British internet users' personal information on major 'cloud' storage services can be spied upon routinely by US authorities

 

Rob Hastings
Tuesday 29 January 2013 20:01 EST
Comments
Apple founder Steve Jobs unveiling the iCloud in 2011
Apple founder Steve Jobs unveiling the iCloud in 2011 (Rex Features)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

All personal information stored by British internet users on major "cloud" computing services including Google Drive can be spied upon routinely without their knowledge by US authorities under newly-approved legislation, it can be disclosed.

Click HERE to view graphic

Cloud computing has exploded in recent years as a flexible, cheap way for individuals, companies and government bodies to remotely store documents and data. According to some estimates, 35 per cent of UK firms use some sort of cloud system – with Google Drive, Apple iCloud and Amazon Cloud Drive the major players.

But it has now emerged that all documents uploaded onto cloud systems based in the US or falling under Washington’s jurisdiction can be accessed and analysed without a warrant by American security agencies.

Amendments to the Foreign Intelligence Surveillance Act, known as FISA, allow US government agencies open access to any electronic information stored by non-American citizens by US-based companies. Quietly introduced during the dying days of President George W Bush’s administration in 2008, the amendments were renewed over Christmas 2012.

But only now are privacy campaigners and legal experts waking up to the extent of the intrustion.

Caspar Bowden, who served as Chief Privacy Adviser to Microsoft Europe for nine years until 2011, told The Independent: “What this legislation means is that the US has been able to mine any foreign data in US Clouds since 2008, and nobody noticed.”

Significantly, bodies such as the National Security Agency, the FBI and the CIA can gain access to any information that potentially concerns US foreign policy for purely political reasons – with no need for any suspicion that national security is at stake – meaning that religious groups, campaigning organisations and journalists could be targeted.

The information can be intercepted and stored in bulk as it enters the US via undersea cables crossing the Atlantic Ocean.

Mr Bowden, who now works as an independent advocate for privacy rights and co-authored a report for the European Parliament warning of the threat to clouds posed by FISA, criticised the UK Information Commissioner’s Office for giving free rein to the US authorities.

The body which polices data protection laws in the UK effectively ruled that companies were right to pass information over to foreign government requests as the disclosure was made “in accordance with a legal requirement”, such as FISA.

Mr Bowden said: “Every time we make a bridge of trust, or commit an indiscretion, using a social network or webmail, think how a foreign country could use that information for its own purposes to influence policy and politics. Drafts of documents prepared online, who is in contact with each other, all of this can be captured and analysed using data-mining algorithms much more advanced than those offered by public search engines.”

His report, which is being considered by the EU in a review of its electronic privacy directive, cautioned that the threat of “heavy-calibre mass-surveillance fire-power aimed at the cloud” was greater than that posed by cyber-crime.

Gordon Nardell QC, a British barrister who specialises in data protection, said he was “shocked” by the powers outlined in the highly-controversial amendments to FISA.

He said: “What’s different about this is that it’s a power in the US authorities to insist on real-time collection of information by any data processer within US jurisdiction. The US authorities basically grab everything that is going in and out.”

Sophie in ‘t Veld, a Dutch MEP who serves as vice chair of the European Parliament’s civil liberties committee, warned that European authorities must act as soon as possible.

Speaking to The Independent, she said:“Let’s turn this around and imagine this is not the United States having unlimited access to our data but the government of Mr Putin or the Chinese government – would we still wonder if it’s an urgent issue? Nobody would ask that question.”

Eric King of pressure group Privacy International, said: “Allowing mass surveillance, unwarranted and unaccountable, is terrifying.”

Isabella Sankey, Director of Policy for Liberty, said: “US surveillance ambitions know no bounds. The chilling US Foreign Intelligence Service Act treats all non-US citizens as enemy suspects.”

Last night a Google spokesperson said: “It is possible for the US government (and European governments) to access certain types of data via their law enforcement agencies. We think this kind of access to data merits serious discussion and more transparency.”

Amazon and Apple were yet to comment last night.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in