Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Cloud EU Privacy United States Your Rights Online

EU Citizens Warned Not To Use US Cloud Services Over Spying Fears 138

Diamonddavej writes "Leading privacy expert Caspar Bowden warned European citizens not to use cloud services hosted in the U.S. over spying fears. Bowden, former privacy adviser to Microsoft Europe, explained at a panel discussion hosted at the recent Computers, Privacy and Data Protection conference in Brussels, that a section in the Foreign Intelligence Surveillance Act Amendments Act 2008 (FISAAA) permits U.S. intelligence agencies to access data owned by non-U.S. citizens on cloud storage hosed by U.S. companies, if their activity is deemed to affect U.S. foreign policy. Bowden claimed the Act allows for purely political spying of activists, protesters and political groups. Bowden also pointed out that amendments to the EU's data protection regulation proposal introduce specific loopholes that permit FISAAA surveillance. The president of Estonia, Toomas Hendrik Ilves (at a separate panel discussion) commented, 'If it is a U.S. company it's the FBI's jurisdiction and if you are not a U.S. citizen then they come and look at whatever you have if it is stored on a U.S. company server.' The European Data Protection Supervisor declined to comment but an insider indicated that the authority is looking into the matter."
This discussion has been archived. No new comments can be posted.

EU Citizens Warned Not To Use US Cloud Services Over Spying Fears

Comments Filter:
  • Really? (Score:5, Insightful)

    by Anonymous Coward on Thursday January 31, 2013 @05:54PM (#42756395)

    Got news for him, even if you ARE a US citizen they look at whatever you have stored.

    • Got news for him, even if you ARE a US citizen they look at whatever you have stored.

      Where is evidence?

      • That's what they are looking for.

        • Seriously, where is there any evidence that the US government routinely or even occasionally rummages through the files of Americans without probable cause and a warrant? I see a lot of people posting assertions that the government does this all the time to everybody but have yet to see any evidence of widespread prying into the files of Americans.

      • Re:Really? (Score:4, Informative)

        by gstoddart ( 321705 ) on Friday February 01, 2013 @10:46AM (#42761469) Homepage

        "Got news for him, even if you ARE a US citizen they look at whatever you have stored."

        Where is evidence?

        Under the PATRIOT act, they can't show that to you.

        The fact remains, they've been increasingly looking at people's things, bypassing judicial oversight, and generally running rough shod over parts of the Constitution with "Free Speech Zones", warrantless wiretaps and the ability to do "border stops" 100 miles from the border.

        Seriously, have you not even been paying attention? This shit's been all over the news.

  • Oh Noze! (Score:4, Funny)

    by flyneye ( 84093 ) on Thursday January 31, 2013 @05:55PM (#42756405) Homepage

    Run for your life, the Cloud is falling, the Cloud is falling!

  • Several EU member states have been cooperating with us to spy on their citizens since WWII. You're connected to a global network that provides instantanious monitoring of millions of communications in realtime; We peer our data with you. Our GPS satellites and cell phone technology can pinpoint where most of your citizens are at any given point in time and you thanked us for providing that technology under the guise of preventing terrorism, homeland security, tracking down neo nazis, or dozens of other grou

  • Wanna see some?

    -Hu Jintao

  • by Midnight_Falcon ( 2432802 ) on Thursday January 31, 2013 @06:06PM (#42756529)

    The Bill of Rights is peculiar in that it does not say "no citizen", but it says "no person."

    Can someone explain how nearly 250 years of common law has managed to change the definition of a "person" to include US companies, but not foreign citizens utilizing services within the US?

    • Hence the saying that the Constitution may not be perfect, but it's better than what we have now.

    • by s.petry ( 762400 ) on Thursday January 31, 2013 @06:32PM (#42756727)

      Do you want the real answer or some spiffy rhetorical bullshit? Save that, I'll give you the real answer. My apologies in advance too, since I'm guessing you already know what follows and are simply asking the rhetorical question. This is really for those that are still sleeping.

      The real answer is that the people currently sitting in offices don't give a rats ass about their own Constitution. Don't look at what they say, look at what they do! The Patriot act has not been diminished, it's been extended. Hidden clauses in executive orders remove things from view, and public support. Lets not kid each other, that is a symptom of a much larger problem and not the problem.

      Socrates warned that citizens must guard against people in political offices that demand increasing amounts of power. He was the first, but definitely not the last. That quest for power can quickly turn any form of Government into a tyranny.

      Now many will say "doom and gloom nonsense", and those people are simply ignorant. They have no idea how much snooping the NSA currently does on them, nor how much that will expand this summer when the new super computer complex opens (which has been designed for exactly the purpose of snooping and reporting on citizens). They have no idea how much of that data is requested and granted currently (in secrecy) to other government agencies, like the CIA, FBI, TSA, DHS, DOJ, ATF, etc.. Nobody in the public does, because our government refuses to provide any information at all. Even to the point where they refuse to admit it happens. We know it happens based on events and court cases, not because it's admitted.

      This is by the same people in office that will tell you to your face that they want to be open and honest. Does the term "pathological liar" not bother you?

      So if the Government ignores the Constitution and Bill of Rights when dealing with it's own citizens do you really expect them to honor the words with non-citizens? The constitution is the foundation for every other aspect of our Government.

      • It was a bit rhetorical, but thank you for your reply :) What you point out is very much the "Ideals versus Institutions" gap pointed out by Samuel Huntington.

        To add a little more rhetoric, let's italicize the oath of office in the US:

        I do solemnly swear that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same; that I take this obligation freely, without any mental reservation or purpose

        • by BeerCat ( 685972 )

          And therein lies the problem with the Oath of Office:

          John Q Public: Go after than person. Their actions clearly show that they are an enemy of the US constitution!
          US Politico: Um, no. They're your enemy, not mine. In fact, I rather like them (because they keep me in power) Have a nice day y'all

        • by Genda ( 560240 ) <mariet@@@got...net> on Thursday January 31, 2013 @09:00PM (#42757727) Journal

          The problem is the difference between the letter and the spirit of the law. A well educated third grader can interpret the spirit of the oath of office.

          But a President today can simply puts a Scalia onto the bench of the Supreme Court, who will gladly interpret the Constitution in a way that sounds more like Mein Kampf. We are drowning in lawyers, making noises like Bill Clinton's "...that depends what "IS" is..". Duplicitous self serving scumbags who will print the Bill of Rights on rolls that are squeezably soft, while kissing babies and glad handing corporate giants holding fat checks. We've been bought and sold by little men.

          Doom and Gloom would be letting this lie. Nonsense, would be ignoring the vital need to take back what is our God given liberty in the face of our culture being destroyed one word at a time. It is the government that must stand transparent, naked before the people, and not the other way.

          • by Anonymous Coward

            'God' given liberty? your imaginary friend in the sky didnt give me liberty, People who bleed for and died for it did. They might be able to make me a slave but in my mind I will alllways be free and waiting for my chance to be so again.

            • by Luckyo ( 1726890 )

              Notably, psychology of slaves, which is studied quite significantly, suggests that they are in fact slaves in their minds and most end up playing a very-slave like role in their lives even if freed. This was observed in US after they were freed in the states where there were many slaves.

            • by Genda ( 560240 )

              Forgive the phrase... would you be happier with "Inalienable Rights", the point is that you are born with them, and no government or corporation can take them away unless you have "WILLFULLY" entered into contract. Deceits and dishonest transactions inflicted on the population do not merit consent, and its time for all free minded people to throw off the shackles of oppression and demand that our governments comply with their legal obligations or get out of our way.

      • Now many will say "doom and gloom nonsense", and those people are simply ignorant. They have no idea how much snooping the NSA currently does on them, nor how much that will expand this summer when the new super computer complex opens (which has been designed for exactly the purpose of snooping and reporting on citizens). They have no idea how much of that data is requested and granted currently (in secrecy) to other government agencies, like the CIA, FBI, TSA, DHS, DOJ, ATF, etc.. Nobody in the public does, because our government refuses to provide any information at all.

        Therefore, by your own statements, you don't know either. But that doesn't stop you from presenting your opinion about it as if it were fact.

      • Comment removed based on user account deletion
        • by s.petry ( 762400 )

          This means that the public does not give a rats ass. If they would, they would change it.

          Partial truth. You seem to be ignoring the power of propaganda and the ability of the Government to control the reality people see and hear. Don't take my word for that statement, go read Plato's Republic. We have known the power and ability for at least 2,600 years. I say "at least" because I doubt Socrates was the first to say "Ah Ha!". He was however the first to be published showing its use against citizens.

          You also neglect the difficulty in changing society once people in power gain a foot hold.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      The Bill of Rights is peculiar in that it does not say "no citizen", but it says "no person."

      Ah, but are foreign nationals actually people?

      The answer isn't obvious when you consider that slaves weren't full people as per the original document.

      • I would like to attack this popular myth right here: the answer is obvious, for two reasons. One is based on the fact that this argument is fallacious and is brainwashing, side-stepping providing a relevant consideration that nullifies the assertion "slaves weren't full people as per the original document". The other is very simple, and would apply even if that assertion ("slaves weren't full people") were true.

        (1) The Constitution does neither say nor imply that slaves are not people, but that for the pu
        • Your analysis of the "Three-Fifths" compromise is lacking in historical context. At the Constitutional convention, counting slaves as 3/5ths of a person was the result of a debate between the north and the south. The South, wanting more representation in the house of representatives, wanted to count it slaves as people. However, since they had no other rights, the North suggested they also count their chickens, hens and pigs for representation, since those were chattel (property) as well.

          The only reaso

    • Lucky for me as a US citizen, whether at home or abroad, I just tag all my content and my emails with my US social security number and my date of birth.

      For phone calls, it does get a little bit trickier, I just say my social security number, my full name, and my date of birth out loud as clearly as I can to every person that I talk to on the telephone. This signals to the NSA that they should just hit the stop recording button, so that they don't accidentally record/transcribe/index my conversation with tha

      • by Genda ( 560240 )

        And when done traveling abroad you return home how? By ruby slipper?

        The NSA has a massive listening post in England. Guess what? They've been listening to U.S Domestic calls for most of 20 years. You can tag all your correspondences with "Don't shoot, I'm one of you!" too. Good luck with that.

    • Can someone explain how nearly 250 years of common law has managed to change the definition of a "person" to include US companies, but not foreign citizens utilizing services within the US?

      Terrorism, copyright, and child porn. Those are the magic 3 that will allow them to pretty much bypass everything.

      But don't worry, those 3 can circumvent the rights of citizens as well.

    • Your question is bad, but I can answer it.

      During the period in which the U.S. debated becoming a European style empire, the Supreme Court fabricated (I think in the insular cases) doctrines that said outside of U.S. States and certain other classes of territory, the Constitution does not apply, or at least that's the version taught to schoolchildren (and probably the one politicians promote).

      It would have been better logic to say "in times of war in places thereof the Constitution is suspended" or somethi
      • My question was rhetorical, but thanks for taking the time to answer rhetorical questions that you categorize as "bad."

        Your response is filled with "weasel words" --e.g. "libs" "the left ... ignorance as well as arrogance" and shows a clear right wing "tea party"-esque bias. I wish you could communicate in a more respectful way. Note that I am not a "lib" (which is a derogatory term), nor would I resort to name calling of any group.

        To respond to your points: While legal fiction has long existed i

        • The rhetorical question: in the current political environment it seemed like just another shot about the "corporations as people" thing, but re-reading it, I get that I could have misconstrued you point: I think it quite easy in this environment. I find it funnier that "three fifths of all other Persons" is so vague as to include clearly include the personhood of non-citizens, and the fourteenth amendment is even clearer that they are. When you say

          250 years of common law has changed our country's constituti

  • by AaronLS ( 1804210 ) on Thursday January 31, 2013 @06:07PM (#42756535)

    "hosed by U.S. companies"

  • by lkcl ( 517947 ) <lkcl@lkcl.net> on Thursday January 31, 2013 @06:10PM (#42756561) Homepage

    a friend of mine made a freedom of information request recently, and was surprised to find that his question was responded to using zendesk. so he looked up the IP address and, on discovering that the IP address was in the U.S., made some pointed enquiries as to why his confidential details, as well as UK Government matters, were being stored in a jurisdiction outside of the sovereignty of the UK.

    the best one though was learning that UK MPs have been issued with ippads. which is great. confidential UK business can be snooped on by not just the U.S. govt but by a U.S. Corporation, and UK MPs can be "advertised at", and sold commercial music and entertainment services that they have absolutely no business letting in to Parliament.

    all good fun, eh?

    • I wouldn't sweat it. Your government has a history of leaving laptops with millions of records of personal information sitting around. Basically, everyone who wants your information probably already has it.

  • Practical impact? (Score:2, Insightful)

    by trampel ( 464001 )

    Taking Google's service as an example, how is the FBI to know whether john.doe@gmail.com is a U.S. citizen or not? When signing up for service, all Google asks for is the location, not the country of citizenship.

    Even if John Doe accesses his email from a non-US ISP, he might well be a citizen traveling abroad.

    • Google has your name and many other personal information. It probably also has your country of citizenship somewhere.

    • For the most part, citizenship is not an issue. The FBI needs the same sorts of warrants to investigate a person in the USA whether or not that person is a citizen.

      Also, I find the notion that the FBI, NSA or CIA would take a deep and personal interest in the data of each and every person in the world wildly fanciful. As if they have millions analysts sifting through the mountains of data that the world produces every day...

      Of course they don't do that. They don't have the capacity to look at more than a

  • Poisoning the cloud (Score:4, Interesting)

    by Anonymous Coward on Thursday January 31, 2013 @06:14PM (#42756593)

    Microsoft has been harping on about this before [zdnet.com]. They previously said they themselves couldn't promise to keep their users' data private to the degree required by EU law.

    As I see it, what they're doing is trying to poison the whole idea of cloud services, because in poisoning their own market they also poison Google's. And while to Microsoft, 'cloud services' are an expensive and annoying distraction, to Google it's central to their entire business strategy.

  • by Anonymous Coward on Thursday January 31, 2013 @06:24PM (#42756667)

    I mean, everyone outside the US has known since the mid-2000's that the American Gov't has absolutely ZERO compunction about spying on ANYTHING within it's borders.

    Even "secretly" wire-tapping it's own citizens.

    In Canada we have distinct and fairly robust privacy legislation, and I'm constantly warning businesses to avoid storing anything in the cloud that could potentially contain affected info (customer data primarily, but also patient data in doctor's offices and other medical professionals). Simply uploading ANY of that data to the cloud COULD put you in violation of the law since you can no-longer provide ANY ASSURANCE WHATSOEVER that it hasn't been viewed or shared with unauthorized parties.

    Furthermore, I personally just assume, straight-up, that ANYTHING that Facebook, Google, Amazon or Microsoft host is de rigueur scanned, indexed and cataloged.

    This also applies to anything done in Chrome, or Android (vis a vis Google) or if you've installed any of Google's personal-search tools. It just doesn't make sense NOT to assume that the worst thing you can imagine happening in these cases either is-already, or will-eventually-be, happening.

    I single-out Google and it's many tools at the moment because hoarding information about you (and then selling it) IS the basis of their business model. The more information they can harvest about you personally, the more valuable their product is. Therefore, the greater their incentive is/will-be to accrue and store as much information as they possibly can about every single thing you do, place you go, thing you think... If they're not doing it already, the past history of American Corporocratic greed compels me to believe that they will eventually...

    Still, it's hard to believe that any of this would be considered "new" news in 2013.

    -AC

  • Internet tradition (Score:5, Insightful)

    by Okian Warrior ( 537106 ) on Thursday January 31, 2013 @06:26PM (#42756689) Homepage Journal

    The US is driving business away with a weighted stick.

    People hold beliefs about other countries and people for a very long time; in many cases, long after the belief has had any meaning. For example, "the French surrendered", "Germans are Nazis", "Chinese products are crappy", "Japanese cars are like finely-tuned watches", and so on. Think of any nation and it comes with a satchel of beliefs held about its people.

    The US is getting an odius reputation for business and tourism. The overall message we send is: "don't come to the US for anything". Businesses are leaving the US in droves, preferring to operate in more friendly areas.

    When the US is known worldwide as "business unfriendly", it'll be nigh impossible to turn that around even if the situation changes.

    This is what our government is doing for us. It's effect on productivity (and employment) is obvious.

    (As a personal anecdote, I recently registered a .net domain, and the registrar (in France) had me click through a strongly worded message stating that the US could demand all sorts of privileges from the domain. Essentially, they stated that they could not guarantee my privacy or the safety of my data when registering a .net domain.)

    • Government is a process therefore your quote, "This is what our government is doing," is meaningless. the question should be, who is in control of the process of government. The answer will be business, specifically large international corporations.
    • by Anonymous Coward

      Any business leaving the U.S. is doing so strictly for the minimization of costs associated with labor & taxes. You don't see them relocating to wealthy European countries. Ireland gave huge subsidies to attract telecom CS centers and Intel chip fabs, and the boom last not even 10 years.

      If you think they're moving operations to Phillipines, Malaysia, Mexico, China or India for friendship then you're smoking crack and mistaking the $'s for little green men.

    • LOL. If your thing is "you better shape up or you're going to get a reputation as a sort of global Bond villain", you're really going to need some fresher material. That is a dead horse trope. Europeans have been despising and looking down on Americans for centuries. Back in the 80s, which is as far as my memory goes, Europeans had continent-wide demonstrations against the American warmongers who insisted on keeping the Red Army out. Even then, this was nothing new. So, drop the false pretense that Am

  • by sehlat ( 180760 ) on Thursday January 31, 2013 @06:43PM (#42756821)

    Think about it a moment. The Hollywood ... er ... US Government seized all servers and data on a flimsy warrant and trumped-up charges, including the accusation that Megaupload had retained data on its servers even after takedown notice(s). It has since emerged that the government specifically requested that they leave those files up for "investigation." One guy trusted his business data and property to the service and he's *still* fighting to get it back, despite the fact that it was un-shared and 100% his own legal property.

    Cloud services effectively died that day. Why trust any service when a third party can cut you off at any time from your own property without let or recourse?

  • Count on Europe (Score:4, Insightful)

    by Kergan ( 780543 ) on Thursday January 31, 2013 @06:46PM (#42756847)

    Methinks you can count on Europe to eventually get this right.

    Twitter getting sued and losing to France's Jew student union over obnoxious hashtags is just the high profile round two of the same joust they had with Yahoo over nazi artifacts getting auctioned over a decade ago. They won last time; they'll win this time. And US companies will comply to French law on this matter just like last time. I suspect that the pitiful €1k/day fine is going to quickly balloon to obscene amounts of money until the courts get a reaction from Twitter.

    In Germany, users are suing Facebook over the right to get deleted, and while they were the first, in typical German grassroots achievements, they no longer are the only ones. This is simply going to win, and they're just getting started. Sure enough, the Irish subsidiary is dragging its feet to comply. Presumably to Zuck's despair -- here's a continent with over 600M people willing not only in fighting for the right to be deleted but also in actually enforcing it. In the end, sane views will prevail, and the US laws will get kicked back across the Atlantic where they belong -- for US citizens to debate further, hopefully with new, more enlightened insights.

    The same could arguably be told of countries like China, Egypt or Iran: ironically, US firms are made to comply with local law over there, plain and simple, much faster then they are to EU laws. But the EU is hopefully similar enough to the US that the latters' citizens will not shrug that the former are merely uneducated barbarians when their laws are sent back for review.

    • Methinks you can count on Europe to eventually get this right.

      I totally agree and am envious of the privacy policies Europe has enforced or called BS on.

  • If you've been reading Privacy Policies for awhile
    you've noticed them becoming more intrusive.

    To me posting to a cloud is the same as to a newsgroup,
    public domain, no matter what's said.

  • by Diamonddavej ( 851495 ) on Thursday January 31, 2013 @07:13PM (#42757041)

    Here is a report for the European Parliament (Pdf) about cyber crime and privacy of Cloud services, co-written by Caspar Bowden, it discusses the ramifications of FISAAA. The salient section is "3.4. The inter-state/states/companies relation" on page 34.

    http://www.europarl.europa.eu/committees/en/studiesdownload.html?languageDocument=EN&file=79050 [europa.eu]

    Furthermore, proposed changes to the EU's data protection regulations will facilitate FISAAA. Specifically, if a Security Companies' audit of a Cloud Service uncovers U.S. spying, they will be obligated not to inform an affected EU company. I wonder what pressure the U.S. is applying to get this passed...

    US lobbying waters down EU data protection reform [techweekeurope.co.uk]

    "For example, IMCO voted to allow easier profiling of users by companies, and lessen the importance of reporting personal data breaches as soon as they occur. At the same time, most proposals to strengthen regulation were rejected.

    • Facebook fees (Score:2, Insightful)

      by Anonymous Coward

      Remember Skype the other day? when was the last time you heard FBI complain it couldn't get Skype intercepts because of its P2P nature? Now they're *using* Skype intercepts in prosecutions! So our private calls are also intercepted now. I think the routing comes from an MS server and they simply route it through an intercept.

      In the latest financials, I see Facebook has substantial 'fees' income, separate from advertising. At first I thought it was for the charges they make for contacting your friends list,

  • Are there alternatives? Dropbox is US, Google Drive is US, I would assume Skydrive is US... What else will they use?
    • by GPierce ( 123599 )

      Until the drone blows hs server farm away, Kim Dotcom's Mega might actually be secure. At least that's the plan. And it will all be good until we find that Kim Dotcom is a CIA agent. (There is no such thing as being too paranoid.)

      • I actually wouldn't trust him farther than I can throw him.

        You might want to look up some sources on the connection between Schmitz and a lawyer (more like the copyright equivalent of an ambulance chaser) called Gravenreuth (most sources on the topic are only in German).
        Back in the BBS days Kim Schmitz more than happily weaseled his way into various groups and when he got bored he simply sold out the data and contacts to said lawyer (one whose "good" conduct over the years eventually led to him being convic

        • Also his convictions for embezzlement during the dot.com era.
          The man is a megalomaniac, snitch, pushover, fraudster and frankly bad news. At least he has been consistent over the last twenty years.

          There is a reason why he left Germany. He has built up so much bad reputation in tech and business circles he wouldn't even get a burger flipping job let alone run a business with him at the helm.
          That man is a toad.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      Jottacloud, qCloud, all the Scandinavian countries have super tight privacy laws, and except for sweden they don't really give into U.S. pressure..

    • by fincan ( 989293 )
      Wuala, www.wuala.com. And as a US company, Spideroak, www.spideroak.com
    • Just use client-side encryption and you're good to go. Probably shouldn't trust them with your unencrypted data even if you are a US citizen.
  • translation (Score:5, Interesting)

    by terec ( 2797475 ) on Thursday January 31, 2013 @08:42PM (#42757605)

    If you look at, for example, the data protection laws here in Germany, the German government can get at my data even more easily than the FBI can get at data in the US. What I'm asking myself is: assuming that any government can look at data within its borders anyway, what's the best place to store my data? Good attributes for such a place are: I'm not living there, I don't want to travel there, and they aren't really on good terms with my government.

    I think what the EU representatives are really saying in so many words is: "don't store your data in the US, where European governments have a harder time getting at it, store it in Europe where we can get at it easily (but you can trust us!)".

    • Might as well store your information in China. ;)

      • by terec ( 2797475 )

        You think that's a joke, but why not? What is the Chinese government going to do to you? Have you extradited for storing anti-Marxist propaganda? Fine you for copyright violations?

      • by cpghost ( 719344 )
        If you can tunnel your data through the Great Firewall, why not? What's wrong with a Chinese or Ukrainian cloud provider, compared with an US or EU cloud provider? They may even be less expensive and, if you're lucky, managed just as professionally.
  • by Dan667 ( 564390 ) on Thursday January 31, 2013 @10:24PM (#42758131)
    as a US Citizen I don't use them.
  • by Anonymous Coward

    How would the gov differentiate between US citizens' and non-US citizens' data? I'm a US citizen living in Germany. Am I and others like me safe? Why does the US gov have such contempt for the rights of non-US citizens anyway?

  • How is this news? (Score:2, Insightful)

    by Anonymous Coward

    How oh how is this in 2013, news? The Patriot Act (Enacted into US law just slightly post 9/11/2001), allows the US government to access any data from any source held by a US company, whether that companies operations are within the United States, or located in a foreign country (any other country). The act also requires the company to provide all information requested by the US government, and requires the company *NOT* to disclose to any party their actions on behalf of the US Government. So it's not j

By working faithfully eight hours a day, you may eventually get to be boss and work twelve. -- Robert Frost

Working...