The Government’s use of the Cloud may be put on hold after Members of Parliament raised concerns that the service allows sensitive personal information about British citizens to be spied on by the US authorities.
A European Commission report highlights how the Foreign Intelligence Surveillance Act Amendment Act (FISAA) allows US authorities to spy on cloud data. This could include services such as Amazon Cloud Drive, Apple iCloud and Google Drive.
Casper Bowdem, the author of the report and former chief privacy adviser to Microsoft Europe, has said that the FISAA “What’s amazing is that nobody really spotted it for four years. When FISAAA was extended to cover cloud computing, encrypting data to and from the cloud becomes irrelevant so it is surprising that nobody noticed this.” Casper Bowdem’s words are especially poignant at a time when the Government is considering recommendations made on the draft Communications Data Bill.
The US law allows American agencies to access all private information stored with firms within Washington’s jurisdiction, without a warrant, if the information is felt to be in the US interests. Four suppliers of the UK Government’s G-Cloud system are located in the US. What is almost certainly clear is that the surveillance that this legislation would be ruled unconstitutional if the US government tried to use these powers on its own citizens.
The reality is that every time a British person uses a Cloud service, whether email, social media or online shopping, they are at risk of having their entire communications stored and analysed in a way that few people would argue is necessary. At a time of greater use of services like Google Docs by public authorities in the UK and the increasing volume of data that is stored on overseas servers, these powers are potentially giving the US agencies the ability to reach into personal information never available before without a court warrant.
Concerns have been raised by both Conservative and Liberal Democrat Members of Parliament. David Davis MP has warned that there is “a whole cascade of constitutional and privacy concerns for ordinary British people” and Julian Huppert MP has said: “If the Government starts to do more work on a cloud system – which is being looked at for obvious reasons – have we had assurance that the US government would not access such data as foreign intelligence information, and whether there would have to be unambiguous consent of UK citizens.?”
Even the inventor of the internet has raised concerns. Sir Tim Berners-Lee has said that while it is important to fight serious organised crime and for a state to defend itself against cyber attack, there were enormous negatives associated with excessive government oversight of the internet.
There are also serious concerns about the signs that this sends to the rest of the world, surely the Government should be concentrating on giving signals that blanket surveillance should never be the norm. The security of UK citizens’ data should be a given, and where doubts are raised the Government should go above and beyond to ensure that no foreign country, whether an ally or not, has access to this information.