Posted by Kevin on March 9, 2016.
Why does the European Commission continue to insist that Privacy Shield will protect European data from unauthorized US government access when anyone with half a brain cell knows it won’t?
Here’s an example, somewhat abstracted from a report in Bloomberg. The FBI (you might possibly have already heard about this) is demanding that Apple develop software that will allow the LEA to access the content of an iPhone (or more specifically to gain access without wiping the content). Done once, that would be available for all iPhones.
Bloomberg raises the potential effect of this demand on Europe and the Privacy Shield:
Data-protection regulators will probably “be thinking about the FBI’s demands on Apple when reviewing the viability of the [privacy] shield and its level of safeguards,” said Wim Nauwelaerts, a privacy lawyer at Hunton & Williams LLP in Brussels.
Well, if they’re not, they bloody well should be. The EC, predictably, says there is no problem:
The European Commission, which led negotiations with the U.S., insisted that the questions related to the Apple case aren’t comparable.
“The whole concept of the shield in relation to national security and law enforcement is to set out clear limitations and safeguards to what might be technically feasible for U.S. authorities,” said Christian Wigand, a spokesman for justice policy. “And we will of course hold the U.S. accountable to these strong commitments made through a monitoring and review system put in place through the shield.”
Well, let’s see. Let’s assume I’m visiting friends in, I don’t know, say Monte Vista, Colorado; and I’m carrying my iPhone full of my personal European information with me. Generally speaking, the FBI would need a court order or other legal device in order to seize and search that iPhone. That legal device would make it acceptable under Privacy Shield.
Except, of course, when I first arrive in the US. Here the authorities can invoke the long established doctrine of the ‘border search exception’. This, supported by court opinions, would allow LEAs to seize and search any electronic device I might be carrying – including an iPhone. No court order is required. And if Apple is forced to give the FBI the facility to bypass the iPhone’s secure access, they’re in and can clone the content within minutes.
I can see nothing in Privacy Shield to prevent this. The only real difference I can see between Privacy Shield and Safe Harbor is that Privacy Shield will, hopefully, provide ‘redress’. But I don’t want redress. Redress won’t protect my personal information. I want prevention. And it’s about time that the European Commission accepted that its duty lies towards European citizens and not US LEAs, intelligence agencies, and business.Submitted in: Expert Views, Kevin Townsend's opinions |