Zero Privacy has Arrived!


OPINIONS ON THE RECENT INTRODUCTION OF THE CLOUD ACT (CLARIFYING LAWFUL OVERSEAS USE OF DATA)

APRIL 05TH

Zero Privacy has Arrived!¹

In signing the $1.3 trillion spending bill, the US Senate also turned the CLOUD Act into law. Without a warrant and with few restrictions, the U.S. and foreign authority can seize all your private emails, your online chats, your photos, … your private life online. In short, your privacy is reduced to zero.

The S.2383 Bill introduced to the US Senate on the 6th of February 2018² came as a surprise to all of us, not least because of the way it was snuck into a 2,232 page counting document.

Reading through the CLOUD Act, one can see lots of key words like “qualifying foreign government” or “executive agreement”, all of which are subject to very elastic legal interpretations, likely allowing for backdoors to bypass the 4th Amendment.³

In summary, the CLOUD Act legally compels service providers to disclose information to:

  • Any investigative party of the US government.
  • Any foreign authority making a request.

Basically, almost anybody can ask for cloud data disclosure, without a legal mandate and with minimal restrictions. For example:

  • Police forces and other governmental institutions can sniff the wire without any legal mandate.
  • Any foreign country can request the disclosure of data without a legal mandate.
  • Data can be collected and disclosed without consent.

The consequences are a giant leap towards zero privacy for:

  • US citizens and other lawful permanent residents.
  • Foreign governments within an executive agreement.

Should we just accept the views of former Sun Microsystems CEO Scott McNealy—“You have zero privacy anyway. Get over it”—as stated back in 1999?4 I do not think so! As cloud service providers we have an obligation towards our clients to protect their data, and to do all that we can to guarantee full transparency with regard to the use and lawful processing of that data.

Klarrio is a global company operating in 3 continents. It will always consider data disclosure requests on a case-by-case basis, and respect current local data protection laws. Data protection laws5 are different across countries, and this complexifies business on a global scale. It is high time for a single, united, cross-border law for all data on the planet, as already exists for global human rights. As a reminder, cybercrime is borderless, and so should be the laws which are put in place to protect us.

Klarrio will certainly not release the data (of either individuals or corporations) to just anybody who asks for it based on the CLOUD Act. The following conditions must be met before any disclosure will take place:

  • The consent of the data owner must be given.
  • And/or a lawful request must be made with a legal mandate.
  • And the request must not violate or conflict with local laws.

In other words, before releasing any information to a third party, Klarrio will ensure that the third party is in possession of a judicial command issued by a court or magistrate.

Certainly, with regard to data requests concerning an EU-citizen, it is important to file a motion to the court to modify or outright quash the legal process within 14 days. I would recommend this as a standard practice, as such data requests are in violation of the GDPR data protection laws of the EU. During the pendency of the motion, Klarrio absolutely will not disclose any information, and will wait for the final mandate of the court.

Whether or not the CLOUD Act is eventually signed, good information security and governance practice must be enforced. It will remain a top priority of Klarrio to continuously invest into information security, data governance, and privacy. We will continue to comply with regulatory requirements, and improve our own practices, in order to provide our clients the best-in-class security, data governance, and privacy.

————

About

 Dario Rossa is an accomplished and highly capable Technology executive with extensive leadership and management skills, and strong business acumen gained in the Information Technology, Telecommunications, Financial Services and Government industries. CDO and Co-founder of Klarrio, a one-stop shop for all professional integration services related to IoT analytics leveraging enterprise cloud native technologies, Visiting-Professor at the KULeuven, teaching Strategy and International Business, Recent Developments in Science and Technology (Information Security and Risk Management) and Project Management. Dario received his Global Executive MBA from TRIUM (NYU, HEC Paris, LSE) and Electronic Engineering and Information Technology degree from University College for Science and Arts in Brussels. He can be reached at dario.rossa@klarrio.com

————

[1] After analogy of: “Le Beaujolais nouveau est arrivé! (The new Beaujolais has arrived!)”
[2] https://www.congress.gov/bill/115th-congress/senate-bill/2383/text
[3] The Fourth Amendment (Amendment IV) to the United States Constitution is part of the Bill of Rights that prohibits unreasonable searches and seizures.
[4] https://www.isaca.org/Journal/archives/2016/volume-4/Pages/the-new-age-of-near-zero-privacy.aspx
[5] https://www.dlapiperdataprotection.com/

Bitnami