The Americans have let parts of the Patriot Act expire and replaced that with something called the USA Freedom Act. By bringing increased civilian oversight over the FISA court (They issue secret wiretapping warrants.), this could reduce government spying on data centers and international fiber optic lines.
But largely overlooked by the international media, is that while the American Congress has moved to chasten the NSA, and the EU is passing privacy laws that will reign in some of the practices of global tech companies, the British signals intelligence service, the GCHQ, is growing even more invasive.
David Cameron has been steadfast in his support for increased surveillance powers granted to the government. Because Apple and Google put encryption into their new devices that not even those companies can unlock, the PM has called for Apple and Google to install backdoors. But in a setback to the PM, this month a legal opinion given to PMs saying that the overall actions of the GCHQ are illegal.
All of these news items suggest that one should shop around the globe for a cloud hosting provider if they want to keep their data out of the hands of the spies.
The Pulse of Surveillance in the USA
Dianne Feinstein was mayor of America’s most liberal city, San Francisco. But as head of the Senate Intelligence committee she turned completely around and become the Senate’s most vocal supporter of giving the NSA carte blanche in its domestic and foreign spying.
But neither she nor Senate Majority Leader Mitch McConnell could stop the ground swell of support for reigning in the NSA that changed the law this month. The House of Representatives lead the way in rolling back some of the Patriot Act this month. The Senate followed with libertarian presidential candidate Rand Paul forcing the showdown.
In the wake of this, Edward Snowden, called a hero to many and a criminal to some, took to the The NY Times to crow about this victory over the powers of the police state.
The Pulse of Surveillance in the UK
This month the Guardian reported, under the headline “Huge swath of GCHQ mass surveillance is illegal, says top lawyer,” that a legal team gave written opinions to PMs that said “GCHQ’s mass surveillance spying programmes are probably illegal and have been signed off by ministers in breach of human rights and surveillance laws…”
The legal brief also says that UK rules are “almost certainly being interpreted to allow the agency to conduct surveillance that flouts privacy safeguards set out in the European convention on human rights (ECHR).”
Shockingly, the document also says that those spies who have passed on information used to carry out drone strikes could be arrested for murder.
With the reelection of David Cameron as PM, and the strong showing of the Scottish Nationalist Party, there is some doubt about the UK’s desire to remain with the EU and Scotland’s desire to remain with the UK.
Given that PM’s strong support for increased surveillance powers, all of this suggests that the UK will continue on the path of increased powers for the police state and move away from EU sentiment. That implies that companies who wish to keep their data out of the hands of the British authorities should host their data with cloud providers out of the UK, for example in Amsterdam.
The European Data Directive requires European Union ISPs and telephone companies to keep up to 2 years of phone logs and internet data on hand so that it can be inspected by the police. But a lawsuit brought by Digital Rights Ireland in 2014 has destroyed the legal basis upon which such laws are based. This has left member nations to rewrite their domestic surveillance laws.
The Pulse of Surveillance in Western Europe
The Netherlands, for one, has done that, yet its new law has been ruled unconstitutional as well. That law required phone companies to store call information for a year and ISPs to store internet traffic for 6 months. Now the Dutch are trying to figure out how to restore legal authority to their surveillance apparatus.
The European Commission has already passed new privacy laws that would, among other things, allow teenagers to delete from social media items they posted in their reckless youth. The bill awaits passage by the European Parliament.
Last year the European Court of Justice, in a landmark decision, forced Google to remove from its search engine data about people that is determine to be stale.
This enshrines the centuries old French idea of “Right to Forget” that says a person who has paid their debt to society should be freed of that burden. Now a person who filed bankruptcy years ago can require that information to be deleted online.
But these efforts are aimed at personal privacy. What about business data?
Some countries, notably China, have been tapping into the databases of other countries to steal intellectual property.
For example, Airbus is now trying to find someone to sue after it was revealed that their intellectual property had been stolen and given to the NSA by German intelligence. In the past, the American have given Boeing information about Airbus to give the American aircraft manufacturer an advantage over Airbus in its bid to gain contracts.
Industrial espionage at the hand of the state is nothing new.
In 1987, former MI6 intelligence officer Peter Wright published “Spycatcher,” a book that was quickly banned by the Thatcher government.
Mr Wright explained that in the pre-internet days the British used a rather low-tech approach to spying. They cut the telephone lines to foreign embassies and then sent in MI6 telephone repairmen to plant bugs. In this way the British tapped commercial as well as political secrets.
Europe Moves toward Privacy while the USA Moves Away
You can say with conviction that the European Union is moving in the direction of privacy while the USA, changes in the Patriot Act notwithstanding, will not do anything that goes against the wishes of the tech giants Google and Facebook, who, as the world’s largest advertising companies, are vacuuming up far more private data than the NSA. Lots of businesses use Google too when they use Gmail and Google Apps.
Last year when German Chancellor Merkel and French President Hollande met, after the Snowden revelations, the Chancellor wondered aloud why internet data travelling between two European cities would have to travel through Virginia. That prompted Deutsche Telekom to say it would build a Europe-only internet routing system.
While there are new laws that require data on European citizens and European business to stay within the borders of Europe, that noble effort ignores the technical reality of how the internet’s BGP routing table works.
Internet traffic can taken any route and not necessary follow the shortest path. This, for example, let American military data to flow through China and YouTube to crash when worldwide traffic headed there was routed through a server in Pakistan.
Where to Store One’s Data
Taken together, all of this suggests that it is best to keep one’s cloud away from American and British soil. Of course, if the Americans and British tap undersea internet cables, as Edward Snowden revealed, then it does not matter where data is located as it can be tapped in transit.
But as Europe moves to strengthen the hand of the individual and business against the excesses of government and tech companies then the legal basis for such wiretapping is taken away. With the USA Freedom Act, American companies are no longer completely muzzled by gag orders issued by the FISA court. That should help make the public aware of what the Americans are doing and perhaps let those who want to avoid such spying move their data to safe harbours.