1 / 9

Lawful Access in the EU: The Pipe to the Cloud?

This conference presentation explores the shift of law enforcement to accessing data in the cloud, discussing the volume of data, encryption, EU practices, UK law, and the need for transparency.

frankl
Download Presentation

Lawful Access in the EU: The Pipe to the Cloud?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Lawful Access in the EU:The Pipe to the Cloud? Professor Peter Swire Ohio State University& Future of Privacy Forum Georgetown Law School Conference “Law Enforcement Access to the Cloud” March 19, 2012

  2. Outline • Why law enforcement shift to cloud records • Volume of data up • Adoption of encryption in communications • Cloud best chance to get the data • E.U. practices for law enforcement & national security • U.K. law • Need much more transparency to compare to U.S. practices

  3. Encrypted Communications, Now • Ahah! Make it easy for the user • Webmail - Gmail, Hotmail – 2010 • Blackberry/RIM • Virtual Private Networks • Facebook enables it • SSL standard for E-commerce (credit cards) • Skype and other VoIP The result – lawful access at ISP or local telco only gets encrypted content

  4. Ways to Grab Communications • Break the encryption (but today is strong crypto) • Grab comms in the clear (CALEA doesn’t apply to email, data) • Grab comms with spyware before or after encrypted (not good cybersecurity) • Grab stored communications, such as in the cloud • My thesis: #4 is becoming FAR more important

  5. When All Else Fails:The Pipe to the Cloud

  6. UK & Data Protection • (Based on research of Ian Brown, Oxford) • Data Protection Act 1998 • L.E. & N.S. broad exemptions • Permits voluntary agreements with L.E. or N.S. agencies to turn over stored records • E.U. Data Retention Directive in effect, despite data protection authority concerns

  7. U.K. & Lawful Access • Regulation of Investigatory Powers Act 2000 • Subscriber and traffic data, no court order • Telecomm providers must facilitate lawful interception, similar to CALEA • Counter Terrorism Act 2008 • Appears to override obligations of confidentiality, for disclosure to intelligence agencies • For content intercepts • Automated search appears OK if originate or terminate outside of UK

  8. EU & US on Lawful Access • How to resolve the EU allegations that cloud services should be kept in the EU due to “Patriot Act”? • Resolution requires a good comparison of EU & US • Transparency • U.K. law may well have less court supervision than U.S. law • Lack of clear description of law elsewhere in E.U. • Even less transparency about actual practice: “difficult to ascertain” • Dropping L.E. & N.S. from the draft Regulation sign of continued lack of transparency • Should resolve growing dispute based on accurate understanding, not allegations

  9. Thank you.

More Related