PRISM: The EU must take steps to protect cloud data from US snoopers

At a hearing in the US Congress last year, one representative hectored privacy advocates that “foreigners in foreign lands” have no privacy rights at all

Share
Related Topics

Since the PRISM revelations, the world is asking not what they can do with their data on American cloud services, but what America can do to their data. In August 2008 Presidential candidate Obama dropped his opposition to a law which made permanent the “warrantless wiretapping” of the Bush years. He probably reasoned that in any future controversy, he had a trump card. FISA s.702 (also known as FISAAA §1881a) did not affect Americans, it only authorized the National Security Agency (NSA) to target foreigners abroad. However by adding a mere three words, apparently unnoticed, the new law not only required telecommunication companies to comply, but also those providing services to process data remotely – what we today call cloud computing.

The significance of this change is that intercepting fibre-optic cables might be stymied by encryption, but now information could easily be searched and extracted (in complete secrecy) from inside the warehouse-sized datacentres used to power social networks and number-crunch Big Data.

The law applies to any “foreign intelligence information” which includes the catch-all definition “anything with respect to a foreign territory that relates the conduct of US foreign policy” and political information. It targets not only suspected terrorists and criminals, but can also be used to obtain information about private life, confidential business records, and ordinary lawful democratic political activities in the rest of the world.

The US reassures a home audience that this law is not aimed at them, but can it be right that there is one law for the them and another for everyone else? A succession of US court judgements have said this is no Constitutional problem, and at a hearing in Congress last year, one representative hectored privacy advocates that “foreigners in foreign lands” have no privacy rights at all.

EU officials seem to think encrypting data to-and-from the Cloud can take care of the problem. They were encouraged in these beliefs by a succession of reports from industry, law firms, think-tanks, and even EU agencies which each confidently asserted that computing in the Cloud was actually more secure. But these reports only considered the threat from external hackers, not secret surveillance by the hosting country. Unfortunately there are no feasible technical defences available. Encryption can protect data-on-the-wire, but when it is decrypted by the Cloud provider in order for calculations to be performed it becomes vulnerable to mass-surveillance.

Together with academic researchers, I co-authored a report to the European Parliament in 2012 warning of the possibility of PRISM-like surveillance, but it took (ironically) a US blog site to break the story in January this year. The European public reacted with understandable alarm - maybe their data was well-protected within the EU, but what about all their data processed by the US technology giants?

Not only are existing EU privacy laws incapable of detecting or preventing cloud surveillance, in the small print of the proposed new data privacy Regulation now being debated in Brussels, such secret disclosures are actually permitted, even if the purposes would be unlawful in European terms. How did those loopholes get there, and why have supposedly independent EU privacy regulators done nothing about it?

European human rights law protects everyone in its jurisdiction equally, and justification for privacy infringements cannot be made on grounds of nationality. Why did the EU Commission ignore this obvious conflict, and give the green light for sending EU citizens' data for processing in US Clouds?

Now Edward Snowden has courageously crystallised the position he should be offered political asylum and refuge by the EU. There are already amendments tabled to the new Regulation which would protect such whistleblowers, and require citizens to give their consent to put their data in Clouds outside EU jurisdiction, and only after seeing a drastic warning notice.

The US has resisted recognition of European data protection rights for 30 years, and seems minded not to change. The EU should develop an industrial policy for its own Cloud industry, based on open-source software, on a comparable scale to the planning that now allows Airbus to win equal market share with Boeing. If the Cloud is anywhere near as important as the hype suggests, why wouldn't Europe want to do this anyway, and retain the high-end of the value chain which now flows back to the US through tax arbitrage?

Europe has some of the best research in privacy computer science but almost no Internet businesses of global scale. The opportunity for the markets is to invest in jobs and growth founded on Europe's comparative advantage in privacy. The world just woke up in a privacy Guantanamo built by Obama, but we are not prisoners and free to leave.

Caspar Bowden was Chief Privacy Adviser to Microsoft until 2011, and is now an independent advocate for privacy rights. The report to the European Parliament is here

React Now

iJobs Job Widget
iJobs General

Web Developer (C#, ASP.NET, AJAX, JavaScript, MVC, HTML)

£40000 - £45000 per annum + Benefits + Bonus: Harrington Starr: Web Developer ...

C# R&D .NET Developer-Algorithms, WCF, WPF, Agile, ASP.NET,MVC

£50000 - £67000 per annum + Benefits + Bonus: Harrington Starr: C# R&D .NE...

C# Developer (Web, HTML5, CSS3, ASP.NET, JS, Visual Studios)

£40000 - £50000 per annum + Benefits + Bonus: Harrington Starr: C# Developer (...

C# Developer (ASP.NET, F#, SQL, MVC, Bootstrap, JavaScript)

£55000 - £65000 per annum + Benefits + Bonus: Harrington Starr: C# Developer (...

Day In a Page

Read Next
A couple stand in front of a beautiful cloudy scene  

In sickness and in health: It’s been stormy but there are blessings in the clouds

Rebecca Armstrong
Chancellor George Osborne (C) wears a high visibility jacket as he makes a visit to the Prysmian Group factory and speaks to factory manager Steve Price  

Keep the champagne on ice – there are some clear and worrying signs that the economy is slowing

David Blanchflower
Iraq crisis: How Saudi Arabia helped Isis take over the north of the country

How Saudi Arabia helped Isis take over northern Iraq

A speech by an ex-MI6 boss hints at a plan going back over a decade. In some areas, being Shia is akin to being a Jew in Nazi Germany, says Patrick Cockburn
The evolution of Andy Serkis: First Gollum, then King Kong - now the actor is swinging through the trees in Dawn of the Planet of the Apes

The evolution of Andy Serkis

First Gollum, then King Kong - now the actor is swinging through the trees in Dawn of the Planet of the Apes
You thought 'Benefits Street' was controversial: Follow-up documentary 'Immigrant Street' has got locals worried

You thought 'Benefits Street' was controversial...

Follow-up documentary 'Immigrant Street' has got locals worried
Refugee children from Central America let down by Washington's high ideals

Refugee children let down by Washington's high ideals

Democrats and Republicans refuse to set aside their differences to cope with the influx of desperate Central Americas, says Rupert Cornwell
Children's books are too white, says Laureate

Children's books are too white, says Laureate

Malorie Blackman appeals for a better ethnic mix of authors and characters and the illustrator Quentin Blake comes to the rescue
Blackest is the new black: Scientists have developed a material so dark that you can't see it...

Blackest is the new black

Scientists have developed a material so dark that you can't see it...
Matthew Barzun: America's diplomatic dude

Matthew Barzun: America's diplomatic dude

The US Ambassador to London holds 'jeans and beer' gigs at his official residence – it's all part of the job, he tells Chris Green
Meet the Quantified Selfers: From heart rates to happiness, there is little this fast-growing, self-tracking community won't monitor

Meet the 'Quantified Selfers'

From heart rates to happiness, there is little this fast-growing, self-tracking community won't monitor
Madani Younis: Five-star reviews are just the opening act for British theatre's first non-white artistic director

Five-star reviews are just the opening act for British theatre's first non-white artistic director

Madani Younis wants the neighbourhood to follow his work as closely as his audiences do
Mrs Brown and her boys: are they having a laugh?

Mrs Brown and her boys: are they having a laugh?

When it comes to national stereotyping, the Irish – among others – know it can pay to play up to outsiders' expectations, says DJ Taylor
Gavin Maxwell's bitter legacy: Was the otter man the wildlife champion he appeared to be?

Otter man Gavin Maxwell's bitter legacy

The aristocrat's eccentric devotion to his pets inspired a generation. But our greatest living nature writer believes his legacy has been quite toxic
Joanna Rowsell: The World Champion cyclist on breaking her collarbone, shattering her teeth - and dealing with alopecia

Joanna Rowsell: 'I wear my wig to look normal'

The World Champion cyclist on breaking her collarbone, shattering her teeth - and dealing with alopecia
Bill Granger recipes: Our chef gives raw ingredients a lift with his quick marinades

Bill Granger's quick and delicious marinades

Our chef's marinades are great for weekend barbecuing, but are also a delicious way of injecting flavour into, and breaking the monotony of, weekday meals
Germany vs Argentina World Cup 2014 preview: Why Brazilians don't love their neighbours Argentina any more

Anyone but Argentina – why Brazilians don’t love their neighbours any more

The hosts will be supporting Germany in today's World Cup final, reports Alex Bellos
The Open 2014: Time again to ask that major question - can Lee Westwood win at last?

The Open 2014

Time again to ask that major question - can Lee Westwood win at last?