EU Chat Control Is Motivated by the American Cloud Act
twitter.comThe speaker is Věra Jourová, Vice President of the European Commission for Values and Transparency.
Is the full stream available? First, the audience is laughing with her about something we don’t hear. Then she says, “under their Cloud Act they have the possibility to take the data from Europe, we need the same thing, we need the reciprocity.”
This is said in a tone as if it’s obvious/uncontroversial.
So indeed, the topic of the summit is relevant. What IS “data protection” protecting? We’re far from EU citizen privacy here if we’ve made it to the concept of taking data from the US.
> First, the audience is laughing with her about something we don’t hear. Then she says, “under their Cloud Act they have the possibility to take the data from Europe, we need the same thing, we need the reciprocity.”
She doesn't seem to know what the Cloud Act actually does.
In brief, it covers this situation:
• I'm in the US and have some documents that I put on a server somewhere. I retain control of the documents on that server. Maybe I own the server, or maybe I'm renting space from some cloud storage provider, but in either case I've got full access to remove the documents at any time.
• I'm served a subpoena ordering me to turn over a copy of those documents.
The Cloud Act essentially says that the physical location of the server is not relevant when it comes to whether or not I have comply.
Some have tried to say that it is trying to assert extraterritorial jurisdiction in the country where the server is located, but it isn't really. The only people it requires do anything are people who are under US jurisdiction.
As far as anyone in the other country goes, such as the cloud provider running the server, all they see is that they have a customer in the US who is storing and retrieving data via the provider's API.
They have no idea why that customer is making any particular API calls. Whether it is because the customer needs the document to work on it or is getting it because it of a subpoena is all the same to the provider.
If the subpoena was trying to order the foreign provider to turn over the customer's document then the Cloud Act would not apply.
Commendable comment.
There's a live stream on https://20years.edps.europa.eu/en
I guess it's an ongoing event and for now I can't see any ways of going back in time on a recording. Hopefully it will be published unabridged when they've finished recording?
Tweet: partially excused.
Title: motivated.
It is editorialized, but I would agree with the sentiment expressed - the clip does make it sound like the US law directly motivated the EU proposal.
The US cloud act doesn't ban end-to-end encryption or force companies to install a backdoor. If it really motivated the EU proposal, then EU lawmakers can't read.
I took it to mean their real motivation is to grab juicy enough mass surveillance info on all European traffic to trade for a copy of the very juicy indeed mass surveillance info from storage and traffic associated with US companies?
It wouldn't be that they're copying the legislation exactly, but rather that they're set set on acquiring something of commensurate interest to trade for.