NSA Surveillance Storm Gathers Over Cloud Market (Le Monde, France)

Allowing the Rest of the World to Speak Directly to Americans
Promoting Peace, Diplomacy and Cross-Cultural Understanding

Home

BBC NEWS VIDEO: The scale and significance of NSA snooping claims, June 11, 00:05:16

The revelation of FBI and U.S. National Security Agency (NSA) access to the infrastructure of nine American Internet giants discredits these multinationals. The "PRISM" program, revealed by the Washington Post, is a tool that allows the U.S. intelligence services to access data belonging to people located abroad who are not protected by U.S. laws against unreasonable search and seizure [the Fourth Amendment to the U.S. Constitution].

Potentially, the data of AOL, Apple, Facebook, Google (and YouTube), Microsoft (and Skype), PalTank, and Yahoo users around the world, are affected. Two of these - Facebook and Google - have denied any "backdoors" in their services, which they refused to install in the UK in late April. Apple insists that it didn't know about the program.

Safe Harbor Protection

For the specialist blog GigaOM, the news comes "at the worst possible moment" for these companies, for which the level of trust regarding private data has been diminished. Google and Microsoft, in particular, are increasingly targeting the business market in their transitions to the Cloud (remote and à la carte hosting of applications and data, sometimes of a sensitive nature) and openly criticize the methods of their competitors. In this context, the revelations in The Guardian and The Washington Post put these companies in the same basket.

These firms are obliged to respect the "Safe Harbor" scheme, which allows them to self-certify that they comply with European legislation on privacy. This enables them to transfer the data of European Internet users to servers situated in the United States. At the same time, they remain bound by the disclosure obligations imposed by the United States. This principle, negotiated between the United States and the European Commission in 2001, ultimately depends on trust among nations, businesses and European citizens. At the end of 2012, in order to reassure its potential clients, Microsoft chose to partner with Bouygues Télécom for the launch of a Cloud offered primarily to businesses. While Microsoft provides the technology, Bouygues is the responsible legal entity and is subject to French law.

"By using Bouygues data centers in France, French law applies. Microsoft is also present under its own brand name in Europe - in Dublin and in Amsterdam. As a Cloud provider, we have European contractual terms and are subject to the Safe Harbor scheme, which applies to all businesses that have a presence in the United States. Data protection is important for Miscrosoft, and the Safe Harbor scheme is not intended as a means of avoiding domestic rules of confidentiality," Marc Mossé, the director of legal and public affairs for Microsoft France, assured in November. As of Friday, June 7, Mr. Mossé has yet to respond to our enquiries.

The secret "PRISM" program could be construed as a violation of these principles, as the European Commission was not notified. "This is an internal matter for the United States," responded the European Commission’s Home Affairs Department when contacted by GigaOM.

The Cloud à la Française and Sovereignty

This affair may benefit two new French players, created by the government and operators: Cloudwatt from Orange, and Thales and Numergy from SFR and Bull. The two projects, financed by the government at a cost of €150 million [$199 million], have made data sovereignty their primary commercial argument, ahead of technical efficiency or trade conditions. The stated objective is to push two players with a European dimension into this globalized market by focusing on the legal security offered by French hosting. The two projects, announced in September and October 2012, are still in the start-up phase.

Posted By Worldmeets.US

Instead of directly criticizing the technical or commercial aspects of these global providers, the two companies publicly attack the American giants based on the Patriot Act. For Marc Mossé of Microsoft, in November, this was a baseless marketing strategy aimed at discrediting a system that worked. Thus, the "PRISM" affair could well "reshuffle the deck."

E.U. Refusal To Increase Protections

This affair occurs at a time when E.U. legislation is in complete turmoil. For several months, the drafting of new regulations - which must reinforce data protection for European Internet users - has been the subject of "intense lobbying" of the government and U.S. companies, which evoke a threat to innovation. Moreover, France's National Commission on Data Processing and Freedoms [CNIL] officially expressed alarm over the situation, and asked French authorities to support its fight. The text of the draft regulations was rejected by E.U. member states on June 6.

In France, communications privacy is also the subject of several controversies. In early May, L’Expansion revealed numerous technical and financial problems in a planned national platform for the legal interception of communications. Under the plan, the legal means of intercepting telephone and Internet communications should be brought together under the aegis of Thales by September. In mid-May, it was a parliamentary report on the methods used by the French intelligence service, which often act illegally. Notably, the report recommends giving them the authority to monitor these practices while improving the service’s listening capabilities.