Safe Harbor ripped and replaced with Privacy Shield in last-minute US-Europe deal European and US legislators have hammered out a last-minute deal to allow data flows across the Atlantic to continue without breaking the law. "For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations …
Probably because they could still snoop on people all they like since they'd be requesting data about a specific -account- not a specific -person-. They could reason that they weren't aware that the subject of the search was a European, as they were just investigating accounts that were tied to their investigation, the fact that an EU citizen happens to own that account is irrelevant.
At least it's something. The first small admission that European citizens might have rights. Canada hasn't even managed to negotiate that much for its citizens! Not that I expect a civil-liberties hating douchecanoe like Trudeau to ever even try. He's too busy signing away Canada's future with the TPP and cracking down on its citizens with Bill C-51.
Whomever wins, we lose.
and then there are things like the FISA (foreign intelligence security act) etc.
The other term in this article which is worrying me is "adequacy" which if the US would obtain that status their privacy protection would be ranking similar to countries like Switzerland which obviously can't be correct.
"This will be going to the ECJ sooner rather than later and will be struck down again."
That's just it though. The "fix" is in. This will now be going on until such time as an Edward Snowden II is willing and able to prove that "Safe" [sic] Harbor [sic] II "Safe" [sic] "Shield" is a sham. How long do you suppose that'll take? Ten years? Twenty? Ever?
Until such re-revelations: "Safe" [sic] "Shield" is the most robust protection in the world. What proof do you have that it's not working in spite of out heroic and stringent "monitoring"? Thought not. Please check your tinfoil Sir, your paranoia is showing.
Move along now. Nothing to see here.
So has the US publicly dropped the secret court orders for its non-existent illegal mass surveillance and the secret orders that companies secretly comply and do not reveal that data was demanded?
T, FTFY
Yep. Course. Didn't you get the memo? It strongishly implied exactly that.
:-|
Normal service resumed --->
How the feck are they going to know who has looked at what? And besides that, they get what they want to look at either in transit or slurp it straight from the data centre. When they do the audit is some EU bod going to walk into the NSA and announce they're here for the audit? Let's face it EU, you lost this before it started, they had you bent over and all you could have asked for is to be spanked a little less hard.
**Europe** Are you spying on us?
**USA** No way.
**Europe** Oh goody. No problem then
**Snowden** They have been spying on you. Here's the proof
**Europe** Naughty USA. You said you weren't spying on us and you were!
**USA** Yes. Sorry. We lied. But we won't do it again
**Europe** Promise?
**USA** Sure!
**Europe** That's all right then.
"**USA** Yes. Sorry. We lied. But we won't do it again
**Europe** Promise?
**USA** Sure!
**Europe** That's all right then."
You've forgotten to take into account the 'annual joint review' - a written commitment by the US, and an audit by both sides:
[Once per year]
** US ** Dear Europe, we can confirm that we will not snoop on your citizens' data. Yours, The US.
** US Sock Puppet** Yup, Europe, I've checked, my country is definitely sticking to its promise, you can take my word on that.
** Europe ** Is your Sock Puppet correct? Are you definitely sticking to your promise not to snoop on us?
** US ** Oh, definitely, definitely. There's no way we'd do that again. No way.
** Europe ** Promise?
** US ** We swear!
** Europe ** Okay, then! We'll be back to check again next year!
What appears to be missing here is the adaptation since the guardian showed that countries were circumventing their own citizens' rights sinze spying through other countres was easier.
** US ** We swear!
** Europe ** Okay, then! We'll be back to check again next year!
** Europe ** btw. we have a couple of queries regarding some of our citizens. Can you provide some more detail on them?
** *US * Well, we'll see what we can do. But wouldn't your laws be broken if we checked on them..
** Europe ** That would be illegal if we did it because we do not have enough grounds to gather serious intelligence on them. But since we suspect them of terrorism you can do almost anything now can you?
** US ** We had a look at your list, but we already supplied 3 other of the 9 Eye countries with information on those. In fact, we did not gather that ourselves. Are you guys sure you need it?
** Europe ** Well, sure enough to ask you but not sure enough to ask any of our European partners that would require stringent checks on whether we actually needed it.
"the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms"
"the US has assured that it does not conduct mass or indiscriminate surveillance of Europeans"
And then they all lived happily ever after in their lovely little cottage in the woods.
This post has been deleted by its author
the US has assured that it does not conduct mass or indiscriminate surveillance of Europeans.
Probably true, but only because they define what they do as something else. Mass and indiscriminate collection of data isn't surveillance in their book.
It's all sophistry. And it's quite depressing that the EU seems to be quite happy with that.
* * * The US is that serial dating monster who rips girls hearts out in a Superman suit. Isn't it about time you shared your bed with someone new Miss EU? Or will you always be the US' bitch * * *
Liar (Rollins Band) - - - https://www.youtube.com/watch?v=jCLizTg9nWo
But if you'll give just one more chance
I swear I'll never lie to you again
Cause now I see the destructive power of a lie,
I can't believe I ever hurt you...
I swear I will never lie to you again
Please just give me more chance,
I'll never lie to you again, no,
I swear, I will never tell a lie,
I will never tell a lie
I will never tell a lie
-
-
HA HA HA HA HA HA HA HA HA!
SUCKER!
SUCKER!
SUCKER!
The best math & engineering minds in the EU build their own crypto-tech not shared with the US. Then they button down the hatches. When the US needs info, they come begging. If its deemed absolutely necessary, then info is exchanged. Otherwise, its just not workable....
No more echelon listening posts / NSA Utah server farm crap... Where was all this glorious tech when Paris, London, NY. burned??? It doesn't work except as a net to catch protestors, whistleblowers, investigative journalists etc, or listen in on lucrative 200m deals for US corporations....
...button down the hatches...
The usual phrase is "batten down the hatches" ... meaning that the entrances to the hold of a wooden sailing ship would be fastened and secured by placing wooden battens over the hatches and tying them down with rope to keep water out in rough seas.
... but "button down" seems strangely apposite, here.
Here we go again, believing that regulators and horse-trading politicians will ever protect our privacy.
The only reason any agreement was hatched yesterday is because industry is screaming blue bloody murder. If it had been left to the pols, they would all be packing up and going home.
This is now a technology and business issue, that has turned into a political issue. The politicians are woefully ill-equipped to deal with it.
Suggestions:
1) Scrap safe harbor. Don't try to replace it with anything. Horse has bolted, barn is in cinders. Sweep up ashes and put them in bin.
2) Allow a one year consultation period for industry leaders, security bods, privacy wonks and others to propose sensible guidelines (not laws, we have enough laws and most are failing to deliver any results). Propose them as good practices which all data stores should/will apply, Stigmatize those that don't.
3) In a sensible forum. we might see outcomes like the following
a) Products and services that enshrine good privacy principles, strong end-to-end encryption, anonymous, least privilege data storage practices, right to be forgotten, right to opt out of intrusive data gathering, etc.
b) In the second stage, and once these principles are fully understood and accepted, insist that court orders and warrants always be necessary (based on the countries current legal systems and practices) to lift people's private. personal, identifiable information into the hands of governments or other prying third parties. In other words, quit pretending that everything has changed because everything is online so anything goes. The context has certainly changed, yes, But people didn't have to read their mail and libraries over an open phone line before and they shouldn't have to now.
What we are also failing to see here, is that bigbrother.gov is only part of the problem. I am also worried about big brother insurance companies, retailers, cyber crooks, banks, employers and others profiling my life. I want to make sure they can't look at pictures of my kids' birthday party unless I say it is OK. We need to work on that too, OK?
We need sound practices that protect us from all data hoover salesman. Right now such practices and concepts exist but they are sparsely and poorly applied. Legislation is too crude a tool for something that moves this quickly. Let industry and the public decide what they want (privacy and anonymity options) and then leave people alone unless they are guilty of something or being investigated via due process. That means profiling, mass surveillance and wholesale gathering of PII must be stopped, period. Breaching those rules could be severely dealt with via fines, and preferably commercial and reputational pain.
@AC:
"What we are also failing to see here, is that bigbrother.gov is only part of the problem. I am also worried about big brother insurance companies, retailers, cyber crooks, banks, employers and others profiling my life. I want to make sure they can't look at pictures of my kids' birthday party unless I say it is OK. We need to work on that too, OK?"
Agree. Your post is laudable but its also very vague!
Where are the specific solutions to any of the problems.... ???
Hmmm, at the risk of repeating myself and ranting just a bit, let's go for some concrete, nay sweeping proposals.
1) Mandatory, strong end-to -end encryption of all public, private PII databases and communications (at rest and in transit). Decryption keys held by the user only, whenever technically feasible
2) Limited gathering of Personally Identifiable Information (in other words only when absolutely necessary, always subject to verification, change and removal by the PII subject/owner)
3) Anonymisation techniques applied to everyone's stored PII data to hinder / prevent profile building by third parties. This includes governments and businesses. Sorry Google, you will figure something out, hopefully you are working on it already.
4) Ability to instantly opt-out of any PII storage by another party. Encryption and pseudo-anonymisation techniques can minimise the need for this but people should always be able to scrub their slate clean, simliar to changing one's name by poll deed. If Amazon want to sell and ship you something that is fine, but store the postal address, phone number and other PII separately from the purchase history.
This isn't really rocket science. Your medical details shouldn't be available to the highest bidder on some carding bazaar. You don't have to leave your personal details every time you buy something from a corner shop, nor should you have to. As for the "right to be forgotten" this is only practical to a certain degree (as Euro legislators will eventually see). It can only be efficiently applied to structured data, IMHO. By design, the Internet is not limited by geographical boundaries. So suck it up and support technologies and methods that will actually work and protect people's privacy instead.
5) 5 year moratorium on all PII storage by all second parties, governments can propose a remove/renew/change option for users / owners. Nothing to hide, nothing to fear? Let individuals decide that for themselves.
6) Absolute (constitutional) requirement for warrants and court orders for any data access by LEAs and SECagencies that wish to circumvent the above protections. I am reasonably OK with cops looking at my record of parking tickets. I am not OK with them potentially prying into everything I write, read, eat, buy, surf etc. after storing it forever in Utah. No f*k it let's anonymise the parking ticket records as well.
This would be a great start. However such initiatives are far too complex to be handled by governments and their porky IT suppliers. This is why the security industry and private sector need to lead by example with publically and freely available standards and tools. Gov should then follow those good, generally accepted, consumer-privacy-friendly best principles, instead of the other way around. If they want to help, they can support said initiatives with positive messages and by staying out of the way. A few ads and speeches (as opposed to trillion dollar panopticons) will also stretch public budgets considerably further. Give yourselves another raise for doing the right thing, after the economy recovers.
Also, please stop spreading lies like "encryption breeds paedos, terrorists, and criminality, kill it before it grows". Instead, try "encryption is a vital component of your online security. Not using it jeopardizes your privacy and economic well-being. Prohibiting or weakening encryption will destroy the development of a successful, thriving digital economy". We might start listening again when you start speaking sense.
the US has assured that it does not conduct mass or indiscriminate surveillance of Europeans
A lie so profound that there ought to be a new word for it. Gigaporky, perhaps. Apart from setting up a PA system in Ireland powerful enough for them to hear it; looping the screamed words "You lying cunts" on a loop (possibly a job for Brian Blessed there) there just does not seem to be a suitable response apart from a sad, tired, "Oh, do fuck off".
I thought that too, but give him his due Chamberlain was attempting to avoid a war that ended up killing 50 million people and that was/is a noble aim, albeit a futile one with hindsight.
This deal has almost no upside for Europe, there's nothing noble about selling off your citizens' rights.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
