CloudCloud ManagementLegalProjectsRegulationSoftware vendorsSurveillance-IT

EU Aims To Give Police Easier Access To Cloud Data

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

European Union seeks to make it easier for law enforcement agencies to obtain cloud data from tech firms

The European Union (EU) is to make a number of proposals to make it easier for the police and other law enforcement agencies to obtain cloud data from tech firms.

In light of the ongoing terrorist attacks in the UK and the EU, the idea remove the current slow data acquisition process and help the police gain rapid access to data, even if it is stored in another country.

It comes after Microsoft in particular successfully fought similar attempts in the past couple of years by the US Department of Justice over demands to access emails stored in Ireland.

EU Proposals

GDPR EUThe European Commission will present three options to EU ministers on the matter. These three options will form the basis of a future legislative proposal, including the possibility for police to copy data directly from the cloud, EU Justice Commissioner Vera Jourova told Reuters on Wednesday.

“I am sure that now in the shadow of the recent terrorist attacks and increasing threats in Europe there will be more understanding among the ministers, even among those who come from countries where there has not been a terrorist attack,” she is quoted as saying.

It is understood that EU justice ministers are meeting in Brussels on Thursday and will discuss the Commission’s options. According to Jourova, the EU executive will then take their preferences and develop proposals by the end of the year or early 2018.

So what are the three options that will be presented to EU justice ministers? Well the first (and least intrusive) option will allow law enforcement officials in one EU country to directly ask an IT provider (Google, Facebook etc) in another country to hand over electronic evidence, without having to ask that member state first.

The second option would mean that tech firms are obliged to turn over data if requested by law enforcement authorities in other member countries.

The third (most intrusive) option would be where law enforcement does not know the location of the server hosting the data or there is a risk of the data being lost, Jourova said.

“This third option is kind of an emergency possibility which will require some additional safeguards protecting the privacy of people,” she reportedly said. “You simply cannot massively collect some digital data for some future use.”

Slow Process

“My preference is to go for this as an extraordinary measure for extraordinary threats, for high gravity criminal offences such as terrorism and there I am in favour of enabling the use of personal data,” Jourova reportedly said, adding that no decision has yet been taken.

At the moment there have been ongoing complaints about the current data gathering process.

For example, if the police in France wanted to obtain data held in Ireland, they would need to ask the Irish authorities to retrieve the evidence for them.

Law enforcement have long said this process is too slow and cumbersome nowadays, where data is needed quickly in response to highly fluid and fast paced investigations.

Tech Opposition

However it is worth noting that tech firms are unlikely to welcome these proposals, as the industry has long voiced concerns about governments forcing them to hand over data stored in another country.

Despite Apple receiving lots of publicly in early 2016 for refusing to hand over data stored on a dead terrorists’ iPhone, Microsoft is the most notable privacy champion in this regard.

For years Microsoft fought attempts by the US Department of Justice to hand over emails stored in an Irish data centre about a drug-related investigation.

After years of legal tussles, Microsoft in July 2016 won a landmark court case, after the US Circuit Court of Appeals ruled that United States government could not force Redmond to hand over emails and communications stored in servers outside of the US.

It is worth noting that Microsoft’s position at the time had been backed by the European Commission.

Quiz: What do you know about privacy?