UPDATED: see presentation by Caspar Bowden below.

The slides about secret data access under the ‘PRISM’ programme published today seem are somewhat of a smoking gun. Concerns about the implications of the Foreign Intelligence Services Act (FISAA), and in particular section 1881a, have been around for a while. For example, a report for the LIBE Committee of the European Parliament last year (co-authored by Caspar Bowden, who will be speaking about this at ORGCon tomorrow) said:

“So far, almost all the attention on such conflicts has been focussed on the US PATRIOT Act, but there has been virtually no discussion of the implications of the US Foreign Intelligence Surveillance Amendment Act of 2008. §1881a of FISAA for the first time created a power of mass-surveillance specifically targeted at the data of non-US persons located outside the US, which applies to Cloud computing. Although all of the constituent definitions had been defined in earlier statutes, the conjunction of all of these elements was new.”

These revelations could have potentially devastating consequences for cloud computing. As noted in our previous blog, the UK government have some big questions to answer.

This presentation (PDF) by Caspar Bowden contains very detailed explanations.

We also asked Professor of International Law Douwe Korff for his explanation of what’s happening. Here’s what he said:

“US law makes non-US citizens living outside the USA completely fair game for unlimited surveillance by the US intelligence agencies, in particular under FISAA para. 1881a. That paragraph effectively removes all restraints on the monitoring by US intelligence agencies of such non-US-citizens’ e-communications, mobile phone communications, SKYPE conversations, social network exchanges, SMS texts or Internet browsing and video- and photograph- and file-sharing. It is not even necessary that the surveillance is relevant to US national security issues. Moreover, the US legislators and courts have consistently denied US constitutional protections to non-US citizens: in all relevant respects in relation to surveillance by the US authorities, the Constitution simply does not apply to such non-US-citizens. Protestations by US authorities that their legal system provides basically the same protection as is provided to EU citizens under European human rights and data protection law are quite simply untrue and deliberate attempts to hide the absence of any real protection of non-US-citizens from the US global surveillance system. It is time civil society groups on both sides of the Atlantic join hands to fight against the new global Big Brother environment that is being created by supposedly democratic governments in both the USA and Europe.”

Caspar Bowden has been expressing concerns about the FISAA provisions for some time. He’ll be giving an hour long talk tomorrow at ORGCon on exactly this topic – it should be rather interesting!