laws allow it, directly approach the service provider in control of that data (via direct cooperation). Additionally, LEAs might bypass any intermediaries and obtain the data directly by gaining access to it. Due to its unilateralism, this last method will not be discussed here (see Koops & Goodwin, 2014, for discussion Across the EU, cooperation in criminal matters between member states has progressively evolved into a qualified type of assistance named mutual recognition (Klip, 2016). Under mutual recognition, requests from the issuance state are given a "quasi-automatic" legal effect in the jurisdiction of the receiving or executing state (Larsen, 2018). To this day, the most recent example of mutual recognition instruments is the European Investigation Order Directive, which allows LEAs from one member state to request the execution of investigatory measures from the authorities of a second member state, including among others, the production and preservation of e-evidence. 5 In the context of e-evidence gathering, and despite that its legal basis is highly controversial, some LEAs are increasingly approaching service providers outside the MLAT model. As its name indicates, under the direct cooperation model LEAs directly contact service providers without any intervention of the authorities of the country to which the request is sent. However, as observed in the 2016 Commission's Q uestionnaire on improving criminal justice in cyberspace, the effective fulfilment of a direct request remains uncertain: on one hand due to its unclear legal framework; and on the other hand, because of the difficulties in ensuring extraterritorial enforcement of domestic production orders.
There is currently no common position in the EU about the lawfulness of direct cooperation, a circumstance that came about for two main reasons. First, the differences among member states' regulation of domestic and foreign service providers. Second, due to the absence of rules on whether requests issued directly to a service provider in another country are voluntary or mandatory for the service provider being addressed. 6 In this context several connecting factors have been raised by LEAs to "hook" service providers into their jurisdiction. These arguments can generally be based on variations or expansions of claims aboutthe place where the service providers have their main seat, the place where the services are offered and the place where the data is stored (de Hert et al., 2018).
As will be further developed, there is a strong political trend promoting a paradigm shift towards direct cooperation between private companies and public authorities (González Fuster (CLOUD) Act in March 2018 embodies this political shift. Answering and rendering moot the questions posed by the Microsoft Ireland case, the CLOUD Act clarified that under US law, US authorities have the right to require the production of data processed by a service provider subject to US jurisdiction, regardless of where the data is stored or located (Stefan & Gonzalez-Fuster, 2018). On the signing of an executive agreement between governments, the CLOUD Act also contemplates the possibility that a US service provider directly answers requests of foreign countries for the interception or disclosure of data, including content data, under its control. All of this indicates that in the context of e-evidence, the new US framework will be used to circumvent the MLAT procedure by benefitting from direct cooperation with service providers.
The signature of the US-UK Agreement and the current US negotiation of executive agreements with the EU and Australia, reinforce this political trend.

THE SOURCES OF THE IMPACT ASSESSMENT
To define the problem of cross-border access to e-evidence, the impact assessment attempts to quantify the volume of e-evidence requests and the number of investigations negatively affected by the alleged inefficiencies of MLAT and direct cooperation channels. The Commission recognises, however, that the endeavour has been heavily conditioned by the lack of data: It is not possible to determine exactly the number of crimes that cannot be effectively investigated and prosecuted in the EU because of challenges in cross-border access to electronic evidence. Data at this level of detail is not collected by public authorities.
There is no precise data available on the number of requests for judicial cooperation, direct cooperation, direct access or WHOIS lookups (European Commission, 2018, p.

13).
In the absence of reliable statistics the Commission grounds its analysis on estimations. With regard to mutual legal assistance in the EU, the impact assessment uses figures from the European Arrest Warrant and the European Judicial Network, estimating the existence of 13,000 yearly EU requests through MLAT/EIO of e-evidence between member states. For MLAT requests from EU to US authorities, the impact assessment uses the 2016 EU-US MLA review report, estimating 1,300 requests of e-evidence per year from EU authorities to their US counterparts (European Commission, 2018, p. 14).
Regarding direct cooperation, the Commission rests its analysis on the 2013-2016 transparency reports from five service providers, namely Facebook, Google, Microsoft, Twitter and Apple.
According to these reports, the five companies received more than 90% of the 120,000direct cooperation requests sent to the US in 2016. What is more, of those, 70% targeted Google and Facebook only (European Commission, 2018, p. 258-266). Despite the fact that transparency reports are considered the main source of data on direct cooperation, the impact assessment acknowledges the impossibility of ascertaining whether their figures strictly refer to direct cooperation requests, or, on the contrary, if they also relate to domestic orders deriving from a previous MLAT request. In other words, the figures in the transparency reports ignore whether a request arriving at a service provider's headquarters is the result of an MLAT procedure, or if it originates from authorities in the same country requesting its execution (European Commission, 2018, p. 14).
Moreover, the Commission assumes that requests issued via MLAT only seek content data while those via direct cooperation solely target metadata (or non-content data). Although no further clarification is offered, the assumption seems to be based on the aforementioned incapacity for service providers to discriminate between judicial and direct cooperation requests, as well as on the unwillingness to recognise that content data is being requested via direct cooperation (European Commission Task Force, 2016).
To overcome these empirical limitations, the impact assessment supports its analysis with a survey addressed to the public authorities of EU member states (Gonzalez-Fuster & Vazquez-Maymir, 2020). In truth, the premises defining the problem of e-evidence as described in the impact assessment are fundamentally built on the results of targeted survey nº2 (TS2):a survey not publicly available, that was conducted online during 17 days in October 2017, and that received 76 responses from LEAs from all EU member states except Poland and Greece. 7 Since 52 out of the 76 respondents decided not to provide their country of origin, the representation of respondents based on member state origin cannot be provided.
With regards to the professional occupation of the respondents, 68 were police authorities, 5 were judicial authorities and 4 were public administration officials. The survey also shows a high representation of LEAs involved in the investigation or prosecuting of cybercrime (n=21), followed by authorities focused on financial crimes (n=16), and less prominently, in charge of terrorism (n=7), human smuggling (n=6), child sexual exploitation (n=5), and organised crime (n=4). 8The over-representation of police officers and LEAs investigating crimes heavily dependent on data, together with the small size of its sample, alerts us to potential biases in the survey results.
The Commission describes the objective of TS2 as that of "collecting quantitative and qualitative information on the size of the problem concerning cross-border access to e-evidence through both judicial cooperation channels and direct cooperation between public authorities and service providers" (European Commission, 2018, p. 135). Consequently, despite the impact assessment presenting TS2 as a source of objectivity, the reality is that they only provide subjective estimations from a very narrow sample of participants. This circumstance limits the empirical evidence supporting the Commission's assessment, and should alone prevent us from deducing any categorical premises from it. Keeping this warning in mind, the analysis of the premises is nonetheless valuable for further understanding the problem of cross-border access to e-evidence.

THE FIRST, OR NECESSITY, PREMISE: THE MAJORITY OF CRIMINAL INVESTIGATIONS IN THE EU REQUIRE CROSS-BORDER ACCESS TO E-EVIDENCE
The Commission states that 85% of all criminal investigations require e-evidence and of that percentage, two thirds (65%) are said to involve a cross-border request to a service provider. As a corollary to both figures, the impact assessment establishes the first premise of the problem, that "55% of total investigations include a request to cross-border access to e-evidence" or in other words that "more than half of all investigations include a cross-border request to access eevidence" (European Commission, 2018, p. 14). The quantification and measurement of the size of the problem is key when it comes to objectively determining LEAs' needs to access data.
Therefore, we must ask, how does the Commission ascertain such numbers and how credible are they?
Before digging into the percentages, it needs to be highlighted that the definition of e-evidence used in TS2 differs from that of the EPO Regulation or the impact assessment. TS2's glossary defines "electronic evidence" as "electronically stored data such as subscriber information, metadata (connection/traffic/location data) or content, generated by any activity related to electronic communication services, telecommunications and other internet or app-based services". Therefore, e-evidence is not confined to data stored by a number of service providers or to digital services but instead refers to a broader concept of "electronically stored data".
Nevertheless, the Commission uses the figures from TS2 to infer the quantitative relevance of eevidence as it is understood in the e-evidence proposal.
Based on the Commission's explanations and, while not explicitly mentioned, the total percentage of investigations requiring cross-border access to e-evidence has its statistical basis as the combination of responses to question 10 (Q10)and question 12 (Q12) on the TS2 (European Commission, 2018, p. 258). The two questions followed the same formula and offered participants the possibility to estimate between a range of percentages from 0-11% to 91-100%. As an alternative the questions also allowed respondents to express the impossibility of making an estimation.
In Q10 9 the Commission asked participants to "estimate the percentage of investigations where electronic evidence (in any form) is relevant, e.g. as a lead". The median of the estimations is the source that allows the Commission to claim that 85% of criminal investigations require eevidence. Similarly, in Q12, 10 participants were asked to provide estimations about the total number of investigations where "a request to a service provider in another jurisdiction is needed to obtain the evidence". The results of Q12 are used to state that two thirds (65%) of all criminal investigations requiring e-evidence are cross-border.
From the combination of the results from Q10 and Q12, the core of the first premise is established, namely that 55% of all criminal investigations include a cross-border request to access e-evidence. 11 It is worth stressing again that despite the Commission seemingly discussing percentages of the total number of investigations, the premise is built upon a median of estimations from a relatively small sample with a very specific professional background.
To be precise, when contrasting the responses to Q10 and Q12 with the participants' area of crime specialisation, we observe that the results are heavily conditioned by the responses from LEAs investigating cybercrime and financial crimes, two areas of crime that are arguably more reliant on accessing "electronically stored data".
As the actual volume of cross-border access requests cannot be determined precisely, the Commission supports its conclusions by reference to the figures offered in the transparency reports of the five main service providers. Without elaborating any further, the Commission states that the reports "provide an idea of the number of requests that the above percentages refer to" (European Commission, 2018, p. 14). However, taking into account the flaws already explained, the analytical value of the transparency reports cannot be taken for granted.
Through the first, or necessity, premise, the Commission indirectly establishes an objective need for accessing e-evidence in the investigation and prosecution of crime. However, the logical relationship between more than half of all criminal investigations involving a request for eevidence and its relevance or usefulness in the proceedings remains unknown. If we were to acknowledge the percentages given and the cause-effect relationship between the increase of cross-border access requests and the existence of a generalised need for data in criminal investigations, then further considerations are needed.
Looking at the figures in annex 11 of the impact assessment (European Commission, 2018, p. 265), we observe that from the total of 120,032 direct cooperation requests received by Facebook, Google, Microsoft, Twitter and Apple in 2016, 91,137 were submitted by Germany, France and the UK. 12 In other words, these three countries alone represent "three quarters of the total number of requests to the main service providers submitted by law enforcement authorities in the EU" (European Commission, 2018, p. 267).
When comparing the total number of direct cooperation requests issued by each of these three countries against their population, we observe that the UK, Germany and France issue approximately four requests to service providers for every 1,000 citizens. 13This ratio doubles the EU average. In fact, only Luxembourg and Portugal (approximately 3 for every 1,000) and Malta (which reaches a surprising number of 10 requests for every 1,000 citizens) are above the average. 14 Why do these countries issue double the number of requests than their fellow member states -is it that they take crime more seriously? While this seems doubtful, the disparity might find a better explanation in other reasons such as the differences in national For the reasons outlined above, it cannot be sustained that "more than half of all investigations include a request for cross-border access to e-evidence", there is no evidence supporting that statement. The impact assessment fails to provide sufficient evidence to support the implicit connection between the large amount of requests issued by LEAs and the necessity of e-evidence in the investigation and prosecution of crime. Therefore, the first or necessity premise which states that "the majority of crime investigations in the EU require a cross-border access to eevidence" must also be rejected.

THE SECOND, OR EFFICIENCY, PREMISE: MLAT IS AN INEFFICIENT CHANNEL FOR CROSS-BORDER ACCESS TO E-EVIDENCE
The second, or efficiency, premise suggests that MLAT is an inefficient channel to access eevidence: a conclusion obtained from stating that "less than half of all the requests to service providers are fulfilled" (European Commission, 2018, p. 15).
The source behind the ratio of fulfilment is the responses given by participants to Q21, 15 Q33, 16 Q45 17 and Q57 18 of TS2. Each question asked public authorities to provide estimations of the percentage of requests fulfilled during investigations, based on the scenarios and the different types of data covered in the survey. 19 Table 1 of the impact assessment shows a summary of TS2 results based on three parameters: i. the type of data requested; ii. the channel followed to issue the request (judicial cooperation or direct cooperation); and iii. the location of both the requested authority or the service provider targeted by a request (EU country or non-EU country). Note: the median of the above responses is 45% In light of table 1, the impact assessment concludes that requests to service providers within the EU are fulfilled in a higher ratio than those issued abroad, and that subscriber data is easier to obtain than content data (European Commission, 2018, p. 259). 22Also, the percentages are used to generate the median of 45% for fulfilment rates, which help imply the inefficiency of existing channels to access e-evidence across borders.
To assess the robustness of the median given in table 1, it is important to look at the number of TS2 participants which chose not to answer the questions at all. Taking into account the aggregated responses for all types of data (i.e. non-content data and content data), it can be observed that 27% of the participants did not provide any estimate for requests for judicial cooperation among EU authorities and that 34% did the same for cooperation for non-EU member states. With respect to direct cooperation requests to service providers located in the EU, there are 34% of non-responses, a percentage that reaches 54% of the sample for direct cooperation requests issued to non-EU countries. This means, for example, that for the estimations of fulfilment rates of direct cooperation requests to the US, the Commission uses the response to a question for which 42 out of 76 respondents did not provide an answer. The sample is again too small to draw any representative conclusion.
Again, to fill the empirical gaps of TS2, the Commission leans on the service providers' transparency reports. Despite the impact assessment warning about the differences between a request being answered and fulfilled, the Commission still interprets the median of percentages as an insight supporting the fulfilment rates previously estimated in Germany (52.85%) and the UK (76%), it is clear that Google answers a higher ratio of the requests from these countries (European Commission, 2018, pp. 258-266).
Facebook, Google, Twitter, Apple and Microsoft process e-evidence access requests by classifying a request as one of three categories: emergency disclosure requests, legal requests and reservation requests (European Commission, 2018). It is up to the company and its internal policies to assess which requests pertain to which category. From our analysis, and considering the impossibility of discerning between MLA and direct requests, it can be concluded that the internal policy of service providers on e-evidence requests has a substantial -if not decisiveimpact on the production or not of the requested electronic data, and in turn in the efficiency of existing channels for accessing e-evidence.
The impact assessment fails to provide sufficient evidence to support the claim that MLAT is an inefficient channel for cross-border access to e-evidence. This is an overstated and unfounded claim.

THE THIRD, OR IMPACT, PREMISE: ACCESS TO E-EVIDENCE CONDITIONS THE SUCCESS OR FAILURE OF FIGHTING CRIME
The third and last premise establishes a direct link between access to e-evidence and the success or failure of effectively fighting crime. The premise is built on the finding that "almost two thirds of crimes involving cross-border access to e-evidence cannot be effectively investigated or prosecuted" (European Commission, 2018, p.17). But where does that percentage come from?
The Commission again uses the responses obtained in TS2 and particularly the answers to questions to Q25, 24 Q37, 25 Q49 26and Q61, 27 asking participants to "estimate the percentage of investigations which are negatively affected or cannot be pursued" due to the "lack of timely access" or the "lack of access" to e-evidence.As in previous questions, all options comprised percentage ranges for each of the four different scenarios contemplated in TS2, also offering participants the possibility to indicate their inability to provide an estimate.
The results are succinctly displayed in   Commission, 2018, p. 17). From its figures, the Commission states that 75% of all investigations involving a request for data through judicial cooperation channels within the EU are negatively "affected or abandoned", a percentage that reaches 85% in the case of non-EU countries. Using the same logic, the impact assessment indicates that the negative impact on requests for direct cooperation in the EU is reduced to 55%, and to an even lower 40% in the case of direct cooperation requests targeting service providers from non-EU countries. Based on these percentages, the impact assessment infers that direct cooperation is a more efficient channel than MLAT (European Commission, 2018). The impact assessment does not provide sufficient evidence for the claim that MLAT as a channel for cross-border access to e-evidence is more negatively affected by lack of timely access than direct cooperation.
This conclusion also challenges two subjacent ideas that consistently frame the scope of the Commission's analysis of the problem and its drivers: 29 on one hand, the understanding of what a negative impact on an investigation is; and on the other hand, the assumption that accessing data is equally relevant for the investigation of any sort of crime regardless of the type of offence.
What is a negative impact? The impact assessment gives little insight as to what is to be understood as a negative impact on a criminal investigation. While the Commission identifies its causes in a lack of timely access or lack of access (see table 2), it also lumps together their consequences, obviating any reference to their intensity or nature. In this way, the assessment fails to separate between the cases where not having data or accessing it late causes a minor or redeemable drawback, and those when it is fatal or conclusive to the proceedings. Indeed, the Commission's framing of the problem helps establish a generalised cause-effect relationship between access to data and a prejudice to any sort of investigation and prosecution. However, while not having immediate access might indeed result in consequences where data is at risk of being erased or moved, it might be an overstatement to consider that timely access to data has an equal impact in all cases. The same reasoning could be applied with regards to the impossibility of accessing data at all.
Is (all/any) data equally relevant to the investigation of all types of crime? Very often, cross border access to data is considered relevant to any crime leaving a digital trace (European Commission, 2018, p.13). 30 Since the impact assessment does not clarify the type of offences motivating requests for the production or preservation of data, it fails to provide a reasoned assessment based on necessity criteria. The Commission extrapolates the investigatory needs of specific serious crimes such as cybercrime, terrorism, child exploitation or organised crime, to the investigation of crime in general.
Based on table 2, the Commission states that "almost two thirds of crimes involving crossborder access to e-evidence cannot be effectively investigated or prosecuted" (European Commission, 2018, p. 17). The empirical basis for this finding is insufficient. Even though on some occasions data might be the only lead for the investigation of crimes, it is not clear that the sole existence of a digital trace should justify a generalised dependence of investigations on access to data. The formulation of the TS2 creates bias towards the identification of access or timely access to e-evidence as the main factor negatively affecting criminal investigations.
Further research on this matter could provide a far more comprehensive picture of the size of the problem, allowing the better identification of needs and cases where data is actually determinant while also serving as a deterrent mechanism against abuse caused by unnecessary requests.

THE LOST PREMISE: THE POLITICAL SHIFT FROM MLAT TO DIRECT COOPERATION
The three premises described not only define the problem of cross-border access to e-evidence, they also determine what is to be considered as the problem's potential causes. The impact assessment asserts that e-evidence is requested in half of all investigations (the first premise), that the MLAT system is an inefficient channel for that purpose (the second premise), and that, as a result, two thirds of crimes cannot be effectively investigated (the third premise). These premises confine the assessment almost exclusively to the relevance of data and the obsolescence of existing channels for requesting it. There is no reference to the political and economic motivations behind the promotion of a policy shift from MLAT to direct cooperation, which in my view, is the fourth, and lost, premise.
As with many other aspects of global policy, the position of the US must be considered (see also Cartwright, 2020), all the more if we take into account how the market dominance of US service providers has translated into a worldwide dependence on US procedures for data access requests. As has been explained, over 90% of all cross-border access requests for non-content data target five service providers headquartered in the US (Microsoft, Apple, Google, Facebook, Twitter) (European Commission, 2018, p. 14).
The US Criminal Division's Office of International Affairs (OIA) is today the central authority through which LEAs issue MLAT requests to obtain evidence located in the US. 31 But this has not always been the case: before the centralisation of the OIA, whenever foreign authorities requested US assistance, this would require the involvement of US attorneys from as many districts as there were locations of potential evidence. The difficulties in determining the district court responsible for fulfilling requests, and the unclear wording on the court's "jurisdiction over the offence" caused confusion in routine MLA cases and represented a "waste" of the already scarce US Department of Justice (DOJ) resources (Congressional Record, Vol 155, pt 12, 2009 In the same year the Obama administration passed the Foreign Evidence Request Efficiency Act (FERE Act) as a response. 32 The FERE Act was conceived as a paradigm shift on how MLA requests were to be handled: it promoted the centralised processing of foreign evidence requests and allowed them to be directly handled by the OIA rather than through US attorneys' offices.
To that end, a venue in the District of Columbia was created with jurisdiction to issue court orders compelling the production of evidence sought by foreign authorities. However, the envisioned paradigm shift has been thwarted by a lack of investment, and most MLAT requests for evidence still rely heavily on US attorneys based on the location of evidence (Department of Justice, 2015, p. 24).
In practice, the OIA's increasing workload faced has been shouldered by a sustained shortage of personnel caused by the department hiring freeze (Department of Justice, 2015, p. 23).
Additionally, the OIA has also been suffering from serious technological limitations. In 2015, the DOJ declared that the management system used for all the OIA's case work still "had not seen a Not even a year after the first steps were adopted, in its report on the President's budget for the

CONCLUSION
The Commission's e-evidence package envisages a scenario where the investigation and prosecution of crime is heavily data-driven and where service providers become key actors in the e-evidence gathering processes. Currently, two models coexist for accessing e-evidence across borders: mutual legal assistance and direct cooperation with service providers. In the EU, the different approaches taken by member states and their national laws question the lawfulness of using direct cooperation, yet following the US CLOUD Act and the unfolding of the Commission's e-evidence package, this might very soon change.
Ensuring an efficient channel for LEAs to access e-evidence abroad is necessary, and it may not always be realistic to demand or even achieve a detailed picture of the problem as a prerequisite for any legislative initiative. However, it is equally important that unfounded assumptions do not shape new law. In an attempt to depict MLAT as an obsolete and inefficient channel for data access requests, the Commission disregards what is perhaps the main cause of such obsolescence: the absence of a global political compromise to foster cross border cooperation between law enforcement authorities. Or in other words, there exists a hegemonic political stance of transferring states' responsibilities in criminal matters to private companies on efficiency and economic grounds.
How do we assess LEAs' needs when it comes to accessing e-evidence? Which investigations are more affected by access or lack of access to e-evidence? How are misuses and abuses identified and dealt with? Are authorities sufficiently prepared and resourced to adequately carry out their tasks? The fact that there is no answer to these questions should put us on alert, not only for the purposes of assessing the e-evidence package but for ensuring adequate supervision and accountability of LEAs' practices in the investigation and prosecution of crime whenever eevidence is involved.
percentage of investigations where the data request is fulfilled. 29. In section 2.1.3 of the impact assessment titled "Why is it a Problem", the Commission states "(a)after the crime has been committed: electronic evidence is volatile and can be transmitted, altered or deleted easily. Public authorities therefore need effective and timely access to it to be able to prosecute criminals and prevent future crimes(...)." (European Commission, 2018, p. 9) 30. In that respect, the Commission states: "The problem affects all types of crime that can leave a digital trace: it is relevant for many types of serious crimes, but also for a number of lowerimpact, high-volume crimes such as spreading of malicious software (e.g. ransomware), but also when the only digital element is some form of electronic communication. It is relevant for the gathering of evidence for specific and individual criminal investigations and for specific and limited data access, rather than for other purposes that might require bulk data access". 33. "The MLAT handling process must be overhauled in a comprehensive and responsible manner to address the globalisation of crime and growth of electronic communications, and to ensure U.S. law enforcement retains the ability to seek reciprocal assistance from foreign partners. Just as critical is our need to safeguard U.S. security and economic interests that have become threatened by foreign frustration with a U.S. predominance of the Internet that is coupled with a perceived U.S. unresponsiveness to foreign authorities' need for U.S.-based evidence" (Department of Justice, 2015, p. 28)