[governance] Re: [bestbits] PRISM - is it about the territorial location of data or its legal ownership
parminder
parminder at itforchange.net
Tue Jun 25 04:24:37 EDT 2013
This is how I think it works overall - the digital imperialist
system..... Global Internet companies - mostly US based - know that
much of their operations worldwide legally are on slippery grounds....
They find it safest to hang on to the apron strings of the one
superpower in the world today, the US... They know that the US
establishement is their best political and legal cover. The US of
course finds so much military, political, economic, social and cultural
capital in being the team leader... It is an absolutely win win... That
is what PRISM plus has been about. And this is what most global (non)
Internet governance has been about - with the due role of the civil
society often spoken of here.
Incidentally, it was only a few days before these disclosures that
Julian Assange spoke of "technocratic imperialism
<http://www.nytimes.com/2013/06/02/opinion/sunday/the-banality-of-googles-dont-be-evil.html?pagewanted=all&_r=0>"
led by the US-Google combine... How quite to the point he was...
Although so many of us are so eager to let the big companies off the
hook with respect to the recent episodes.
What got to be done now? If we indeed are eager to do something, two
things (1) do everything to decentralise the global Internet's
architecture, and (2) get on with putting in place global norms,
principles, rules and where needed treaties that will govern our
collective Internet behaviour, and provide us with our rights and
responsibilities vis a vis the global Internet.
But if there are other possible prescriptions, one is all ears.
parminder
On Tuesday 25 June 2013 01:04 PM, parminder wrote:
>
> On Monday 24 June 2013 08:18 PM, Katitza Rodriguez wrote:
>> Only answering one of the questions on jurisdictional issues: The
>> answer is somewhat complex
>>
>> if data is hosted in the US by US companies (or hosted in the US by
>> companies based overseas), the government has taken the position that
>> it is subject to U.S. legal processes, including National Security
>> Letters, 2703(d) Orders, Orders under section 215 of the Patriot Act
>> and regular warrants and subpoenas, regardless of where the user is
>> located.
>>
>> The legal standard for production of information by a third party,
>> including cloud computing services under US civil
>> (http://www.law.cornell.edu/rules/frcp/rule_45) and
>> criminal (http://www.law.cornell.edu/rules/frcrmp/rule_16) law is
>> whether the information is under the "possession, custody or control"
>> of a party that is subject to US jurisdiction. It doesn’t matter
>> where the information is physically stored, where the company is
>> headquartered or, importantly, where the person whose information is
>> sought is located. The issue for users is whether the US has
>> jurisdiction over the cloud computing service they use, and whether
>> the cloud computing service has “possession, custody or control” of
>> their data, wherever it rests physically. For example, one could
>> imagine a situation in which a large US-based company was loosely
>> related to a subsidiary overseas, but did not have “possession,
>> custody, or control” of the data held by the subsidiary and thus the
>> data wasn’t subject to US jurisdiction.
>
> Interesting, although maybe somewhat obvious! So, even if an European
> sends a email (gmail) to another European, and the transit and storage
> of the content never in fact reaches US borders, Google would still be
> obliged to hand over the contents to US officials under PRISM......
> Can a country claim that Google broke its law in the process, a law
> perhaps as serious as espionage, whereby the hypothesized European to
> European email could have carried classified information! Here,
> Google, on instructions of US authorities would have actually
> transported a piece of classified - or otherwise illegal to access -
> information from beyond US borders into US borders.
>
> What about US telcos working in other countries, say in India. AT&T
> (through a majority held JV) claims to be the largest enterprise
> service provider in India. And we know AT & T has been a somewhat over
> enthusiastic partner in US's global espionage (for instance see here
> <http://www.techdirt.com/articles/20100121/1418107862.shtml> )...
> Would all the information that AT & T has the "possession. custody and
> control" of in India in this matter not be considered fair game to
> access by the US...... All this looks like a sliding progression to
> me. Where are the limits, who lays the rules in this global space....
>
> parminder
>
>
>>
>> On 6/24/13 5:28 AM, parminder wrote:
>>> Hi All
>>>
>>> There was some demand on the bestbits list that we still need to ask
>>> a lot of questions from the involved companies in terms of the
>>> recent PRISM plus disclosures. We are being too soft on them. I
>>> refuse to believe that everything they did was forced upon on them.
>>> Apart from the fact that there are news reports
>>> <http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html>
>>> that US based tech companies regularly share data with US gov for
>>> different kinds of favours in return, or even simply motivated by
>>> nationalistic feeling, we should not forget that many of these
>>> companies have strong political agenda which are closely associated
>>> with that of the US gov. You must all know about 'Google Ideas
>>> <http://en.wikipedia.org/wiki/Google_Ideas>', its revolving doors
>>> with US gov's security apparatus, and its own aggressive regime
>>> change ideas
>>> <http://www.informationclearinghouse.info/article34535.htm>.
>>> Facebook also is known to 'like' some things, say in MENA region,
>>> and not other things in the same region.....
>>>
>>> Firstly, one would want to know whether the obligations to share
>>> data with US government extended only to such data that is actually
>>> located in, or flows, through, the US. Or, does it extend to all
>>> data within the legal control/ ownership of these companies wherever
>>> it may reside. (I think, certainly hope, it must be the former, but
>>> still I want to be absolutely sure, and hear directly from these
>>> companies.)
>>>
>>> Now, if the obligation was to share only such data that actually
>>> resided in servers inside the US, why did these companies, in face
>>> of what was obviously very broad and intrusive demands for sharing
>>> data about non US citizens, not simply locate much of such data
>>> outside the US. For instance, it could pick up the top 10 countries,
>>> the data of whose citizens was repeatedly sought by US authorities,
>>> and shift all their data to servers in other countries that made no
>>> such demand? Now, we know that many of the involved companies have
>>> set up near fictitious companies headquartered in strange places for
>>> the purpose of tax avoidance/ evasion. Why could they not do for the
>>> sake of protecting human rights, well, lets only say, the trust, of
>>> non US citizens/ consumers, what they so very efficiently did for
>>> enhancing their bottom-lines?
>>>
>>> Are there any such plan even now? While I can understand that there
>>> can be some laws to force a company to hold the data of citizens of
>>> a country within its border, there isnt any law which can force
>>> these companies to hold foreign data within a country's borders...
>>> Or would any such act perceived to be too unfriendly an act by the
>>> US gov?
>>>
>>>
>>> I am sure others may have other questions to ask these companies.....
>>>
>>> parminder
>>
>>
>> --
>> Katitza Rodriguez
>> International Rights Director
>> Electronic Frontier Foundation
>> katitza at eff.org
>> katitza at datos-personales.org (personal email)
>>
>> Please support EFF - Working to protect your digital rights and freedom of speech since 1990
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20130625/24552997/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list