Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
- Home
- Practices and Industries
- Regulatory and Public Policy
- Data Privacy and Cybersecurity
- Electronic Surveillance and Law Enforcement Access
With the advent of Internet-based communications and cloud computing, individuals and companies around the world have increasingly entrusted their private data with third-party technology providers. This digital revolution has transformed how law enforcement agencies conduct investigations, as digital evidence has become relevant in virtually every case. National security authorities likewise depend on electronic communications data to combat terrorism and defend against foreign adversaries. As a result, companies across a wide range of industries now regularly receive legal demands to produce electronic data or to assist in electronic surveillance.
Covington guides leading global companies through the complex legal and policy issues surrounding government electronic surveillance and law enforcement access to digital information.
Government Investigations and National Security Obligations
We counsel clients regarding their legal process obligations in criminal investigations, including with respect to grand jury subpoenas, warrants, and other court orders, and in responding to legal process issued in national security investigations, such as National Security Letters (NSLs) and orders issued under the Foreign Intelligence Surveillance Act (FISA).
Navigating Regulatory Frameworks
We also help businesses that are seeking to use technology in new ways or are designing new products or services, so that they understand the extent to which their innovation may give rise to legal obligations to assist with electronic surveillance.
Additionally, we guide clients through the increasingly complex mosaic of legal and regulatory obligations relevant to cross-border law enforcement access to data, such as the CLOUD Act and the EU General Data Protection Regulation (GDPR), including with respect to conflict-of-laws and jurisdictional issues.
How We Help Clients
Our multidisciplinary practice draws on our team’s expertise in litigation, data privacy, cybersecurity, white collar investigations, and public policy and government affairs.
- Compliance Advice: We advise companies on their obligations to respond to a wide variety of legal demands issued by countries worldwide, and counsel companies as to how data storage and processing practices may affect how regulations apply to their products and services.
- Litigation: Covington has litigated many of the precedent-setting cases in the past several years pertaining to electronic surveillance and law enforcement access. We have repeatedly prevailed against the government in high-profile cases on behalf of technology companies seeking to protect customer information against overbroad assertions of surveillance authorities. Our litigation has also led to important new policy changes, including a new law modernizing the framework for cross-border data requests and several significant new Department of Justice policies.
- Public Policy: We help our clients engage with lawmakers in the United States and other countries to educate them about these issues. Our policy advocacy helps companies approach the issues raised by electronic surveillance holistically, often supplementing their litigation and compliance objectives. When needed, we also assist clients in delivering effective testimony to lawmakers. At the agency level, we engage with government decision-makers regarding best practices and the application of existing authorities to new technologies.
- Cross-Jurisdictional Legal Issues: We regularly help global companies address cross-jurisdictional issues raised by law enforcement access to digital information, including conflict-of-law situations, by drawing on our deep data privacy expertise in the U.S., Europe, and China. We have particular expertise in advising on surveillance authorities in light of the CLOUD Act, the EU GDPR, and China’s Cybersecurity Law.
Representation of Microsoft in Landmark Case Involving Data Stored Abroad
Successfully challenged U.S. government warrant seeking data stored in Ireland. After a favorable decision from the Second Circuit—and while the Supreme Court was reviewing the case—Congress enacted the CLOUD Act, a modernized framework for cross-border data requests. See United States v. Microsoft Corporation, No. 17-2 (U.S.).
Development of Internal Guidelines for Law Enforcement Requests
Regularly assist global businesses in developing internal guidelines for responding to law enforcement requests, including by identifying and advising on relevant legal obligations and assessing best practices for responding to government requests for customer data. We help clients develop procedures for addressing conflict-of-law issues that arise when receiving law enforcement requests from countries worldwide, with an eye toward creating efficient and scalable solutions.
Successful Challenge of FBI National Security Letter
Challenged issuance of an FBI National Security Letter (NSL) seeking customer information from a global technology company; after this challenge, the FBI withdrew the NSL.
Litigated Successful Constitutional Challenge
On behalf of Microsoft, successfully challenged a gag order statute that allows courts to forbid technology companies from telling their customers about demands for their data under the Electronic Communications Privacy Act (ECPA). The lawsuit resulted in nationwide reform of the government's practices under the statute. See Microsoft Corporation v. United States Department of Justice, No. 2:16-cv-00538-JLR (W.D. Wash.).
Litigation Resulting in New Rules on Customer Access to Government Data Demands
Representation of technology client in Foreign Intelligence Surveillance Court litigation challenging restrictions on technology company disclosures about government surveillance. The litigation resulted in new rules that allow technology companies to give their customers more information about how often the government demands customer data. See In re Motion to Disclose Aggregate Data Regarding FISA Orders, Misc. No. 13-04 (FISA Ct. 2014).
Government Electronic Surveillance and Law Enforcement Access
Covington guides leading global companies through the complex legal and policy issues surrounding government electronic surveillance and law enforcement access to digital information.
Advising Multinational Technology Companies and Associations on Proposed E-evidence Regulation
Advising a number of multinational technology companies and trade associations on the European Commission's proposed Electronic Evidence Directive and Electronic Evidence Regulation, which would facilitate the ability of EU law enforcement authorities to compel U.S.-based online service providers to disclose user data in criminal investigations.
September 30, 2020, Inside Privacy
In the wake of the Court of Justice of the European Union’s (“ECJ”) Schrems II decision invalidating the EU-U.S. Privacy Shield (“Privacy Shield”) but upholding the validity of standard contractual clauses (“SCCs”), the U.S. government has released a White Paper entitled “Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for...… ...
July 7, 2020, Inside Privacy
Last month marks two years since the Supreme Court held, in Carpenter v. United States, that the Fourth Amendment applies to cell phone company records that detail a cell phone user’s location and movements. Under Carpenter, police are generally required to use a warrant to obtain seven days or more of a user’s cell-site location...… Continue Reading
July 6, 2020, Inside Privacy
Senators Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.) and Marsha Blackburn (R-Tenn.) have introduced the Lawful Access to Encrypted Data Act, a bill that would require tech companies to assist law enforcement in executing search warrants that seek encrypted data. The bill would apply to law enforcement efforts to obtain data at rest as well as...… Continue ...
April 1, 2020, Inside Privacy
On March 31st, Washington Governor Jay Inslee signed into law SB 6280, a bill aimed at regulating state and local government agencies’ use of facial recognition services. An overview of the law’s provisions can be found here. Notably, Governor Inslee vetoed Section 10 of the bill, which aimed to establish a legislative task force that...… Continue Reading
March 23, 2020, Inside Privacy
On March 12, 2020, Washington’s state legislature passed SB 6280, a bill that will regulate state and local government agencies’ use of facial recognition services (“FRS’s”). The bill aims to create a legal framework by which agencies may use FRS’s to the benefit of society (for example, by assisting agencies in locating missing or deceased...… Continue Reading
March 16, 2020, Global Data Review
Trisha Anderson spoke with Global Data Review about Congress’s lapse in renewing the Freedom Act while dealing with COVID-19. Ms. Anderson told GDR if Congress doesn’t renew the business records provision, the FBI will have to operate with pre-Patriot Act surveillance tools. She adds that the FBI would still be able to obtain business records via grand jury ...
October 11, 2019, Inside Privacy
On October 3, 2019, the United States and United Kingdom signed an agreement on cross-border law enforcement demands for data from service providers (“Agreement”). The Agreement is the first bilateral agreement to be entered under the Clarifying Lawful Overseas Use of Data (CLOUD) Act. It obligates each Party to remove barriers in their domestic laws...… ...
September 16, 2019, Inside Privacy
R (on the application of Edward Bridges) v The Chief Constable of South Wales [2019] EWHC 2341 (Admin) Case Note Introduction In Bridges, an application for judicial review, the UK High Court (Lord Justice Haddon-Cave and Mr. Justice Swift) considered the lawfulness of policing operations conducted by the South Wales Police force (“SWP”) which utilised...… ...
April 11, 2019, Inside Privacy
On Wednesday, the U.S. Department of Justice released a white paper and FAQ on the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which was enacted in March 2018 and creates a new framework for government access to data held by technology companies worldwide. The paper, titled “Promoting Public Safety, Privacy, and the Rule of...… Continue Reading
Going Over the Top
April 9, 2019, Global Data Review
Trisha Anderson spoke with the Global Data Review about the U.S.’s encryption law and its role electronic communication. According to Ms. Anderson, authorities in the U.S. have only general legal tools to seek access to encrypted data. Some traditional U.S. investigative tools, issued through courts and codified in law enforcement procedures, contain general ...
April 6, 2019, Inside Privacy
This article originally appeared in Global Data Review on March 29, 2019 Last year, the US passed legislation expanding the geographic reach of certain legal process, including search warrants, issued to technology providers seeking customer data. Under the Clarifying Lawful Overseas Use of Data (CLOUD) Act, warrants issued by US courts can force certain ...
January 22, 2019, Inside Privacy
Last week, a California magistrate judge denied federal prosecutors’ application for a search warrant on the grounds that law enforcement cannot force people to unlock their phones using biometric features, such as fingerprints and facial recognition. The case pertained to an investigation of extortion in which suspects allegedly sent an online message ...
Former FBI official joins Covington
September 7, 2018, Global Investigations Review
Trisha Anderson and James Garland are quoted in Global Investigations Review regarding Ms. Anderson rejoining the firm. Mr. Garland believes Ms. Anderson will be a valuable asset to helping navigate the U.S. Cloud Act. He says, “Trisha has that ability to spot the pain points for both the clients and the government and help figure out a way forward. Sometimes ...
Leading National Security Lawyer Rejoins Covington
September 4, 2018
WASHINGTON—Trisha B. Anderson, an experienced national security and cybersecurity lawyer who has held senior positions at multiple federal agencies, has rejoined Covington as a partner in Washington. Ms. Anderson most recently served as Principal Deputy General Counsel of the Federal Bureau of Investigation, where she handled complex national security and cyber ...
March 27, 2018, Covington Alert
On March 23, 2018, Congress passed, and President Trump signed into law, the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which creates a new framework for government access to data held by technology companies worldwide.

Key Takeaways: DOJ Releases White Paper on CLOUD Act
On April 10, 2019, the U.S. Department of Justice released a white paper and FAQ on the CLOUD Act.