American security laws could be used to override European privacy rules if data is held on international cloud servers, letting US agencies freely rifle through anything submitted to ‘The Cloud’. Which is just about everything nowadays.
The findings are published in a paper from the Institute for Information Law over in the University of Amsterdam, which was put together to see if the move to the cloud changed the default settings of the Patriot Act, which was put in place in 2001, back when the primitive people of the time stored data locally on discs, USB sticks and in the form of crude physical paper copies known as “print-outs.”
Axel Arnbak, one of the researchers responsible for the paper, said: “The Foreign Intelligence Surveillance Amendments (FISA) Act makes it easy for US authorities to circumvent local government institutions and mandate direct and easy access to cloud data belonging to non-Americans living outside the US, with little or no transparency obligations for such practices — not even the number of actual requests.”
Which seems to imply that if your cloud hosting company is based in the US, it’s subject to US laws, and there’s nothing you can do about it if Barack Obama decides he needs to see a copy of your MP3 collection or Google Play order history. [SSRN via CBS News]
Image credit: Cloud city from Shutterstock