Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference.

Slides:

Advertisements

Similar presentations

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

Advertisements

Better Security and Privacy for Home Broadband Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference.

Elephants and Mice Revisited: Law and Choice of Law on the Internet Professor Peter P. Swire Moritz College of Law Ohio State University Penn Law Review.

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Peter Swire Moritz College of Law Ohio State.

Why the Right to Data Portability Likely Reduces Consumer Welfare: Antitrust and Privacy Critique Peter Swire Moritz College of Law Yale Law School Information.

The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.

Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.

Overview of the Regulation of Investigatory Powers Act 2000 Andrew Charlesworth University of Warwick 10 June 2002.

Using Information at the University University Secretarys Office

ONE® Mail Training Presentation North York General Hospital North York General Hospital.

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

Internet surveillance in the UK Ian Brown. Signals intelligence Everybody’s at it: Echelon Frenchelon Multinationals “We steal secrets with espionage,

“Encryption’s Vital Role in Safeguarding the Digital Economy” Professor Peter Swire Ohio State University ASSOCHAM International Conference Safeguarding.

Confidentiality, Ethics, Privacy, and Access REPORT FROM CONFIDENTIALITY, ETHICS, PRIVACY AND ACCESS Group B.

USA PATRIOT Act and Libraries Eric Johnson & Rodney Clare Jackman Sims Memorial Library.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.

Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, – 2.00 pm.

Lawful Access/Interception: Global Cooperation and Collaboration Anthony M Rutkowski.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

RECORDS MANAGEMENT MELANIE WELCH 1. What Is the Sunshine Law? The Sunshine law grants every person the Constitutional right to: ◦ View or copy any public.

Protecting information rights – advancing information policy Privacy law reform for APP entities (organisations)

XML AND THE LEGAL FOUNDATIONS FOR ELECTRONIC COMMERCE: Making XML Pay: Revising Existing Electronic Payments Law to Accommodate Innovation Copyright (c)

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University

Privacy, Security, and trust in cloud computing BY: SIANI PEARSON PRESENTED BY: KIA MANOOCHEHRI.

Conflicting Privacy Regimes: (1) Encryption and (2) Access to Cloud Records Peter Swire Ohio State University Future of Privacy Forum IAPP Global Summit.

PRIVACY. In pairs Work out a definition of the word PRIVACY that you think makes sense You’ve got about 7 minutes...

EMPLOYEE TERMINATIONS Becky S. Knutson Davis Brown Law Firm.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project.

1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.

CLOUD AND SECURITY: A LEGISLATOR'S PERSPECTIVE 6/7/2013.

Solutions Summit 2014 Credit Card Reconciliation Teresa Wood and Carmen Scott.

Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

1 Secure Telework Connectivity Peggy Ward Chief Information Security Officer July 22,

Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.

Computer and Internet privacy (2) University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2011 Feb 2011 ITSS 4201 Internet.

UKRAINIAN INTERNET GOVERNANCE FORUM Kyiv 1 October 2014 State of play of the answers to Ed. Snowden revelations: TIME OF REPORTS USA National, EU, CoE.

Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,

ISPs – Internet’s Secret Police? Ian Kerr Canada Research Chair in Ethics, Law & Technology Université D’ Ottawa University of Ottawa Faculté de droit.

Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.

Backdoors: How Will Government Agencies Adapt to Cybersecurity on the Internet? Professor Peter Swire Ohio State University Internet Law Scholars WIP New.

Protecting Privacy “Most people have figured out by now you can’t do anything on the Web without leaving a record” - Holman W. Jenkins, Jr

Information Privacy: Public Policy and Institutional Policies Wendy Wigen Policy Analyst, EDUCAUSE Copyright Wendy Wigen, This work is the intellectual.

20 Oct., 1999 UAF Computing & Networking Policies1 Reasons for policies Who makes & enforces them Overview of issues based on common questions Your responsibilities.

Yes. You’re in the right room.. Hi! I’m David (Hi David!)

Protecting Privacy and Freedom of Communication in the Fight against Cybercrime Southeast Europe Cybersecurity Conference Sofia, Bulgaria 8-9 September.

German American Business Association Your bridge to Europe - Doing business in Germany March 23 rd, 2011 Compliance in Germany – The European role model.

Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.

Tara George Amber Gardner Jennifer Shorter. Advantages Many employers run software that searches for offensives words and highlights problematic s.

CLOUD VIRTUALIZATION MLArchiver for vCloud Air Archiving | eDiscovery | Records Management | Analytics Stephen Catanzano August.

September 2009Network Neutrality – the Norwegian ApproachPage 1 Network Neutrality – the Norwegian Approach Senior Adviser Frode Soerensen Norwegian Post.

You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device.

Law School Privacy and Security on the Internet: the Balance between National Interest, Individual Civil Liberties and the Global Society Ian King Law.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

McLean HIGHER COMPUTER NETWORKING Lesson 10 Ethical Implications Description of ethical implications of networks: Personal privacy Censorhip.

Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.

The Contractual Regime of PayPal and Electronic Payments Irene Kull ETAg funding, project 9301.

Peter Swire Holder Chair of Law and Ethics

Surveillance around the world

Role of Service Providers in Cybercrime Investigations

Attribution & the globalization of criminal evidence

Domain 2 – Asset Security

Confidentiality October 14, 2005.

Internet law Business law.

Confidentiality of Information Acknowledgment and Agreement 2018

U.S. Intelligence Oversight Reforms & the Cloud Act

Presentation transcript:

Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference “Law Enforcement Access to the Cloud” March 19, 2012

Outline Why law enforcement shift to cloud records – Volume of data up – Adoption of encryption in communications – Cloud best chance to get the data E.U. practices for law enforcement & national security – U.K. law – Need much more transparency to compare to U.S. practices

Encrypted Communications, Now Ahah! Make it easy for the user Webmail - Gmail, Hotmail – 2010 Blackberry/RIM Virtual Private Networks Facebook enables it SSL standard for E-commerce (credit cards) Skype and other VoIP The result – lawful access at ISP or local telco only gets encrypted content

Ways to Grab Communications 1.Break the encryption (but today is strong crypto) 2.Grab comms in the clear (CALEA doesn’t apply to , data) 3.Grab comms with spyware before or after encrypted (not good cybersecurity) 4.Grab stored communications, such as in the cloud My thesis: #4 is becoming FAR more important

When All Else Fails: The Pipe to the Cloud

UK & Data Protection (Based on research of Ian Brown, Oxford) Data Protection Act 1998 – L.E. & N.S. broad exemptions – Permits voluntary agreements with L.E. or N.S. agencies to turn over stored records E.U. Data Retention Directive in effect, despite data protection authority concerns

U.K. & Lawful Access Regulation of Investigatory Powers Act 2000 – Subscriber and traffic data, no court order – Telecomm providers must facilitate lawful interception, similar to CALEA Counter Terrorism Act 2008 – Appears to override obligations of confidentiality, for disclosure to intelligence agencies For content intercepts – Automated search appears OK if originate or terminate outside of UK

EU & US on Lawful Access How to resolve the EU allegations that cloud services should be kept in the EU due to “Patriot Act”? Resolution requires a good comparison of EU & US Transparency – U.K. law may well have less court supervision than U.S. law – Lack of clear description of law elsewhere in E.U. – Even less transparency about actual practice: “difficult to ascertain” – Dropping L.E. & N.S. from the draft Regulation sign of continued lack of transparency Should resolve growing dispute based on accurate understanding, not allegations

Thank you.