Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers: PATRIOT Act Can 'Obtain' Data In Europe

Posted by Soulskill on from the otherwise-the-terrists-win dept.

An anonymous reader writes "U.S. law enforcement and intelligence services can use the PATRIOT Act/FISA to 'obtain' EU-stored data for snooping, mining and analysis, despite strong EU data and privacy laws, according to a recent research paper. One of the paper's authors, Axel Arnbak, said, 'Most cloud providers, and certainly the market leaders, fall within the U.S. jurisdiction either because they are U.S. companies or conduct systematic business in the U.S. In particular, the Foreign Intelligence Surveillance Amendments (FISA) Act makes it easy for U.S. authorities to circumvent local government institutions and mandate direct and easy access to cloud data belonging to non-Americans living outside the U.S., with little or no transparency obligations for such practices -- not even the number of actual requests.' Arnback added, 'These laws, including the Patriot Act, apply as soon as a cloud service conducts systematic business in the United States. It's a widely held misconception that data actually has to be stored on servers physically located in the U.S.'"

5 of 133 comments (clear)

  1. So what we learn from this is.... by stiggle · · Score: 5, Insightful

    Host your own data. Do not trust the cloud.

    1. Re:So what we learn from this is.... by captainpanic · · Score: 5, Informative

      In the Netherlands, we want to host our own data. Some want to build a national database for medical data. However, an American company is developing the software - so that might be enough for the Americans to demand access to whatever is put on that database.

      So, essentially, when any US based company deals with another third party, all the data of this third party does is now declared property of the US.

      This was front page news just a week ago. Not a really good advertisement for US based software developers. For the record, the project manager (who is Dutch) denies that the Americans would get access. And I guess that under the Patriot Act it is also illegal to claim that the US is snooping around. So, for the record, I deny writing this post, since this is hosted on an American server - or at least maintained by people who create American-centric polls.

      Source in Dutch: http://www.metronieuws.nl/nieuws/beheerder-patientendossier-vreest-patriot-act-niet/IWIlkD!AQnwumcZSKxKeH8VP9BZwQ/

  2. The only real solution by Aethedor · · Score: 5, Insightful

    Don't do business with an American company or a company that has an office in the US if you plan to use its service to store sensitive information. This may sound a bit blunt, but for me it's the only proper answer to the patriot act.

    --
    It doesn't have to be like this. All we need to do is make sure we keep talking.
  3. In Other News.. by SuperCharlie · · Score: 5, Insightful

    The US can do whatever they feel like doing because Fuck You. rabble rabble terrorism..rabblerabble child porn rabblerabble security.

    Get used to it... its gonna be a long and twisted road before this crap is over.

  4. Re:Bullshit by gstoddart · · Score: 5, Insightful

    But yes, the Data Protection Directive makes it very hard for companies to comply with both PATRIOT and the DPD.

    No, it makes it impossible. the PATRIOT act says "no matter what local laws say, you are obligated to do this" ... the data protection in other countries says "you are absolutely required to not do that".

    Basically, the Americans are saying their laws trumps everybody else, and the cost of doing "systematic business in the United States" is that their laws trump everybody else.

    Sadly, the US has decided that, the laws of other countries be damned, if you do enough business here you have to do what we say.

    Yet another example of how the US is declining into a xenophobic country, who has no intention of playing nicely with everybody else -- and American businesses might suddenly find themselves as unwelcome entities around the world as you pointed out. (Which of course they would probably go to the WTO or say "Waahh, you won't let us play in your sandbox" to try to force those countries to allow American companies to do business despite the fact that they essentially can't be trusted.)

    Essentially the only choice is to treat American owned companies as if they're agents of a hostile, totalitarian state -- because if any other country passed a law that said "if you do systematic business here, you must hand over your data to our government", the US would be up in arms talking about the freedoms they're not prepared to extend to other countries.

    I know here in Canada, US owned companies are precluded from some government contracts for this very reason, and pretty much all cloud providers which could host data there are not legally allowed because they open the risk of sensitive data being handed to the Americans without anybody knowing.

    I think this will pretty much be the point at which a lot of these US companies who could be in this position will suddenly start finding a lot of doors closed in their face with a "Oh, sorry, since we can't trust you or your government, you can't come in".

    --
    Lost at C:>. Found at C.