<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<font face="Verdana">This is how I think it works overall - the
digital imperialist system..... Global Internet companies - mostly
US based - know that much of their operations worldwide legally
are on slippery grounds.... They find it safest to hang on to the
apron strings of the one superpower in the world today, the US...
They know that the US establishement is their best political and
legal cover. The US of course finds so much military, political,
economic, social and cultural capital in being the team leader...
It is an absolutely win win... That is what PRISM plus has been
about. And this is what most global (non) Internet governance has
been about - with the due role of the civil society often spoken
of here. <br>
<br>
Incidentally, it was only a few days before these disclosures that
Julian Assange spoke of "<a
href="http://www.nytimes.com/2013/06/02/opinion/sunday/the-banality-of-googles-dont-be-evil.html?pagewanted=all&_r=0">technocratic
imperialism</a>" led by the US-Google combine... How quite to
the point he was... Although so many of us are so eager to let the
big companies off the hook with respect to the recent episodes. <br>
<br>
What got to be done now? If we indeed are eager to do something,
two things (1) do everything to decentralise the global Internet's
architecture, and (2) get on with putting in place global norms,
principles, rules and where needed treaties that will govern our
collective Internet behaviour, and provide us with our rights and
responsibilities vis a vis the global Internet.<br>
<br>
But if there are other possible prescriptions, one is all ears.<br>
<br>
parminder<br>
<br>
<br>
</font>
<div class="moz-cite-prefix">On Tuesday 25 June 2013 01:04 PM,
parminder wrote:<br>
</div>
<blockquote cite="mid:51C94823.9050207@itforchange.net" type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<br>
<div class="moz-cite-prefix">On Monday 24 June 2013 08:18 PM,
Katitza Rodriguez wrote:<br>
</div>
<blockquote cite="mid:51C85C4C.20905@eff.org" type="cite">
<meta content="text/html; charset=UTF-8"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Only answering one of the questions
on jurisdictional issues: The answer is somewhat complex<br>
<br>
<span style="color: rgb(0, 0, 0); font-family: 'Lucida
Grande', 'Lucida Sans Unicode', sans-serif; font-size: 14px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: 21px; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255,
255, 255); display: inline !important; float: none;">if data
is hosted in the US by US companies (or hosted in the US by
companies based overseas), the government has taken the
position that it is subject to U.S. legal processes,
including National Security Letters, 2703(d) Orders, Orders
under section 215 of the Patriot Act and regular warrants
and subpoenas, regardless of where the user is located.</span><br>
<br>
<meta charset="utf-8">
<span style="color: rgb(0, 0, 0); font-family: 'Lucida
Grande', 'Lucida Sans Unicode', sans-serif; font-size: 14px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: 21px; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255,
255, 255); display: inline !important; float: none;">The
legal standard for production of information by a third
party, including cloud computing services under US civil (</span><a
moz-do-not-send="true"
href="http://www.law.cornell.edu/rules/frcp/rule_45"
style="margin: 0px; padding: 0px; border: 0px; font-family:
'Lucida Grande', 'Lucida Sans Unicode', sans-serif;
font-size: 14px; font-style: normal; font-variant: normal;
font-weight: normal; line-height: 21px; color: rgb(204, 0,
0); text-decoration: none; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255,
255, 255);"><span style="margin: 0px; padding: 0px; border:
0px; font-family: inherit; font-size: inherit; font-style:
inherit; font-variant: inherit; font-weight: inherit;
line-height: 21px;">http://www.law.cornell.edu/rules/frcp/rule_45</span></a><span
style="color: rgb(0, 0, 0); font-family: 'Lucida Grande',
'Lucida Sans Unicode', sans-serif; font-size: 14px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: 21px; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255,
255, 255); display: inline !important; float: none;">) and
criminal (</span><a moz-do-not-send="true"
href="http://www.law.cornell.edu/rules/frcrmp/rule_16"
style="margin: 0px; padding: 0px; border: 0px; font-family:
'Lucida Grande', 'Lucida Sans Unicode', sans-serif;
font-size: 14px; font-style: normal; font-variant: normal;
font-weight: normal; line-height: 21px; color: rgb(204, 0,
0); text-decoration: none; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255,
255, 255);"><span style="margin: 0px; padding: 0px; border:
0px; font-family: inherit; font-size: inherit; font-style:
inherit; font-variant: inherit; font-weight: inherit;
line-height: 21px;">http://www.law.cornell.edu/rules/frcrmp/rule_16</span></a><span
style="color: rgb(0, 0, 0); font-family: 'Lucida Grande',
'Lucida Sans Unicode', sans-serif; font-size: 14px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: 21px; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255,
255, 255); display: inline !important; float: none;">) law
is whether the information is under the "possession, custody
or control" of a party that is subject to US jurisdiction.
It doesn’t matter where the information is physically
stored, where the company is headquartered or, importantly,
where the person whose information is sought is located. The
issue for users is whether the US has jurisdiction over the
cloud computing service they use, and whether the cloud
computing service has “possession, custody or control” of
their data, wherever it rests physically. For example, one
could imagine a situation in which a large US-based company
was loosely related to a subsidiary overseas, but did not
have “possession, custody, or control” of the data held by
the subsidiary and thus the data wasn’t subject to US
jurisdiction.</span><br>
</div>
</blockquote>
<br>
Interesting, although maybe somewhat obvious! So, even if an
European sends a email (gmail) to another European, and the
transit and storage of the content never in fact reaches US
borders, Google would still be obliged to hand over the contents
to US officials under PRISM...... Can a country claim that Google
broke its law in the process, a law perhaps as serious as
espionage, whereby the hypothesized European to European email
could have carried classified information! Here, Google, on
instructions of US authorities would have actually transported a
piece of classified - or otherwise illegal to access - information
from beyond US borders into US borders. <br>
<br>
What about US telcos working in other countries, say in India.
AT&T (through a majority held JV) claims to be the largest
enterprise service provider in India. And we know AT & T has
been a somewhat over enthusiastic partner in US's global espionage
(for instance see <a moz-do-not-send="true"
href="http://www.techdirt.com/articles/20100121/1418107862.shtml">here</a>
)... Would all the information that AT & T has the
"possession. custody and control" of in India in this matter not
be considered fair game to access by the US...... All this looks
like a sliding progression to me. Where are the limits, who lays
the rules in this global space.... <br>
<br>
parminder <br>
<br>
<br>
<blockquote cite="mid:51C85C4C.20905@eff.org" type="cite">
<div class="moz-cite-prefix"> <br>
On 6/24/13 5:28 AM, parminder wrote:<br>
</div>
<blockquote cite="mid:51C83B77.1030206@itforchange.net"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
Hi All<br>
<br>
There was some demand on the bestbits list that we still need
to ask a lot of questions from the involved companies in terms
of the recent PRISM plus disclosures. We are being too soft on
them. I refuse to believe that everything they did was forced
upon on them. Apart from the fact that there are <a
moz-do-not-send="true"
href="http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html">news
reports</a> that US based tech companies regularly share
data with US gov for different kinds of favours in return, or
even simply motivated by nationalistic feeling, we should not
forget that many of these companies have strong political
agenda which are closely associated with that of the US gov.
You must all know about '<a moz-do-not-send="true"
href="http://en.wikipedia.org/wiki/Google_Ideas">Google
Ideas</a>', its revolving doors with US gov's security
apparatus, and its own aggressive <a moz-do-not-send="true"
href="http://www.informationclearinghouse.info/article34535.htm">regime
change ideas</a>. Facebook also is known to 'like' some
things, say in MENA region, and not other things in the same
region.....<br>
<br>
<font face="Verdana">Firstly, one would want to know </font>whether
the obligations to share data with US government extended only
to such data that is actually located in, or flows, through,
the US. Or, does it extend to all data within the legal
control/ ownership of these companies wherever it may reside.
(I think, certainly hope, it must be the former, but still I
want to be absolutely sure, and hear directly from these
companies.)<br>
<br>
Now, if the obligation was to share only such data that
actually resided in servers inside the US, why did these
companies, in face of what was obviously very broad and
intrusive demands for sharing data about non US citizens, not
simply locate much of such data outside the US. For instance,
it could pick up the top 10 countries, the data of whose
citizens was repeatedly sought by US authorities, and shift
all their data to servers in other countries that made no such
demand? Now, we know that many of the involved companies have
set up near fictitious companies headquartered in strange
places for the purpose of tax avoidance/ evasion. Why could
they not do for the sake of protecting human rights, well,
lets only say, the trust, of non US citizens/ consumers, what
they so very efficiently did for enhancing their bottom-lines?
<br>
<br>
Are there any such plan even now? While I can understand that
there can be some laws to force a company to hold the data of
citizens of a country within its border, there isnt any law
which can force these companies to hold foreign data within a
country's borders... Or would any such act perceived to be too
unfriendly an act by the US gov?<br>
<br>
<br>
I am sure others may have other questions to ask these
companies.....<br>
<br>
parminder <br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Katitza Rodriguez
International Rights Director
Electronic Frontier Foundation
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:katitza@eff.org">katitza@eff.org</a>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:katitza@datos-personales.org">katitza@datos-personales.org</a> (personal email)
Please support EFF - Working to protect your digital rights and freedom of speech since 1990</pre>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>