PRISM: The EU must take steps to protect cloud data from US snoopers

At a hearing in the US Congress last year, one representative hectored privacy advocates that “foreigners in foreign lands” have no privacy rights at all

Share
Related Topics

Since the PRISM revelations, the world is asking not what they can do with their data on American cloud services, but what America can do to their data. In August 2008 Presidential candidate Obama dropped his opposition to a law which made permanent the “warrantless wiretapping” of the Bush years. He probably reasoned that in any future controversy, he had a trump card. FISA s.702 (also known as FISAAA §1881a) did not affect Americans, it only authorized the National Security Agency (NSA) to target foreigners abroad. However by adding a mere three words, apparently unnoticed, the new law not only required telecommunication companies to comply, but also those providing services to process data remotely – what we today call cloud computing.

The significance of this change is that intercepting fibre-optic cables might be stymied by encryption, but now information could easily be searched and extracted (in complete secrecy) from inside the warehouse-sized datacentres used to power social networks and number-crunch Big Data.

The law applies to any “foreign intelligence information” which includes the catch-all definition “anything with respect to a foreign territory that relates the conduct of US foreign policy” and political information. It targets not only suspected terrorists and criminals, but can also be used to obtain information about private life, confidential business records, and ordinary lawful democratic political activities in the rest of the world.

The US reassures a home audience that this law is not aimed at them, but can it be right that there is one law for the them and another for everyone else? A succession of US court judgements have said this is no Constitutional problem, and at a hearing in Congress last year, one representative hectored privacy advocates that “foreigners in foreign lands” have no privacy rights at all.

EU officials seem to think encrypting data to-and-from the Cloud can take care of the problem. They were encouraged in these beliefs by a succession of reports from industry, law firms, think-tanks, and even EU agencies which each confidently asserted that computing in the Cloud was actually more secure. But these reports only considered the threat from external hackers, not secret surveillance by the hosting country. Unfortunately there are no feasible technical defences available. Encryption can protect data-on-the-wire, but when it is decrypted by the Cloud provider in order for calculations to be performed it becomes vulnerable to mass-surveillance.

Together with academic researchers, I co-authored a report to the European Parliament in 2012 warning of the possibility of PRISM-like surveillance, but it took (ironically) a US blog site to break the story in January this year. The European public reacted with understandable alarm - maybe their data was well-protected within the EU, but what about all their data processed by the US technology giants?

Not only are existing EU privacy laws incapable of detecting or preventing cloud surveillance, in the small print of the proposed new data privacy Regulation now being debated in Brussels, such secret disclosures are actually permitted, even if the purposes would be unlawful in European terms. How did those loopholes get there, and why have supposedly independent EU privacy regulators done nothing about it?

European human rights law protects everyone in its jurisdiction equally, and justification for privacy infringements cannot be made on grounds of nationality. Why did the EU Commission ignore this obvious conflict, and give the green light for sending EU citizens' data for processing in US Clouds?

Now Edward Snowden has courageously crystallised the position he should be offered political asylum and refuge by the EU. There are already amendments tabled to the new Regulation which would protect such whistleblowers, and require citizens to give their consent to put their data in Clouds outside EU jurisdiction, and only after seeing a drastic warning notice.

The US has resisted recognition of European data protection rights for 30 years, and seems minded not to change. The EU should develop an industrial policy for its own Cloud industry, based on open-source software, on a comparable scale to the planning that now allows Airbus to win equal market share with Boeing. If the Cloud is anywhere near as important as the hype suggests, why wouldn't Europe want to do this anyway, and retain the high-end of the value chain which now flows back to the US through tax arbitrage?

Europe has some of the best research in privacy computer science but almost no Internet businesses of global scale. The opportunity for the markets is to invest in jobs and growth founded on Europe's comparative advantage in privacy. The world just woke up in a privacy Guantanamo built by Obama, but we are not prisoners and free to leave.

Caspar Bowden was Chief Privacy Adviser to Microsoft until 2011, and is now an independent advocate for privacy rights. The report to the European Parliament is here

React Now

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
iJobs Job Widget
iJobs General

Langley James : CRM Services Manager; West London up to £40k

£35000 - £40000 per annum: Langley James : CRM Services Manager; West London u...

Langley James : IT Support; Residential Agency; Mayfair; up to £30k

£25000 - £30000 per annum: Langley James : IT Support; Residential Agency; May...

SThree: Associate Recruitment Consultant

£18000 - £23000 per annum + OTE: SThree: SThree are seeking Associate Recruitm...

SThree: Associate Recruitment Consultant

£18000 - £23000 per annum + OTE: SThree: SThree are seeking Associate Recruitm...

Day In a Page

Read Next
Australian cricketer Phil Hughes has died aged 25  

Phillip Hughes: A sensational man, both on and off the pitch

Angus Fraser
Natalie Bennett, the leader of the Green Party  

If people voted for policies, the Green Party would win the next election

Lee Williams
Cameron, Miliband and Clegg join forces for Homeless Veterans campaign

Cameron, Miliband and Clegg join forces for Homeless Veterans campaign

It's in all our interests to look after servicemen and women who fall on hard times, say party leaders
Millionaire Sol Campbell wades into wealthy backlash against Labour's mansion tax

Sol Campbell cries foul at Labour's mansion tax

The former England defender joins Myleene Klass, Griff Rhys Jones and Melvyn Bragg in criticising proposals
Nicolas Sarkozy returns: The ex-President is preparing to fight for the leadership of France's main opposition party – but will he win big enough?

Sarkozy returns

The ex-President is preparing to fight for the leadership of France's main opposition party – but will he win big enough?
Is the criticism of Ed Miliband a coded form of anti-Semitism?

Is the criticism of Miliband anti-Semitic?

Attacks on the Labour leader have coalesced around a sense that he is different, weird, a man apart. But is the criticism more sinister?
Ouija boards are the must-have gift this Christmas, fuelled by a schlock horror film

Ouija boards are the must-have festive gift

Simon Usborne explores the appeal - and mysteries - of a century-old parlour game
There's a Good Girl exhibition: How female creatives are changing the way women are portrayed in advertising

In pictures: There's a Good Girl exhibition

The new exhibition reveals how female creatives are changing the way women are portrayed in advertising
UK firm Biscuiteers is giving cookies a makeover - from advent calendars to doll's houses

UK firm Biscuiteers is giving cookies a makeover

It worked with cupcakes, doughnuts and macarons so no wonder someone decided to revamp the humble biscuit
Can SkySaga capture the Minecraft magic?

Can SkySaga capture the Minecraft magic?

It's no surprise that the building game born in Sweden in 2009 and now played by millions, has imitators keen to construct their own mega money-spinner
The King's School is way ahead of the pack when it comes to using the latest classroom technology

Staying connected: The King's School

The school in Cambridgeshire is ahead of the pack when it comes to using the latest classroom technology. Richard Garner discovers how teachers and pupils stay connected
Christmas 2014: 23 best women's perfumes

Festively fragrant: the best women's perfumes

Give a loved one a luxe fragrance this year or treat yourself to a sensual pick-me-up
Arsenal vs Borussia Dortmund: Alex Oxlade-Chamberlain celebrates century with trademark display of speed and intuition

Arsenal vs Borussia Dortmund

The Ox celebrates century with trademark display of speed and intuition
Billy Joe Saunders vs Chris Eubank Jnr: When two worlds collide

When two worlds collide

Traveller Billy Joe Saunders did not have a pampered public-school upbringing - unlike Saturday’s opponent Chris Eubank Jnr
Homeless Veterans Christmas Appeal: Drifting and forgotten - turning lives around for ex-soldiers

Homeless Veterans Christmas Appeal: Turning lives around for ex-soldiers

Our partner charities help veterans on the brink – and get them back on their feet
Putin’s far-right ambition: Think-tank reveals how Russian President is wooing – and funding – populist parties across Europe to gain influence in the EU

Putin’s far-right ambition

Think-tank reveals how Russian President is wooing – and funding – populist parties across Europe to gain influence in the EU
Tove Jansson's Moominland: What was the inspiration for Finland's most famous family?

Escape to Moominland

What was the inspiration for Finland's most famous family?