US Government Agencies Will Soon Be Able To Access Foreign Medical Dossiers Due To Patriot Act
from the radical-transparency dept
The US Patriot Act has suddenly scared an entire nation, and it's not the US itself this time. The Netherlands is currently going nuts about the US government being able to request medical details of all its citizens when the Dutch Electronic Patient Database (EPD) is implemented next month. This will not be the only country that freaks out because of the Patriot Act, as this sort of thing is likely to happen a lot more often. A recent study explained that US government agencies can secretly request anyone's data if they are using a cloud-computing service which 'conducts systematic business in the US'. It is already sufficient when the service provider is somehow a subsidiary of a US company.That turns out to be a problem in the Netherlands, because the company that has developed the EPD and will be hosting the patients' data on its cloud computing systems is the US-based CSC. The Dutch government and the organization responsible for implementing the EPD are convinced there is no problem, because there are clear contracts which have assigned Dutch jurisdiction, and fortunately the Dutch have stringent data protection laws that will protect patients' sensitive data. Because that's what data protection laws do, right?
False! At least with regard to information law, researchers from Amsterdam University warn that this analysis is way too simplistic. According to the scholars, it is quite possible the US government agencies can circumvent data protection laws and could easily request access to medical information of every single person in the Netherlands. The study doesn't just cover the Netherlands (though it is especially timely for that), but rather looks at how these risks may apply more globally. Here are just a few of the findings that should raise eyebrows across the globe:
"When using a cloud service provider that is subject to U.S. jurisdiction, data may be requested directly from the company in question in the United States. […] From a legal point of view, access to such information cannot be denied and cloud service providers can give no guarantees in this respect. […] The possibility that foreign governments request information is a risk that cannot be eliminated by contractual guarantees. Nor do Dutch privacy laws offer any safeguards in this respect. […] It is a persistent misconception that U.S. jurisdiction does not apply if the data government requests for information do not apply to Dutch users of the cloud. […] legal protection under specific U.S. laws applies primarily to U.S. citizens and residents. […] Given the nature of intelligence work, it is not possible to gain insight into actual requests for information by the U.S. authorities […] Cloud providers will typically not be able to disclose whether such requests are made"If the above doesn't yet lead to a new international outrage against the US Patriot Act, then the following sentence on the extra-territorial effects of the Patriot Act should at least send shivers down the spines of sovereignty-loving non-US government officials:
"The transition to cloud computing will, in principle, result in a lower degree of autonomy [...]"
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: europe, netherlands, patriot act, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
Own Goal
US companies wil be frozen out of a huge swathe of business.
[ link to this | view in chronology ]
Re: Own Goal
[ link to this | view in chronology ]
Re: Re: Own Goal
What it might do is force the businesses to call Congress to tell them to stop passing stupid laws.
[ link to this | view in chronology ]
Re: Own Goal
And of course the same goes for companies that use them.
So yes, this is already costing the US business, and it will probably only get worse.
[ link to this | view in chronology ]
Re: Re: Own Goal
[ link to this | view in chronology ]
Re: Own Goal
And I do not use Cloud at all.I do use a VPN which is on a Foreign Company who does not keep Logs.
I advise folks to do the same and stay away from US as your info will be known.
It will be great to see folks around the World wake up and realize what is going on if they use the US stuff.
[ link to this | view in chronology ]
Re: Own Goal
[ link to this | view in chronology ]
Re: Own Goal
[ link to this | view in chronology ]
So when the US government requests the data, CSC has a choice to either comply with the 'clear contracts', or with the Patriot Act.
Guess what they'll choose.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Control/manipulate undesired outside information, or cut of the ability for that communication
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I'm getting confused
Now I have to go back and reread the US statements about why they're opposed to ITU's WCIT initiative because apparently I completely misunderstood it.
[ link to this | view in chronology ]
Re: I'm getting confused
[ link to this | view in chronology ]
Re: Re: I'm getting confused
[ link to this | view in chronology ]
Re: Re: I'm getting confused
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Don't even get me started on what they collect if you actually buy a Hoover...
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Data Security
Whenever a person or organization does not have control over their data storage they can be held hostage by another entity, and risk losing all their data if they fall out with that entity, or it ceases to exist.
How long before the US government uses cloud services as coercion in gaining their way in trade treaties.
[ link to this | view in chronology ]
Re: Data Security
They already have the MPAA for that.
[ link to this | view in chronology ]
Re: Re: Data Security
[ link to this | view in chronology ]
This strangely enough has made the US companies annoyed with the Australian Government to the extent that the USG has queried it and made an issue about it to no effect whatsoever. Our Privacy laws cannot be diluted, changed, nor removed for any reason for anyone no matter what any treaty the USG wants to rant about.
[ link to this | view in chronology ]
Re:
Sure, but the US government has access to lots of private company information (Facebook, Google, Microsoft, and health providers that use something remotely attached to a US company, etc.).
[ link to this | view in chronology ]
Re: Re:
The info that private individuals and in a limited way business's place upon Google, Facebook, et.al are fair game yes. But a company that uses these venues is still liable believe it or not under the Privacy Act, and also under numerous other acts like the one that creates criminal sanctions for SPAM and selling of identifiable lists of people who are placed upon the DNC register.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
I think you need to give Mrs. Wally a break. Why don't you type with Mrs. Wally and let Mr. Wally hold your dick for a while?
[ link to this | view in chronology ]