back to article Europe wants cloud giants to cough up data from anywhere in 6hrs

The European Commission has outlined its desire for a new legal instrument that would require carriers, clouds, email service providers, and operators of messaging apps, to produce someone's data within six hours to assist investigations of “criminals or terrorists”. The proposed European Production Order will "allow a …

  1. Voland's right hand Silver badge

    CLOUD act meet Eu Directive, Eu Directive meet CLOUD act

    CLOUD act meet Eu Directive, Eu Directive meet CLOUD act. Let me introduce you to each other, as fundamentally illegal scum you should very happily get along.

    In any case - offshore includes USA and that calls for... Popcorn!!!

    If all popcorn I ordered over the last two weeks will finally be delivered there will be a mountain the size of Vesuvius on my street.

    1. Anonymous Coward
      Meh

      Re: CLOUD act meet Eu Directive, Eu Directive meet CLOUD act

      Keep your popcorn dry, this is just the opening act.

    2. TheVogon

      Re: CLOUD act meet Eu Directive, Eu Directive meet CLOUD act

      "If all popcorn I ordered over the last two weeks will finally be delivered "

      Best to order it now before they apply a tariff to it!

    3. The Man Who Fell To Earth Silver badge
      FAIL

      So that's where they went

      Apparently the Stazi simply took over the EU.

  2. Pascal Monett Silver badge

    But of course it will be for terrorism

    Initially, that is.

    Then "terrorism" will be applied to journalists they don't like.

    Objectively, there are obvious good reasons for this kind of requirement. It's the potential for overreach I don't like.

    Plus the fact that we are doing more to damage our liberties than terrorists could hope for in their wildest dreams.

    1. Adam 52 Silver badge

      Re: But of course it will be for terrorism

      From this bit:

      "at least three years ... and terrorism-related crimes"

      Then someone's clearly intending to redefine terrorism to include, picking something at random off of the crimes with less than 3 years, "Procurement of a woman by false pretences".

      1. Jellied Eel Silver badge

        Re: But of course it will be for terrorism

        Terrorism and 'serious' crimes. Which is the part I think needs to be restrictive to avoid scope creep. I'm broadly in favor of allowing TPTB the communications access they need to do their job and keep us safe. Protecting us from terrorism helps sell policy, even though we're unlikely to be affected by it. But as we saw in the UK with RIPA, the scope crept to include surveillance on rubbish bins. That changed to restrict intrusive surveillance and provide more clarity around who can access communications data, especially bulk.

        This proposal would seem to open that up again to a wider scope given a 3 year sentence is possible for a lot of crimes. But investigators need timely access. So my usual example of a kid going missing, suspected to have been in contact with someone who may have been grooming them. There's obvious time pressure to safeguard that kid, but a lot of challenges, ie figuring out how they were communicating and who the relevant service/app provider is to obtain logs. Less restrictive access that allows potential fishing shouldn't be allowed.

        1. Anonymous Coward
          Anonymous Coward

          Re: But of course it will be for terrorism

          "This proposal would seem to open that up again to a wider scope given a 3 year sentence is possible for a lot of crimes. "

          ... like copyright infringement ...

  3. Anonymous Coward
    Anonymous Coward

    handy vs journalists and opponents

    “to deny terrorists and criminals the means and space to act”

    means

    “to deny journalists and opponents the means and space to act”

    ...because all they need to do is mention any one of dozens of areas they might conceivably be investigating, for one of conceivably hundreds of potential serious crimes, and that's it, no evidence has to be given to the data provider, it's just:

    ALL YOUR DATA ARE BELONG TO US

    1. Anonymous Coward
      Anonymous Coward

      Re: handy vs journalists and opponents

      Yes, terrorists rarely threaten the elites directly, but the journalists do!

  4. Anonymous Coward
    Anonymous Coward

    1984

    The problem with policing people is that it's done by... people.

    I wonder when the first abuse of this "power" will be brought up, IF our liberties haven't been eroded to the point where we're allowed to know any more.

    1. Warm Braw

      Re: 1984

      One of the consequences of the way the EU works is that EU directives are actually implemented in national legislation, but ultimately adjudicated by an EU court. This means that if/when there is an instance of abuse, the nation state involved at least doesn't get to mark its own homework. So far the EU courts have been pretty robust on data protection (see under Safe Harbor).

  5. Anonymous Coward
    Anonymous Coward

    The onward march to the underground!

    I'm sure these people realise that once you pass laws where you can obtain data then the people whose data they want will just move it somewhere they can't get it. This simple logic makes me suspicious of the true intentions of all these laws.

    1. Doctor Syntax Silver badge

      Re: The onward march to the underground!

      "I'm sure these people realise that once you pass laws where you can obtain data then the people whose data they want will just move it somewhere they can't get it."

      I don't think they do. The thought patterns of legislators are such that they must believe that if they forbid something everyone wanting to do that will simply avoid their efforts. The history of taxation or banning of alcohol, for instance, has provided centuries long evidence of this in the form of smuggling and illicit distillation.

      Living inside a bubble where a host of employees including the most senior officials are doing their bidding* seems to convince those who've reached the top of the government tree that they really are all-powerful.

      * Or at least persuading them they are.

    2. Voland's right hand Silver badge

      Re: The onward march to the underground!

      it somewhere they can't get it

      Oh, they do.

      They are copying the Russian boy homework - the one sitting lonely "without friends"(*) on the desk in the corner of the class. I read the Russian laws in full every time there is an all mighty scream about yet another "undemocratic action of the Putin authoritarian regime". Every time they have done something - we copy it. From an initial 5 years lag (the metadata collection and probes - 1999 vs 2005) the lag for our legislators to copy them is down to 2 years. That means that our legislators are literally taking their laws as they are voted or even before that and cut-n-pasting into their own homework (the lifecycle of most laws from first draft to approval in Eu is ~ 2 years).

      So, based on reading the homework produced by the lonely Russian boy "without friends", the next step will be ensuring that any data on Eu residents is held in Eu only or only in a legislation where Eu can get its mitts on the data. The tool for that has been prepared, primed and ready and is coming into force next month. It is called GDPR.

      Any country having objections against such an order will have its GDPR compliance and data equivalence dropped overnight effectively denying all of its businesses the right to buy or sell from Eu subjects.

      (*)Out of all Nikki Halley rants that is probably the most idiotic one. Almost to a John Bolton/Condoleeza level of idiocy

      1. Ben Tasker

        Re: The onward march to the underground!

        > yet another "undemocratic action of the Putin authoritarian regime". Every time they have done something - we copy it.

        It's a two way street though too.

        They tried (and failed miserably) to block Telegram in Russia in the last couple of days, because the wouldn't/couldn't give them access to messages. The UK, the US and the EU were specifically mentioned as examples of countries "normalising" access to this data to make it sound like they weren't being that unreasonable.

        There's an echo chamber with some very severe ramifications.

  6. Dan 55 Silver badge

    I wonder what happens when they come up against that old chestnut...

    ... end-to-end encrypted data.

    1. Voland's right hand Silver badge

      Re: I wonder what happens when they come up against that old chestnut...

      ... end-to-end encrypted data.

      You can see the dress rehearsal for that in Telegram vs Roskomnadzor. 2 years until we have this play centre stage on our scene. Or thereabouts.

      1. Ben Tasker

        Re: I wonder what happens when they come up against that old chestnut...

        > You can see the dress rehearsal for that in Telegram vs Roskomnadzor. 2 years until we have this play centre stage on our scene.

        Hopefully, though, our lot will learn the fruitlessness of it from Russia's embarassing act yesterday. Blocking all of AWS' ranges, taking down Roskomnadzor's own site in the process and yet Telegram continue working.

        Oh, and for double-bubble points, in the process, they accidentally unblocked all the sites they'd previously blocked.

        Ultimately, they made themselves look incapable of enforcing their demands, and all for what was presumably meant to be a show of power.

        No way our politicians would see that and repeat it.... never mind, I just realised who we've got in power and who's waiting in the wings. They totally would, wouldn't they

    2. Simon Harris

      Re: I wonder what happens when they come up against that old chestnut...

      "Fine, here's the data you wanted.

      Oh, sorry about the encryption, but we really don't have the keys to decrypt it...

      But I'm sure you have some nice big computers to do that... good luck!"

      1. stuff and nonesense

        Re: I wonder what happens when they come up against that old chestnut...

        Some time later..... damn that’s a beautiful cat pic!

  7. JakeMS

    So...

    Does that mean I'm not considered so paranoid now when I tell people I don't store my personal files with cloud service providers?

    My personal emails are pretty boring, but stored with Fastmail, anything super sensitive (like my next terror plot which is due to be activated next week on Thursday) is encrpyted with GnuPGP, and business/company emails are run through our own email server, emails between employees never actually leave the server (no need to).

    Am I still considered paranoid? I hope so, I like being the paranoid nut job.

    1. Anonymous Coward
      Anonymous Coward

      Re: emails are run through our own email server

      Until you go on holiday and some upwardly mobile PHB or Accountant decides that moving your email server to AWS/Orifice 365 or something would save a few quid including your job.

      You return to find your desk moved into some dark dank cubby hole with no windows and a clear message in the form of several cardboard boxes that your paranoid ways are clearly old-speak and that the dynamic company is going all cloudy thus you are no longer needed.

      See you down JobCentre-Plus then???

      1. JakeMS

        Re: emails are run through our own email server

        Hmm, may have to reconsider next weeks plan now.

        Thumbs up for making me laugh tho!

    2. Voland's right hand Silver badge

      Re: So...

      Am I still considered paranoid? I hope so, I like being the paranoid nut job.

      Insufficiently paranoid I would say.

      My stuff is ALL IN HOUSE. Cloud is used only for relaying mail and/or interim hop VPN anchoring (a form of DIY DynDNS).

      Even my backups are not in the cloud. Unless I count the Gigabit connection to the shed at the end of garden a form of cloud. Sure, 20m distance is not exactly off-site. However an incident which will destroy anything in 20m radius is not likely to have any of us surviving anyway.

      1. Anonymous Coward
        Anonymous Coward

        Re: So...

        Volands Right Hand: My stuff is ALL IN HOUSE.

        Yes, but WE KNOW WHERE YOU LIVE!

      2. Anonymous Coward
        Anonymous Coward

        Re: So...

        "However an incident which will destroy anything in 20m"

        Like someone robbing your house?

        1. Voland's right hand Silver badge

          Re: So...

          Like someone robbing your house?

          He will need a crane or a pneumatic jackhammer to get to some of the backups or the CCTV records.

          I am not kidding. They are on nodes which are "built-in" in more than one sense of the word. Makes maintaining it a bit of a bitch, but serves the purpose. It also means that there are "obsolete" nodes shut down and wiped for the last time "embedded" here and there in the structures waiting for the next big repair job to be ripped out. Oh well, c'est la vie, if you plan it in the next [kitchen | staircase | storage ] refurb it is no big deal.

          If worst comes to worst there is always the long term encrypted backups at one of my overseas properties - they get refreshed every time I go on holidays.

          Yes, I am paranoid (as most people who have done old school sysadmin). I also do not believe anything until it has completely checked out and all cross references and "foreign indexes" work out. And I am proud of it.

  8. Christoph

    "background checks on anyone who tries to export weapons from the bloc"

    Does that include the people exporting billions of pounds worth of weaponry to those wonderful humanitarians in Saudi Arabia?

  9. Anonymous Coward
    Anonymous Coward

    Safe guards

    By their definitions a country could have laws that it could use against political opponents to capture communication data from outside their own borders. Not that far fetched since Spain is using its treason laws against Catalonian politicians, including the use of international arrest warrants. Given this is not the only country which is using dubious laws to meet political goals the safe guards seem to set a very low bar and weigh power far to much to nation state and away from citizens.

  10. Anonymous South African Coward Bronze badge

    All aboard the train to 1984...

  11. Teiwaz
    Joke

    To be expected... [snicker]

    This sort of thing is to be expected now that the EU will not have the fair an balanced political ideals of one of the most venerable and distinguished democracies, and the sage and learned wisdom of those who serve in her majesties government in the future.

    ROFL

    Nope, can't even write it with a straight face...

    1. Anonymous Coward
      Anonymous Coward

      Re: To be expected... [snicker]

      now that the EU will not have the fair an balanced political ideals of one of the most venerable and distinguished democracies

      Yes, it's got Emmanuel Macron instead. Oh joy...

      1. Teiwaz

        Re: To be expected... [snicker]

        now that the EU will not have the fair an balanced political ideals of one of the most venerable and distinguished democracies

        Yes, it's got Emmanuel Macron instead. Oh joy...

        And we've a damaged Rudder and Mayday.....Help!!!

  12. bombastic bob Silver badge
    Big Brother

    In the name of 'safety'

    From the article:

    "EU members knew this stuff was coming as safety is a legislative priority for the Union 2018-2019."

    EU members knew this stuff was coming as safety MORE CENTRALIZED CONTROL and LESS FREEDOM is a legislative priority for the Union 2018-2019.

    Fixed it for ya. (it's often like that across the pond, too)

    1. Anonymous Coward
      Anonymous Coward

      Re: In the name of 'safety'

      "EU members knew this stuff was coming as safety MORE CENTRALIZED CONTROL and LESS FREEDOM is a legislative priority for the Union 2018-2019."

      This seems to be the goal for all governments these days.

  13. TheSirFin

    Warrants

    No mention in the article of warrants......... back in the day, and int time honoured hollywood police dramas, The Cops were always waiting for a warrant from a Judge, so they could 'do the wire tap'. Igoring the technical fiasco, its does appear from this article, its just a "give the cops whatever they ask for' sort of legislation with no checks and balances.......?

    1. Graham Cobb Silver badge

      Re: Warrants

      If warrants really are too slow (hint: I don't believe they are), surely the best answer is to impose the warrant requirement for secrecy: the Order is automatically disclosed to (all of the) victim(s) after12 hours, unless a warrant is received specifying a limited time (no more than 1 year, but renewable) during which the Order is not to be disclosed to the victims.

      Seems reasonably fair and proportionate, and allows for "emergency" actions.

      Of course, once the Order has been disclosed, it must be challengeable in court by the victim, with compensation for Orders found to be unfair or disproportionate (as well as mechanisms to force procedural changes and/or remedial training).

      And, of course, "maximum sentence 3 years" does not represent serious crimes: 10 years max sentence seems a more reasonable measure. But I assume that term is really there for a future "compromise negotiation" with MEPs who pretend to care about civil liberties.

      1. Anonymous Coward
        Anonymous Coward

        Re: Warrants

        "And, of course, "maximum sentence 3 years" does not represent serious crimes: 10 years max sentence seems a more reasonable measure."

        Wasn't there a proposal to raise the penalty for copyright infringement to ten years. I know the US would approve of that.

  14. codejunky Silver badge

    No!

    Surely not the fuzzywuzzies! Surely they would never do a thing like this. I am shocked.

  15. Claptrap314 Silver badge

    I keep beating this drum: If you do business with EU entities, expect to be required to comply with EU laws. Oh, wait. It's usually US/US. But yeah. I would rather weaken the internationals via Balkanization than have them be able to run over the locals.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like