US law allows ‘wire-tapping’ of people who use US-based cloud services like Dropbox, Google Drive, and iCloud — even if you don’t live in the United States

google_data_center

European privacy expert Caspar Bowden is warning that the data of people who use US-based cloud services might be monitored by the American authorities. In other words, Dropbox, Apple’s iCloud, Google Drive, and Amazon’s Cloud Drive are all services that could be “wire-tapped” due to the American Foreign Intelligence Surveillance Act Amendment Act (FISAAA).

FISAAA was written in 2008, and recently renewed until 2017. Cloud computing is one of the additions to the legislation when it was renewed, as it becomes more commonplace among Internet users today. Bowden’s report, called “Fighting Cyber Crime and Protecting Privacy in the Cloud,” was recently presented to the European parliament. He says that the FISAAA “expressly permits purely political surveillance.” This means that anyone that stores information on the cloud that relates to US foreign policy can potentially be targeted be US authorities. Bowden says that this includes anyone “who, for example, belongs to a campaign group which may oppose some aspect of US foreign policy, whether it be the Iraq war or climate change.”

On the other hand, Adam Mitton of law firm Harbotte &  Lewis acknowledges that FISAAA could be a potential threat to privacy, but questions how much it is and will be used. He argues that despite it being a clear threat to privacy of European users (and other users around the world), the fact that it is obscure suggests that the threat might not be as great as one might think. He also adds, “If it was being used by an authority and having an impact on individual citizens, I think that the source of the information would come to light. The legislation is now five years old and I’m not aware of any case that has relied on it.”

The BBC notes that, under the FISAAA, US cloud providers can be compelled by US authorities to release data of anyone living outside of the US. This is what Caspar Bowden is against. He mentions that because all the data is wired into the infrastructure of a data center, it allows Americans to perform surveillance on a mass scale.

The European Parliament’s findings on the report should be known next month, when a hearing is scheduled.

Do you think this sort of surveillance or “wire-tapping” of the cloud is justified? Sound off in the comments!

[via BBC News, image via Google]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

14 comments

  1. AFPhys

    @clockmendergb:

    I have a suspicion that you are not aware of the application of the US Constitution in this case.

    You are completely right about the 1st and 4th Amendment being critical, and in fact, if a US citizen has data on a US computer system, a court order should be required to access that information under those amendments. However, the Constitution does NOT apply to anyone who is NOT a citizen of the United States, and therefore the government does not need a court order to access any such non-citizen records. That is probably the basis of the warning that is the subject of the main article here: that the 4thA does not apply to non-citizens.

    In addition, I suspect that the US gov’t would argue successfully that records of a US citizen on non-US computer systems are not protected by the 4th Amendment, especially if there is any chance of criminal behavior. Since when I put information out “in the cloud” I have no idea where that data is redundantly stored and thus my data may wind up outside the US, I am very reluctant to use the cloud for data storage at all.

    When I DO store anything that might be personal, I will put it under SHA1 encryption before consigning it to the cloud.

    You are not accurate, by the way, in thinking we don’t go crazy about violations of the 1st and 4th… When Congress moves legislation that damage those, they find out quickly to take their fingers off that hot stove.

  2. clockmendergb

    Sorry to be so serious here.
    I do not want to get into the gun problem just you Americans will really go to bat for the 2nd amendment but you seem comatose over the 1st and 4th amendments.
    It would seem to me protection of the whole constitution would be a matter of great concern .
    I love your constitution .
    Its written plain and simple
    It covers all the main points of living in a free country.
    Yet this intrusion into ones privacy is seemingly not that important to warrant an outcry from you all.

    Its not that a responsible government will only use it for good ,its that an irresponsible party could,once in power use it against you..
    That is the main argument for the 2nd
    I must tell you .
    it seems pretty serious from where I sit.

    But of course I could be wrong and am open to being set straight on the matter.

  3. stilofilos

    @AFPhys:
    True… or rather : just don’t use them at all. That’s in fact why I deliberately never use any of these cloud services, even don’t use Google for searching. And actually never missed any of them in my whole life…

  4. AFPhys

    @stilofilos:

    Like it or not, every country is going to determine for itself the disposition of data and resources within its borders. The UN has no sensible role.

    Suppose there is such a “treaty” stating data stored is strictly private no matter where. Now, imagine that someone, say the US State Department, decides to take advantage of that and very inexpensive storage prices on a Chinese server since both of those countries are signatories of that “treaty”. Do you actually think it makes sense to expect that data would not be accessed by the Chinese? What is the penalty when they do? How would you know? Make the actors any entities, whether country, company or individual based, and the result is the same. Such a treaty/law is simply unenforceable.

    No … it makes much more sense to simply use “caveat emptor” yourself – Use care what you save, where you save it, and how you save it. Don’t simply rely on the encryption of the cloud service for sensitive material – encrypt it yourself separately before you send it out to the cloud. The more sensitive the material is, the more care you take.

  5. Ashraf
    Mr. Boss

    @stilofilos: Interesting proposal. The only problem is I live in the US; I feel more comfortable having my website on a server inside the USA as opposed to other places who’s laws I don’t know. Plus it would be harder to solve disputes.

  6. stilofilos

    Why would the virtual world not be subject to the same principles as the real world ? Such technics are established there as well, be it under very strict policing rules. As long as these rules are respected and the technics are only used in investigating real criminality, it should be possible indeed. But the risk of overacting is as real as what the whole real world has already witnessed at more than one occasion indeed…
    Freedom of thought and speech are essential human rights as confirmed by the UN declaration. For Europeans these are holy, and no other ‘authority’ has the right to attack or reduce them, no matter how convinced they are about their own opinion.
    Plus there are laws that prohibit websites from publishing data about their users without their consent.
    International matters should be ruled by the UN exclusively, and not by the US ar any other individual ‘authority’.
    @jack : what a world is this if we all would have to keep quiet and let others think we are stupid whereas we clearly are not that stupid at all…

  7. Seamus McSeamus

    Didn’t you know? The US government can do whatever it wants. If it can assassinate a US citizen via drone attack without a trial, then pilfering through your cloud storage is child’s play.

  8. jack

    If you don’t want someone to know something you think about them or anythingelse then don’t tell anyone and don’t share it in a diary, don’t record it on a tape or a CD, DVD or in any retrievable storage system other than in your own mind.

    I believe it’s often wiser for me to keep quiet and just let others think I am stupid rather than opening my mouth and removing all doubt

  9. thegreenwizard

    That means, don’t put any think which can come back and bite you. As it always was, as soon you put something in a digital form, it’s not any more yours, at least if you don’t use encryption.