Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers: PATRIOT Act Can 'Obtain' Data In Europe

Posted by Soulskill on from the otherwise-the-terrists-win dept.

An anonymous reader writes "U.S. law enforcement and intelligence services can use the PATRIOT Act/FISA to 'obtain' EU-stored data for snooping, mining and analysis, despite strong EU data and privacy laws, according to a recent research paper. One of the paper's authors, Axel Arnbak, said, 'Most cloud providers, and certainly the market leaders, fall within the U.S. jurisdiction either because they are U.S. companies or conduct systematic business in the U.S. In particular, the Foreign Intelligence Surveillance Amendments (FISA) Act makes it easy for U.S. authorities to circumvent local government institutions and mandate direct and easy access to cloud data belonging to non-Americans living outside the U.S., with little or no transparency obligations for such practices -- not even the number of actual requests.' Arnback added, 'These laws, including the Patriot Act, apply as soon as a cloud service conducts systematic business in the United States. It's a widely held misconception that data actually has to be stored on servers physically located in the U.S.'"

5 of 133 comments (clear)

  1. Same applies elsewhere? by Intrepid+imaginaut · · Score: 4, Interesting

    I guess the same thing applies elsewhere too, like China or Saudi Arabia. If a company wants to conduct business in a country it has to comply with the laws of the country. The main difference is the US is such a huge market that most companies would rather hand over the data than be shut out of it. In a situation where the laws of two different large markets are in direct conflict, it probably becomes a question of "can we get away with it".

    1. Re:Same applies elsewhere? by Anonymous Coward · · Score: 2, Interesting

      So, uh, what about complying with EU laws by not handing over the data to America?

    2. Re:Same applies elsewhere? by RobertLTux · · Score: 3, Interesting

      and then be accused of having ties to Terrorists/ Child Slavery/Whatever and then everything held by the company remotely "US based" gets seized.

      --
      Any person using FTFY or editing my postings agrees to a US$50.00 charge
  2. Bullshit by Rakshasa-sensei · · Score: 4, Interesting

    The EU Data Protection Directive is very specific on this issue; the hosting/cloud company can only locate the data in the US, or even transmit it there, if there is an explicit guarantee that the data has the same level of protection.

    Basically yes, the US could use the Patriot Act to obtain protected EU data from US-based companies. And yes, the company would then have broken the EU directive and would face the courts.

    1. Re:Bullshit by Thiez · · Score: 3, Interesting

      > And yes, the company would then have broken the EU directive and would face the courts.

      How would the EU courts find out?