NSA? Illegal spying? EU top lawyer is talking out of his Bot – US gov The US government has responded to Europe's top lawyer, who last week said sending people's private data to the United States is illegal. Uncle Sam is not happy. At the heart of the matter is the so-called safe harbor agreement between the US and the EU. You cannot by law pipe people's private information out of Europe unless …
It is legal under USA law, no other law exists, you peasant, hey you, the one I am talking to, shut up.
That argument does not fly with the ECJ. In fact, if USA wanted to wind them up, that would have been the best way to do so. There is nothing that winds up a judge like telling him he that "other jurisdiction applies" to something that is clearly his turf.
Yes, the Americans are trying (as usual) to apply US law to other countries. But this seems to be deeper than even that.
Firstly, the very existence of PRISM, and the sheer volume of spying going on, was only made public by leaks. How can something be legal, and how can laws be considered valid, if the are secret? This is fundamentally undemocratic and authoritarian, and not the sort of thing any "free" democracy should want to be within a barge-pole of.
Secondly, the entire defence handed to the US public was "It's ok, we're not spying indiscriminately on you, only on foreigners." Well, guess what? The EU is full of people the US consider "foreigners", and we don't like be spied on any more than US citizens. I guess that defence is now back-firing.
Sorry, America, your proclamations now carry about as much weight as Israel or Syria's. Except they have the benefit at least of talking a different language when they put out internal and external propaganda.
"Secondly, the entire defence handed to the US public was "It's ok, we're not spying indiscriminately on you, only on foreigners." Well, guess what? The EU is full of people the US consider "foreigners", and we don't like be spied on any more than US citizens. I guess that defence is now back-firing."
Well put AndyS, have an upvote.
I have worked with US legal types in an EU / UK context. They are mostly dumbfounded to discover that US law does not apply outside of the US, having been brought up to think that their writ runs world wide. Some of them persist in believing this, even in the face of clear evidence to the contrary ... which, sadly, might well serve as a definition of a lawyer.
I'll come quietly.....
The US is being deliberately disingenuous here, since Safe Harbour is about more than just safeguarding Joe Blogg's emails, it's also about commercially sensitive information.
Now, if the NSA came out with a statement to the effect that they never have , and never will, pass on any slurped data from European companies to their US competitors then that would be different.
Even if they did you'd have to run away fast - the speed of their nose stretching out to the horizon would probably break the light barrier, let alone the sound barrier.
Trust is like virginity - once it's gone - it's gone. Perhaps they should have listened to the security experts who have been warning them of this very consequence for the last 10-20 years. They thought they were 'all that', and it turns out they aren't. A harsh lesson in reality cometh their way methinks.
Now, if the NSA came out with a statement to the effect that they never have, and never will, pass on any slurped data from European companies to their US competitors then that would be different.
Has it really been 15 years since the Echelon disclosures? Plus ca change...
One of the people on the distribution list for NSA "discriminant" collected data is the US Trade Representative. The same USTR that shares secret negotiations with industry on the various trade treaties (NAFTA, TTIP, and others). If one body of secrets are shated, the other is not? Uh huh, right. [This my serious problem with use of contractors past unconstitutionality.]
It looks to me like the whole US legal and political system is on the verge of imploding due to the mishandling by corporate funded corruption, religious based bigotry and rampant paranoia. OK, it's not quite McCarthy era levels yet, but it's getting there. All the values that they espouse such as democracy, political separation of church and state, free speech and so forth are all undermined, yet they still insist that they lead the world.
Then they have the audacity to criticise the EU's take on the legal situation with regard to data security, and insist that they can be trusted with any data that is held by them on our behalf. OK, there have been some cases where a few American companies have held out against pressure from the USGov when it comes to data security, but look at how many had their fingers in the pie over the NSA scandal. Until the US cleans up its own act, they have little room to criticise when another country, group of countries or whatever calls them out.
OK, that might sound a little extreme, but I call them as I see them.
"It looks to me like the whole US legal and political system is on the verge of imploding due to the mishandling by corporate funded corruption, religious based bigotry and rampant paranoia"
It is not imploding; far from it, it is trying to expand its remit. If it is imploding, it is like a plutonium bomb just before it goes blooie and pours radioactive shit over a lot of foreigners.
It is not imploding; far from it, it is trying to expand its remit. If it is imploding, it is like a plutonium bomb just before it goes blooie and pours radioactive shit over a lot of foreigners.
Exactly. And I can see it doing exactly that though the term "foreigners" would be a bit vague here depending on whether you are a Merkan or not. Since I'm not, I'm probably going to be one of those that gets gooped and I'm hardly going to be the only one.
Not that the US is safe either. When plutonium bombs go off, they tend to do quite a bit of damage at ground zero.
Have fun, y'all!
Since the demise or Britain and Russia the last claims to the legs of that statue in Nebuchadnezzar's dream becomes the feet of iron mixed with calcined clay (If I am reading the runes correctly.)
If so, can anyone shed light on what might be the impetus of a return to the stone age when the bloody plonker get hit in the feet?
Please send all replies inside the back of a closed envelope, sealed with tamper proof glue.
They are mostly dumbfounded to discover that US law does not apply outside of the US, having been brought up to think that their writ runs world wide
These are the same people that try to spend dollars in Europe and are astonished that the locals prefer their own money, then outraged when they finally do get dollars accepted, but at half the official exchange rate,
Nothing a few million/billion dollars cannot solve..... "here, Mr EU-Politician, have a free bung"
Or even better "here Mr EU-Commissioner, once employed (sic) by Goldman-Sachs, have a few million dollars"
Face it, money buys anyone. And our "rulers" are definitely anyones..
"Sorry, America, your proclamations now carry about as much weight as Israel or Syria's. Except they have the benefit at least of talking a different language when they put out internal and external propaganda."
Now there's a common misconception for you - that American and English are the same language. They're even less alike once you get propagandists deciding that words mean exactly what they want them to mean.
This is fundamentally undemocratic and authoritarian, ...
Being best friends with KSA and supporting pretty much every tin-pot dictator friendly to US corporations, well, that *does* leave a stain on the soul. Now, if only we could persuade our politicians not to circle the same drain as the Americans, then things might work out eventually.
It's one of those things where I class it as "if it isn't illegal it should be".
Also until the US starts covering non-US citizens outside the US under their constitution they can swivel frankly. Also Germany needs a good cattle prodding in the backside on the same note. Oh and the laws covering GCHQ with immunity over damage the might cause - if they're so freaking awesome they shouldn't need immunity.
It is irrelevant whether PRISM is legal in the USA or not, the cloud providers cannot legally hand over (or let PRISM scoop up the data wholesale) without the identified persons' written permission. End of story.
If US Gov. is bypassing that part of Safe Harbor, whether they claim that what they are doing is legal or not, it is illegal under EU law and therefore the data cannot be transferred under Safe Harbor
It is irrelevant whether PRISM is legal in the USA or not, the cloud providers cannot legally hand over (or let PRISM scoop up the data wholesale) without the identified persons' written permission. End of story.
If the cloud providers reside in the US or have US HQs, they must. There is a whole cluster of federal laws that together hold open the door to your data to anyone that is even *near* law enforcement, and even without the need for a warrant. This is the reason that Silicon Valley CEOs urgently develop a desire to be elsewhere or want to change the topic when you ask questions about privacy - they have known this for years.
Safe Harbor, by the way, wasn't a solution for you as end user, it was a solutions for politicians to claim they had solved the problem whereas in reality they had not (unless you really believe that any system where self certification has to compete with earning revenue has a chance in hell of being treated with any respect), so I'm personally very happy they ditch this.
If the cloud providers reside in the US or have US HQs, they must. There is a whole cluster of federal laws that together hold open the door to your data to anyone that is even *near* law enforcement, and even without the need for a warrant
And that's the thrust of the case Microsoft is currently fighting.
If it turns out to be as you've said above, that will be the end of US-owned data services in Europe - even if they can find customers, they will be breaking local law, and will be in a fair bit of hot water for it. And if they bring all their services back to the US, European customers will likely be breaking the law in contracting those services.
Given the ease with which the US *could* get access to the data it requires by legitimate means (e.g. MLAT), I cannot understand why they are fighting this battle. Any victory will necessarily be pyrrhic...
Vic.
And that's the thrust of the case Microsoft is currently fighting.
Correct, Vic, and it's the reason I predict this not coming to a definite conclusion at all. Either way lies considerable damage.
From a legal perspective, the DoJ has the law and leverage at its side, sane or not, so losing this would create a loss of control as any organisation would be able to splice off the data it doesn't want to be scrutinised and hide it abroad, forcing the DoJ to go through international support processes which would make it subject to the vagaries of extrajudicial requests. Ain't gonna happen IMHO.
From a vendor's perspective, getting their exposure visibly proven with a precedent is equivalent to driving a wooden stake through the heart of Silicon Valley (actually, make that a silver bullet, fits better with the gun laws over there). What we thus have here is a legal game of chicken with guaranteed damage on either side. Neither can back down, so it needs a Schrödinger's cat kind of solution so that both cab claim victory - this will go political, if for no other reason than that many campaign contributions will be at risk if Silicon Valley gets hurt.
(scary coincidence: my computer is just playing "Suicide is painless" (the M.A.S.H. theme :) ).
From a legal perspective, the DoJ has the law and leverage at its side
Not in Europe, it doesn't. Quite the reverse; the EU is legally required to refuse its demands. Thus there are really only three ways out of this :-
The first of these is clearly what needs to happen - there is a simple, legal manner for the US to get what it says it wants with no changes to legislation anywhere. But, given what we've seen in recent years, I wouldn't rule out the third option.
Vic.
From a legal perspective, the DoJ has the law and leverage at its side
Not in Europe, it doesn't. Quite the reverse; the EU is legally required to refuse its demands.
As far as I can see, the whole problem is that from the DoJ's perspective, EU law is simply not in play. The US DoJ has asked a US company to provide data held by one of its subsidiaries. As Microsoft HQ as owner has the means to acquire such data, the DoJ considers this a viable request that Microsoft has to fulfil or face fines.
I agree with you that if this request in an EU legal context would be need a lot of extra motivation before it would yield an appropriate warrant (it's not impossible, but EU barriers are *much* higher), but the whole point of this conflict is the inside track approach that the DoJ relies on to avoid all these pesky EU privacy laws.
That's why it's so dangerous to have your HQ in the US - as owner you're deemed to have this access and it's not the DoJ's problem if that causes you to breach the law in the place where you hold that data. You're the company owner, you have to comply. End of story. Life must be grand if you can just ignore the existence of anyone else on this planet.
The legal representatives of a *very* large US company I met in Brussels told me that they found that even having just a man and a dog in a shed in the US can still create problems, but if your HQ is in the US you're apparently simply not in a position to fight this off.
That's why this is a game of very high stakes poker, and why the EU corridors and surrounding bars in Brussels are thick with lobbyists seeking to weaken EU privacy laws: they can't fix it at home, so they're trying to tone down the EU end instead.
That would have worked if it wasn't for Edward Snowden...
If the cloud providers reside in the US or have US HQs, they must.
And if their customers are in the EU they legally cannot.
That is the conundrum at the moment. If they hand over the data, they face prosecution (along with their customers) in the EU and if they don't hand over the data, they face prosecution in the USA...
And that is what Safe Harbor was supposed to guarantee, that the European data being held in the USA would be held to European standards of data protection and couldn't be handed over - this is what the whole argument is about. With the US Government claiming PRISM is legal and that the IT companies have to hand over the EU sourced data they are forcing them to break Safe Harbor and thus break the law.
Promises, promises turn to dust... and tears.
I read a lot of BS from all sides but mostly the US side and this is one of those things that make me ashamed of my country. Too much blustering, too much cockiness and not enough listening to others (and not in the data slurping context). Some how the ideology the founders has been twisted, ripped and turned into something else by egos, corporate greed, and sheer stupidity. The stupidity part can be chalked up to religion, self-centeredness, and regionalism amongst other things.
The sadder part, is that it's spreading and not just limited to the US anymore.
What a country and world... can we get that asteroid strike now?
Sure, Americans are people, and as with any large number of people there are both the worst scum and angels in the list.
Problem is, that https://en.wikipedia.org/wiki/American_exceptionalism is a thing. And it results in exactly the stuff we see: citizens of other developed, western democracies (Italy) getting kidnapped, ah, sorry "extraordinarily renditioned"; US drones killing innocents just by association in half of middle-east; and US as a country simply being a dick to everybody else (see the article in question, Ireland/Microsoft data request and the Kim Dotcom saga for fresh examples).
I'm not happy with what US does, and I don't even live in a country with US drones flying over my head. Guess what people that live there feel about it. But of course people hate America "For our freedoms!"...
Why would the US have to worry? They have their trojan into the EU, spying for them and passing them all the information they need on european citizens, companies and governments.
Every dictatorship since forever always employs at the very minimum two competing sets of security organisations with overlapping mandates. The watchers need watching and unfriendly competition ensures that they are effective in "neutralising threats" == "spreading fear" and ratting the others out - should they get ideas and perhaps try something.
The US doesn't need any help with their spying - they've ensured that a significant proportion of the world's computers are infested with "Operating Systems" that routinely send data to the USA and are completely open to malicious access whenever they're connected to any network.
If Europeans (and other non-US people) want any data security, they need to abandon the use of MS and Apple products immediately. There are perfectly viable Open Source replacements - they should be pressed into use ASAP.
The Commision should put a short and simple statement to the USA saying that EU citizens data is off limits to the USA without a valid court decision on individual basis unless it can be prooved they are a security risk when a short term licence to spy can be granted and the data checked to ensure its right.
Any data that goes to the USA must be off limits to anyone other than the company and for specific purpose, ie certain data kept for account charges.
If they refuse to follow the EU line then they should be forced to do the same as every other countries companies and negociate an agreement on a company by company basis. After all why should we give special treatment to a country that ignores our laws just because they want to.
This post has been deleted by its author
@Big_Ted - In principle that is what is needed, however the US situation is that under current US law, their spy agencies can ask for and obtain (with a special warrant) whatever data they want AND whoever they're getting the data from cannot say anything about it. At the same time, the special warrant is granted by a secret court and no-one besides the spooks knows what's going on behind those closed doors.
In other words, even if the US spies are completely complying with their own internal laws*, they can still grab any data they want on EU citizens without any oversight from the EU. AKA "You can trust us, but we're not allowing you to verify"
*which we already have enough reason do doubt, but lets be hypothetically naive about it for an instant just for this example
"The underlying issue here also goes far beyond the Safe Harbor[sic] Framework. The Advocate General's reasoning would undercut the ability of other countries, businesses, and citizens to rely upon negotiated arrangements with the European Commission"
Indeed. If something is negotiated which is illegal, it is the Advocate General's job to say this and announce it is not permitted. Just because you've bribed persuaded someone to sign your agreement doesn't mean you can rely on it if it shouldn't ever have been signed.
And I concur with those above, too.
"The Advocate General's reasoning would undercut the ability of other countries, businesses, and citizens to rely upon negotiated arrangements with the European Commission"
Well actually its the NSA's indiscriminate snooping that has undercut the ability of other countries, businesses, and citizens to rely upon negotiated arrangements with the United States.
"Under the safe harbor framework, America promises to do exactly that, and respect Europeans' privacy. That agreement is being renegotiated as you read this."
Yeah, and I wish I believed that would change anything.
You remember the other week there was a most amusing story about a pig's head? Boy, didn't that go away fast! No one wanted anyone printing anything about that, no sir, because no one wanted anyone asking awkward questions about what they might have been getting up to during their misspent youth. So it went away.
Good riddance, I suppose. It didn't matter.
This does matter.
But it'll still go away because "renegotiation" has a nasty tendency to mean "necessary theatre to maintain the status quo whilst placating the proles" when everyone at the table has their own pig... sorry, I mean "spying" story to keep quiet. None of the big EU powers are going to put a stop to this, because they're all in the same boat. We know damn well that everyone's spying on everyone else and everything is "legal" just so long as no one asks any questions.
You remember the other week there was a most amusing story about a pig's head? Boy, didn't that go away fast!
Yes, because telling stories and then failing to support them with hard evidence tend to lead to silly stuff like libel charges. Does than mean it's UNtrue? Nobody knows, but without evidence it became evident that those publishing were just assisting Ashcroft's revenge, and that's a tad risky when the person you're playing with is the PM. The result of this was that Ashcroft now finds it much harder to get any other extract published.
Always be careful with information from someone with an agenda. And that includes any US mission to the European Union, because whatever their Mission is, it isn't for *our* benefit.
Whenever an HSBC ATM is used, including from the Far East and Australia, all those bits and bytes find their home in New Jersey where the allegedly British bank keeps it's computers.
And, if you talk (voice) the data is recorded AND subject to real time analysis.
Having spoken to HCBC in Canada only this morning I learned that the audio analysis software gets confused (as in doesn't work) if you play Canadian throat singing in the background or news closer to the mic.
So much for Euro data protection.
"The United States does not and has not engaged in indiscriminate surveillance of anyone, including ordinary European citizens," the mission insists. Instead, "the PRISM [mass internet surveillance] program ... targeted against particular valid foreign intelligence targets, is duly authorized by law, and strictly complies with a number of publicly disclosed controls and limitations."
Which appears to argue that because the program is legal under US law, it can't be "indiscriminate."
Authorised by law in your country means nothing over here.
"Given the important privacy and trade benefits that Safe Harbor provides to EU and US citizens and businesses, we will continue to work closely with the European Commission to improve the Safe Harbor Framework"
In other words, trying to kill Safe Harbor will be treated as protectionism, and we will respond in kind.
"Yves Bot is probably not overly concerned about Facebook's share price"
I agree. However, he may be worried about leaks containing every email, text and information about this financial transactions over the last decade or so.
No one takes on the NSA because everyone has something, even if relatively small, that they don't want leaked to the press. Unless you're happy to live a hermit life in Russia or a foreign embassy in the UK.
"Yes, the Americans are trying (as usual) to apply US law to other countries. But this seems to be deeper than even that."
Not even that, the NSA's argument in insisting it's actions are legal under US law (despite being explicitly illegal under the law), is to say the NSA's head lawyer determined it was legal, therefore it's legal. So really they're not even trying to apply US law overseas, just trying to get what they want.
Americans like to declare our own actions legal and appropriate. We do know however that the NSA and its leadership lie to us and Congress with impunity. Nothing the NSA says can be trusted or believed. They consider oversight a nuisance and our CIA friends have directly lied to Congress. Lying is core to the job description.
We like to believe in American exceptionalism, but what we are really exceptionally good at is spying on others and justifying anything we choose to do. For Americans, the end usually justifies the means and we confidently will declare ourselves the moral arbiters of right and wrong.
And regardless of whether that was meant as humour or not.... You and every other Merikant and the horses you rode in on can go fuck yourselves yankee.
Rather than being a smart-arse, why not do something about the joke that is your broken, corrupt government and hence your broken "legal" system.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
