In the era of the Internet information and ideas transcend territorial borders. Social media platforms, websites, online data repositories, portals etc bring new avenues for exchange and communication channels. However, it also creates scope for misuse of the internet, particularly for committing crimes. Conventionally, evidence or information related to crime is collected within the same country the crime has been committed. But in the age of digitalisation, the server of the internet company can be miles apart in a different country. Thus extracting information from the server has become a painstaking and complicated procedure. This calls for mechanisms and legal frameworks to retrieve the relevant information from foreign. Mutual Legal Assistance Treaty is one such mechanism. A Mutual Legal Assistance treaty is a formal agreement signed to enable the transfer of information from one country to another for a criminal investigation. According to the Ministry of Home Affairs till 2019, India had signed MLATs with 42 countries[1]. The MLAT between US and India is of paramount importance as the US is home to some leading Internet companies. Two recent apps Bulli Bai and Sulli Deals hosted on GitHub[2] are prime examples. The auctioning of Indian Muslim Women on these apps revealed how internet companies such as GitHub[3] based in the US can be a medium for cyberbullying and crime in India. In the light of these developments, it becomes pertinent to visit one of the existing legal frameworks for retrieving data between US and India i.e. MLAT. This article will be focusing on the process from India’s perspective, i.e. data requested by India from the US.


India and the US signed [4] a Mutual Legal Assistance Treaty back in October of  2001, barely a month after the 9/11 attacks. It came at a time when the world had witnessed the dreaded face of global terrorism. Through this treaty, the two countries established a framework to extend mutual support in matters of cyber terrorism and information security[5]. Further, it also created an obligation to provide maximum legal assistance[6] in the prosecution and investigation of organised crime, narco offences and terrorism.


The term Assistance has been defined in Article 2[7]  of the treaty and encompasses facilitating documents, records, items of evidence, requests for search and seizures among others. Thus, MLAT ensures that one country can retrieve information/ data for criminal investigation from the internet company whose servers are located in the other country. This treaty is governed between the Legal Enforcement Agents of both the countries and establishes a formal mechanism to request access to user information through these Legal Enforcement Agents. (LEAs). Even though the Treaty obligates the countries to provide maximum legal assistance it is not absolute. Article 3[8] of this treaty describes the limitation of ‘Assistance’, according to which political offences and offences under military law are excluded. The requested state may also withhold the information if it collides with the security or related interest.


 What kind of Data can be obtained from internet companies through MLAT? To answer this one has to first understand the classification of data. Data broadly can be classified[9] into Content and Non-Content Data. As the name suggests Content Data constitutes the substance or meaning of a communication for instance content in an email exchange or instant messaging. Non-Content Data includes subscriber data such as name, phone number, IP address, origin, destination, time etc. Because of this distinction in the US, Content Data is considered more private and has increased privacy norms. Consequently, the retrieving process of Content Data from the US is complicated and requires[10] formal mechanisms such as MLAT. On the other hand, the request for extraction of Non-Content Data is relaxed and usually[11] entertained through Direct Requests from Internet Companies. 


The US Law – Electronic Communication Privacy Act (ECPA) forbids US-based service providers to reveal any electronic information unless standard stipulations are met. These stipulations apply to the US and Non-US entities alike. Thus, Legal Enforcement Agents in India also have to qualify for this standard. This standard is the test of ‘Probable Cause’[12]. The purpose of the test is to determine –

  1. Whether there is a probable cause to believe that a crime has occurred prima facie or not.
  2.  And whether the evidence/information relevant to the crime will be attained through the process or not.

Only when both the questions are answered in the affirmative, information can be shared with LEAs in India. So, the Law of the requested country (the US in this case) operates the process of execution of the request. However, the law of the requested company stands immaterial when it comes to the criminality of the act. This is because MLAT’s operation is not based on dual criminality. In other words, the requested country is under the obligation to provide data about a crime under investigation to the requesting country even though the act is not a crime in the requested country. 


India’s Side[13] of MLAT Process

The official process[14] begins when the investigating agency sends a request to the Director of Prosecution in Delhi, Criminal Investigation Department and further to the State Home Secretary. When the Investigating Agency receives a legal opinion from Delhi, it forwards the MLAT request along with legal opinion to The Home Ministry – Internal Security II Division. Once the Ministry of Home Affairs approves, it is forwarded to the Indian Mission in the US. This marks the end of the process from India’s side.

US[15] Side of MLAT Process

When the request is received in the US by the Indian Mission it is sent to the Office of International Affairs under the Department of Justice. Here either OIC reviews the request and directly sends it to the Federal Court or indirectly to the court through the Attorney General. The court applies the test of probable cause and orders the transfer of data only when it believes that the information sought is evidence of the crime under investigation. Thus, a warrant is issued to produce the relevant electronic evidence. This retrieved information goes under the process of data minimisation by the FBI. Data minimisation occurs only in cases where the information is related to the permanent residents or citizens of the US. This minimised data excludes any incidental data and is finally provided to the Ministry of Home Affairs in India.


It is evident from the process that it entails multi-level reviews and checks, so consequently, it is time-consuming. A 2013 study[16] highlighted that worldwide on average Mutual Legal Assistance Treaty process takes at least 10 months to complete. Further reports[17] have also highlighted the lack of expertise and training in Indian agencies. Such capacity deficit is often apparent in requests which are not in compliance with the agreed norms in MLAT. This ultimately hinders the process and causes further delay. The increasing number of internet users in India poses a further challenge as it increases the data stored with US-based giants. For instance, in the first half of 2013, data requests received by Facebook and Google were 3245 and 2691 respectively. By the first half of 2018, the requests received by Facebook and Google soared up to 16580 and 5105. All these factors make MLAT a cumbersome process involving delays and formalities.

 Another factor is the ambiguity among Indian Legal Enforcement Agencies regarding MLAT and Letter Rogatory. It has been observed[18] that Indian Legal Enforcement Agent’s often send requests under Section 166A of the Criminal Procedure Code instead of MLAT’s. Section 166A of the CrPC enables a criminal court in India to issue a letter of request to a court in a different jurisdiction to require the production of documents. These letters of request are called Letter Rogatory. Unlike the Mutual Legal Assistance Treaty, this does not bind the requested country to properly review and scrutinize the request. In the instant case of Sulli Deals, the police officer’s request made under CrPC was denied[19] by GitHub several times. It was only in January 2022, six months after the controversy, that the police applied for a request under MLAT through The Ministry of Home Affairs.


Mutual Legal Assistance Treaty (MLAT) between US and India is a formal agreement that ensures Legal Assistance between these countries. Data about a criminal investigation can be retrieved by India through this framework. Requests made by India to the US are entertained only after it has passed the test of Probable cause and gone through a multi-layered procedure. Thus, it is a lengthy and engrossing process. With the growing digitalization, prospects are that the need for such a mechanism will increase manifolds in the future. Further existing challenges such as the capacity deficit, delays, and backlogs call for improvement in the procedure.

Author(s) Name: Sabahat Wali Khan (Faculty of Law, Aligarh Muslim University)


[1] Mininstry of Home Affiars, “Guidelines on Mutual Legal Assistance Treaty in Criminal Matters”, accessed 17 January , 2022

[2] Swaathi Moorthy, Sulli deals and Bulli Bai | How much responsibility should GitHub take?, News 18 accessed 17 January, 2022

[3] ibid

[4] Special correspondent “India US sign treaty on legal assistance” , accessed 17 January, 2022

[5]Bahukutumbi Raman, “Indo-US Counterterrorism Cooperation: Past, Present and Future” in US-Indian Strategic Cooperation Into the 21st Century: More Than Words, Ed. Sumit Ganguly et al, Routledge, 2006.

[6] Bedavyasa Mohanty & Madhulika Srikumar, ”Hitting Refresh Making India-US data sharing work” ( Observer Research Foundation August 2017)  ,accessed 17 January, 2022

[7] Ministry of External Affairs , “ Treaty between the Government of the Republic of India and the Government of the United States of America on Mutual Legal Assistance in Criminal Matters” , accessed 17 January, 2022

[8] ibid

[9] Bedavyasa Mohanty & Madhulika Srikumar, ”Hitting Refresh Making India-US data sharing work” ( Observer Research Foundation August 2017)  ,accessed 17 January, 2022

[10] ibid

[11] ibid

[12] Bedavyasa Mohanty & Madhulika Srikumar,” Hitting Refresh Making India-US data sharing work” (Observer Research Foundation August 2017)  ,accessed 17 January, 2022

[13] Madhulika Srikumar “INDIA-US DATA SHARING FOR LAW ENFORCEMENT : BLUEPRINT FOR REFORMS” (Observer Research Foundation) January , 2019) , accessed on 17 January, 2022

[14] Madhulika Srikumar “INDIA-US DATA SHARING FOR LAW ENFORCEMENT : BLUEPRINT FOR REFORMS” (January , 2019) , accessed on 17 January, 2022

[15] ibid

[16] Madhulika Srikumar “INDIA-US DATA SHARING FOR LAW ENFORCEMENT : BLUEPRINT FOR REFORMS” (January , 2019) , accessed on 17 January, 2022

[17] ibid

[18] ibid

[19] “Delhi Police seek information from Twitter, GitHub on user in Bulli Bai Case”, (Times of India, Jan 4,2022) accessed 17 Jan, 2022.

Related Posts