And you have a chance to do something to stop the indiscriminate surveillance practices used by the U.S. government agencies. It seems that the Act that was created in a single month has one part that is being abused and this is section 215. To find out more check here.

Stop 215 (video)

Even if you are not living in the United States, or you are not American, you can still do something. You know that government intelligent agencies all over the world are sharing your personal information with NSA. We are all a part of this mass surveillance program. I sent out some pre-defined Twitters from my virtual shadows handle. Find the ones I used here.

Yes so in whatever form PRISM does exist. I talked about it… well more rolled over this in previous posts. Now everything that you may want to know about PRISM to date, that is by 12 June can be found here.

Now there are two parts here, or maybe three.

1) collection of communications that happens to be passing over the wires
2) collection of social, other online activities of US citizens
3) collection of a) communications, b) social, other online activities; of non-US citizens.

Now PRISM is about (2) and (3b). PRISM is a system the NSA uses to gain access to the private communications of users of nine popular Internet services including Google, Facebook and Apple. It seems to be that an official request for information of a particular individual can be made to any of these services, and they will comply if the request is legally valid. These Internet service deny strongly that NSA has direct access to their servers.

So apparently NSA does not have direct access to the 9 most popular Internet Services, but what is the breath of their power to collect data on US-citizens?

Well the FISA Amendments Act (Section 702) does not require the government to show probable cause to believe that the target of surveillance has committed a crime. This is only for non-US citizens. Instead of showing probable cause to a judge, Section 702 of FISA allows senior Obama administration officials to “authorize” the “targeting of persons reasonably believed to be located outside the United States.” The surveillance may not “intentionally target” an American, but the NSA can obtain the private communications of Americans as part of a request that officially “targets” a foreigner. There is some use of the Patriots Act for this. I am not sure how the FISA Section 702 and the Patriots Act overlap though.

Ha! So if you as a US-citizen are communicating with an individual that is outside of the US and deemed as a threat to national security, your data is being collected. You could be a supporter of Greenpeace for example, they were targeted for surveillance in the past.

So what is my take on PRISM. It seems perfectly reasonable that in the name of national security requests for data on individuals can be collected by government intelligence. Same as officials upholding the law would request for a search warrant. However, PRISM should not be secret. That this is happening should be transparent to all US citizens and non-citizens. Why keep a secret? The supermarkets are pretty transparent about collecting our personal buying habits, maybe the package the justification in fancy packaging, but the reason is clear, to make money. So why does the government have to go around pretending still that it does not do these things? Has it not yet realized that the Cold War is over, and has been for quite some years now?

More post on the danger of the PATRIOT Act when it comes to the storing of personal data in the cloud in the U.S. by David Lacey.

In August I posted something more on this. It is not just your data being stored in a U.S. cloud that can be accessed by such law as this!

One of the biggest dilemmas with cloud services is that in theory it shouldn’t matter where your data is stored in the public cloud, just that it is secured appropriately, and only you get appropriate access and nobody else gets inappropriate access 😉

But it’s much more complicated. Every country has its own laws about the transparency of data stored and accessibility from nosing government authorities. The real problems occur when there is a conflict of privacy laws between different countries. So you have personal data stored in a Google public cloud, your data could be stored physically anywhere in the world. And the fact that Google is a US company means requirement to comply with US law (e.g. USA Patriot Act) for the organisation worldwide, not forgetting the regional laws where the data is physically stored. This conflicts with EU privacy law whereby the rights of the data subject are preserved.

Google have been quoted as follows “As a law abiding company, we comply with valid legal process, and that – as for any US based company – means the data stored outside of the U.S. may be subject to lawful access by the U.S. government.” Taken from Softpedia.

This could be an interesting time for organisations to set-up clouds but only in a single country in an organisation that is registered in the hosting country. Otherwise, can you really trust the data-holding authority to protect your rights as an EU citizen for example? I know I can’t!