EU Citizens Warned Not To Use US Cloud Services Over Spying Fears

Diamonddavej writes "Leading privacy expert Caspar Bowden warned European citizens not to use cloud services hosted in the U.S. over spying fears. Bowden, former privacy adviser to Microsoft Europe, explained at a panel discussion hosted at the recent Computers, Privacy and Data Protection conference in Brussels, that a section in the Foreign Intelligence Surveillance Act Amendments Act 2008 (FISAAA) permits U.S. intelligence agencies to access data owned by non-U.S. citizens on cloud storage hosed by U.S. companies, if their activity is deemed to affect U.S. foreign policy. Bowden claimed the Act allows for purely political spying of activists, protesters and political groups. Bowden also pointed out that amendments to the EU's data protection regulation proposal introduce specific loopholes that permit FISAAA surveillance. The president of Estonia, Toomas Hendrik Ilves (at a separate panel discussion) commented, 'If it is a U.S. company it's the FBI's jurisdiction and if you are not a U.S. citizen then they come and look at whatever you have if it is stored on a U.S. company server.' The European Data Protection Supervisor declined to comment but an insider indicated that the authority is looking into the matter."

Really?

Got news for him, even if you ARE a US citizen they look at whatever you have stored.

Anyone ever read the constitution?

[Midnight_Falcon]

The Bill of Rights is peculiar in that it does not say "no citizen", but it says "no person."

Can someone explain how nearly 250 years of common law has managed to change the definition of a "person" to include US companies, but not foreign citizens utilizing services within the US?

Re:Anyone ever read the constitution?

[SteveFoerster]

Hence the saying that the Constitution may not be perfect, but it's better than what we have now.

Re:Anyone ever read the constitution?

[s.petry]

Do you want the real answer or some spiffy rhetorical bullshit? Save that, I'll give you the real answer. My apologies in advance too, since I'm guessing you already know what follows and are simply asking the rhetorical question. This is really for those that are still sleeping.

The real answer is that the people currently sitting in offices don't give a rats ass about their own Constitution. Don't look at what they say, look at what they do! The Patriot act has not been diminished, it's been extended. Hidden clauses in executive orders remove things from view, and public support. Lets not kid each other, that is a symptom of a much larger problem and not the problem.

Socrates warned that citizens must guard against people in political offices that demand increasing amounts of power. He was the first, but definitely not the last. That quest for power can quickly turn any form of Government into a tyranny.

Now many will say "doom and gloom nonsense", and those people are simply ignorant. They have no idea how much snooping the NSA currently does on them, nor how much that will expand this summer when the new super computer complex opens (which has been designed for exactly the purpose of snooping and reporting on citizens). They have no idea how much of that data is requested and granted currently (in secrecy) to other government agencies, like the CIA, FBI, TSA, DHS, DOJ, ATF, etc.. Nobody in the public does, because our government refuses to provide any information at all. Even to the point where they refuse to admit it happens. We know it happens based on events and court cases, not because it's admitted.

This is by the same people in office that will tell you to your face that they want to be open and honest. Does the term "pathological liar" not bother you?

So if the Government ignores the Constitution and Bill of Rights when dealing with it's own citizens do you really expect them to honor the words with non-citizens? The constitution is the foundation for every other aspect of our Government.

Re:Anyone ever read the constitution?

The Bill of Rights is peculiar in that it does not say "no citizen", but it says "no person."

Ah, but are foreign nationals actually people?

The answer isn't obvious when you consider that slaves weren't full people as per the original document.

Re:Anyone ever read the constitution?

[Genda]

The problem is the difference between the letter and the spirit of the law. A well educated third grader can interpret the spirit of the oath of office.

But a President today can simply puts a Scalia onto the bench of the Supreme Court, who will gladly interpret the Constitution in a way that sounds more like Mein Kampf. We are drowning in lawyers, making noises like Bill Clinton's "...that depends what "IS" is..". Duplicitous self serving scumbags who will print the Bill of Rights on rolls that are squeezably soft, while kissing babies and glad handing corporate giants holding fat checks. We've been bought and sold by little men.

Doom and Gloom would be letting this lie. Nonsense, would be ignoring the vital need to take back what is our God given liberty in the face of our culture being destroyed one word at a time. It is the government that must stand transparent, naked before the people, and not the other way.

Re:Anyone ever read the constitution?

[Genda]

That's okay, recent changes in the law now make it possible to do anything we do to foreign nationals to be done to our own citizens. What could be fairer?

Practical impact?

[trampel]

Taking Google's service as an example, how is the FBI to know whether john.doe@gmail.com is a U.S. citizen or not? When signing up for service, all Google asks for is the location, not the country of citizenship.

Even if John Doe accesses his email from a non-US ISP, he might well be a citizen traveling abroad.

Is this really news to anyone?

I mean, everyone outside the US has known since the mid-2000's that the American Gov't has absolutely ZERO compunction about spying on ANYTHING within it's borders.

Even "secretly" wire-tapping it's own citizens.

In Canada we have distinct and fairly robust privacy legislation, and I'm constantly warning businesses to avoid storing anything in the cloud that could potentially contain affected info (customer data primarily, but also patient data in doctor's offices and other medical professionals). Simply uploading ANY of that data to the cloud COULD put you in violation of the law since you can no-longer provide ANY ASSURANCE WHATSOEVER that it hasn't been viewed or shared with unauthorized parties.

Furthermore, I personally just assume, straight-up, that ANYTHING that Facebook, Google, Amazon or Microsoft host is de rigueur scanned, indexed and cataloged.

This also applies to anything done in Chrome, or Android (vis a vis Google) or if you've installed any of Google's personal-search tools. It just doesn't make sense NOT to assume that the worst thing you can imagine happening in these cases either is-already, or will-eventually-be, happening.

I single-out Google and it's many tools at the moment because hoarding information about you (and then selling it) IS the basis of their business model. The more information they can harvest about you personally, the more valuable their product is. Therefore, the greater their incentive is/will-be to accrue and store as much information as they possibly can about every single thing you do, place you go, thing you think... If they're not doing it already, the past history of American Corporocratic greed compels me to believe that they will eventually...

Still, it's hard to believe that any of this would be considered "new" news in 2013.

-AC

Internet tradition

[Okian+Warrior]

The US is driving business away with a weighted stick.

People hold beliefs about other countries and people for a very long time; in many cases, long after the belief has had any meaning. For example, "the French surrendered", "Germans are Nazis", "Chinese products are crappy", "Japanese cars are like finely-tuned watches", and so on. Think of any nation and it comes with a satchel of beliefs held about its people.

The US is getting an odius reputation for business and tourism. The overall message we send is: "don't come to the US for anything". Businesses are leaving the US in droves, preferring to operate in more friendly areas.

When the US is known worldwide as "business unfriendly", it'll be nigh impossible to turn that around even if the situation changes.

This is what our government is doing for us. It's effect on productivity (and employment) is obvious.

(As a personal anecdote, I recently registered a .net domain, and the registrar (in France) had me click through a strongly worded message stating that the US could demand all sorts of privileges from the domain. Essentially, they stated that they could not guarantee my privacy or the safety of my data when registering a .net domain.)

Megaupload Case *Already* Poisoned the Cloud

[sehlat]

Think about it a moment. The Hollywood ... er ... US Government seized all servers and data on a flimsy warrant and trumped-up charges, including the accusation that Megaupload had retained data on its servers even after takedown notice(s). It has since emerged that the government specifically requested that they leave those files up for "investigation." One guy trusted his business data and property to the service and he's *still* fighting to get it back, despite the fact that it was un-shared and 100% his own legal property.

Cloud services effectively died that day. Why trust any service when a third party can cut you off at any time from your own property without let or recourse?

Count on Europe

[Kergan]

Methinks you can count on Europe to eventually get this right.

Twitter getting sued and losing to France's Jew student union over obnoxious hashtags is just the high profile round two of the same joust they had with Yahoo over nazi artifacts getting auctioned over a decade ago. They won last time; they'll win this time. And US companies will comply to French law on this matter just like last time. I suspect that the pitiful €1k/day fine is going to quickly balloon to obscene amounts of money until the courts get a reaction from Twitter.

In Germany, users are suing Facebook over the right to get deleted, and while they were the first, in typical German grassroots achievements, they no longer are the only ones. This is simply going to win, and they're just getting started. Sure enough, the Irish subsidiary is dragging its feet to comply. Presumably to Zuck's despair -- here's a continent with over 600M people willing not only in fighting for the right to be deleted but also in actually enforcing it. In the end, sane views will prevail, and the US laws will get kicked back across the Atlantic where they belong -- for US citizens to debate further, hopefully with new, more enlightened insights.

The same could arguably be told of countries like China, Egypt or Iran: ironically, US firms are made to comply with local law over there, plain and simple, much faster then they are to EU laws. But the EU is hopefully similar enough to the US that the latters' citizens will not shrug that the former are merely uneducated barbarians when their laws are sent back for review.

Security on the clouds

[Taco+Cowboy]

No matter where that cloud is stationed, putting stuffs that are sensitive in nature is never a good idea.

Facebook fees

Remember Skype the other day? when was the last time you heard FBI complain it couldn't get Skype intercepts because of its P2P nature? Now they're *using* Skype intercepts in prosecutions! So our private calls are also intercepted now. I think the routing comes from an MS server and they simply route it through an intercept.

In the latest financials, I see Facebook has substantial 'fees' income, separate from advertising. At first I thought it was for the charges they make for contacting your friends list, but that doesn't explain it, the fees go back before the introduced that charge.

I think they sell NSA access. I think a substantial portion of that fee is to give NSA access to all the private profile information, all the non public graph data.

I find it difficult to imagine a situation where Facebook has secret info, Facebook wants money, NSA has money, NSA wants info, there's no law stopping them getting it, even on US citizens, (cloud stuff greater than 6 months on USA citizens is not considered private, even if its private email, cloud stuff on non US citizens is fair game). Hence Facebook must be selling data to NSA by Occam's razor.

How is this news?

How oh how is this in 2013, news? The Patriot Act (Enacted into US law just slightly post 9/11/2001), allows the US government to access any data from any source held by a US company, whether that companies operations are within the United States, or located in a foreign country (any other country). The act also requires the company to provide all information requested by the US government, and requires the company *NOT* to disclose to any party their actions on behalf of the US Government. So it's not just data stored on US servers, the servers can belong to people in other countries, with the server physically located not in the United States. It basically makes all US companies with access to data spies for the US government under US law. There are fines, penalties (including prison) for companies disclosing that the US Government is snooping for information, and likewise for non-compliance. That members of the EU are just discovering this now is quite surprising.