European privacy expert Caspar Bowden is warning that the data of people who use US-based cloud services might be monitored by the American authorities. In other words, Dropbox, Apple’s iCloud, Google Drive, and Amazon’s Cloud Drive are all services that could be “wire-tapped” due to the American Foreign Intelligence Surveillance Act Amendment Act (FISAAA).
FISAAA was written in 2008, and recently renewed until 2017. Cloud computing is one of the additions to the legislation when it was renewed, as it becomes more commonplace among Internet users today. Bowden’s report, called “Fighting Cyber Crime and Protecting Privacy in the Cloud,” was recently presented to the European parliament. He says that the FISAAA “expressly permits purely political surveillance.” This means that anyone that stores information on the cloud that relates to US foreign policy can potentially be targeted be US authorities. Bowden says that this includes anyone “who, for example, belongs to a campaign group which may oppose some aspect of US foreign policy, whether it be the Iraq war or climate change.”
On the other hand, Adam Mitton of law firm Harbotte & Lewis acknowledges that FISAAA could be a potential threat to privacy, but questions how much it is and will be used. He argues that despite it being a clear threat to privacy of European users (and other users around the world), the fact that it is obscure suggests that the threat might not be as great as one might think. He also adds, “If it was being used by an authority and having an impact on individual citizens, I think that the source of the information would come to light. The legislation is now five years old and I’m not aware of any case that has relied on it.”
The BBC notes that, under the FISAAA, US cloud providers can be compelled by US authorities to release data of anyone living outside of the US. This is what Caspar Bowden is against. He mentions that because all the data is wired into the infrastructure of a data center, it allows Americans to perform surveillance on a mass scale.
The European Parliament’s findings on the report should be known next month, when a hearing is scheduled.
Do you think this sort of surveillance or “wire-tapping” of the cloud is justified? Sound off in the comments!