<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
While building on the past is important, I think, there is also a
keen realisation that we are passing - and mostly, missing - a
series of what could be 'constitutional moments' for a new Internet
mediated society... And that the global civil society should pause,
and retrospect. I see this from emails of Gene, Andrew, Michael,
Marianne and others - on diverse issues, ranging from the recently
concluded meeting of ITU WG on Internet related public policy issues
to PRISM plus disclosures. <br>
<br>
Let me try to pick what in my view are some 'big points' of the
present moment... and then drill downwards. The biggest I think is
that we need to get over that age of innocence, whereby most civil
society took the stance that less rather than more global IG is
better..... That was a mistake, and continues to be a mistake...
Internet is big, it is global, it transforms everything. And the
prescription of less rather than more - appropriate - governance of
it can only serve dominant interests. We need to accept that -
whether it is human rights, or it is distributional issues - we need
more global IG. And since Internet itself is new, its global
governance too will involve many new elements. It is, to a good
measure, up to the civil society to be innovative and brave in this
regard..... Something, unfortunately, we have consistently shrunk
from doing...<br>
<br>
First of all, we urgently need an appropriate focal point - and
around it a webbed architecture - of global IG.... And that focal
point I think should be body like the OECD's Committee on Computers,
Information and Communication Policy, which can be attached to the
UN General Assembly, and should be new age in its structure, form,
participation avenues etc... And this committee should be fed in by
the IGF. Everyone who knows about the OECD's CCICP, knows how
intensively it works, and what quality of output it produces, and
how how consultative, multi-stakeholder etc it is.....<br>
<br>
We simply must create a similar focal point at the global level,
right away..... Lets at least discuss it... I have raised this
proposal several times, but have have no real response on why such a
body at the global level is not appropriate, and why is it
appropriate at OECD level.... This single step would go a long way
it setting us on the right direction....<br>
<br>
And then, this is the second imperative, we need to go down to some
real work.... not just the highest level principles that have been
around but seem not to really work... For example, Andrew quotes
privacy principles from GNI document. Well, its provisions clearly
were violated what what Snowden tells us... So?? Nothing happens.
Right. We have provisions in the IRP doc as well....<br>
<br>
What we need to do now is to move to the next serious level....
Speak about actual due process, guarantees for transit data. how
these guarantees operate, and the such. We were informed recently on
the IGC list that EU does not subject data that is merely in transit
to data retention requirements. How this obligation can be extended
to others. ... What disclosures can and should the telecom and
application companies share about data hosting and transit, and
applicability of different jursidictions over the data they carry
and process.... We need to drill down to such real issues. And that
kind of thing happens only when there are clear focal points for
policy development that exist (See for instance the real work that
is going on right now in Marrakesh for writing out a new treaty
guaranteeing access to printed material for the visually
impaired).... We have on the other hand seen the kind of joke that
the IGF has rendered itself into as a policy dialogue forum.... We
need to take preventive action against such motivated
obfuscations.... <br>
<br>
So, as I said, two things - (1) look for a real institutional focal
point for global IG, where all can participate, and (2), work on
real norms, policy frameworks, in the manner OECD's CCICP does.... I
see no other option... but as always wiling, to hear about them, if
they exist....<big><br>
<br>
parminder </big> <br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On Wednesday 26 June 2013 02:45 PM,
Andrew Puddephatt wrote:<br>
</div>
<blockquote
cite="mid:F605C05AD40650428A0434B4926B399CBD570C05B9@COLO-MB-CLUSTER.ethical.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:inherit;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.highlight
{mso-style-name:highlight;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Entirely
agree Marianne – this seems a sensible way of proceeding<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"
style="margin-top:7.0pt;line-height:115%;text-autospace:none"><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">Andrew
Puddephatt</span></b><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";mso-fareast-language:EN-US">
</span></b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";mso-fareast-language:EN-US">|
</span><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">GLOBAL
PARTNERS</span></b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">
DIGITAL<o:p></o:p></span></p>
<p class="MsoNormal"
style="line-height:115%;text-autospace:none"><span
style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">Executive
Director</span><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#FF2126;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"
style="line-height:115%;text-autospace:none"><span
style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-US">Development
House, 56–64 Leonard Street, London EC2A 4LT<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F">T:
+44 (0)20 7549 0336 | M: +44 (0)771 339 9597 | Skype:
andrewpuddephatt</span><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#7F7F7F"><br>
<b>gp-digital.org</b><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US"> Marianne Franklin
[<a class="moz-txt-link-freetext" href="mailto:m.i.franklin@gold.ac.uk">mailto:m.i.franklin@gold.ac.uk</a>] <br>
<b>Sent:</b> 26 June 2013 08:30<br>
<b>To:</b> Andrew Puddephatt<br>
<b>Cc:</b> 'parminder'; <a class="moz-txt-link-abbreviated" href="mailto:bestbits@lists.bestbits.net">bestbits@lists.bestbits.net</a>;
<a class="moz-txt-link-abbreviated" href="mailto:governance@lists.igcaucus.org">governance@lists.igcaucus.org</a>;
<a class="moz-txt-link-abbreviated" href="mailto:irp@lists.internetrightsandprinciples.org">irp@lists.internetrightsandprinciples.org</a><br>
<b>Subject:</b> Re: [bestbits] PRISM - is it about the
territorial location of data or its legal ownership<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Dear Andrew<br>
<br>
Have been following the conversation with interest. The point
Parminder raises about the responsibilities of companies in
ensuring that human rights in the fullest sense of the term
are not jeopardised at the deepest levels of the internet's
architecture is one that indeed needs attention. However, the
conversation so far is proceeding as if no work at all has
been done around human rights norms and principles for the
internet. This is not the case. A lot of work has been done,
indeed stretching back many year into the WSIS period. If we
choose to forget or ignore what came before we are all doomed
to repeat past mistakes (as a great sage once remarked)! <br>
<br>
With the Bali IGF as a venue for meeting and moving forward I
do think it is important to note that the Charter of Human
Rights and Principles already goes a *long* way in defining
these 'global' (I use the term advisedly) norms and principles
carefully. The reason for the cautious approach in 2010-2011
when the IRP Coalition was drafting this current version was
precisely in order to be precise and coherent. Many people on
all these lists were involved in this process and can share
the credit for what has been achieved. The cautiousness then,
criticised at the time, has paid off in retrospect. <br>
<br>
As a wide-ranging Charter of human rights and principles
focusing on the online environment, then picked up by Frank La
Rue thanks to the work of the then IRP Coalition Chairs, Lisa
Horner and Dixie Hawtin in turn, based on the UDHR and its
successors it was, and is not intended to be a prescriptive,
or one-size-fits-all document. What was intended and to my
mind has been achieved is rather a baseline, inspirational
framing for the work that is now emerging around specific
cases and situations such as privacy, freedom of expression
and so on that have been thrown into relief by the events
around PRISM. The IRP Charter is also careful to include the
responsibility of companies as integral to these emerging
norms. Events have underscored that the IRP Charter was a
project worth engaging in and for that the 'we' on these lists
did achieve something quite remarkable. <br>
<br>
Moving the IRP Charter up a level is a focus for two workshops
at least in Bali, and the IRP Meeting there I would like to
propose that these are very suitable places to continue these
discussions, online and of course in person. The Best Bits
meeting prior to the IGF is in this respect a great way to get
started as the next stage of the IRP Charter in substantive
terms gets underway i.e. addressing the weaker parts of the
current Beta version (<a moz-do-not-send="true"
href="http://internetrightsandprinciples.org/site/charter/">http://internetrightsandprinciples.org/site/charter/</a>)
and widen awareness amongst the human rights community and
inter-govn organizations. A huge step in the latter has
already been achieved in recent weeks and I would like to add
these moves to the work being done through Best Bits. <br>
<br>
Finally, on principles seeing as this focus is also on the IGF
agenda, here too the IRP Charter developed precursor models
(such as the APC Bill of Rights, the Marco Civil principles
too) the IRP Ten Principles are intended as an educational,
outreach version of the actual Charter. So here the work being
initiated around Internet Goverance Principles (however
defined) is something the IRP coalition supports implicitly. <br>
<br>
The only question I am getting from members is about how
better to work together, which is why the current Charter goes
quite some way in establishing the sort of framework that is
being advocated here. No need to reinvent the wheel in other
words! <br>
<br>
best<br>
MF<o:p></o:p></p>
<div>
<p class="MsoNormal">On 25/06/2013 17:59, Andrew Puddephatt
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0">Just
welcoming Parminder’s focus on companies here. I feel
that the current situation is an opportunity to push the
companies a lot more rigorously than we have been able to
do so far. I like the idea of global norms and
principles and I wonder if anyone has done any detailed
work on this in relation to security/surveillance and
jurisdictional questions – specifically the role of global
companies rooted in one jurisdiction (principally the US I
would guess?). I note that some German MPs are calling
for US companies to establish a German cloud distinct and
separate from US jurisdiction..</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0">I
think we can strategically link the two issues that
Parminder has flagged up – we can reinforce the push for
norms and principles pointing out this is a way for
country’s to escape the US orbit – as long as we can avoid
the danger of breaking the internet into separate national
infrastructures – which is where the norms and principles
need to be carefully defined. Is this something we can
discuss online and then discuss in person at Bali?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0">Looking
at the GNI principle on privacy it says:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0"> </span><o:p></o:p></p>
<p style="margin-left:30.0pt;background:white"><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333">Privacy
is a human right and guarantor of human dignity. Privacy
is important to maintaining personal security, protecting
identity and promoting freedom of expression in the
digital age.<br>
<br>
Everyone should be free from illegal or arbitrary
interference with the right to privacy and should have the
right to the protection of the law against such
interference or attacks.<br>
<br>
The right to privacy should not be restricted by
governments, except in narrowly defined circumstances
based on internationally recognized laws and standards.
These restrictions should be consistent with international
human rights laws and standards, the rule of law and be
necessary and proportionate for the relevant purpose.<br>
<br>
<span class="highlight">Participating companies will
employ protections with respect to personal information
in all countries where they operate in order to protect
the privacy rights of users.</span></span><o:p></o:p></p>
<p style="margin-left:30.0pt;background:white;orphans:
auto;text-align:start;widows:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
class="highlight"><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333">Participating
companies will respect and protect the privacy rights of
users when confronted with government demands, laws or
regulations that compromise privacy in a manner
inconsistent with internationally recognized laws and
standards.</span></span><o:p></o:p></p>
<p style="background:white"><span class="highlight"><span
style="font-family:"Calibri","sans-serif";color:#0070C0">Is
this something to build upon? The final clause is
interesting – it implies that signatory companies will
respect privacy even when asked to comply with laws that
breach internationally recognized laws and standards
which I assume everyone thinks that FISA does?</span></span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0"> </span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"
style="margin-top:7.0pt;line-height:115%;text-autospace:none"><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">Andrew
Puddephatt</span></b><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";mso-fareast-language:EN-US">
</span></b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";mso-fareast-language:EN-US">|
</span><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">GLOBAL
PARTNERS</span></b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">
DIGITAL</span><o:p></o:p></p>
<p class="MsoNormal"
style="line-height:115%;text-autospace:none"><span
style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">Executive
Director</span><o:p></o:p></p>
<p class="MsoNormal"
style="line-height:115%;text-autospace:none"><span
style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-US">Development
House, 56–64 Leonard Street, London EC2A 4LT</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F">T:
+44 (0)20 7549 0336 | M: +44 (0)771 339 9597 | Skype:
andrewpuddephatt</span><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#7F7F7F"><br>
<b>gp-digital.org</b></span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US"> <a moz-do-not-send="true"
href="mailto:bestbits-request@lists.bestbits.net">bestbits-request@lists.bestbits.net</a>
[<a moz-do-not-send="true"
href="mailto:bestbits-request@lists.bestbits.net">mailto:bestbits-request@lists.bestbits.net</a>]
<b>On Behalf Of </b>parminder<br>
<b>Sent:</b> 25 June 2013 09:25<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:bestbits@lists.bestbits.net">bestbits@lists.bestbits.net</a>;
<a moz-do-not-send="true"
href="mailto:governance@lists.igcaucus.org">governance@lists.igcaucus.org</a><br>
<b>Subject:</b> Re: [bestbits] PRISM - is it about the
territorial location of data or its legal ownership</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<span
style="font-family:"Verdana","sans-serif"">This
is how I think it works overall - the digital imperialist
system..... Global Internet companies - mostly US based -
know that much of their operations worldwide legally are
on slippery grounds.... They find it safest to hang on to
the apron strings of the one superpower in the world
today, the US... They know that the US establishement is
their best political and legal cover. The US of course
finds so much military, political, economic, social and
cultural capital in being the team leader... It is an
absolutely win win... That is what PRISM plus has been
about. And this is what most global (non) Internet
governance has been about - with the due role of the civil
society often spoken of here. <br>
<br>
Incidentally, it was only a few days before these
disclosures that Julian Assange spoke of "<a
moz-do-not-send="true"
href="http://www.nytimes.com/2013/06/02/opinion/sunday/the-banality-of-googles-dont-be-evil.html?pagewanted=all&_r=0">technocratic
imperialism</a>" led by the US-Google combine... How
quite to the point he was... Although so many of us are so
eager to let the big companies off the hook with respect
to the recent episodes. <br>
<br>
What got to be done now? If we indeed are eager to do
something, two things (1) do everything to decentralise
the global Internet's architecture, and (2) get on with
putting in place global norms, principles, rules and where
needed treaties that will govern our collective Internet
behaviour, and provide us with our rights and
responsibilities vis a vis the global Internet.<br>
<br>
But if there are other possible prescriptions, one is all
ears.<br>
<br>
parminder<br>
<br>
<br>
</span><o:p></o:p></p>
<div>
<p class="MsoNormal">On Tuesday 25 June 2013 01:04 PM,
parminder wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On Monday 24 June 2013 08:18 PM,
Katitza Rodriguez wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Only answering one of the questions
on jurisdictional issues: The answer is somewhat
complex<br>
<br>
<span style="font-size:10.5pt">if data is hosted in
the US by US companies (or hosted in the US by
companies based overseas), the government has taken
the position that it is subject to U.S. legal
processes, including National Security Letters,
2703(d) Orders, Orders under section 215 of the
Patriot Act and regular warrants and subpoenas,
regardless of where the user is located.</span><br>
<br>
<span style="font-size:10.5pt">The legal standard for
production of information by a third party,
including cloud computing services under US civil (</span><a
moz-do-not-send="true"
href="http://www.law.cornell.edu/rules/frcp/rule_45"><span
style="font-size:10.5pt;font-family:inherit;border:none
windowtext 1.0pt;padding:0cm;text-decoration:none">http://www.law.cornell.edu/rules/frcp/rule_45</span></a><span
style="font-size:10.5pt">) and criminal (</span><a
moz-do-not-send="true"
href="http://www.law.cornell.edu/rules/frcrmp/rule_16"><span
style="font-size:10.5pt;font-family:inherit;border:none
windowtext 1.0pt;padding:0cm;text-decoration:none">http://www.law.cornell.edu/rules/frcrmp/rule_16</span></a><span
style="font-size:10.5pt">) law is whether the
information is under the "possession, custody or
control" of a party that is subject to US
jurisdiction. It doesn’t matter where the
information is physically stored, where the company
is headquartered or, importantly, where the person
whose information is sought is located. The issue
for users is whether the US has jurisdiction over
the cloud computing service they use, and whether
the cloud computing service has “possession, custody
or control” of their data, wherever it rests
physically. For example, one could imagine a
situation in which a large US-based company was
loosely related to a subsidiary overseas, but did
not have “possession, custody, or control” of the
data held by the subsidiary and thus the data wasn’t
subject to US jurisdiction.</span><o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><br>
Interesting, although maybe somewhat obvious! So, even if
an European sends a email (gmail) to another European, and
the transit and storage of the content never in fact
reaches US borders, Google would still be obliged to hand
over the contents to US officials under PRISM...... Can a
country claim that Google broke its law in the process, a
law perhaps as serious as espionage, whereby the
hypothesized European to European email could have carried
classified information! Here, Google, on instructions of
US authorities would have actually transported a piece of
classified - or otherwise illegal to access - information
from beyond US borders into US borders. <br>
<br>
What about US telcos working in other countries, say in
India. AT&T (through a majority held JV) claims to be
the largest enterprise service provider in India. And we
know AT & T has been a somewhat over enthusiastic
partner in US's global espionage (for instance see <a
moz-do-not-send="true"
href="http://www.techdirt.com/articles/20100121/1418107862.shtml">here</a>
)... Would all the information that AT & T has the
"possession. custody and control" of in India in this
matter not be considered fair game to access by the
US...... All this looks like a sliding progression to me.
Where are the limits, who lays the rules in this global
space.... <br>
<br>
parminder <br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
On 6/24/13 5:28 AM, parminder wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi All<br>
<br>
There was some demand on the bestbits list that we still
need to ask a lot of questions from the involved
companies in terms of the recent PRISM plus disclosures.
We are being too soft on them. I refuse to believe that
everything they did was forced upon on them. Apart from
the fact that there are <a moz-do-not-send="true"
href="http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html">news
reports</a> that US based tech companies regularly
share data with US gov for different kinds of favours in
return, or even simply motivated by nationalistic
feeling, we should not forget that many of these
companies have strong political agenda which are closely
associated with that of the US gov. You must all know
about '<a moz-do-not-send="true"
href="http://en.wikipedia.org/wiki/Google_Ideas">Google
Ideas</a>', its revolving doors with US gov's security
apparatus, and its own aggressive <a
moz-do-not-send="true"
href="http://www.informationclearinghouse.info/article34535.htm">regime
change ideas</a>. Facebook also is known to 'like'
some things, say in MENA region, and not other things in
the same region.....<br>
<br>
<span
style="font-family:"Verdana","sans-serif"">Firstly,
one would want to know </span>whether the obligations
to share data with US government extended only to such
data that is actually located in, or flows, through, the
US. Or, does it extend to all data within the legal
control/ ownership of these companies wherever it may
reside. (I think, certainly hope, it must be the
former, but still I want to be absolutely sure, and hear
directly from these companies.)<br>
<br>
Now, if the obligation was to share only such data that
actually resided in servers inside the US, why did these
companies, in face of what was obviously very broad and
intrusive demands for sharing data about non US
citizens, not simply locate much of such data outside
the US. For instance, it could pick up the top 10
countries, the data of whose citizens was repeatedly
sought by US authorities, and shift all their data to
servers in other countries that made no such demand?
Now, we know that many of the involved companies have
set up near fictitious companies headquartered in
strange places for the purpose of tax avoidance/
evasion. Why could they not do for the sake of
protecting human rights, well, lets only say, the trust,
of non US citizens/ consumers, what they so very
efficiently did for enhancing their bottom-lines? <br>
<br>
Are there any such plan even now? While I can understand
that there can be some laws to force a company to hold
the data of citizens of a country within its border,
there isnt any law which can force these companies to
hold foreign data within a country's borders... Or would
any such act perceived to be too unfriendly an act by
the US gov?<br>
<br>
<br>
I am sure others may have other questions to ask these
companies.....<br>
<br>
parminder <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Katitza Rodriguez<o:p></o:p></pre>
<pre>International Rights Director<o:p></o:p></pre>
<pre>Electronic Frontier Foundation<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:katitza@eff.org">katitza@eff.org</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:katitza@datos-personales.org">katitza@datos-personales.org</a> (personal email)<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Please support EFF - Working to protect your digital rights and freedom of speech since 1990<o:p></o:p></pre>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Dr Marianne Franklin<o:p></o:p></pre>
<pre>Reader <o:p></o:p></pre>
<pre>Convener: Global Media & Transnational Communications Program<o:p></o:p></pre>
<pre>Co-Chair Internet Rights & Principles Coalition (UN IGF)<o:p></o:p></pre>
<pre>Goldsmiths, University of London<o:p></o:p></pre>
<pre>Dept. of Media & Communications<o:p></o:p></pre>
<pre>New Cross, London SE14 6NW<o:p></o:p></pre>
<pre>Tel: +44 20 7919 7072<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:m.i.franklin@gold.ac.uk"><m.i.franklin@gold.ac.uk></a><o:p></o:p></pre>
<pre>@GloComm<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://twitter.com/GloComm">https://twitter.com/GloComm</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://www.gold.ac.uk/media-communications/staff/franklin/">http://www.gold.ac.uk/media-communications/staff/franklin/</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://www.gold.ac.uk/pg/ma-global-media-transnational-communications/">https://www.gold.ac.uk/pg/ma-global-media-transnational-communications/</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://www.internetrightsandprinciples.org">www.internetrightsandprinciples.org</a><o:p></o:p></pre>
<pre>@netrights<o:p></o:p></pre>
</div>
</blockquote>
<br>
</body>
</html>