"We've already siphoned off...
...most of the stuff we were interested in, so we'll throw you a bone."
The US will take steps before the summer to comprehensively strengthen the "Safe Harbour" framework that helps facilitate some transfers of personal data to the US from the EU. The commitment to improve privacy protections (10-page/445KB PDF) was contained in a joint statement issued on behalf of senior officials from the EU …
1) "... to ensure data protection and enable trade through increased transparency, effective enforcement and legal certainty when data is transferred for commercial purposes,"
This should have been done in the first place, and it is a bit too late to start thinking about such things now.
2) Given that the UK is part of the EU and thus comes under the regulations, the fact that Tempora and other programmes have been run surely points out the fact that the security organisations don't give a damn about what is legal and what is not. The only thing that matters to them is whether they can do it without being caught.
3) With all of the revelations from Snowden would you really trust any of these characters do abide by any agreement made? If it didn't work the first time why should it work now?
No, this is just another attempt to pull the wool over our eyes with meaningless and worthless promises.
"There, there, it's all better now."
It's not about NSA/GCHQ spying on you - as soon as the data is in the UK you can be sure it's in Fort Meade.
It's about having your Doctors surgery using software from a US company to process your records and finding that the T&C allow the company to sell all your details to the US arm of your pension provider.
That's what this PR exercise is really about. The continued opportunity to easily spy on us, yes, but also the fact that American corporations are screaming blue murder about the business the NSA caused them to lose.
Spying on ones supposed allies is important, and all that, but in the Land of the Fee money is always the number one priority.
That's what this PR exercise is really about. The continued opportunity to easily spy on us, yes, but also the fact that American corporations are screaming blue murder about the business the NSA caused them to lose.
The second aspect is where you've hit the nail on the head - but not because of the NSA. The problem US companies have is that a couple US federal laws (the most well known of which is the USA PATRIOT Act) make it entirely impossible for a US company to credibly claim it can protect EU data from uncontrolled access by the state - in the US, the concept of due process is all but annihilated post 9/11, and state + companies have become addicted to a total lack of inhibition when it comes to abusing personal information.
The EU is politically in an interesting position. I suspect they will as always eventually cave to the blend of bribery, lobbying and blackmail with trade restrictions that typifies "negotiating" with the US, but the reality is that data held in the US cannot EVER meet the standards demanded in the EU. The "Safe" Harbor concept is just an excuse to enable US companies to hawk their warez here, but if you really have an obligation of confidentiality you would not only be a complete idiot to accept a scam scheme that relies on self certification, but you'd also ignore all the legal issues you're creating for yourself.
The interesting bottom line is that presently the WHOLE OF SILICON VALLEY is in no way able to protect privacy. Not that they don't want to, but they simply can't - they have no legal defences against the wide open barn door to personal information that US law creates.. Not with those laws in place, and fixing that is not possible overnight - that will take well over a decade.
I predicted in January that 2014 would be the year of privacy spin (well, privately I used the term BS), and so far I have not been disappointed. There will be a lot in the way of "initiatives" coming, but as long as the basic federal law issue is not addressed it's merely window dressing. Which is what they're good at, but it doesn't address the REAL problem.
"The interesting bottom line is that presently the WHOLE OF SILICON VALLEY is in no way able to protect privacy. Not that they don't want to, but they simply can't - they have no legal defences ..."
How about the EU threshold for unauthorized data possession by non-governmental entities be treated as a felony receipt of stolen goods. That is hardly a matter for diplomacy but rather extradition.
I feel bad for The Hague. Crimes Against Humanity attracts a better sort of convict.
"Airbus" is the new name (since a few months?) of EADS, the (mostly) European aviation consortium, which was in fact founded in the 70s. Their first flagship product, the A300, has been flying since the early 80s or so, and to my knowledge they don't time machine them back into the past.
All the above from memory, exact details can be Googled up easily.
Yes, I know about the corrections link. I also know I don't like email.
No repeal of THE PATRIOT Act.
No privacy.
And not 1 fr**ging word about the credit card details of airline tickets purchased by passengers which the US must have (do European get the same information from US ticket buyers?) to "Prevent another 9/11," although all aircraft ceased were on internal US flights at the time, and most of the terrorists were citizens of Saudi Arabia.
Good Lord.
The only way Europe is going to strengthen their privacy is if EUROPE does it. It's been over nine months since Edward Snowden defected and the revelations are still coming. Do you honestly think the USA has changed given the complete lack of any accountability in their system in this matter to date?
Even without Snowden leaks it was clear that 'safe harbour' was (worse than) useless: US companies have been operating with blatant disregard of the EU data protection laws. Case in point: Google's troubles with CNIL (see e.g. http://www.cnil.fr/english/news-and-events/news/article/the-cnils-sanctions-committee-issues-a-150-000-EUR-monetary-penalty-to-google-inc/ ).
"However, Munich-based technology law specialist Christian Knorst of Pinsent Masons, the law firm behind Out-Law.com, said that an 'IT Airbus' in Europe could cause competition issues and that the best way to challenge more established US rivals in the market was to improve funding for small businesses to help them compete on privacy."
Given the Patriot Act et. al. surely the only way to keep the data out of the immediate grasp of the US is to host it on EU located servers run by EU firms with as little US involvement as possible (given that AFAIK any US owned firm can be made to hand over any non-US data to Da Guvmint by law).
Which will not be done by "small businesses" but would require companies the size of BT to build and run the data centres.
Implementing the router infrastructure to avoid any data tromboning through the US is kinda minor in comparison. Light up some dark fibre and go for it.
Oh, and
"Only a handful of countries, including Argentina, Canada and Switzerland, but not including the US, are deemed by the European Commission to provide adequate protection."
Strangely no mention of India and other major hosters of call centres for the UK financial and telecoms industry.
Anyway, relying on promises today and then giving the US all your data in no way protects you from a (nominal) change in government and in government policy.
Stable door is flapping, horse already long gone, EU government as a whole addicted to Facebook and especially Twitter. Data privacy??
Oh, and at some point the various EU policy makers will realise that any EU-centric infrastructure is going to cost far more than the ever competing cloud providers in the US.