- Subscribe to PCF Networked Blog Daily Updates
- Subscribe to our Twitter / Google / Yahoo Daily Updates
Leading
privacy expert Caspar Bowden has warned Europeans using US cloud services that
their data could be snooped on.
In
a report, he highlights how the Foreign Intelligence Surveillance Act Amendment
Act (FISAAA) allows US authorities to spy on cloud data.
This
includes services such as Amazon Cloud Drive, Apple iCloud and Google Drive.
He
told the BBC this heralded a new era of "cloud surveillance".
Foreign
policy
Mr
Bowden, former chief privacy adviser to Microsoft Europe, made a name for
himself as a privacy advocate when the controversial Regulation of
Investigatory Powers Act (RIPA) came into force in the UK in 2000.
Parliament
accepted some of the amendments proposed by Mr Bowden as the then director of
the Foundation for Information Policy Research.
Now
he has turned his attention to US legislation and has co-authored the Fighting
Cyber Crime and Protecting Privacy in the Cloud report which was recently
presented to the European Parliament.
In
it he said that FISAAA "expressly permits purely political
surveillance", so that anyone with stored information relating to US
foreign policy could find themselves of interest to the US authorities.
"Anyone
who, for example, belongs to a campaign group which may oppose some aspect of
US foreign policy, whether it be the Iraq war or climate change," he said.
The
FISAAA was originally drafted in 2008, and was recently renewed until 2017. It
was added on to existing legislation to take account of cloud computing, which
was just emerging as a means of data storage.
"What's
amazing is that nobody really spotted it for four years," said Mr Bowden.
"When
FISAAA was extended to cover cloud computing, encrypting data to and from the
cloud becomes irrelevant so it is surprising that nobody noticed this," he
added.
Tiny
supercomputer
Adam
Mitton, a partner at law firm Harbottle & Lewis, agreed that the FISAAA
could be a threat to privacy but questioned how much it was used.
"In
theory there is a clear threat to the privacy of European citizens, but in
reality the fact that it is obscure suggests that the threat isn't as great as
it might be perceived," he said.
"If
it was being used by an authority and having an impact on individual citizens,
I think that the source of the information would come to light. The legislation
is now five years old and I'm not aware of any case that has relied on
it," he added.
Storing
data in the cloud is becoming hugely popular not just for consumers who use it
to keep photographs and other personal data safe but for businesses which are
increasingly using cloud services to offer back-end processing power.
Under
the FISAAA, US cloud providers can be compelled to release data from any
citizen living outside of the US.
"The
fibre-optic cable that carries the data is split and a miniature supercomputer
scans all the data in real-time with any material of possible interest being
instantly copied to the NSA [National Security Agency]," said Mr Bowden.
The
court order is made in secret and remains secret - meaning it would not show up
in things such as Google's transparency reports, which aim to document data
requests from governments around the world.
"We
have long known that the Americans can spy on foreign data but FISAAA extends
this to reach inside the data centre. It allows the authorities to enact
surveillance on a mass scale because it is wired into the infrastructure,"
Mr Bowden said.
A
hearing on the European Parliament's findings of the report is due next month.
No comments:
Post a Comment