“London – All personal information stored by British internet users on major “cloud” computing services including Google Drive can be spied upon routinely without their knowledge by US authorities under newly-approved legislation, it can be disclosed.
Cloud computing has exploded in recent years as a flexible, cheap way for individuals, companies and government bodies to remotely store documents and data. According to some estimates, 35 per cent of UK firms use some sort of cloud system – with Google Drive, Apple iCloud and Amazon Cloud Drive the major players.
But it has now emerged that all documents uploaded on to cloud systems based in the US or falling under Washington’s jurisdiction can be accessed and analysed without a warrant by American security agencies.
The Foreign Intelligence Surveillance Act, known as FISA, allows US government agencies open access to any electronic information stored by non-American citizens by US-based companies. Quietly introduced during the dying days of President George W Bush’s administration in 2008, it was renewed over Christmas 2012.
But only now are privacy campaigners and legal experts waking up to the extent of the intrustion. Caspar Bowden, who was chief privacy adviser to Microsoft Europe for nine years until 2011, said: “What this legislation means is that the US has been able to mine any foreign data in US Clouds since 2008, and nobody noticed.”
Significantly, bodies such as the National Security Agency, the FBI and the CIA can gain access to any information that potentially concerns US foreign policy for purely political reasons – with no need for any suspicion that national security is at stake – meaning that religious groups, campaigning organisations and journalists could be targeted.
The information can be intercepted and stored in bulk as it enters the US via undersea cables crossing the Atlantic Ocean.
Mr Bowden, who now works as an independent advocate for privacy rights and co-authored a report for the European Parliament warning of the threat to clouds posed by FISA, criticised the UK Information Commissioner’s Office for giving free rein to the US authorities.
The body which polices data protection laws in the UK effectively ruled that companies were right to pass information over to foreign government requests as the disclosure was made “in accordance with a legal requirement”, such as FISA.
Mr Bowden said: “Every time we make a bridge of trust, or commit an indiscretion, using a social network or webmail, think how a foreign country could use that information for its own purposes to influence policy and politics. Drafts of documents prepared online, who is in contact with each other, all of this can be captured and analysed using data-mining algorithms much more advanced than those offered by public search engines.” …”Twitter