US tries one last time to sway EU court on data-slurping deal Hear that? It’s the sound of panic, as it dawns on the US that from tomorrow it might not be able to slurp as much data from Europe as it wants... and thousands of multinationals bite their nails over their European client lists. Europe’s top court will decide tomorrow if the US-EU Safe Harbor Framework is sufficient to …
Europe’s top court will decide tomorrow if the US-EU Safe Harbor Framework is sufficient to protect EU citizens from US spying. In Advocate General (AG) Yves Bot’s opinion published less than two weeks ago, it is not.
Hardly an opinion when the barefaced contempt is proven ad nauseam.
A gentleman's agreement with the devil inevitably ends up awfully one-sided. Since they keep falling over themselves to prove themselves as trustworthy as a bathful of meth addicted rabid scorpions it's about time they were treated as such.
Robust *clientside* encryption, the specific implementation(s) certified by an appropriate EU agency... for an appropriate fee of course. Or "fuck off, ta very much."
Simple.
With all countries including India it works like this: either there is an fig-leaf agreement such as Safe Harbour or the data protections rules of the originating country apply. In practice getting bilateral agreements is hard work so companies usually agree to be bound by the law of the originating country.
So you can't use data protection arguments to prevent outsourcing for financial reasons. But the outsourcing company can be held liable in the originating country for breaches by subcontractors. And, indeed some of the SNAFUs have forced some companies to reconsider their practices. I think it took one of the larger breaches to realise how fucking stupid it is too outsource all their customer data.
Better Marx than Rand. And better what Adam Smith actually wrote, in his totality than what Americans think he wrote, by only paying attention to one part of one book. And better proper regulated social democracy than the lot of 'em.
Oh, and there is, at any point in time, a fixed number of jobs available. That may change from moment to moment, but there are not going to be more jobs available than are required to get things done. If you aren't paying locals to do those jobs, you're just shipping money out of the country.
Ultimately, what matters is the net flow of money into the country. And by net flow, I don't mean "squirreled away into the bank accounts of the ultra rich". I consider that functionally out of circulation, and trickle-down-your-pants economics is a fucking farce. The ultra rich don't really reinvest all that much, especially lately. They just camp on the damned money and it is thus functionally out of the economy.
What is the net money available for use by the bottom 95% of the country? Is that increasing year on year, decreasing, or staying more or less the same? Adjust for inflation and divvy up per capita and we can start to have a real conversation about the economy.
Next, we can have a conversation about how globalization depresses wages in first world nations, but how it has led to the spread of laws and regulations that emphatically prohibit the hoi polloi from benefiting from globalization through the legalization of the "grey market". Wages go down, but the price of goods under copyright doesn't. Wages go down but the cost of pharmaceuticals doesn't. So on and so forth.
These are good conversations to have. Ones about the net effect of all this Randian bullshit. That net effect, by the way? Not good.
Heck, that shit is just for low priority commercial espionage. For this sot of stuff they'll have purpose built "consulates" and "missions" pointing at the offices and tuned in to all the monitors, keyboards, etc. They'll have hard copy in Maryland before the data even hits the NSA pwned routers.
" the European Parliament called for it to be suspended.
However, the EU executive, the European Commission, was reluctant to do so and instead pinned its hopes on renegotiating the terms of the arrangement."
If the court follows Bot's advice renegotiation will be a lot easier & faster. Wasn't it one of Tricky Dicky's henchmen who said "when you've got them by the balls their hearts and minds will follow"?
However, the EU executive, the European Commission, was reluctant to do so and instead pinned its hopes on renegotiating the terms of the arrangement."
If the court follows Bot's advice renegotiation will be a lot easier & faster. Wasn't it one of Tricky Dicky's henchmen who said "when you've got them by the balls their hearts and minds will follow"?
Yes, but that has been on the cards for years, and especially so since Snowden thew a spanner in the works. The reason the EU wanted to hang on was because a wholly new negotiation means a wholly new round of threats with trade embargoes from the US, and I just hope the EU realises it still has the upper hand and call that bluff. Better, make it public what the US will try to do and show the US that democracy demands transparency.
Frankly, the US is capable of fixing that, but as they cannot even get a couple of fairly basic lunacy checks in place for gun purchases after yet another butchering I don't see any way they can contain the lunatics in the 3 letter agencies..
"website analytics generally falls under the category."
So? Maybe some companies will realise that having umpty-seven "analytics" and tracking shite on their websites doesn't actually produce anything meaningful and a few PHBs will suddenly find they have no pretty graphs to show the suits and end up having to find some real work,
True, however it's encouraging that in this case Microsoft is refusing to hand the data over. Not for any high ideal of course, but they know that if they hand over the data they will lose clients. Same with Apple and all the rest of them.
Rather than all those US companies setting up physical datacentres in EU, isn't the time ripe for an actual EU company to take off and fill in the niche?
If they operate in any shape or form in the US then this still wouldn't work, given the amazingly broad way in which the law over there operates.
We've been flagging that problem for years, and they don't care. That would be good news for the EU, if not for one little problem: we don't have outfits as large over here. We have no Microsoft, Google, Apple, Oracle (etc), so what is a large enterprise going to replace that with? Open Source is a bridge too far for most, so I can't see that solved easily.
"Open Source is a bridge too far for most, so I can't see that solved easily"
The problem at hand isn't using MSFT/Apple et al's software, it's shipping data transatlantic with zero protection for EU citizens in US law.
That being said EU corps (and governments - believe it or not) are capable of learning to swim when they're pushed into the canal.
The problem at hand isn't using MSFT/Apple et al's software, it's shipping data transatlantic with zero protection for EU citizens in US law.
Even US citizens are not protected - no need to make the distinction. The only difference is when it comes to suing people for it. US users get blackmailed with heir own details to keep quiet (because what you can access you can also change), whereas EU users get sent round the houses in the legal system until they are out of funds.
"If they operate in any shape or form in the US then this still wouldn't work"
That's the whole point. Safe harbour is a hollow promise. In the absence of the US reforming its entire privacy legislation the way to go is to kill it and go with wholly EU operations. If, for instance, your EU telecoms provider wants to run a credit check on you (I can't think why this particular scenario came to mind) it would have to go to a wholly EU owned and based agency to do so.
Actually I don't see why we need safe harbour at all. If you (for values of you which evaluate to EU citizen) deal with an EU company you should be able to hold that EU company responsible for any breaches of data you give it. If they take the decision to pass that on to another company, irrespective of where that company is, they'd better be sure that they can trust that company or else have T&Cs with it that allow them to recover any damages that they may have to pay out the customer. A further element should be transparency; before passing on data a company should ascertain any further transfers that will be made (no weaseling out with vague "may" clauses to unnamed "partners"), report back to the customer and receive positive opt-in before proceeding. (Actually there could be circumstances in which it would not be possible to decide up-front whether a transfer would be necessary; in that case it would be OK to say "may" in the first place providing they named the options and sought additional opt-in for any such transfers when the necessity arose.)
"Physical location of the server is only part of the story though. Just look at the ongoing court case between Microsoft and the US government. Even if safe harbour is suspended it will still leave access to our data open to abuse."
But if the physical servers are in the EU, there's at least someone here to arrest. Under Safe Harbour/Harbor, the EU cannot even get their mitts on a human being if someone breaks the agreement.
You're assuming the authorities in the EU would be aware of it.
That's why I think the new judicial redress in the US for EU citizens that's been proposed is a complete sham. You can only seek redress against a crime when you know it's happened. The only thing that will make any difference is to give EU citizens exactly the same protections against spying as US citizens (not that this will ever happen).
The way forward for American business in the EU is to create partnerships with EU businesses and then license their brand names to those partners.
US companies cannot create subsidiary companies in the EU and think they have got around the legislation, as the Patriot Act will storm through any US companies broom cupboard hoovering up the data from not just the parent company in the US, but all of the subsidiaries around the world and American businesses, no matter how principled, can stop that level of terrorisation by their own state.
So, expect a flood of IT positions in the near future as Europe's players finally get a slice of the European cake, that had until recently been almost uniquely devoured in the US.
Bon Appétit
The way forward for American business in the EU is to create partnerships with EU businesses and then license their brand names to those partners.
I picked up plans in that direction when I was in Brussels. The idea is that some very large outfits basically fronting the software in the EU using their brand as a way to get some trust back in the products. That approach does not cover all businesses though, so I reckon you're right, it *will* result in more EU side employment.
The only problem is that in the EU it is hard to find investors with a vision, when it comes to tech investment, the US is *way* ahead and far more direct that the EU where you cannot sell a good idea unless it's smothered in bullshit and consulting speak, and you have the right friends. It's the main reason why the EU doesn't really have a comparable tech industry. Sure, there are *extremely* good ideas floating around, but they tend to either die for lack of funding, or migrate to the US.
Is there a word - possibly from another language - to describe the situation of the "inferior" in a relationship presuming to lecture the "superior" ?
In this case, the US explaining to the EU that the EU understanding of EU law is flawed ?
Or (as happened a year ago) Alex Salmond explaining to the Bank Of England how the Bank of England didn't understand British monetary policy ?
There must be a word. There must
In this case, the US explaining to the EU that the EU understanding of EU law is flawed ?
That's just petitioning and fine in a court, though not much use in the ECJ.
The US position is flawed because any court approval would have to be by an EU court as in such matters a US court has no jurisdiction. This is similar to the SWIFT discussion about payments (and the current one about airplane passenger data) which led to a separate data centre being set up in Europe to which the Feds don't have automatic access. It's not as if they're aren't plenty of pliant governments and courts in the EU only to happy to give them access but such access could subsequently be challenged.
Getting court orders for this kind of stuff, Italy is a good example, is often ridiculously easy but it riles with American dreams of extra-territoriality.
in such matters a US court has no jurisdiction
Heresy!!
The Empire has jursidiction everywhere. EVERYWHERE. Even in Fantasy Land.
"ordinary people — because, for example, those people are communicating with valid foreign intelligence targets"
So, if Ahmed bin Nutjob (ahmed@nutjob.isil.sy) buys a pair of fluffy slippers from amazon, then all the communications of amazon are now a legitimate target of global surveillance by the nutjobs in the NSA? And now that amazon are a legitimnate target, then all the other amazon customers are now communicating with a foreign target...etc.
Same applies if dear old Ahmed has a google account - they can then legitimately monitor all google's communications?
Epic Fail I'm afraid.
So, if Ahmed bin Nutjob (ahmed@nutjob.isil.sy) buys a pair of fluffy slippers from amazon, then all the communications of amazon are now a legitimate target of global surveillance by the nutjobs in the NSA? And now that amazon are a legitimnate target, then all the other amazon customers are now communicating with a foreign target...etc.
Same applies if dear old Ahmed has a google account - they can then legitimately monitor all google's communications?
Epic Fail I'm afraid.
That has been the case for almost 2 decades. It just has been made easier after 9/11 because they then got a Universal Password to bypass any pesky oversight: "terrorist". Add a bit of "national security" sauce to hide any abuse of that access for other purposes, and away you go. Apart from the occasional mistake it's been pretty much plain sailing for intercept from then on, because you also have no rights to protest against it, and in the rare event you could get a process started in court you'd discover that nobody is actually accountable for this.
So, if Ahmed bin Nutjob (ahmed@nutjob.isil.sy) buys a pair of fluffy slippers from amazon, then all the communications of amazon are now a legitimate target of global surveillance by the nutjobs in the NSA?
Well of course. But they'll not be indiscriminate about this - they'll delve no deeper than, say, six degrees of separation. More than that would be just silly.
Vic.
But I bet the court has been nobbled and the decision goes in favour of the USA, despite precedence suggesting that they will usually go with the AGs view.
No point having all those spooks and all that silicon if you can't get a little dirt on a few foreign officials, eh?
The SWIFT agreement (no Feds, you can't read everyone's financial transactions all the time) is a precedent that says this will go against the US.
Most interesting will be whether the agreement is declared null and void immediately or what the grace period will be for a new agreement, presumably based on fast-track court orders.
"despite precedence suggesting that they will usually go with the AGs view"
It's worth remembering just how big and powerful the EU as an entity actually is. It may be a bit more fragmented than the USA in terms of internal states and sovereignty, but when it does stick together it can wield a pretty big stick, even over the USA.
The USA is one huge data sink hole.
Whether you are departing Bangkok or Singapore International Airports, transferring money using SWIFT (Moneygram and Western Union are hard-wired in to US security) or using any HSBC ATM in the WORLD, your data is in the USA.
And, for those who don't know, your voice analysis, made whenever you talk to any HSBC telephone number, is stored in New Jersey, too. Imagine what security forces could do with THAT!
The good news is HSBC voice analysis is paralysed if you play Canadian Inuit Throat singing (Tanya Tagaq), or a loud newscast loudly in the background.
“The Prism programme – which is another name for foreign intelligence collection subject to judicial supervision under section 702 of the Foreign Intelligence Surveillance Act – is NOT based on the indiscriminate collection of information in bulk, as a report from the US Privacy and Civil Liberties Oversight Board makes clear,” said Litt in a statement.
The important thing to realize here, the feds have already come up with doublespeak for situations like this.
a) "subject to judicial supervision" -- the FISA court initially just rubber stamped anything that came by their desk. As the NSA expanded what they slurped in, the FISA court did eventually state their reservations on the scope and scale of this program, and found some uses of it were flat-out illegal. They "supervise" insofar as they release legal judgements on the program, but there seems to be no penalty for FISA judging them to be illegal.
b) Collect doesn't mean collect. The NSA and federal gov't have intentionally redefined plain English to fit their purposes. They define information as "collected" or "intercepted" NOT when it's pulled off the wire and dumped into some database they can search at any time (i.e. when anyone who speaks English would say it's collected). They say information is not collected until someone at the agency has done a query that actually pulls up that information.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
