PRISM: The EU must take steps to protect cloud data from US snoopers

At a hearing in the US Congress last year, one representative hectored privacy advocates that “foreigners in foreign lands” have no privacy rights at all

Share
Related Topics

Since the PRISM revelations, the world is asking not what they can do with their data on American cloud services, but what America can do to their data. In August 2008 Presidential candidate Obama dropped his opposition to a law which made permanent the “warrantless wiretapping” of the Bush years. He probably reasoned that in any future controversy, he had a trump card. FISA s.702 (also known as FISAAA §1881a) did not affect Americans, it only authorized the National Security Agency (NSA) to target foreigners abroad. However by adding a mere three words, apparently unnoticed, the new law not only required telecommunication companies to comply, but also those providing services to process data remotely – what we today call cloud computing.

The significance of this change is that intercepting fibre-optic cables might be stymied by encryption, but now information could easily be searched and extracted (in complete secrecy) from inside the warehouse-sized datacentres used to power social networks and number-crunch Big Data.

The law applies to any “foreign intelligence information” which includes the catch-all definition “anything with respect to a foreign territory that relates the conduct of US foreign policy” and political information. It targets not only suspected terrorists and criminals, but can also be used to obtain information about private life, confidential business records, and ordinary lawful democratic political activities in the rest of the world.

The US reassures a home audience that this law is not aimed at them, but can it be right that there is one law for the them and another for everyone else? A succession of US court judgements have said this is no Constitutional problem, and at a hearing in Congress last year, one representative hectored privacy advocates that “foreigners in foreign lands” have no privacy rights at all.

EU officials seem to think encrypting data to-and-from the Cloud can take care of the problem. They were encouraged in these beliefs by a succession of reports from industry, law firms, think-tanks, and even EU agencies which each confidently asserted that computing in the Cloud was actually more secure. But these reports only considered the threat from external hackers, not secret surveillance by the hosting country. Unfortunately there are no feasible technical defences available. Encryption can protect data-on-the-wire, but when it is decrypted by the Cloud provider in order for calculations to be performed it becomes vulnerable to mass-surveillance.

Together with academic researchers, I co-authored a report to the European Parliament in 2012 warning of the possibility of PRISM-like surveillance, but it took (ironically) a US blog site to break the story in January this year. The European public reacted with understandable alarm - maybe their data was well-protected within the EU, but what about all their data processed by the US technology giants?

Not only are existing EU privacy laws incapable of detecting or preventing cloud surveillance, in the small print of the proposed new data privacy Regulation now being debated in Brussels, such secret disclosures are actually permitted, even if the purposes would be unlawful in European terms. How did those loopholes get there, and why have supposedly independent EU privacy regulators done nothing about it?

European human rights law protects everyone in its jurisdiction equally, and justification for privacy infringements cannot be made on grounds of nationality. Why did the EU Commission ignore this obvious conflict, and give the green light for sending EU citizens' data for processing in US Clouds?

Now Edward Snowden has courageously crystallised the position he should be offered political asylum and refuge by the EU. There are already amendments tabled to the new Regulation which would protect such whistleblowers, and require citizens to give their consent to put their data in Clouds outside EU jurisdiction, and only after seeing a drastic warning notice.

The US has resisted recognition of European data protection rights for 30 years, and seems minded not to change. The EU should develop an industrial policy for its own Cloud industry, based on open-source software, on a comparable scale to the planning that now allows Airbus to win equal market share with Boeing. If the Cloud is anywhere near as important as the hype suggests, why wouldn't Europe want to do this anyway, and retain the high-end of the value chain which now flows back to the US through tax arbitrage?

Europe has some of the best research in privacy computer science but almost no Internet businesses of global scale. The opportunity for the markets is to invest in jobs and growth founded on Europe's comparative advantage in privacy. The world just woke up in a privacy Guantanamo built by Obama, but we are not prisoners and free to leave.

Caspar Bowden was Chief Privacy Adviser to Microsoft until 2011, and is now an independent advocate for privacy rights. The report to the European Parliament is here

React Now

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
iJobs Job Widget
iJobs General

Junior Quant Analyst - C++, Boost, Data Mining

£25000 - £35000 per annum: Harrington Starr: Junior Quant Analyst - C++, Boost...

Service Desk Analyst- (Desktop Support, Help desk)

£25000 - £35000 per annum: Harrington Starr: Service Desk Analyst- (Desktop Su...

Junior Quant Analyst (Machine Learning, SQL, Brokerage)

£30000 - £50000 per annum: Harrington Starr: Junior Quant Analyst (Machine Lea...

UNIX Application Support Analyst- Support, UNIX, London

£45000 - £55000 per annum: Harrington Starr: UNIX Application Support Analyst-...

Day In a Page

Read Next
Mosul dam was retaken with the help of the US  

Air strikes? Talk of God? Obama is following the jihadists’ script

Robert Fisk
 

Next they'll say an independent Scotland can't use British clouds...

Mark Steel
Air strikes? Talk of God? Obama is following the jihadists’ script

Air strikes? Talk of God? Obama is following the jihadists’ script

The President came the nearest he has come yet to rivalling George W Bush’s gormless reaction to 9/11 , says Robert Fisk
Ebola outbreak: Billy Graham’s son declares righteous war on the virus

Billy Graham’s son declares righteous war on Ebola

A Christian charity’s efforts to save missionaries trapped in Africa by the crisis have been justifiably praised. But doubts remain about its evangelical motives
Jeremy Clarkson 'does not see a problem' with his racist language on Top Gear, says BBC

Not even Jeremy Clarkson is bigger than the BBC, says TV boss

Corporation’s head of television confirms ‘Top Gear’ host was warned about racist language
Nick Clegg the movie: Channel 4 to air Coalition drama showing Lib Dem leader's rise

Nick Clegg the movie

Channel 4 to air Coalition drama showing Lib Dem leader's rise
Philip Larkin: Misogynist, racist, miserable? Or caring, playful man who lived for others?

Philip Larkin: What will survive of him?

Larkin's reputation has taken a knocking. But a new book by James Booth argues that the poet was affectionate, witty, entertaining and kind, as hitherto unseen letters, sketches and 'selfies' reveal
Madame Tussauds has shown off its Beyoncé waxwork in Regent's Park - but why is the tourist attraction still pulling in the crowds?

Waxing lyrical

Madame Tussauds has shown off its Beyoncé waxwork in Regent's Park - but why is the tourist attraction still pulling in the crowds?
Texas forensic astronomer finally pinpoints the exact birth of impressionism

Revealed (to the minute)

The precise time when impressionism was born
From slow-roasted to sugar-cured: how to make the most of the British tomato season

Make the most of British tomatoes

The British crop is at its tastiest and most abundant. Sudi Pigott shares her favourite recipes
10 best men's skincare products

Face it: 10 best men's skincare products

Oscar Quine cleanses, tones and moisturises to find skin-savers blokes will be proud to display on the bathroom shelf
Malky Mackay allegations: Malky Mackay, Iain Moody and another grim day for English football

Mackay, Moody and another grim day for English football

The latest shocking claims do nothing to dispel the image that some in the game on these shores exist in a time warp, laments Sam Wallace
La Liga analysis: Will Barcelona's hopes go out of the window?

Will Barcelona's hopes go out of the window?

Pete Jenson starts his preview of the Spanish season, which begins on Saturday, by explaining how Fifa’s transfer ban will affect the Catalans
Middle East crisis: We know all too much about the cruelty of Isis – but all too little about who they are

We know all too much about the cruelty of Isis – but all too little about who they are

Now Obama has seen the next US reporter to be threatened with beheading, will he blink, asks Robert Fisk
Neanderthals lived alongside humans for centuries, latest study shows

Final resting place of our Neanderthal neighbours revealed

Bones dated to 40,000 years ago show species may have died out in Belgium species co-existed
Scottish independence: The new Scots who hold fate of the UK in their hands

The new Scots who hold fate of the UK in their hands

Scotland’s immigrants are as passionate about the future of their adopted nation as anyone else
Britain's ugliest buildings: Which monstrosities should be nominated for the Dead Prize?

Blight club: Britain's ugliest buildings

Following the architect Cameron Sinclair's introduction of the Dead Prize, an award for ugly buildings, John Rentoul reflects on some of the biggest blots on the UK landscape