The Cloud Conspiracy 2008-2014: how the EU was hypnotised that the NSA did not exist

Presented at 31C3 (2014), Dec. 27, 2014, 9:45 p.m. (60 minutes)

In 2011 I started trying to warn EU institutions about what we now call PRISM, after working it out from open sources. Civil society, privacy regulators, and the Commission all did nothing. This is the story of exactly how they did nothing, and why, and what is happening now There is one law (FISA 702) and one policy (EO12333) which authorizes the US government to conduct mass surveillance on "foreigners in foreign lands". These are drafted in terms which discriminate the privacy rights you have by the passport you hold - in fact there are no rights at all for non-Americans outside the US. It is obvious that this is a reasonably important dimension of the whole Snowden affair, because it starkly conflicts with ECHR norms that rights are universal and equal. The only possible resolution compatible with universal rights is data localization, or construction of a virtual zone in which countries have agreed mutual verifiable inspections that mass-surveillance is not occurring (and at present this seems unlikely). There is a widespread misconception that somehow the new GDPR privacy regulation will curb foreign spying, when in fact it is designed to widen loopholes into floodgates. This talk is multidisciplinary and will cover national and international surveillance and privacy law, Five Eyes SIGINT policy, technical security and economics.

Presenters:

• Caspar Bowden
  independent for advocate privacy and free software , surveillance tech/law/policy. Warned EU about PRISM (in all but name) two years before Snowden. Caspar Bowden is an independent advocate for information privacy rights, and public understanding of privacy research in computer science. He is a specialist in EU Data Protection, European and US surveillance law, PET research, identity management, and information ethics. He is author of 2013 EU Parliament inquiry briefing on the US FISA law, and co-authored the 2012 Note on privacy and Cloud computing (which anticipated the infringements to EU data sovereignty disclosed by Edward Snowden). For nine years he was Chief Privacy Adviser for Microsoft for forty countries, and previously co-founded and was first director of the Foundation for Information Policy Research (www.fipr.org). He was an expert adviser for UK Parliamentary legislation, and co-organized six public conferences on encryption, data retention, and interception policy. He has previous careers in financial engineering and risk management, and software engineering (systems, 3D games, applied cryptography), including work with Goldman Sachs, Microsoft Consulting Services, Acorn, Research Machines, and IBM. He founded the Award for Outstanding Research in Privacy Enhancing Technologies, is a fellow of the British Computer Society, and a member of the advisory bodies of several civil society associations.

Links:

• https://fahrplan.events.ccc.de/congress/2014/Fahrplan/events/6195.html

Similar Presentations:

• VB2019 / The push for increased surveillance from fiction and its impact on privacy
• 30C3 (2013) / Human Rights and Technology: "A New Hope" or "The Empire Strikes Back"?
• 32C3 (2015) / Avoiding kernel panic: Europe's biggest fails in digital policy-making: How the institutions fuck up, and how we fuck it up as well