Privacy Law Scholars Conference 2013
35 Pages Posted: 10 Jun 2013 Last revised: 13 Dec 2014
Date Written: June 9, 2013
Transnational surveillance is obscured by the cloud. U.S. foreign intelligence law provides a wide and relatively unchecked possibility of access to data from Europeans and other foreigners. The amendments to the Foreign Intelligence Surveillance Act in 50 USC 1881a (section 702) are of particular concern. Recent leaks around the PRISM surveillance program of the National Security Agency seem to support that these legal possibilities are used in practice on a large scale.
These developments will affect market conditions and competition, notably for U.S.-based cloud services. In addition, the possibility of foreign governmental access impacts the privacy of cloud end-users and can cause chilling effects with regard to cloud computing use.
Calls for regulatory action and termination of cloud contracts are starting to emerge – such as in cases of medical data storage in electronic patient record systems and biometric data processing in relation to passports in The Netherlands. This Article analyses regulatory solutions to the current status quo on four levels: i) the possibility of limiting surveillance in the U.S. itself; ii) international law as a framework to impose some limitations; iii) the EU General Data Protection Regulation proposals and the EU Cloud Strategy, and iv) improved oversight on transnational intelligence gathering.
If transnational intelligence remains obscured by the cloud, the various promises of the cloud, and electronic communications in general, might stall. It will be hard, but considering all the interests involved in the transition to the cloud, it must be possible to come to some agreement about restrictions on transnational intelligence gathering and stronger protections for non-U.S. persons in U.S. clouds.
Keywords: Cloud Computing, Intelligence Surveillance, Cybersecurity, Privacy
Suggested Citation: Suggested Citation
van Hoboken, Joris and Arnbak, Axel and van Eijk, N.A.N.M., Obscured by Clouds or How to Address Governmental Access to Cloud Data from Abroad (June 9, 2013). Privacy Law Scholars Conference 2013. Available at SSRN: https://ssrn.com/abstract=2276103 or http://dx.doi.org/10.2139/ssrn.2276103
By Urs Gasser
By Ryan Calo