Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU Citizens Warned Not To Use US Cloud Services Over Spying Fears

Posted by timothy on from the oh-don't-you-worry dept.

Diamonddavej writes "Leading privacy expert Caspar Bowden warned European citizens not to use cloud services hosted in the U.S. over spying fears. Bowden, former privacy adviser to Microsoft Europe, explained at a panel discussion hosted at the recent Computers, Privacy and Data Protection conference in Brussels, that a section in the Foreign Intelligence Surveillance Act Amendments Act 2008 (FISAAA) permits U.S. intelligence agencies to access data owned by non-U.S. citizens on cloud storage hosed by U.S. companies, if their activity is deemed to affect U.S. foreign policy. Bowden claimed the Act allows for purely political spying of activists, protesters and political groups. Bowden also pointed out that amendments to the EU's data protection regulation proposal introduce specific loopholes that permit FISAAA surveillance. The president of Estonia, Toomas Hendrik Ilves (at a separate panel discussion) commented, 'If it is a U.S. company it's the FBI's jurisdiction and if you are not a U.S. citizen then they come and look at whatever you have if it is stored on a U.S. company server.' The European Data Protection Supervisor declined to comment but an insider indicated that the authority is looking into the matter."

19 of 138 comments (clear)

  1. Really? by Anonymous Coward · · Score: 5, Insightful

    Got news for him, even if you ARE a US citizen they look at whatever you have stored.

    1. Re:Really? by gstoddart · · Score: 3, Informative

      "Got news for him, even if you ARE a US citizen they look at whatever you have stored."

      Where is evidence?

      Under the PATRIOT act, they can't show that to you.

      The fact remains, they've been increasingly looking at people's things, bypassing judicial oversight, and generally running rough shod over parts of the Constitution with "Free Speech Zones", warrantless wiretaps and the ability to do "border stops" 100 miles from the border.

      Seriously, have you not even been paying attention? This shit's been all over the news.

      --
      Lost at C:>. Found at C.
  2. Oh Noze! by flyneye · · Score: 3, Funny

    Run for your life, the Cloud is falling, the Cloud is falling!

    --
    *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
  3. Anyone ever read the constitution? by Midnight_Falcon · · Score: 5, Insightful

    The Bill of Rights is peculiar in that it does not say "no citizen", but it says "no person."

    Can someone explain how nearly 250 years of common law has managed to change the definition of a "person" to include US companies, but not foreign citizens utilizing services within the US?

    1. Re:Anyone ever read the constitution? by SteveFoerster · · Score: 4, Insightful

      Hence the saying that the Constitution may not be perfect, but it's better than what we have now.

      --
      Space game using normal deck of cards: http://BattleCards.org
    2. Re:Anyone ever read the constitution? by s.petry · · Score: 5, Insightful

      Do you want the real answer or some spiffy rhetorical bullshit? Save that, I'll give you the real answer. My apologies in advance too, since I'm guessing you already know what follows and are simply asking the rhetorical question. This is really for those that are still sleeping.

      The real answer is that the people currently sitting in offices don't give a rats ass about their own Constitution. Don't look at what they say, look at what they do! The Patriot act has not been diminished, it's been extended. Hidden clauses in executive orders remove things from view, and public support. Lets not kid each other, that is a symptom of a much larger problem and not the problem.

      Socrates warned that citizens must guard against people in political offices that demand increasing amounts of power. He was the first, but definitely not the last. That quest for power can quickly turn any form of Government into a tyranny.

      Now many will say "doom and gloom nonsense", and those people are simply ignorant. They have no idea how much snooping the NSA currently does on them, nor how much that will expand this summer when the new super computer complex opens (which has been designed for exactly the purpose of snooping and reporting on citizens). They have no idea how much of that data is requested and granted currently (in secrecy) to other government agencies, like the CIA, FBI, TSA, DHS, DOJ, ATF, etc.. Nobody in the public does, because our government refuses to provide any information at all. Even to the point where they refuse to admit it happens. We know it happens based on events and court cases, not because it's admitted.

      This is by the same people in office that will tell you to your face that they want to be open and honest. Does the term "pathological liar" not bother you?

      So if the Government ignores the Constitution and Bill of Rights when dealing with it's own citizens do you really expect them to honor the words with non-citizens? The constitution is the foundation for every other aspect of our Government.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    3. Re:Anyone ever read the constitution? by Genda · · Score: 3, Insightful

      The problem is the difference between the letter and the spirit of the law. A well educated third grader can interpret the spirit of the oath of office.

      But a President today can simply puts a Scalia onto the bench of the Supreme Court, who will gladly interpret the Constitution in a way that sounds more like Mein Kampf. We are drowning in lawyers, making noises like Bill Clinton's "...that depends what "IS" is..". Duplicitous self serving scumbags who will print the Bill of Rights on rolls that are squeezably soft, while kissing babies and glad handing corporate giants holding fat checks. We've been bought and sold by little men.

      Doom and Gloom would be letting this lie. Nonsense, would be ignoring the vital need to take back what is our God given liberty in the face of our culture being destroyed one word at a time. It is the government that must stand transparent, naked before the people, and not the other way.

    4. Re:Anyone ever read the constitution? by Genda · · Score: 3, Insightful

      That's okay, recent changes in the law now make it possible to do anything we do to foreign nationals to be done to our own citizens. What could be fairer?

  4. US hosed our servers by AaronLS · · Score: 3, Funny

    "hosed by U.S. companies"

  5. UK Govt using zendesk?? by lkcl · · Score: 5, Interesting

    a friend of mine made a freedom of information request recently, and was surprised to find that his question was responded to using zendesk. so he looked up the IP address and, on discovering that the IP address was in the U.S., made some pointed enquiries as to why his confidential details, as well as UK Government matters, were being stored in a jurisdiction outside of the sovereignty of the UK.

    the best one though was learning that UK MPs have been issued with ippads. which is great. confidential UK business can be snooped on by not just the U.S. govt but by a U.S. Corporation, and UK MPs can be "advertised at", and sold commercial music and entertainment services that they have absolutely no business letting in to Parliament.

    all good fun, eh?

  6. Poisoning the cloud by Anonymous Coward · · Score: 4, Interesting

    Microsoft has been harping on about this before. They previously said they themselves couldn't promise to keep their users' data private to the degree required by EU law.

    As I see it, what they're doing is trying to poison the whole idea of cloud services, because in poisoning their own market they also poison Google's. And while to Microsoft, 'cloud services' are an expensive and annoying distraction, to Google it's central to their entire business strategy.

  7. Is this really news to anyone? by Anonymous Coward · · Score: 5, Insightful

    I mean, everyone outside the US has known since the mid-2000's that the American Gov't has absolutely ZERO compunction about spying on ANYTHING within it's borders.

    Even "secretly" wire-tapping it's own citizens.

    In Canada we have distinct and fairly robust privacy legislation, and I'm constantly warning businesses to avoid storing anything in the cloud that could potentially contain affected info (customer data primarily, but also patient data in doctor's offices and other medical professionals). Simply uploading ANY of that data to the cloud COULD put you in violation of the law since you can no-longer provide ANY ASSURANCE WHATSOEVER that it hasn't been viewed or shared with unauthorized parties.

    Furthermore, I personally just assume, straight-up, that ANYTHING that Facebook, Google, Amazon or Microsoft host is de rigueur scanned, indexed and cataloged.

    This also applies to anything done in Chrome, or Android (vis a vis Google) or if you've installed any of Google's personal-search tools. It just doesn't make sense NOT to assume that the worst thing you can imagine happening in these cases either is-already, or will-eventually-be, happening.

    I single-out Google and it's many tools at the moment because hoarding information about you (and then selling it) IS the basis of their business model. The more information they can harvest about you personally, the more valuable their product is. Therefore, the greater their incentive is/will-be to accrue and store as much information as they possibly can about every single thing you do, place you go, thing you think... If they're not doing it already, the past history of American Corporocratic greed compels me to believe that they will eventually...

    Still, it's hard to believe that any of this would be considered "new" news in 2013.

    -AC

  8. Internet tradition by Okian+Warrior · · Score: 5, Insightful

    The US is driving business away with a weighted stick.

    People hold beliefs about other countries and people for a very long time; in many cases, long after the belief has had any meaning. For example, "the French surrendered", "Germans are Nazis", "Chinese products are crappy", "Japanese cars are like finely-tuned watches", and so on. Think of any nation and it comes with a satchel of beliefs held about its people.

    The US is getting an odius reputation for business and tourism. The overall message we send is: "don't come to the US for anything". Businesses are leaving the US in droves, preferring to operate in more friendly areas.

    When the US is known worldwide as "business unfriendly", it'll be nigh impossible to turn that around even if the situation changes.

    This is what our government is doing for us. It's effect on productivity (and employment) is obvious.

    (As a personal anecdote, I recently registered a .net domain, and the registrar (in France) had me click through a strongly worded message stating that the US could demand all sorts of privileges from the domain. Essentially, they stated that they could not guarantee my privacy or the safety of my data when registering a .net domain.)

  9. Megaupload Case *Already* Poisoned the Cloud by sehlat · · Score: 5, Insightful

    Think about it a moment. The Hollywood ... er ... US Government seized all servers and data on a flimsy warrant and trumped-up charges, including the accusation that Megaupload had retained data on its servers even after takedown notice(s). It has since emerged that the government specifically requested that they leave those files up for "investigation." One guy trusted his business data and property to the service and he's *still* fighting to get it back, despite the fact that it was un-shared and 100% his own legal property.

    Cloud services effectively died that day. Why trust any service when a third party can cut you off at any time from your own property without let or recourse?

    1. Re:Megaupload Case *Already* Poisoned the Cloud by StormReaver · · Score: 3, Informative

      Cloud services effectively died that day.

      I wish you were right, but you're not. Sadly, Stupid breeds way faster than Smart, so "cloud" subscriptions keep growing.

  10. Count on Europe by Kergan · · Score: 3, Insightful

    Methinks you can count on Europe to eventually get this right.

    Twitter getting sued and losing to France's Jew student union over obnoxious hashtags is just the high profile round two of the same joust they had with Yahoo over nazi artifacts getting auctioned over a decade ago. They won last time; they'll win this time. And US companies will comply to French law on this matter just like last time. I suspect that the pitiful €1k/day fine is going to quickly balloon to obscene amounts of money until the courts get a reaction from Twitter.

    In Germany, users are suing Facebook over the right to get deleted, and while they were the first, in typical German grassroots achievements, they no longer are the only ones. This is simply going to win, and they're just getting started. Sure enough, the Irish subsidiary is dragging its feet to comply. Presumably to Zuck's despair -- here's a continent with over 600M people willing not only in fighting for the right to be deleted but also in actually enforcing it. In the end, sane views will prevail, and the US laws will get kicked back across the Atlantic where they belong -- for US citizens to debate further, hopefully with new, more enlightened insights.

    The same could arguably be told of countries like China, Egypt or Iran: ironically, US firms are made to comply with local law over there, plain and simple, much faster then they are to EU laws. But the EU is hopefully similar enough to the US that the latters' citizens will not shrug that the former are merely uneducated barbarians when their laws are sent back for review.

  11. Here is a European Parliment Report by Diamonddavej · · Score: 4, Informative

    Here is a report for the European Parliament (Pdf) about cyber crime and privacy of Cloud services, co-written by Caspar Bowden, it discusses the ramifications of FISAAA. The salient section is "3.4. The inter-state/states/companies relation" on page 34.

    http://www.europarl.europa.eu/committees/en/studiesdownload.html?languageDocument=EN&file=79050

    Furthermore, proposed changes to the EU's data protection regulations will facilitate FISAAA. Specifically, if a Security Companies' audit of a Cloud Service uncovers U.S. spying, they will be obligated not to inform an affected EU company. I wonder what pressure the U.S. is applying to get this passed...

    US lobbying waters down EU data protection reform

    "For example, IMCO voted to allow easier profiling of users by companies, and lessen the importance of reporting personal data breaches as soon as they occur. At the same time, most proposals to strengthen regulation were rejected.

  12. Security on the clouds by Taco+Cowboy · · Score: 4, Insightful

    No matter where that cloud is stationed, putting stuffs that are sensitive in nature is never a good idea.

    --
    Muchas Gracias, Señor Edward Snowden !
  13. translation by terec · · Score: 4, Interesting

    If you look at, for example, the data protection laws here in Germany, the German government can get at my data even more easily than the FBI can get at data in the US. What I'm asking myself is: assuming that any government can look at data within its borders anyway, what's the best place to store my data? Good attributes for such a place are: I'm not living there, I don't want to travel there, and they aren't really on good terms with my government.

    I think what the EU representatives are really saying in so many words is: "don't store your data in the US, where European governments have a harder time getting at it, store it in Europe where we can get at it easily (but you can trust us!)".