UPDATED 16:34 EDT / AUGUST 03 2020

POLICY

End of data transfer agreement between US and Europe spells trouble for big tech

In the hit Broadway musical “Hamilton,” an aggrieved King George III of Great Britain implores rebellious American colonialists to stop fighting his rule by singing: “Oceans rise, empires fall, we have seen each other through it all.”

History has a way of coming back around again. In mid-July, a major part of Europe declared that it had seen enough of American attempts to safeguard the information privacy of European Union citizens and, like the king’s tea of 1773, hurled the Trans-Atlantic Data Transfer Pact into the sea.

In a throwback to a time when U.S. relationships with European countries were often fraught with conflict, the European Court of Justice in Luxembourg struck down an agreement that allowed more than 5,000 companies in the EU and U.S. to move digital information seamlessly between the two regions. The ruling immediately brought to boil resentments between the two geopolitical powers over a basic question: Who controls the data privacy rights of shared users in two different regions of the world?

“Different measures have been taken in the U.S. that have continued to erode the different protections that there were for Europeans,” said Bill Mew, founder and chief executive officer at The Crisis Team. “Everyone’s data should be safe from the mass surveillance that we’re seeing. All we’re asking from the European side is please stop spying on us and please give us a level of equal protection that you give to your own citizens.”

Mew spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio, as part of a “Meet the Analysts” special conversation. He was joined by Johannes Drooghaag, chief executive officer of Spearhead Management; Ray Wang, founder of Constellation Research; and cloud analyst Sarbjeet Johal. They discussed the impact of mass surveillance in the U.S. on EU citizens, the challenges of balancing national security with user privacy, a threat to online data monetization models and potential next steps to secure a workable agreement.

Divergent privacy paths

At the core of the dispute is that European countries have followed a course of enacting significant legal protections around the privacy of user data, such as the General Data Protection Regulation, while the U.S. has taken a different path. Although a few states, such as California, have enacted data privacy laws, the ability for the U.S. government to gain access to vast troves of information, including that of European citizens, is mostly unchecked.

One reason is the Foreign Intelligence Surveillance Act, which established a court of 11 U.S. district judges to secretly review FBI requests to wiretap Americans or foreigners on U.S. soil. In May, the U.S. Senate blocked amendments to FISA’s authorization that would have curbed surveillance of internet search histories.

“In the U.S., FISA courts enforce a level of mass surveillance through all of the major IT firms, through telcos, cloud firms, or social media,” Mew said. “If you’re a U.S. subsidiary of a big U.S. firm and you’re based in Europe, whom do you obey? The European law that says you can’t hand it over because of GDPR or the American laws that say they have extra judicial control and you’ve got to hand it over? It’s made things a complete mess.”

Supporters of surveillance tools point to a post-9/11 world where many countries are under constant threat of attack. One U.S. senator has claimed that the FBI uncovered 100 terrorist plots in a four-year period between 2009 and 2013. And in May, the FBI broke encryption on the iPhone of a man who attacked a Florida military base to track his communication history with al-Qaeda operatives.

“It’s a fine balance between national security and privacy,” Johal said. “You have to strike that balance because rogue actors are sitting in your country and across other countries.”

Checks on surveillance

Nevertheless, the recent action of the EU has raised questions and concerns yet again around oversight. Who is watching the watchers?

Because the FISA court operates in secrecy, there remain questions around how abuses of surveillance powers within the U.S. are being managed. There were tens of thousands of unauthorized searches of U.S. citizens between 2017 and 2018, and in one notable example two Michigan men were arrested on charges of food stamp fraud following FISA-approved surveillance.

“I’ve worked with five clients in the last decade who were all targeted by mass surveillance,” Drooghaag noted. “They found out that their purchasing and engineering departments, big parts of their pricing data were targeted. There’s no way anyone can explain to me that it has anything to do with preventing terror attacks or finding the bad guys.”

The end of the Trans-Atlantic Data Transfer Pact also raises questions around future viability of the internet’s monetization model. User data holds enormous value to social media platforms and advertisers alike. Annual revenue for Facebook Inc. and Google LLC, which depend heavily on ad revenue, were a combined $230 billion in 2019 alone.

“We often confuse privacy with consent and value exchange, and that’s part of the problem,” Wang said. “Companies that have been building their business models on free data, free private data, free personally identifiable information are the ones at risk, and that’s what’s going on here.”

What comes next for data transfer between the EU and U.S.? There is no appeal of a decision from the European Court of Justice and the U.S. Secretary of Commerce issued a statement indicating a desire to open discussions with European officials about limiting the negative consequences.

Meanwhile, Microsoft Corp. released its own statement saying the court’s ruling “does not change your ability to transfer data today between the EU and the U.S. using the Microsoft cloud.”

Microsoft and other major tech firms employ large lobbying organizations that will undoubtedly become involved as well.

“We got here through some really dumb lawmaking in the U.S.,” Mew said.“The big U.S. cloud firms are going to find this ruling enormously difficult for them. They are inevitably going to lobby for a level of reform. The problem is once you’ve done the reform, are we going to believe you?”

Here’s the complete video interview, one of many CUBE Conversations from SiliconANGLE and theCUBE:

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU