Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Most European nations have long had stronger privacy laws than those in the United States. As a result U.S. Internet companies doing business there–incluiding Google, Microsoft, Yahoo, Facebook, and AOL–have signed on to so-called “safe harbor” principles, promising a European level of privacy protection. Now, of course, it appears they’ve also been providing gobs of data about some overseas customers to the U.S. National Security Agency (see “NSA Surveillance Reflects a Broader Interpretation of the Patriot Act”).

Among other fallout, it’s reasonable now to expect E.U. regulators and customers to go nuclear–and U.S. companies to face tough sledding ahead.

I had a chance today to speak with Radu Sion, a computer scientist at Stony Brook University and a leading figure in cloud computing security. “Expect some interesting court battles in the E.U. based on this,” he said. “Any of these companies, if ever they were to admit this, that they allowed the government to have a tap inside their service, which according to the E.U. is not allowed, they probably could get shut down in Europe–specifically Facebook, which has a lot of users in Europe.”

Sion was of course speculating, as most commentators have been doing in the absence of solid information about what has been going on. I asked Sion how the NSA could get hold of data from Internet companies. Sion surmised that the mechanics of the task would either be a direct digital pipeline from the company to the NSA, or some Web-based way for the NSA to submit its request and recieve a response. Either way, he presumes, the surveillance is hardly some secret eavesdropping technology, just a company handover.

You can read the definitions of safe harbor principles here. Note that the first principle requres “notice” about how information is shared: “Organizations must notify individuals about the purposes for which they collect and use information about them. They must provide information about how individuals can contact the organization with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means the organization offers for limiting its use and disclosure.”

I’m no lawyer, but the wholesale transfer of inboxes to the U.S. government arguably qualifies as something that our privacy-minded friends in Europe–if not us surveillance-loving Americans–should be told about.

0 comments about this story. Start the discussion »

Tagged: Communications

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me
×

A Place of Inspiration

Understand the technologies that are changing business and driving the new global economy.

September 23-25, 2014
Register »