TOPs Site Index

Sunday, September 4, 2011

Summary: ZDNet's USA PATRIOT Act series

By Zack Whittaker -- Posting #166 -- A little dated, but, good info :)

A summary of four extensively detailed posts, of how the Act can access data held outside the United States.

This executive summary recaps a series of posts and a year’s worth of research on how the USA PATRIOT ACT impacts cross-border clouds, and considers whether data is safe from the risk of interception or unwarranted searches by U.S. authorities; even European protected data.

Although this is a U.S.-oriented site and I am a British citizen, the issues I surface here affect all readers, whether living and working inside or outside the United States.

In short:

U.S. law enforcement could use the USA PATRIOT Act on a U.S.-based organizations – like Microsoft, Google, Intel or Amazon, for example — to force its local subsidiary companies across the world into handing over user data to U.S. authorities.

EU data once may have ‘had to stay in Europe’, but this is on the most part untrue. The Safe Harbor framework, designed to protect EU data in the United States, protects merely the transfer of data from Europe to U.S. soil. But as soon as it arrived on U.S. soil, Safe Harbor can be superseded by America’s counter-terrorism law.

U.S. corporations survive by having subsidiary or smaller companies in foreign locations, to communicate and collaborate with their clients on the ground in their locale. These subsidiary companies are wholly owned and controlled by their U.S. parent. If a U.S. parent company receives a request from the U.S. government to inspect data held by a subsidiary company in a foreign location, the subsidiary would therefore have no choice but to hand over the data to their U.S.-based parent.

As a result, universities, businesses and organizations which hold vast quantities of student and citizen data in the European cloud, are not protected against the U.S. counter-terrorism laws, which arguably infringe the freedoms and liberties of non-U.S. citizens.

No company or organisation can wholly guarantee that data in European data-centers will under no circumstances leave European soil. Until a company comes forward and unequivocally states otherwise, then this series of posts stands true.

The ‘cloud’ is an abstract concept to newcomers: Access is granted from any device anywhere in the world. It stores files under your name, from photos to video and work documents. But in reality, these files are on a server in a data-center — on sovereign territory, somewhere, where a government’s law applies.

Though the notion of ‘privacy’ in itself has become diluted with social networking settings and the loss or theft of mobile devices, privacy in itself relates directly back to the individual. As previously discussed, there is no such thing as “I have nothing to hide”.

More often than not, this will be the United States; even if you live elsewhere in the world. The vast majority of ordinary citizens will think nothing of this conundrum. They should start paying attention along with the businesses that control vast quantities of citizen data.

"And Ye Shall Know The Truth And The Truth Shall Set You Free"

WAKE UP AMERICA....ITs OUR COUNTRY!!!

Love "Light" and Energy

_Don

References: Ten years later: IT and life lessons from the South Tower

Ten Years Later: Surveillance in the "Homeland"

Microsoft admits Patriot Act can access EU-based cloud data

Part 1: USA PATRIOT Act and the controversy of Canada
The controversy of Canada, cloud computing and an act of law which holds America’s closest neighbor to data protection ransom.

Part 2: Safe Harbor: Why EU data needs ‘protecting’ from US law
An overview of the Safe Harbour principles, which allow data to flow freely between Europe and the US; but not without caution.

Part 3: Case study: How the USA PATRIOT Act can be used to access EU data
A case study examining how European universities, and organizations even further afield, are risking their students’ and customers security by outsourcing to the cloud.

Part 4: USA PATRIOT Act: The myth of a secure European cloud
Concluding thoughts of the consequences of the USA PATRIOT Act on EU cloud data.

No comments:

Post a Comment

Your Feedback is welcomed :-)

Love "Light" and Energy

_Don

Note: Only a member of this blog may post a comment.