U.S. Cloud Vendors Hurt By NSA

Edward Snowden’s public unveiling of the National Security Agency’s Prism surveillance program could cause U.S. providers of cloud-based services to lose 10% to 20% of the foreign market — a slice of business valued at up to $35 billion.

A new report from the Information Technology & Innovation Foundation (ITIF) concludes that European cloud computing companies, in particular, might successfully exploit users’ fears about the secret data collection program to challenge U.S. leadership in the hosted services business.

Daniel Castro, author of the report, acknowledges that the conclusions are based, so far, on thin data, but nonetheless argues that the risks to U.S. cloud vendors are real.

Indeed, a month prior, the Cloud Security Alliance reported that in a survey of 207 officials of non-U.S. companies, 10% of the respondents said that they had canceled contracts with U.S. service providers after Snowden’s leak of NSA Prism documents earlier this year.

“If U.S. companies lose market share in the short term, it will have long-term implications on their competitive advantage in this new industry,” said Castro in the ITIF report. “Rival countries have noted this opportunity and will try to exploit it.”

To counter such efforts, the U.S. must challenge overstated claims about the program by foreign companies and governments, said Jason Weinstein, a partner in the Washington office of law firm Steptoe & Johnson and a former federal prosecutor and deputy assistant attorney general specializing in computer crime.

“There are a lot of reasons to be concerned about just how significant those consequences will be,” Weinstein said. “The effort by European governments and European cloud providers to cloud the truth about data protection in the U.S. was going on well before anyone knew who Edward Snowden was. It just picked up new momentum once the Prism disclosures came out.”

Weinstein contends that European countries have fewer data protection rules than the U.S.

For example, he said that in the U.K. and France, a wiretap to get content can be issued by a government official without court authority, but that can’t happen in the U.S.

“U.S. providers have done nothing other than comply with their legal obligations,” he said. But because of Snowden’s leaks, “they are facing potentially significant economic consequences.”

Gartner analyst Ed Anderson said his firm has yet to see any revenue impact on cloud providers since the Prism disclosures, but added, “I don’t think Prism does U.S. providers any favors, that’s for sure.”

Nonetheless, Anderson added, “I think the reality is [the controversy] is likely to die down over time, and we expect adoption to probably continue on the path that it has been on.”

One reason why U.S. providers may not suffer is because “the alternatives aren’t great if you are a European company looking for a cloud service,” he said.

Source

Google Snubs Privacy

Search giant Google has told the British government it is immune to prosecution on privacy issues and it can do what it like. The US Company is accused of illegally snooping on its British customers by bypassing privacy settings on Apple devices, such as iPads, to track their browsing history.

A group of British people took Google to court but the search engine is trying to get the case thrown out. Its argument is that it is not subject to British privacy law because it is based in California. This is the second time that Google has tried to avoid British law by pretending to operate in another country. It has come under fire for failing to pay tax in the UK

Nick Pickles, director of Big Brother Watch, said: ‘It is deeply worrying for a company with millions of British users to be brazenly saying they do not regard themselves bound by UK law. Solicitor Dan Tench, of law firm Olswang, said this was another instance of Google being here when it suits them and not being here when it doesn’t. Ironically when the US ordered Google to stop what it was doing, it forced the search engine to pay a $22.5million to regulators.

There are some indications that Google may not get its way. In July the Information Commissioner’s Office told Google its privacy rules breached UK law so it will be very hard for it to stand up in court and say it didn’t.

Source

Google Fights NSL Over Data Privacy

Google is fighting a National Security Letter (NSL) issued by the US government, with the Electronic Frontier Foundation (EFF) acknowledging it is one of the first firms to do so.

Google took the unusual step last month of revealing, albeit in vague terms, the number of NSLs it received from the US government. At the time the company said it was working with the authorities to improve transparency around the subject, but according to court filings it is also fighting against handing over users’ data.

In March, Google filed a petition to set aside a legal process. Kevan Fornasero, a lawyer for Google said in the filing that petitions “filed under Section 3511 of Title 18 to set aside legal process issued under Section 2709 of Title 18 must be filed under seal because Section 2709 prohibits disclosure of the legal process”.

Fornasero’s reference to Section 2709 refers to the ability of the FBI to issue NSLs and force the handover of user data. According to the EFF, Google is one of the first communications companies to fight an NSL, but because Section 2709 doesn’t allow firms to disclose the legal process, few people can be certain that others haven’t tried to stand up to the US government.

Matt Zimmerman, a lawyer for the EFF said, “The people who are in the best position to challenge the practice are people like Google. So far no one has really stood up for their users’ among large Internet service providers.”

Google has tried in recent years to provide users with some information on how it deals with government agencies’ requests for user data. If the firm can succeed in its fight against NSLs then it could open the floodgates for others to stand up against a law that some see to be nothing more than a snooper’s charter.

Source

Privacy Advocates & Lawmakers Push For Google Probe

Privacy groups and lawmakers are pushing for a new and more expansive investigation into Google and its privacy practices after the U.S. Federal Communications Commission announced that it found no evidence that the company violated eavesdropping laws.

Late last week, the FCC reported that there was no legal precedent to find fault with Google collecting unprotected home Wi-Fi data, such as personal email, passwords and search histories, with its roaming Street View cars between 2007 and 2010.

However, the FCC did fine Google $25,000 for obstructing its investigation.

A Google spokesperson took issue with the fine.

“We disagree with the FCC’s characterization of our cooperation in their investigation and will be filing a response,” said the spokesperson in an email to Computerworld. “It was a mistake for us to include code in our software that collected payload data, but we believe we did nothing illegal. We have worked with the relevant authorities to answer their questions and concerns.”

The Electronic Privacy Information Center (EPIC), a national privacy watchdog, disagreed with the FCC findings.

In a letter sent to U.S. Attorney General Eric Holder today, EPIC asked that the Department of Justice investigate Google’s surreptitious collecting of Wi-Fi data from residential networks.

“Given the inadequacy of the FCC’s investigation and the law enforcement responsibilities of the attorney general, EPIC urges the Department of Justice to investigate Google’s collection of Wi-Fi data from residential Wi-Fi networks,” wrote Mark Rotenberg, executive director of the advocacy group.

“By the [FCC’s] own admission, the investigation conducted was inadequate and did not address the applicability of federal wiretap law to Google’s interception of emails, usernames, passwords, browsing histories and other personal information,” Rotenberg added.

Source…