Skip to Content

NSA Data-Scooping: A Coming Backlash in Europe?

The same big U.S. Internet companies that reportedly handed over data wholesale to the NSA have been promising compliance with tough EU privacy standards.

Most European nations have long had stronger privacy laws than those in the United States. As a result U.S. Internet companies doing business there–incluiding Google, Microsoft, Yahoo, Facebook, and AOL–have signed on to so-called “safe harbor” principles, promising a European level of privacy protection. Now, of course, it appears they’ve also been providing gobs of data about some overseas customers to the U.S. National Security Agency (see “NSA Surveillance Reflects a Broader Interpretation of the Patriot Act”).

Among other fallout, it’s reasonable now to expect E.U. regulators and customers to go nuclear–and U.S. companies to face tough sledding ahead.

I had a chance today to speak with Radu Sion, a computer scientist at Stony Brook University and a leading figure in cloud computing security. “Expect some interesting court battles in the E.U. based on this,” he said. “Any of these companies, if ever they were to admit this, that they allowed the government to have a tap inside their service, which according to the E.U. is not allowed, they probably could get shut down in Europe–specifically Facebook, which has a lot of users in Europe.”

Sion was of course speculating, as most commentators have been doing in the absence of solid information about what has been going on. I asked Sion how the NSA could get hold of data from Internet companies. Sion surmised that the mechanics of the task would either be a direct digital pipeline from the company to the NSA, or some Web-based way for the NSA to submit its request and recieve a response. Either way, he presumes, the surveillance is hardly some secret eavesdropping technology, just a company handover.

You can read the definitions of safe harbor principles here. Note that the first principle requres “notice” about how information is shared: “Organizations must notify individuals about the purposes for which they collect and use information about them. They must provide information about how individuals can contact the organization with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means the organization offers for limiting its use and disclosure.”

I’m no lawyer, but the wholesale transfer of inboxes to the U.S. government arguably qualifies as something that our privacy-minded friends in Europe–if not us surveillance-loving Americans–should be told about.

Keep Reading

Most Popular

Here’s how a Twitter engineer says it will break in the coming weeks

One insider says the company’s current staffing isn’t able to sustain the platform.

Technology that lets us “speak” to our dead relatives has arrived. Are we ready?

Digital clones of the people we love could forever change how we grieve.

How to befriend a crow

I watched a bunch of crows on TikTok and now I'm trying to connect with some local birds.

Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not

Elon said no thanks to using his mega-constellation for navigation. Researchers went ahead anyway.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.