backtop


Print 71 comment(s) - last by Bad-Karma.. on Jul 11 at 3:41 AM


Microsoft warns that the PATRIOT Act, recent renewed by President Obama, will allow the U.S. to invade EU citizens' private data without notification.  (Source: Paramount Pictures)

The revelation could lead the EU to forcing Facebook, Google, Microsoft, and others to adopt isolated hosting in Europe for European services. Currently much of the hosting for European users is handled in America, exposing their data to invasive U.S. laws.  (Source: Flickr/TJCrowley)

Senators John McCain (R-Ariz.) and John Kerry (D-Mass.) have proposed a privacy bill that may help fix the awkward standoff.  (Source: AP Photo)
Microsoft tipped off the EU about possible data grab

The European Union (EU) is a little bit upset with the United States federal government after it caught wind of a possible plan to swipe EU citizens' private data from cloud service providers, in violation of EU laws.  And the U.S. government can blame software giant Microsoft Corp. (MSFT) for letting the secret out of the bag.

I. PATRIOT Act: Policing the World

People often get caught up in possible domestic spying issues of the "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001" (USA PATRIOT Act of 2001) as it authorizes the gathering of "foreign intelligence information" from U.S. citizens.

But the bill, which was renewed for four years by President Barack Obama in 2011, is primarily aimed at gathering intelligence from foreign nations.  In that regard, much of its authorizations deal with "spying" on foreign nations -- not solely U.S. citizens.

With citizens in the U.S. and Europe increasingly using "the cloud" -- services from companies like Microsoft, Facebook, Google Inc. (GOOG), and Apple, Inc. (AAPL) -- the question becomes how secure these resources are.

While the U.S. does not guarantee the privacy of its citizens online, the EU has a law titled the Data Protection Directive, which mandates that the EU protect the privacy of its citizens.  The Directive demands that citizens be informed any time private data is obtained.  The problem is that mandate does little to stop the U.S. from secretly seizing cloud data in the name of the PATRIOT Act according to warnings from Microsoft and top lawyers.

II. Our Laws Are Greater Than Yours

Microsoft warns that under the PATRIOT Act, it might not only be forced to hand over EU citizens' data; it might also be forced to do so secretly, without informing the EU.  This would directly violate the privacy protections the EU promises to enforce.

The company writes, "In a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements, or to protect the rights or property of Microsoft."

Sophia In't Veld (Netherlands) an EU parliamentarian, voiced outrage at the prospect, stating, "Does the Commission consider that the U.S. PATRIOT Act thus effectively overrules the E.U. Directive on Data Protection? What will the Commission do to remedy this situation, and ensure that E.U. data protection rules can be effectively enforced and that third country legislation does not take precedence over E.U. legislation?"

"I hope Commissioner Reding will respond soon, as this is really a key issue. Essentially what is at stake is whether Europe can enforce its own laws in its own territory, or if the laws of a third country prevail. I hope the Commissioner will ensure that the U.S. and other countries respect E.U. laws in E.U. territory. I don't think the U.S. would be amused if Europeans (or other non-U.S. authorities) were to get access to databases located within U.S. jurisdiction."

The EU and the U.S. already have an agreement called Safe Harbor, which allows for the sharing of data under certain restrictions such as the promise of reasonable data security, and clearly defined and effective enforcement.  In these cases the EU is informed of the request, so it can inform the affected citizens about it.

The problem is that the PATRIOT Act offers a far easier secret backdoor to the same information.  And there's little the EU can do to stop it.

Theo Bosboom, IT lawyer with Dirkzager Lawyers comments, "I'm afraid that Safe Harbor has very little value anymore, since it came out that it might be possible that U.S. companies that offer to keep data in a European cloud are still obliged to allow the U.S. government access to these data on basis of the PATRIOT Act. Europeans would be better to keep their data in Europe. If a European contract partner for a European cloud solution, offers the guarantee that data stays within the European Union, that is without a doubt the best choice, legally."

That could spell big trouble for companies like Google, Facebook, Microsoft, and Apple should the EU decide to apply restrictions or mandates to their services in order to protect its citizens' privacy from foreign powers.  Such restrictions could for the companies to switch to local, isolated serving to prevent the U.S. from having access to the data.  However, such schemes would be pricey to implement.

III. Does U.S. Privacy Bill Provide an Answer?

One potential solution may lie with the pending online privacy protection legislation proposed by Senators John Kerry (D-Mass.) and John McCain (R-Ariz.).  

The bill has received much resistance from the online data mining and advertising community, as it suggests the creation of a mandatory opt-out of data gathering.  Such an opt-out could be cost-prohibitive for smaller sites and could seriously undermine online advertising's profitability.

The bill could also make it harder to use the PATRIOT Act to grab information without public notification.

States EU Data Protection Commissioner Viviane Reding, "I welcome a draft Bill of Rights just introduced in the U.S. Congress as a bipartisan initiative of Democrats and Republicans. The Commission also shares the main objective of the Bill: strengthening individuals' trust in new technologies through compatible standards."

A compromise may be reached, but it's doubtful this will be the last we hear of this controversy.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: What could happen.
By Netjak on 7/7/2011 1:35:59 PM , Rating: 2
quote:
That doesn't pass muster. FBI's charter is to operate w/i confines of USA, whereas CIA operates outside


Exactly my point. They were inside US and they are spoted by local FBI monts before planned attack. So there is no need 4 any law change, just to slash couple of iresponsible heads.


RE: What could happen.
By ekv on 7/7/2011 3:50:40 PM , Rating: 2
quote:
They were inside US and they are spoted by local FBI
Simply being spotted inside the US is no cause for arrest and/or further surveillance. Unless. Unless the CIA would have been allowed to communicate the facts to the FBI that they were indeed persons of interest, and the reasons why. That law was later changed so that the CIA can now do just that, communicate with the FBI. Amazing, no?

My point is that the system works, no need for ad hominem remarks against "irresponsible heads" in the aforementioned agencies. It were (largely if not fully) the politicians that didn't like law enforcement, w/ reputed lesbian and muslim ties. Hint, hint.


RE: What could happen.
By Netjak on 7/7/2011 6:08:23 PM , Rating: 2
quote:
Simply being spotted inside the US is no cause for arrest and/or further surveillance. Unless. Unless the CIA would have been allowed to communicate the facts to the FBI that they were indeed persons of interest, and the reasons why. That law was later changed so that the CIA can now do just that, communicate with the FBI. Amazing, no?


July 10, 2001: A Phoenix FBI agent sends a memorandum warning about Middle Eastern men taking flight lessons. He suspects bin Laden's followers and recommends a national program to check visas of suspicious flight-school students. The memo is sent to two FBI counter-terrorism offices, but no action is taken. [New York Times, 5/21/02] Vice President Cheney says in May 2002 that he opposes releasing this memo to congressional leaders or to the media and public

quote:
My point is that the system works, no need for ad hominem remarks against "irresponsible heads" in the aforementioned agencies. It were (largely if not fully) the politicians that didn't like law enforcement, w/ reputed lesbian and muslim ties. Hint, hint


FBI director at that time was informed about couple of AQ members, actual 9/11 attackers. Its just question of puting two's together.

lets go little furter, if u have little or no cooperation betwen agencies, how wiretaping and similar activities can help in that regard?


RE: What could happen.
By ekv on 7/7/2011 7:12:23 PM , Rating: 2
quote:
The Sept. 11 attacks were preventable, but the plot went undetected because of communications lapses between the F.B.I. and C.I.A., which failed to share intelligence related to two hijackers, a Congressional report to be released on Thursday says.

The report, by a joint committee of the House and Senate intelligence panels, found that for nearly two years before the attacks, the Central Intelligence Agency knew about the terror connections between the two men, Khalid al-Midhar and Nawaq Alhazmi, who in 2000 moved to San Diego, frequenting Muslim circles that the Federal Bureau of Investigation had infiltrated.

http://www.nytimes.com/2003/07/24/us/9-11-congress...

quote:
if u have little or no cooperation betwen agencies, how wiretaping and similar activities can help in that regard?
You appear to be asking how the CIA and FBI miscommunication can prevent 9/11 from being detected and prevented. Seeing that the 9/11 commission drew no such conclusion AND had vastly greater access to information than I, it'd be absurd for me to draw a conclusion for you. In other words, I'd be a poseur extraordinaire to even attempt an answer. Of course, I otherwise have an opinion.

Nevertheless, lack of communication is cited as a major failure point. Indeed, one of the main reasons the PATRIOT act was pushed so hard is that it addresses communication protocols tween the agencies. Checks and balances, perhaps even "friendly" competition amongst the agencies, must therefore be seen as an essential for detecting and preventing further occurrences of terrorism.

Then again, I'd be remiss if I did not point out Gorelick was appointed to the 9/11 commission by somebody -- she being nothing but a political hack. So perhaps that factored into why no conclusion was drawn?


"It's okay. The scenarios aren't that clear. But it's good looking. [Steve Jobs] does good design, and [the iPad] is absolutely a good example of that." -- Bill Gates on the Apple iPad














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki