Where the hell are the FTC, Silicon Valley, and CDT when human rights and privacy are on the line? If the United States announced that it had been installing malware on 2% of all the laptops that crossed US borders, the lawsuits would be flying thick and fast, and every company in Silicon Valley would be rolling out technical measures to defeat the intrusion. But when China injects malware into 2% of all the computers whose queries cross into Chinese territory, no one says boo.
Latest in Safe Harbor
Although it is a close call, the decision of the Court of Justice of the European Union (CJEU) in Schrems v. Data Protection Commissioner may turn out to be the most important consequence of the Snowden revelations. The CJEU invoked fears of NSA surveillance to strike down the safe harbor agreement that makes it easy for American companies to transfer personal information of Europeans to the United States.
What good is CISA, anyway?
Now that both the House and Senate have passed information sharing bills that are strikingly similar but not identical, the prospects for a change in the law are good. But what are those changes, and how much difference will they make to network defenders?
Many of us on this side of the Atlantic have believed for a long time that citizens’ data is protected as well or better from government access in the United States than it is in Europe, notwithstanding the extraordinary and emotional contrary narrative spurred by the Snowden revelations. Europeans nevertheless continue to challenge U.S. procedures for protecting information. In at least one respect, their position has merit: European citizens have heretofore had no standing to challenge alleged abuse of their data in this country. It appears that may be about to change.
As I explained in my last post, American constitutional law requires that plaintiffs show they have been the subject of surveillance in order to establish standing to challenge intelligence programs in court. The intelligence community sees a narrow standing requirement of Article III as a feature of the United States Constitution. Human rights lawyers regard it as a bug.
Are Russian hacker-spies a bunch of lethargic government drones more interested in smash-and-grabs than stealth? That’s one of the questions we pose to Mikko Hypponen in episode 86 (right after we ask about how to pronounce his name; turns out, that’s harder than you think). Mikko is the Chief Research Officer at F-Secure and a long-time expert in computer security who has spoken and consulted around the world for over 20 years.
Yesterday, DataGuidance and Sidley Austin LLP hosted a live Q&A wilth Giovanni Buttarelli, the European Data Protection Supervisor (EDPS), to discuss the state of play following the European Court of Justice's decision in Schrems v. Data Protection Commissioner, which effectively invalidated the Safe Harbor framework.
Mr. Buttarelli outlines how the situation is being resolved and what practical options companies can consider in the wake of the decision.
For years, European officials have been asking for the United States to make available to citizens of the European Union some form of redress for privacy harms. To address this concern, one idea has been to amend the Privacy Act to allow foreign citizens the right to challenge how the US government handles their data. Officials in the US and Europe share an interest in pretending this proposal would do something for EU citizens who fear surveillance by the NSA. We should drop the pretense: the Privacy Act does nothing to provide meaningful redress for NSA targets.
In episode 84 our guest is Jack Goldsmith, Professor at Harvard Law School, a Senior Fellow at the Hoover Institution at Stanford University, and co-founder of the Lawfare blog. Before coming to Harvard, he served as Assistant Attorney General, Office of Legal Counsel and as Special Counsel to the Department of Defense.
In my last post, I argued that surveillance reform is the only way to ensure continued data flows between the US and the European Union. In this post, I will begin to explore whether there is a practical way to amend US surveillance law that might satisfy the concerns expressed by the Court of Justice of the European Union (CJEU) in Schrems v. Data Protection Commissioner.