Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference.

Similar presentations


Presentation on theme: "Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference."— Presentation transcript:

1 Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference “Law Enforcement Access to the Cloud” March 19, 2012

2 Outline Why law enforcement shift to cloud records – Volume of data up – Adoption of encryption in communications – Cloud best chance to get the data E.U. practices for law enforcement & national security – U.K. law – Need much more transparency to compare to U.S. practices

3 Encrypted Communications, Now Ahah! Make it easy for the user Webmail - Gmail, Hotmail – 2010 Blackberry/RIM Virtual Private Networks Facebook enables it SSL standard for E-commerce (credit cards) Skype and other VoIP The result – lawful access at ISP or local telco only gets encrypted content

4 Ways to Grab Communications 1.Break the encryption (but today is strong crypto) 2.Grab comms in the clear (CALEA doesn’t apply to , data) 3.Grab comms with spyware before or after encrypted (not good cybersecurity) 4.Grab stored communications, such as in the cloud My thesis: #4 is becoming FAR more important

5 When All Else Fails: The Pipe to the Cloud

6 UK & Data Protection (Based on research of Ian Brown, Oxford) Data Protection Act 1998 – L.E. & N.S. broad exemptions – Permits voluntary agreements with L.E. or N.S. agencies to turn over stored records E.U. Data Retention Directive in effect, despite data protection authority concerns

7 U.K. & Lawful Access Regulation of Investigatory Powers Act 2000 – Subscriber and traffic data, no court order – Telecomm providers must facilitate lawful interception, similar to CALEA Counter Terrorism Act 2008 – Appears to override obligations of confidentiality, for disclosure to intelligence agencies For content intercepts – Automated search appears OK if originate or terminate outside of UK

8 EU & US on Lawful Access How to resolve the EU allegations that cloud services should be kept in the EU due to “Patriot Act”? Resolution requires a good comparison of EU & US Transparency – U.K. law may well have less court supervision than U.S. law – Lack of clear description of law elsewhere in E.U. – Even less transparency about actual practice: “difficult to ascertain” – Dropping L.E. & N.S. from the draft Regulation sign of continued lack of transparency Should resolve growing dispute based on accurate understanding, not allegations

9 Thank you.


Download ppt "Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference."

Similar presentations


Ads by Google