U.S. intelligence agencies have been given carte blanche to monitor activists, journalists, politicians and others across Europe and elsewhere following an amendment to a spy law that legalizes “heavy-calibre mass-surveillance” of Cloud data, says the author of a new report for the European Parliament.
The Foreign Intelligence Surveillance Act (FISA), originally introduced in 2008 to retroactively legalize “warrantless wiretapping,” has been amended to include Cloud services operated by U.S. companies such as Google and Facebook.
While U.S. citizens are excused this intrusion thanks to the Fourth Amendment, it now means the U.S. can legally access the personal data of any non-U.S. citizen outside of the U.S. if it is stored in a Cloud service run by a U.S. company.
“In other words, it is lawful in the U.S. to conduct purely political surveillance on foreigners’ data accessible in U.S. Clouds,” says the report, Fighting Cyber Crime and Protecting Privacy in the Cloud issued by the Centre for the Study of Conflicts, Liberty and Security.
Under the existing law, U.S. intelligence agencies legally monitor phone calls and emails in and out of the country without obtaining a warrant. Now “remote computing services” have been added to the list of targets.
This, says the report, has “very strong implications on EU data sovereignty and the protection of its citizens’ rights.” And it says the amendments specifically target real-time communications and Cloud data linked to “foreign-based political organizations.”
Although there were heated debates across Europe following the U.S. Patriot Act of 2001 authorizing direct access to EU data, little has appeared in the European Press about the latest move which the report says poses a far greater threat with its “heavy-calibre mass-surveillance fire-power aimed at the Cloud.”
According to Caspar Bowden, co-author of the report and former chief privacy adviser to Microsoft Europe, FISA is effectively “a carte blanche for anything that furthers U.S. foreign policy interests.”
In an interview with Slate, Bowden warns that the amendment now legalizes the monitoring of European activists, journalists and politicians engaged in any issue in which the United States has a stake.
Bowden says FISA specifically allows for “continuous mass-surveillance of ordinary, lawful democratic political activities” and warns that Cloud providers like Google and Facebook could be obliged to apply live “wiretaps” on European users’ data.
The report says EU citizens should be given clear warnings that any data they store in the Cloud is open to direct scrutiny by Federal authorities and it recommends that EU citizens be given the same rights as Americans in U.S. courts.