Latest news
FISAA legalizes surveillance of EU citizens and their cloud data, claims study
Posted on 10 January 2013.
When the Foreign Intelligence Surveillance Amendments Act (FISAA) was extended for another 5 years thanks to a majority vote in the U.S. Senate late last year, there weren't many Europeans who took notice and were worried about the fact. But, as Slate's Ryan Gallagher recently noted - they should have.
Setting aside the also poorly-known fact that the U.S. Patriot Act effectively allows U.S. authorities to access cloud data belonging to Europeans and stored in European Union datacenters, it's bad news that the newly renewed FISAA can also be used in a similar way.
Under the Act in question, all the data stored in U.S. cloud services - including, of course, that of giants such as Google, Amazon and Microsoft - by non-American could be accessed by U.S. agencies if the companies in question have a presence in the EU - and most, if not all, do.
To do this, the U.S. authorities need only get a secret court to issue a secret surveillance order, and hand it over to the companies. Bound by U.S. law, the companies are and will be forced to comply.
The problem has been noted in a recently published study requested by the European Parliament's Committee on Civil Liberties, Justice and Home Affairs, titled "Fighting Cyber Crime and Protecting Privacy in the Cloud."
"Where cloud computing is possibly most disruptive is where it breaks away from the forty-year-old legal model for international data transfers, jeopardizing the rights of the EU citizens," pointed out the researchers.
The fact that consumers’ rights are bundled into a complex web of contracts among private entities, and the "lack of legal certainty surrounding the concept of cybercrime and legal frameworks of cloud-based investigations, as well as inadequate tools to safeguard privacy and data protection increase the potential for misuses and abuses by law enforcement actors and agencies," make European citizens’ data insufficiently protected.
"This aspect is enhanced by exceptional measures taken in the name of security and the fight against terrorism. The US context is here particularly illuminating, both in the case of the Patriot Act and in the case of the US Foreign Intelligence Surveillance Amendment Act (FISAA) of 2008. In this case, the question of the legal framework of data transfers/processing to third countries is critical," the researchers concluded, adding that these elements "have been neglected in EU policies and strategies, despite their very strong implications for EU data sovereignty and the protection of citizens’ rights."
One of the main problems with FISAA is that it allows surveillance of real-time communications and cloud data of individuals and organizations that are not suspected of any crime - just political activity. According to Caspar Bowden, one of the study's co-authors, that might result in the monitoring of European politicians, activists, and even journalist involved in political issues important to the U.S.
While the U.S. was quick to assure that such things will never be able to happen, many European politicians are still skeptical.
Setting aside the also poorly-known fact that the U.S. Patriot Act effectively allows U.S. authorities to access cloud data belonging to Europeans and stored in European Union datacenters, it's bad news that the newly renewed FISAA can also be used in a similar way.
Under the Act in question, all the data stored in U.S. cloud services - including, of course, that of giants such as Google, Amazon and Microsoft - by non-American could be accessed by U.S. agencies if the companies in question have a presence in the EU - and most, if not all, do.
To do this, the U.S. authorities need only get a secret court to issue a secret surveillance order, and hand it over to the companies. Bound by U.S. law, the companies are and will be forced to comply.
The problem has been noted in a recently published study requested by the European Parliament's Committee on Civil Liberties, Justice and Home Affairs, titled "Fighting Cyber Crime and Protecting Privacy in the Cloud."
"Where cloud computing is possibly most disruptive is where it breaks away from the forty-year-old legal model for international data transfers, jeopardizing the rights of the EU citizens," pointed out the researchers.
The fact that consumers’ rights are bundled into a complex web of contracts among private entities, and the "lack of legal certainty surrounding the concept of cybercrime and legal frameworks of cloud-based investigations, as well as inadequate tools to safeguard privacy and data protection increase the potential for misuses and abuses by law enforcement actors and agencies," make European citizens’ data insufficiently protected.
"This aspect is enhanced by exceptional measures taken in the name of security and the fight against terrorism. The US context is here particularly illuminating, both in the case of the Patriot Act and in the case of the US Foreign Intelligence Surveillance Amendment Act (FISAA) of 2008. In this case, the question of the legal framework of data transfers/processing to third countries is critical," the researchers concluded, adding that these elements "have been neglected in EU policies and strategies, despite their very strong implications for EU data sovereignty and the protection of citizens’ rights."
One of the main problems with FISAA is that it allows surveillance of real-time communications and cloud data of individuals and organizations that are not suspected of any crime - just political activity. According to Caspar Bowden, one of the study's co-authors, that might result in the monitoring of European politicians, activists, and even journalist involved in political issues important to the U.S.
While the U.S. was quick to assure that such things will never be able to happen, many European politicians are still skeptical.
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
