Safe Harbour is dead and ubiquitous cloud computing too

Alastair Aitken 6 May 2014 0




The US government is fighting desperately on behalf of the US cloud computing industry with its announcement that US privacy laws will probably be extended to non-US citizens. This is somewhat counter to a US court determining that it’s entirely legal for US agencies to grab data from the server of any US company regardless of the laws of the country where that data actually resides. So any non-US citizen whose privacy has been violated by a US organisation will have some right of redress not via their national judicial system but via the US court system – well, good luck with that.

This is a rearguard action by the US; an attempt to save the US-EU Safe Harbour framework, which the European Parliament has determined has been so undermined by US government agencies that it should be suspended. But it’s all deliberately disingenuous; political pretension to act morally whilst having no intention whatsoever of curtailing any of the multitude of spying programs currently operating. Programs that are spying on both US and non-US citizens.

Any port in a storm

The US EU Safe Harbour framework allows US companies to process data on EU citizens outside of European legal protections providing that they meet certain US legal requirements. On the US side of things, privacy is overseen by a mishmash of legislation, regulation and – that most useless of all controls when dealing with companies dedicated to making money above all other regards – self-regulation. In fact, a US company can actually self-certify compliance which must give its shareholders a warm fuzzy feeling whilst leaving EU citizens somewhat sceptical; were they actually made aware of this smoke-and-mirrors appearance of privacy protection. What happens when a US company is trying to land a big juicy contract in the EU that requires holding data on EU citizens? Will it cut corners and self-certify in order to land a profit or will its primary concern be the privacy requirements of EU citizens who have no rights or realisable means of redress under US law? Hmm, that’s a toughie.

Circle of trust

Once trust is broken, it’s impossible for it to return fully. It’s probably safe to say that trust has been broken.

For a corporatocracy such as the US, the only pressure for change is coming from hurting the bottom line, which is happening. Cisco cited concerns over US spying as the probable reason for plummeting sales in China – particularly ironic given that the US has claimed that a similar Chinese company, Huawei, is spying on it. Beyond cloud computing companies, other US concerns are starting to feel the backlash against US government spying. Brazil has surprised many by agreeing to purchase new jet fighters from Sweden rather than Boeing, citing NSA spying as the deal-breaker.

Has the US demonstrated enough faux repentance to allow Safe Harbour to continue? From the lack of guarantees given to Angela Merkel during her meeting with Barak Obama that the US will stop spying on her personally, it would seem that the culprits have yet to fully comprehend their crimes.




Alastair Aitken (124 Posts)

As a contract developer and manager I’ve worked in a wide range of enterprises in a variety of countries where I’ve encountered everything from great work, awful work, bizarre work, all the way down to quasi-legal work. If you think that you recognise your own organisation within my articles then you’re undoubtedly wrong, where you work isn’t that unique.

Leave A Response »