Google Admits Handing over European User Data to US Intelligence Agencies

[Triple Zero]

It's not just Google BTW, all USA-based web corporations including the Amazon Cloud Storage, Microsoft Hotmail, etc. Time to try and find some EU-based alternatives to my favourite services, I guess.


Google Admits Handing over European User Data to US Intelligence Agencies

Google has admitted complying with requests from US intelligence agencies for data stored in its European data centers, most likely in violation of European Union data protection laws.

Gordon Frazer, Microsoft UK's managing director, made news headlines some weeks ago when he admitted that Microsoft can be compelled to share data with the US government regardless of where it is hosted in the world.

At the center of this problem is the USA PATRIOT ACT, which states that companies incorporated in the United States must hand over data administered by their foreign subsidiaries if requested.

Not only that, but they can be forced to keep quiet about it in order to avoid exposing active investigations and alert those targeted by the probes.

This situation poses a serious problem for companies like Microsoft, Google or Amazon, which offer cloud services around the world, because their subsidiaries must also respect local laws.

For example, European Union legislation requires companies to protect the personal information of EU citizens and this is clearly not something that Microsoft, Google, Amazon, or any of their EU customers can do.

This is not only a theoretical problem. According to German-language magazine WirtschaftsWoche [Google translate], a Google spokesperson confirmed that the company has complied with requests from US intelligence agencies for data stored in its European data centers.

The situation is likely to spark an official inquiry from the European Commission, with some members of the European Parliament already reacting to the stories. It's hard to foresee what kind of solution can be found at this point, but one thing's clear - US-based cloud providers operating in EU can be forced to break the law. European companies and government agencies that are using their services are also in a tough position.

[Triple Zero]

Extra funny details:

1- this is in violation of EU data protection laws.

2- so perhaps Google would need to stop operating in the EU? ... except that not being able to perform their Irish-Dutch "sandwich" tax evasion "trick" would cost them about 20% of their ad revenue.

(I'm not even going to mention "Don't be evil" anymore ... )

[Cain]

If you find a good EU based alternative, let me know.  I am utterly unsurprised that this is the case, I have to say.

[Adios]

Disgusting.

[Lord Cataplanga]

If you find a good EU based alternative, let me know.  I am utterly unsurprised that this is the case, I have to say.

As an alternative to say, a web search service, you can use  DuckDuckGo. It's based in the US, so they could be forced to give all the personal information they have on you to the authorities, but it doesn't matter because they don't collect any personal information in the first place.

I don't really know a good alternative for cloud storage and e-mail, though. Those @principiadiscordia.com addresses are gmail based, right?

[Cain]

That sounds good, thanks.

As for the emails, they are, but if you're passing on sensitive information via email and not using PGP encryption, you deserve to get caught.

[Mesozoic Mister Nigel]

Sweet fucking fuck.

I mean, I'm not SURPRISED, but still. Fuck.

(And yeah, "don't be evil", lol)

[Triple Zero]

DuckDuckGo was also my first thought for an alternative, even though it's also US-based But I heard a lot of good stuff about it, and the guy that's running it (I think it's just one??) been really responsive to any and all suggestions from the tech/blog/hacker crowds, both privacy and usability related.

[Gordon C]

Yep. Feeling safer by the day. Also, recordedfuture.com

[Jenne]

If you find a good EU based alternative, let me know.  I am utterly unsurprised that this is the case, I have to say.

THIS. 

[Jenne]

...and I hear PGP is easily gotten around, but that's hackerish muck that I doubt I'll ever have to worry about, IR terms.

[Cain]

...and I hear PGP is easily gotten around, but that's hackerish muck that I doubt I'll ever have to worry about, IR terms.

I somehow doubt that is from an accurate source.  Italian, American and British police have all been unable to break into computers which used PGP encryptions, and while early methods did have theoretical vulnerabilities, current versions are, for all intents and purposes, unbreakable.  It's effectively military grade.

[Pæs]

I've been using GMX.com for troll emails, because they allow you to easily register up to ten addresses for the same account, which is pretty handy.

I think you need to sign up for gmx.co.uk if you want to use their EU-based servers.

Anyone know more about GMX?

[Triple Zero]

...and I hear PGP is easily gotten around, but that's hackerish muck that I doubt I'll ever have to worry about, IR terms.

I somehow doubt that is from an accurate source.  Italian, American and British police have all been unable to break into computers which used PGP encryptions, and while early methods did have theoretical vulnerabilities, current versions are, for all intents and purposes, unbreakable.  It's effectively military grade.

Yes. The only way PGP can be gotten around is if you're doin it wrong. The crypto itself is secure as fuck, but maybe the key is not, maybe you exchanged it with the other party in an insecure way, maybe your computer is keylogged, or maybe there's a bunch of guys with rubber hoses waiting in a black van outside (or, as Russian hackers tend to call it, "Thermo-rectal Analysis").

I've been using GMX.com for troll emails, because they allow you to easily register up to ten addresses for the same account, which is pretty handy.

I think you need to sign up for gmx.co.uk if you want to use their EU-based servers.

Anyone know more about GMX?

GMX exists for a very long time, I always thought it was originally German. A lot of Germans I know from earlier Internet days have an @gmx.de email.

Also realize that technically the USA considers the .com (and .org and .net) domains to be theirs as well. Meaning that 1 they can shut them down (as they've recently done with lots of sites that smelled remotely like torrents) and 2 can probably grab whatever data that passes through their domain name servers because of that.

[BabylonHoruv]

...and I hear PGP is easily gotten around, but that's hackerish muck that I doubt I'll ever have to worry about, IR terms.

I somehow doubt that is from an accurate source.  Italian, American and British police have all been unable to break into computers which used PGP encryptions, and while early methods did have theoretical vulnerabilities, current versions are, for all intents and purposes, unbreakable.  It's effectively military grade.

Yes. The only way PGP can be gotten around is if you're doin it wrong. The crypto itself is secure as fuck, but maybe the key is not, maybe you exchanged it with the other party in an insecure way, maybe your computer is keylogged, or maybe there's a bunch of guys with rubber hoses waiting in a black van outside (or, as Russian hackers tend to call it, "Thermo-rectal Analysis").

I've been using GMX.com for troll emails, because they allow you to easily register up to ten addresses for the same account, which is pretty handy.

I think you need to sign up for gmx.co.uk if you want to use their EU-based servers.

Anyone know more about GMX?

GMX exists for a very long time, I always thought it was originally German. A lot of Germans I know from earlier Internet days have an @gmx.de email.

Also realize that technically the USA considers the .com (and .org and .net) domains to be theirs as well. Meaning that 1 they can shut them down (as they've recently done with lots of sites that smelled remotely like torrents) and 2 can probably grab whatever data that passes through their domain name servers because of that.

From what I understand the best defense against rubber hose cryptography is to have two keys or two log ins, one that lets them into something that looks like you might want to hide it, but isn;t really what you want to hide.