PRISM: The EU must take steps to protect cloud data from US snoopers

At a hearing in the US Congress last year, one representative hectored privacy advocates that “foreigners in foreign lands” have no privacy rights at all

Share
Related Topics

Since the PRISM revelations, the world is asking not what they can do with their data on American cloud services, but what America can do to their data. In August 2008 Presidential candidate Obama dropped his opposition to a law which made permanent the “warrantless wiretapping” of the Bush years. He probably reasoned that in any future controversy, he had a trump card. FISA s.702 (also known as FISAAA §1881a) did not affect Americans, it only authorized the National Security Agency (NSA) to target foreigners abroad. However by adding a mere three words, apparently unnoticed, the new law not only required telecommunication companies to comply, but also those providing services to process data remotely – what we today call cloud computing.

The significance of this change is that intercepting fibre-optic cables might be stymied by encryption, but now information could easily be searched and extracted (in complete secrecy) from inside the warehouse-sized datacentres used to power social networks and number-crunch Big Data.

The law applies to any “foreign intelligence information” which includes the catch-all definition “anything with respect to a foreign territory that relates the conduct of US foreign policy” and political information. It targets not only suspected terrorists and criminals, but can also be used to obtain information about private life, confidential business records, and ordinary lawful democratic political activities in the rest of the world.

The US reassures a home audience that this law is not aimed at them, but can it be right that there is one law for the them and another for everyone else? A succession of US court judgements have said this is no Constitutional problem, and at a hearing in Congress last year, one representative hectored privacy advocates that “foreigners in foreign lands” have no privacy rights at all.

EU officials seem to think encrypting data to-and-from the Cloud can take care of the problem. They were encouraged in these beliefs by a succession of reports from industry, law firms, think-tanks, and even EU agencies which each confidently asserted that computing in the Cloud was actually more secure. But these reports only considered the threat from external hackers, not secret surveillance by the hosting country. Unfortunately there are no feasible technical defences available. Encryption can protect data-on-the-wire, but when it is decrypted by the Cloud provider in order for calculations to be performed it becomes vulnerable to mass-surveillance.

Together with academic researchers, I co-authored a report to the European Parliament in 2012 warning of the possibility of PRISM-like surveillance, but it took (ironically) a US blog site to break the story in January this year. The European public reacted with understandable alarm - maybe their data was well-protected within the EU, but what about all their data processed by the US technology giants?

Not only are existing EU privacy laws incapable of detecting or preventing cloud surveillance, in the small print of the proposed new data privacy Regulation now being debated in Brussels, such secret disclosures are actually permitted, even if the purposes would be unlawful in European terms. How did those loopholes get there, and why have supposedly independent EU privacy regulators done nothing about it?

European human rights law protects everyone in its jurisdiction equally, and justification for privacy infringements cannot be made on grounds of nationality. Why did the EU Commission ignore this obvious conflict, and give the green light for sending EU citizens' data for processing in US Clouds?

Now Edward Snowden has courageously crystallised the position he should be offered political asylum and refuge by the EU. There are already amendments tabled to the new Regulation which would protect such whistleblowers, and require citizens to give their consent to put their data in Clouds outside EU jurisdiction, and only after seeing a drastic warning notice.

The US has resisted recognition of European data protection rights for 30 years, and seems minded not to change. The EU should develop an industrial policy for its own Cloud industry, based on open-source software, on a comparable scale to the planning that now allows Airbus to win equal market share with Boeing. If the Cloud is anywhere near as important as the hype suggests, why wouldn't Europe want to do this anyway, and retain the high-end of the value chain which now flows back to the US through tax arbitrage?

Europe has some of the best research in privacy computer science but almost no Internet businesses of global scale. The opportunity for the markets is to invest in jobs and growth founded on Europe's comparative advantage in privacy. The world just woke up in a privacy Guantanamo built by Obama, but we are not prisoners and free to leave.

Caspar Bowden was Chief Privacy Adviser to Microsoft until 2011, and is now an independent advocate for privacy rights. The report to the European Parliament is here

React Now

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
iJobs Job Widget
iJobs General

Opilio Recruitment: Field Marketing Manage

£25k - 40k per year + Benefits: Opilio Recruitment: A fantastic opportunity ...

Recruitment Genius: Domestic Gas Breakdown Engineers

£28000 - £35000 per annum: Recruitment Genius: Domestic Gas Breakdown Engineer...

Recruitment Genius: Domestic Gas Breakdown Engineers

£28000 - £35000 per annum: Recruitment Genius: Domestic Gas Breakdown Engineer...

Opilio Recruitment: Product Development Manager

£40k - 45k per year + Benefits: Opilio Recruitment: We are currently recruit...

Day In a Page

Read Next
Polish minister Rafal Trazaskowski (second from right)  

Poland is open to dialogue but EU benefits restrictions are illegal and unfair

Rafal Trzaskowski
The report will embarrass the Home Secretary, Theresa May  

Surprise, surprise: tens of thousands of illegal immigrants have 'dropped off' the Home Office’s radar

Nigel Farage
Homeless Veterans appeal: 'You look for someone who's an inspiration and try to be like them'

Homeless Veterans appeal

In 2010, Sgt Gary Jamieson stepped on an IED in Afghanistan and lost his legs and an arm. He reveals what, and who, helped him to make a remarkable recovery
Could cannabis oil reverse the effects of cancer?

Could cannabis oil reverse effects of cancer?

As a film following six patients receiving the controversial treatment is released, Kate Hilpern uncovers a very slippery issue
The Interview movie review: You can't see Seth Rogen and James Franco's Kim Jong Un assassination film, but you can read about it here

The Interview movie review

You can't see Seth Rogen and James Franco's Kim Jong Un assassination film, but you can read about it here
Serial mania has propelled podcasts into the cultural mainstream

How podcasts became mainstream

People have consumed gripping armchair investigation Serial with a relish typically reserved for box-set binges
Jesus Christ has become an unlikely pin-up for hipster marketing companies

Jesus Christ has become an unlikely pin-up

Kevin Lee Light, aka "Jesus", is the newest client of creative agency Mother while rival agency Anomaly has launched Sexy Jesus, depicting the Messiah in a series of Athena-style poses
Rosetta space mission voted most important scientific breakthrough of 2014

A memorable year for science – if not for mice

The most important scientific breakthroughs of 2014
Christmas cocktails to make you merry: From eggnog to Brown Betty and Rum Bumpo

Christmas cocktails to make you merry

Mulled wine is an essential seasonal treat. But now drinkers are rediscovering other traditional festive tipples. Angela Clutton raises a glass to Christmas cocktails
5 best activity trackers

Fitness technology: 5 best activity trackers

Up the ante in your regimen and change the habits of a lifetime with this wearable tech
Paul Scholes column: It's a little-known fact, but I have played one of the seven dwarves

Paul Scholes column

It's a little-known fact, but I have played one of the seven dwarves
Fifa's travelling circus once again steals limelight from real stars

Fifa's travelling circus once again steals limelight from real stars

Club World Cup kicked into the long grass by the continued farce surrounding Blatter, Garcia, Russia and Qatar
Frank Warren column: 2014 – boxing is back and winning new fans

Frank Warren: Boxing is back and winning new fans

2014 proves it's now one of sport's biggest hitters again
Jeb Bush vs Hillary Clinton: The power dynamics of the two first families

Jeb Bush vs Hillary Clinton

Karen Tumulty explores the power dynamics of the two first families
Stockholm is rivalling Silicon Valley with a hotbed of technology start-ups

Stockholm is rivalling Silicon Valley

The Swedish capital is home to two of the most popular video games in the world, as well as thousands of technology start-ups worth hundreds of millions of pounds – and it's all happened since 2009
Did Japanese workers really get their symbols mixed up and display Santa on a crucifix?

Crucified Santa: Urban myth refuses to die

The story goes that Japanese store workers created a life-size effigy of a smiling "Father Kurisumasu" attached to a facsimile of Our Lord's final instrument of torture
Jennifer Saunders and Kate Moss join David Walliams on set for TV adaptation of The Boy in the Dress

The Boy in the Dress: On set with the stars

Walliams' story about a boy who goes to school in a dress will be shown this Christmas