Skip to Content

NSA Data-Scooping: A Coming Backlash in Europe?

The same big U.S. Internet companies that reportedly handed over data wholesale to the NSA have been promising compliance with tough EU privacy standards.

Most European nations have long had stronger privacy laws than those in the United States. As a result U.S. Internet companies doing business there–incluiding Google, Microsoft, Yahoo, Facebook, and AOL–have signed on to so-called “safe harbor” principles, promising a European level of privacy protection. Now, of course, it appears they’ve also been providing gobs of data about some overseas customers to the U.S. National Security Agency (see “NSA Surveillance Reflects a Broader Interpretation of the Patriot Act”).

Among other fallout, it’s reasonable now to expect E.U. regulators and customers to go nuclear–and U.S. companies to face tough sledding ahead.

I had a chance today to speak with Radu Sion, a computer scientist at Stony Brook University and a leading figure in cloud computing security. “Expect some interesting court battles in the E.U. based on this,” he said. “Any of these companies, if ever they were to admit this, that they allowed the government to have a tap inside their service, which according to the E.U. is not allowed, they probably could get shut down in Europe–specifically Facebook, which has a lot of users in Europe.”

Sion was of course speculating, as most commentators have been doing in the absence of solid information about what has been going on. I asked Sion how the NSA could get hold of data from Internet companies. Sion surmised that the mechanics of the task would either be a direct digital pipeline from the company to the NSA, or some Web-based way for the NSA to submit its request and recieve a response. Either way, he presumes, the surveillance is hardly some secret eavesdropping technology, just a company handover.

You can read the definitions of safe harbor principles here. Note that the first principle requres “notice” about how information is shared: “Organizations must notify individuals about the purposes for which they collect and use information about them. They must provide information about how individuals can contact the organization with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means the organization offers for limiting its use and disclosure.”

I’m no lawyer, but the wholesale transfer of inboxes to the U.S. government arguably qualifies as something that our privacy-minded friends in Europe–if not us surveillance-loving Americans–should be told about.

Keep Reading

Most Popular

Death and Jeff Bezos
Death and Jeff Bezos

Meet Altos Labs, Silicon Valley’s latest wild bet on living forever

Funders of a deep-pocketed new "rejuvenation" startup are said to include Jeff Bezos and Yuri Milner.

tonga eruption
tonga eruption

Tonga’s volcano blast cut it off from the world. Here’s what it will take to get it reconnected.

The world is anxiously awaiting news from the island—but on top of the physical destruction, the eruption has disconnected it from the internet.

mouse engineered to grow human hair
mouse engineered to grow human hair

Going bald? Lab-grown hair cells could be on the way

These biotech companies are reprogramming cells to treat baldness, but it’s still early days.

conceptual illustration showing various women's faces being scanned
conceptual illustration showing various women's faces being scanned

A horrifying new AI app swaps women into porn videos with a click

Deepfake researchers have long feared the day this would arrive.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.