PRISM: The EU must take steps to protect cloud data from US snoopers

At a hearing in the US Congress last year, one representative hectored privacy advocates that “foreigners in foreign lands” have no privacy rights at all

Share
Related Topics

Since the PRISM revelations, the world is asking not what they can do with their data on American cloud services, but what America can do to their data. In August 2008 Presidential candidate Obama dropped his opposition to a law which made permanent the “warrantless wiretapping” of the Bush years. He probably reasoned that in any future controversy, he had a trump card. FISA s.702 (also known as FISAAA §1881a) did not affect Americans, it only authorized the National Security Agency (NSA) to target foreigners abroad. However by adding a mere three words, apparently unnoticed, the new law not only required telecommunication companies to comply, but also those providing services to process data remotely – what we today call cloud computing.

The significance of this change is that intercepting fibre-optic cables might be stymied by encryption, but now information could easily be searched and extracted (in complete secrecy) from inside the warehouse-sized datacentres used to power social networks and number-crunch Big Data.

The law applies to any “foreign intelligence information” which includes the catch-all definition “anything with respect to a foreign territory that relates the conduct of US foreign policy” and political information. It targets not only suspected terrorists and criminals, but can also be used to obtain information about private life, confidential business records, and ordinary lawful democratic political activities in the rest of the world.

The US reassures a home audience that this law is not aimed at them, but can it be right that there is one law for the them and another for everyone else? A succession of US court judgements have said this is no Constitutional problem, and at a hearing in Congress last year, one representative hectored privacy advocates that “foreigners in foreign lands” have no privacy rights at all.

EU officials seem to think encrypting data to-and-from the Cloud can take care of the problem. They were encouraged in these beliefs by a succession of reports from industry, law firms, think-tanks, and even EU agencies which each confidently asserted that computing in the Cloud was actually more secure. But these reports only considered the threat from external hackers, not secret surveillance by the hosting country. Unfortunately there are no feasible technical defences available. Encryption can protect data-on-the-wire, but when it is decrypted by the Cloud provider in order for calculations to be performed it becomes vulnerable to mass-surveillance.

Together with academic researchers, I co-authored a report to the European Parliament in 2012 warning of the possibility of PRISM-like surveillance, but it took (ironically) a US blog site to break the story in January this year. The European public reacted with understandable alarm - maybe their data was well-protected within the EU, but what about all their data processed by the US technology giants?

Not only are existing EU privacy laws incapable of detecting or preventing cloud surveillance, in the small print of the proposed new data privacy Regulation now being debated in Brussels, such secret disclosures are actually permitted, even if the purposes would be unlawful in European terms. How did those loopholes get there, and why have supposedly independent EU privacy regulators done nothing about it?

European human rights law protects everyone in its jurisdiction equally, and justification for privacy infringements cannot be made on grounds of nationality. Why did the EU Commission ignore this obvious conflict, and give the green light for sending EU citizens' data for processing in US Clouds?

Now Edward Snowden has courageously crystallised the position he should be offered political asylum and refuge by the EU. There are already amendments tabled to the new Regulation which would protect such whistleblowers, and require citizens to give their consent to put their data in Clouds outside EU jurisdiction, and only after seeing a drastic warning notice.

The US has resisted recognition of European data protection rights for 30 years, and seems minded not to change. The EU should develop an industrial policy for its own Cloud industry, based on open-source software, on a comparable scale to the planning that now allows Airbus to win equal market share with Boeing. If the Cloud is anywhere near as important as the hype suggests, why wouldn't Europe want to do this anyway, and retain the high-end of the value chain which now flows back to the US through tax arbitrage?

Europe has some of the best research in privacy computer science but almost no Internet businesses of global scale. The opportunity for the markets is to invest in jobs and growth founded on Europe's comparative advantage in privacy. The world just woke up in a privacy Guantanamo built by Obama, but we are not prisoners and free to leave.

Caspar Bowden was Chief Privacy Adviser to Microsoft until 2011, and is now an independent advocate for privacy rights. The report to the European Parliament is here

React Now

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
SPONSORED FEATURES
iJobs Job Widget
iJobs General

Recruitment Genius: Senior Environmental Adviser - Maternity Cover

£37040 - £43600 per annum: Recruitment Genius: The UK's export credit agency a...

Recruitment Genius: CBM & Lubrication Technician

£25000 - £27500 per annum: Recruitment Genius: This company provides a compreh...

Recruitment Genius: Care Worker - Residential Emergency Service

£16800 - £19500 per annum: Recruitment Genius: Would you like to join an organ...

Recruitment Genius: Senior Landscaper

£25000 - £28000 per annum: Recruitment Genius: In the last five years this com...

Day In a Page

Read Next
 

Errors & Omissions: Whoever and whatever Arthur was, he wasn’t Scottish

Guy Keleny
Labour's Jeremy Corbyn arrives to take part in a Labour party leadership final debate, at the Sage in Gateshead, England, Thursday, Sept. 3  

Jeremy Corbyn is here to stay and the Labour Party is never going to look the same again

Andrew Grice
The long walk west: they fled war in Syria, only to get held up in Hungary – now hundreds of refugees have set off on foot for Austria

They fled war in Syria...

...only to get stuck and sidetracked in Hungary
From The Prisoner to Mad Men, elaborate title sequences are one of the keys to a great TV series

Title sequences: From The Prisoner to Mad Men

Elaborate title sequences are one of the keys to a great TV series. But why does the art form have such a chequered history?
Giorgio Armani Beauty's fabric-inspired foundations: Get back to basics this autumn

Giorgio Armani Beauty's foundations

Sumptuous fabrics meet luscious cosmetics for this elegant look
From stowaways to Operation Stack: Life in a transcontinental lorry cab

Life from the inside of a trucker's cab

From stowaways to Operation Stack, it's a challenging time to be a trucker heading to and from the Continent
Kelis interview: The songwriter and sauce-maker on cooking for Pharrell and crying over potatoes

Kelis interview

The singer and sauce-maker on cooking for Pharrell
Refugee crisis: David Cameron lowered the flag for the dead king of Saudi Arabia - will he do the same honour for little Aylan Kurdi?

Cameron lowered the flag for the dead king of Saudi Arabia...

But will he do the same honour for little Aylan Kurdi, asks Robert Fisk
Our leaders lack courage in this refugee crisis. We are shamed by our European neighbours

Our leaders lack courage in this refugee crisis. We are shamed by our European neighbours

Humanity must be at the heart of politics, says Jeremy Corbyn
Joe Biden's 'tease tour': Could the US Vice-President be testing the water for a presidential run?

Joe Biden's 'tease tour'

Could the US Vice-President be testing the water for a presidential run?
Britain's 24-hour culture: With the 'leisured society' a distant dream we're working longer and less regular hours than ever

Britain's 24-hour culture

With the 'leisured society' a distant dream we're working longer and less regular hours than ever
Diplomacy board game: Treachery is the way to win - which makes it just like the real thing

The addictive nature of Diplomacy

Bullying, betrayal, aggression – it may be just a board game, but the family that plays Diplomacy may never look at each other in the same way again
Lady Chatterley's Lover: Racy underwear for fans of DH Lawrence's equally racy tome

Fashion: Ooh, Lady Chatterley!

Take inspiration from DH Lawrence's racy tome with equally racy underwear
8 best children's clocks

Tick-tock: 8 best children's clocks

Whether you’re teaching them to tell the time or putting the finishing touches to a nursery, there’s a ticker for that
Charlie Austin: Queens Park Rangers striker says ‘If the move is not right, I’m not going’

Charlie Austin: ‘If the move is not right, I’m not going’

After hitting 18 goals in the Premier League last season, the QPR striker was the great non-deal of transfer deadline day. But he says he'd preferred another shot at promotion
Isis profits from destruction of antiquities by selling relics to dealers - and then blowing up the buildings they come from to conceal the evidence of looting

How Isis profits from destruction of antiquities

Robert Fisk on the terrorist group's manipulation of the market to increase the price of artefacts
Labour leadership: Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea

'If we lose touch we’ll end up with two decades of the Tories'

In an exclusive interview, Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea