Skip to Content
MIT Technology Review
  • Featured
  • Topics
  • Newsletters
  • Events
  • Podcasts
    • Sign in

    NSA Data-Scooping: A Coming Backlash in Europe?

    The same big U.S. Internet companies that reportedly handed over data wholesale to the NSA have been promising compliance with tough EU privacy standards.
    June 7, 2013

    Most European nations have long had stronger privacy laws than those in the United States. As a result U.S. Internet companies doing business there–incluiding Google, Microsoft, Yahoo, Facebook, and AOL–have signed on to so-called “safe harbor” principles, promising a European level of privacy protection. Now, of course, it appears they’ve also been providing gobs of data about some overseas customers to the U.S. National Security Agency (see “NSA Surveillance Reflects a Broader Interpretation of the Patriot Act”).

    Among other fallout, it’s reasonable now to expect E.U. regulators and customers to go nuclear–and U.S. companies to face tough sledding ahead.

    I had a chance today to speak with Radu Sion, a computer scientist at Stony Brook University and a leading figure in cloud computing security. “Expect some interesting court battles in the E.U. based on this,” he said. “Any of these companies, if ever they were to admit this, that they allowed the government to have a tap inside their service, which according to the E.U. is not allowed, they probably could get shut down in Europe–specifically Facebook, which has a lot of users in Europe.”

    Sion was of course speculating, as most commentators have been doing in the absence of solid information about what has been going on. I asked Sion how the NSA could get hold of data from Internet companies. Sion surmised that the mechanics of the task would either be a direct digital pipeline from the company to the NSA, or some Web-based way for the NSA to submit its request and recieve a response. Either way, he presumes, the surveillance is hardly some secret eavesdropping technology, just a company handover.

    You can read the definitions of safe harbor principles here. Note that the first principle requres “notice” about how information is shared: “Organizations must notify individuals about the purposes for which they collect and use information about them. They must provide information about how individuals can contact the organization with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means the organization offers for limiting its use and disclosure.”

    I’m no lawyer, but the wholesale transfer of inboxes to the U.S. government arguably qualifies as something that our privacy-minded friends in Europe–if not us surveillance-loving Americans–should be told about.

    Keep Reading

    Most Popular

    How Rust went from a side project to the world’s most-loved programming language

    For decades, coders wrote critical systems in C and C++. Now they turn to Rust.

    The inside story of how ChatGPT was built from the people who made it

    Exclusive conversations that take us behind the scenes of a cultural phenomenon.

    Design thinking was supposed to fix the world. Where did it go wrong?

    An approach that promised to democratize design may have done the opposite.

    Sam Altman invested $180 million into a company trying to delay death

    Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.

    Stay connected

    Illustration by Rose Wong

    Get the latest updates from
    MIT Technology Review

    Discover special offers, top stories, upcoming events, and more.

    Thank you for submitting your email!

    Explore more newsletters

    It looks like something went wrong.

    We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.