Van Hoboken, Joris V. J., Arnbak, Axel and Van Eijk, Nico, Obscured by Clouds or How to Address Governmental Access to Cloud Data from abroad (June 9, 2013). Available at SSRN.
“Transnational surveillance is obscured by the cloud. U.S. foreign intelligence law provides a wide and relatively unchecked possibility of access to data from Europeans and other foreigners. The amendments to the Foreign Intelligence Surveillance Act in 50 USC 1881a (section 702) are of particular concern. Recent leaks around the PRISM surveillance program of the National Security Agency seem to support that these legal possibilities are used in practice on a large scale. These developments will affect market conditions and competition, notably for U.S.-based cloud services. In addition, the possibility of foreign governmental access impacts the privacy of cloud end-users and can cause chilling effects with regard to cloud computing use. Calls for regulatory action and termination of cloud contracts are starting to emerge – such as in cases of medical data storage in electronic patient record systems and biometric data processing in relation to passports in The Netherlands. This Article analyses regulatory solutions to the current status quo on four levels: i) the possibility of limiting surveillance in the U.S. itself; ii) international law as a framework to impose some limitations; iii) the EU General Data Protection Regulation proposals and the EU Cloud Strategy, and iv) improved oversight on transnational intelligence gathering. If transnational intelligence remains obscured by the cloud, the various promises of the cloud, and electronic communications in general, might stall. It will be hard, but considering all the interests involved in the transition to the cloud, it must be possible to come to some agreement about restrictions on transnational intelligence gathering and stronger protections for non-U.S. persons in U.S. clouds.”