Britain’s ambitious plans to store all government data on the so-called G-Cloud have led to warnings from the European Union that security will be compromised now that U.S. intelligence agencies have the legal right to survey all data held on U.S. owned Cloud services.
At least four U.S. companies are involved in the U.K. government’s G-Cloud project which Whitehall hopes will slash costs and “deliver fundamental changes in the way the public sector procures and operates.”
Eventually, it is hoped the G-Cloud will hold the bulk of State data in addition to that of schools, charities, the BBC and police, even the Bank of England.
While the recent amendments to the Foreign Intelligence Surveillance Act (FISA) have received scant attention in the British Press, there are a few Members of Parliament so concerned that they want Britain to think about ending all intelligence cooperation with the U.S.
“The Americans have got to remember who their allies are and who their enemies are,” Conservative MP David Davis told The Independent, warning of “a whole cascade of constitutional and privacy concerns for ordinary British people”.
Cloud storage is increasingly popular in the U.K. where around 35 per cent of businesses and an unknown number of private users employ some form of remote storage from U.S. based companies like Apple, Amazon and Google. The government wants to see even greater use of Cloud storage across all sectors in what it describes as a robust “public cloud first policy.”
The FISA amendments now give the CIA and NSA the right to access all this data not just in Britain or Europe, but anywhere in the world. U.S. citizens are excused this intrusion by the Fourth Amendment, but everybody else is included.
In the case of Britain, by putting all government data online – including health and criminal records – every facet of peoples’ lives will be open to scrutiny by intelligence analysts across the Atlantic.
Many warn that this will also lead to activists, journalists, politicians, Muslims and others being specifically targeted without the need to justify national security.
“In other words, it is lawful in the U.S. to conduct purely political surveillance on foreigners’ data accessible in U.S. Clouds,” warns the report for the European Parliament, Fighting Cyber Crime and Protecting Privacy in the Cloud by the Centre for the Study of Conflicts, Liberty and Security.
While most of the attention has been focused on Cloud storage and the effect FISA will have on Europe, the actual wording of the amendment speaks of “remote computing services” which could literally mean anything stored on a computer other than your own.
As it is, every financial transaction passes through U.S. intelligence channels. With the new extension, no stone need remain unturned. Every time you comment on a book, join a club, or do absolutely anything that passes through a computer owned by a U.S. company, you are open to scrutiny.
The Cloud, however, comes with other concerns. There is debate as to who legally owns what if it is stored or edited in the Cloud, and you can’t even bequest your online music collection to a loved one when you die.
NSA aside, hackers can easier access data en-route to the Cloud than they can on a local area network, and the Cloud administrators might one day be compromised. The companies themselves may go bust or be taken over. They might suffer some catastrophic event or decide to amended their terms and conditions.
The European Union is being urged to add a warning to all U.S. based Cloud services, with clear wording that anything stored in the Cloud will be under direct scrutiny by Federal authorities. The report also wants to see E.U. citizens given the same rights as Americans in U.S. courts.
“A lot of people wouldn’t realize where data is stored, and hence wouldn’t expect to be subject to U.S. law,” cautions another Member of Britain’s Parliament, Julian Huppert of the Liberal Democrats.
He wants to know if the government has received any guarantee from Washington that sensitive data will not be scrutinized as foreign intelligence fodder.
“If the U.S. will not give a clear assurance about government data,” he says. “Then we will have to stop using the Cloud, as we cannot allow that to happen.”