And they managed
to sign this while giggling ?
European and US legislators have hammered out a last-minute deal to allow data flows across the Atlantic to continue without breaking the law. "For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations …
Probably because they could still snoop on people all they like since they'd be requesting data about a specific -account- not a specific -person-. They could reason that they weren't aware that the subject of the search was a European, as they were just investigating accounts that were tied to their investigation, the fact that an EU citizen happens to own that account is irrelevant.
At least it's something. The first small admission that European citizens might have rights. Canada hasn't even managed to negotiate that much for its citizens! Not that I expect a civil-liberties hating douchecanoe like Trudeau to ever even try. He's too busy signing away Canada's future with the TPP and cracking down on its citizens with Bill C-51.
Whomever wins, we lose.
and then there are things like the FISA (foreign intelligence security act) etc.
The other term in this article which is worrying me is "adequacy" which if the US would obtain that status their privacy protection would be ranking similar to countries like Switzerland which obviously can't be correct.
"This will be going to the ECJ sooner rather than later and will be struck down again."
That's just it though. The "fix" is in. This will now be going on until such time as an Edward Snowden II is willing and able to prove that
"Safe" [sic] Harbor [sic] II "Safe" [sic] "Shield" is a sham. How long do you suppose that'll take? Ten years? Twenty? Ever?
Until such re-revelations: "Safe" [sic] "Shield" is the most robust protection in the world. What proof do you have that it's not working in spite of out heroic and stringent "monitoring"? Thought not. Please check your tinfoil Sir, your paranoia is showing.
Move along now. Nothing to see here.
So has the US publicly dropped the secret court orders for its non-existent illegal mass surveillance and the secret orders that companies secretly comply and do not reveal that data was demanded?
Yep. Course. Didn't you get the memo? It strongishly implied exactly that.
Normal service resumed --->
How the feck are they going to know who has looked at what? And besides that, they get what they want to look at either in transit or slurp it straight from the data centre. When they do the audit is some EU bod going to walk into the NSA and announce they're here for the audit? Let's face it EU, you lost this before it started, they had you bent over and all you could have asked for is to be spanked a little less hard.
**Europe** Are you spying on us?
**USA** No way.
**Europe** Oh goody. No problem then
**Snowden** They have been spying on you. Here's the proof
**Europe** Naughty USA. You said you weren't spying on us and you were!
**USA** Yes. Sorry. We lied. But we won't do it again
**Europe** That's all right then.
"**USA** Yes. Sorry. We lied. But we won't do it again
**Europe** That's all right then."
You've forgotten to take into account the 'annual joint review' - a written commitment by the US, and an audit by both sides:
[Once per year]
** US ** Dear Europe, we can confirm that we will not snoop on your citizens' data. Yours, The US.
** US Sock Puppet** Yup, Europe, I've checked, my country is definitely sticking to its promise, you can take my word on that.
** Europe ** Is your Sock Puppet correct? Are you definitely sticking to your promise not to snoop on us?
** US ** Oh, definitely, definitely. There's no way we'd do that again. No way.
** Europe ** Promise?
** US ** We swear!
** Europe ** Okay, then! We'll be back to check again next year!
What appears to be missing here is the adaptation since the guardian showed that countries were circumventing their own citizens' rights sinze spying through other countres was easier.
** US ** We swear!
** Europe ** Okay, then! We'll be back to check again next year!
** Europe ** btw. we have a couple of queries regarding some of our citizens. Can you provide some more detail on them?
** *US * Well, we'll see what we can do. But wouldn't your laws be broken if we checked on them..
** Europe ** That would be illegal if we did it because we do not have enough grounds to gather serious intelligence on them. But since we suspect them of terrorism you can do almost anything now can you?
** US ** We had a look at your list, but we already supplied 3 other of the 9 Eye countries with information on those. In fact, we did not gather that ourselves. Are you guys sure you need it?
** Europe ** Well, sure enough to ask you but not sure enough to ask any of our European partners that would require stringent checks on whether we actually needed it.
"the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms"
"the US has assured that it does not conduct mass or indiscriminate surveillance of Europeans"
And then they all lived happily ever after in their lovely little cottage in the woods.
the US has assured that it does not conduct mass or indiscriminate surveillance of Europeans.
Probably true, but only because they define what they do as something else. Mass and indiscriminate collection of data isn't surveillance in their book.
It's all sophistry. And it's quite depressing that the EU seems to be quite happy with that.
* * * The US is that serial dating monster who rips girls hearts out in a Superman suit. Isn't it about time you shared your bed with someone new Miss EU? Or will you always be the US' bitch * * *
Liar (Rollins Band) - - - https://www.youtube.com/watch?v=jCLizTg9nWo
But if you'll give just one more chance
I swear I'll never lie to you again
Cause now I see the destructive power of a lie,
I can't believe I ever hurt you...
I swear I will never lie to you again
Please just give me more chance,
I'll never lie to you again, no,
I swear, I will never tell a lie,
I will never tell a lie
I will never tell a lie
HA HA HA HA HA HA HA HA HA!
The best math & engineering minds in the EU build their own crypto-tech not shared with the US. Then they button down the hatches. When the US needs info, they come begging. If its deemed absolutely necessary, then info is exchanged. Otherwise, its just not workable....
No more echelon listening posts / NSA Utah server farm crap... Where was all this glorious tech when Paris, London, NY. burned??? It doesn't work except as a net to catch protestors, whistleblowers, investigative journalists etc, or listen in on lucrative 200m deals for US corporations....
...button down the hatches...
The usual phrase is "batten down the hatches" ... meaning that the entrances to the hold of a wooden sailing ship would be fastened and secured by placing wooden battens over the hatches and tying them down with rope to keep water out in rough seas.
... but "button down" seems strangely apposite, here.
Here we go again, believing that regulators and horse-trading politicians will ever protect our privacy.
The only reason any agreement was hatched yesterday is because industry is screaming blue bloody murder. If it had been left to the pols, they would all be packing up and going home.
This is now a technology and business issue, that has turned into a political issue. The politicians are woefully ill-equipped to deal with it.
1) Scrap safe harbor. Don't try to replace it with anything. Horse has bolted, barn is in cinders. Sweep up ashes and put them in bin.
2) Allow a one year consultation period for industry leaders, security bods, privacy wonks and others to propose sensible guidelines (not laws, we have enough laws and most are failing to deliver any results). Propose them as good practices which all data stores should/will apply, Stigmatize those that don't.
3) In a sensible forum. we might see outcomes like the following
a) Products and services that enshrine good privacy principles, strong end-to-end encryption, anonymous, least privilege data storage practices, right to be forgotten, right to opt out of intrusive data gathering, etc.
b) In the second stage, and once these principles are fully understood and accepted, insist that court orders and warrants always be necessary (based on the countries current legal systems and practices) to lift people's private. personal, identifiable information into the hands of governments or other prying third parties. In other words, quit pretending that everything has changed because everything is online so anything goes. The context has certainly changed, yes, But people didn't have to read their mail and libraries over an open phone line before and they shouldn't have to now.
What we are also failing to see here, is that bigbrother.gov is only part of the problem. I am also worried about big brother insurance companies, retailers, cyber crooks, banks, employers and others profiling my life. I want to make sure they can't look at pictures of my kids' birthday party unless I say it is OK. We need to work on that too, OK?
We need sound practices that protect us from all data hoover salesman. Right now such practices and concepts exist but they are sparsely and poorly applied. Legislation is too crude a tool for something that moves this quickly. Let industry and the public decide what they want (privacy and anonymity options) and then leave people alone unless they are guilty of something or being investigated via due process. That means profiling, mass surveillance and wholesale gathering of PII must be stopped, period. Breaching those rules could be severely dealt with via fines, and preferably commercial and reputational pain.
"What we are also failing to see here, is that bigbrother.gov is only part of the problem. I am also worried about big brother insurance companies, retailers, cyber crooks, banks, employers and others profiling my life. I want to make sure they can't look at pictures of my kids' birthday party unless I say it is OK. We need to work on that too, OK?"
Agree. Your post is laudable but its also very vague!
Where are the specific solutions to any of the problems.... ???
Hmmm, at the risk of repeating myself and ranting just a bit, let's go for some concrete, nay sweeping proposals.
1) Mandatory, strong end-to -end encryption of all public, private PII databases and communications (at rest and in transit). Decryption keys held by the user only, whenever technically feasible
2) Limited gathering of Personally Identifiable Information (in other words only when absolutely necessary, always subject to verification, change and removal by the PII subject/owner)
3) Anonymisation techniques applied to everyone's stored PII data to hinder / prevent profile building by third parties. This includes governments and businesses. Sorry Google, you will figure something out, hopefully you are working on it already.
4) Ability to instantly opt-out of any PII storage by another party. Encryption and pseudo-anonymisation techniques can minimise the need for this but people should always be able to scrub their slate clean, simliar to changing one's name by poll deed. If Amazon want to sell and ship you something that is fine, but store the postal address, phone number and other PII separately from the purchase history.
This isn't really rocket science. Your medical details shouldn't be available to the highest bidder on some carding bazaar. You don't have to leave your personal details every time you buy something from a corner shop, nor should you have to. As for the "right to be forgotten" this is only practical to a certain degree (as Euro legislators will eventually see). It can only be efficiently applied to structured data, IMHO. By design, the Internet is not limited by geographical boundaries. So suck it up and support technologies and methods that will actually work and protect people's privacy instead.
5) 5 year moratorium on all PII storage by all second parties, governments can propose a remove/renew/change option for users / owners. Nothing to hide, nothing to fear? Let individuals decide that for themselves.
6) Absolute (constitutional) requirement for warrants and court orders for any data access by LEAs and SECagencies that wish to circumvent the above protections. I am reasonably OK with cops looking at my record of parking tickets. I am not OK with them potentially prying into everything I write, read, eat, buy, surf etc. after storing it forever in Utah. No f*k it let's anonymise the parking ticket records as well.
This would be a great start. However such initiatives are far too complex to be handled by governments and their porky IT suppliers. This is why the security industry and private sector need to lead by example with publically and freely available standards and tools. Gov should then follow those good, generally accepted, consumer-privacy-friendly best principles, instead of the other way around. If they want to help, they can support said initiatives with positive messages and by staying out of the way. A few ads and speeches (as opposed to trillion dollar panopticons) will also stretch public budgets considerably further. Give yourselves another raise for doing the right thing, after the economy recovers.
Also, please stop spreading lies like "encryption breeds paedos, terrorists, and criminality, kill it before it grows". Instead, try "encryption is a vital component of your online security. Not using it jeopardizes your privacy and economic well-being. Prohibiting or weakening encryption will destroy the development of a successful, thriving digital economy". We might start listening again when you start speaking sense.
the US has assured that it does not conduct mass or indiscriminate surveillance of Europeans
A lie so profound that there ought to be a new word for it. Gigaporky, perhaps. Apart from setting up a PA system in Ireland powerful enough for them to hear it; looping the screamed words "You lying cunts" on a loop (possibly a job for Brian Blessed there) there just does not seem to be a suitable response apart from a sad, tired, "Oh, do fuck off".
I thought that too, but give him his due Chamberlain was attempting to avoid a war that ended up killing 50 million people and that was/is a noble aim, albeit a futile one with hindsight.
This deal has almost no upside for Europe, there's nothing noble about selling off your citizens' rights.
James "No, we don't do that, Senator" Clapper gives you his personal assurance...
We need "Airplane"-style "Bullshit", More Bullshit and "Unbelievable Bullshit" icons
I used to think that the EU was more likely to stand up for consumer (and citizen) rights than most of its national governments, let alone the US government. That was the way its politics and institutions were weighted.
But now? I don't see what they're even trying to do any more. With the cavalier way they're treating Honest Dave's attempts to "renegotiate" UK terms, it's looking increasingly odds on that the referendum, whenever it happens, will come down against the EU. We've seen smaller EU members browbeaten and bullied by larger ones, we've seen the EU itself increasingly overbearing and uncompromising in its treatment of its own members...
Personally, I think Merkel wants out. She's realised that as things stand, Germany is on the hook for everyone else's bills. But she can't say that, because she'd have to admit she made the most monumental miscalculation in fiscal policy since Edward I expelled the Jews from England. So instead, she's pushing for the whole thing to implode.
Daily Fail fodder such as stories about Brussels regulating the straightness of bananas aside, I used to think that the EU was generally a 'good thing': All of Europe pooling resources to form a unified 'entity' which would be big enough to complete with [and deal with on its own terms] the USA, USSR/Russia, China, etc.
And, to be fair, I think the EU has done a lot of good 'stuff' in the past, especially for the smaller member nations.
Increasingly however, it seems the EU as an institution is becoming a vehicle for individual European nations to gather together in one place to be fucked by the USA, rather than putting Uncle Sam to the inconvenience of shafting them individually.
This latest agreement allows data-slurping, NSA-conniving US mega-corporations to maintain their stranglehold on European eCommerce, on the strength of a laughable promise to play fair in future. This latest piece of own-foot-shooting following on nicely from Europe doing its master's bidding by going down the economic sanctions and Cold War v2 sabre-rattling route with Russia over Ukraine —when it was patently obvious early in that crisis, in talks with France and Germany, that Russia was willing to try and reach a negotiated solution. Result: Russia turns off Europe's cheap gas supplies and European countries lose access to a huge market, right on their door-step.
I seriously think that there's some kind of ongoing 'Spin the Bottle' party taking place in the pentagon, where the players have to come up with ever more outrageous 'dares' to demand of their supposed 'friends' around the world:
* I bet I can make them go to war over a weapon I've just made up
* I bet I can make them help us kidnap and torture people
* I bet I can make them accept that US law applies in their countries
* I bet I can make them stop trading with their biggest neighbour
* I bet I can make them cover their eyes while we spy on them
The game's been going on for years, but nobody's been got out yet as, however outrageous the dare, the target has always complied.
It's pork. Lots and lots of pork.
You probably missed it because you were only watching the privacy debate, but if you want to keep an eye on these guys you have to keep an eye on the big picture, and the big picture is that the fundamental problems in the US (which happen to undermine the privacy of US citizens too) have not been addressed because it took decades to get to this state.
That's not going to be fixed overnight, assuming that there is even a will to fix it on account of lots of campaign-contributing beneficiaries of the current state (in case you thought this was accidental).
US puts up its usual smoke and mirrors show and EU Commission pretends to be impressed. This would have been a change for the latter to at least recognize the problem for what it is, which would have been a start in doing something about it. Hopefully this needs to get through EU Parliament and gets shredded there (?). I suppose a contribution to Max Schrems' europe-v-facebook.org wouldn't go amiss in any case.
The comments here seem to have gone off at a tangent focusing only on any potential monitoring by the US government. The safe harbor statement was intended to cover the processing of EU citizen's data by US companies. Whether it applied to the US government (or any EU government) was never clear. Do we think EU governments do not spy on us?
Schrems case was not against Uncle Sam's processing of his private but against Facebook's processing of his data. The question that is not addressed in the article because it, too, starts (and doesn't stop) swinging at the low hanging fruit of processing by the NSA, is how this shield allows an EU citizen right of redress if *Facebook* is accused of abusing personal data.
It's equally disappointing that Schrems is not quoted on whether he thinks the shield will offer any suitable protection. He is quoted commenting about the US government. But maybe the author is cherry picking quotes to suit a perspective.
>Schrems case was not against Uncle Sam's processing of his private ...
Um, yes and no ... originally it was 'only'* about Facebook, but after the Snowden expose he added the Uncle Sam -angle to his complaint to the Irish DPA, which ultimately resulted in ECJ's rejection of Safe Harbour on this very basis.
* of course, the outcome could / would likely have wider implications, say, for Google
The US government has got to be the least trustworthy government, neck and neck with the UK.
Start filling information requests up with garbage, at least that will slow them down.
Far better they have a human data request filter to make sure they at least seem to obey the rules.
U.S. and UK spy agencies and police may soon be allowed to directly ask media companies in each others' countries for email and online chat data for people being investigated, under a tentative bilateral deal, officials said on Friday.
"The proposed agreement, which remains under discussion, would be reciprocal and would require legislation to take effect," said a U.S. Justice Department official.
The official said British Prime Minister David Cameron and Home Secretary (internal security minister) Theresa May were in preliminary discussions with other governments on the matter.
Representative Adam Schiff, top Democrat on the House Intelligence Committee, said Congress should monitor any privacy and civil liberties issues, "including making sure these British orders do not cover U.S. persons or individuals within the U.S., do not permit bulk collection, and have due process protections."
Biting the hand that feeds IT © 1998–2019