Yahoo UK Moves To Dublin To Escape Surveillance; UK Asks It To Stay... For The Spies
from the won't-someone-think-of-the-data-harvesters? dept
Yahoo discovered, as many tech companies did last year, that they had been opted-in to broad surveillance programs operated by the NSA and GCHQ. While these companies had always responded to official requests coming through official channels (the sort of thing detailed in their transparency reports), they were unaware that these agencies were also pulling data and communications right off the internet backbone and tech company servers.
This left most companies with no way to opt out of these collections. With the global reach of these two agencies, along with the others in the "Five Eyes" surveillance network, there are very few ways to avoid becoming another tool in the surveillance state toolchest.
Yahoo is exploring one option, which would limit its exposure to surveillance efforts. In the wake of revelations showing GCHQ collected tons of Yahoo webcam chats, it announced its plan to move its center of European operations to Ireland and out of Scotland Yard's reach.
Following the Guardian's disclosures about snooping on Yahoo webcams, the company said it was "committed to preserving our users trust and security and continue our efforts to expand encryption across all of our services." It said GCHQ's activity was "completely unacceptable..we strongly call on the world's governments to reform surveillance law."Explaining the move to Dublin, the company said: "The principal change is that Yahoo EMEA, as the new provider of services to our European users, will replace Yahoo UK Ltd as the data controller responsible for handling your personal information. Yahoo EMEA will be responsible for complying with Irish privacy and data protection laws, which are based on the European data protection directive."Under the Regulation of Investigatory Powers Act (RIPA), the UK government can force UK-based service providers to turn over data from their servers. Ireland, however, operates under European data privacy laws, not the UK's, which would theoretically help Yahoo hold onto its customers' data.
The potential loss of a large data source seems to have touched off a mini-panic within the intelligence community, which strongly suggested UK Home Secretary Theresa May take the internet company aside and discuss "security concerns."
[C]harles Farr, the head of the office for security and counter-terrorism (OSCT) within the Home Office, has been pressing May to talk to Yahoo because of anxiety in Scotland Yard's counter-terrorism command about the effect the move to Dublin could have on their inquiries...Well, chances are RIPA won't apply, which would be the only reason these agencies are "concerned." They may have to go elsewhere to collect thousands of potentially naked webcam photos and videos. I'm sure the argument that terrorists will shift to Yahoo services as a result of the company's move is right around the corner. But the reality is that UK agencies will be forced to clear one additional minor hurdle before gaining access to the info it feels serves national security interests.
"There are concerns in the Home Office about how Ripa will apply to Yahoo once it has moved its headquarters to Dublin," said a Whitehall source. "The home secretary asked to see officials from Yahoo because in Dublin they don't have equivalent laws to Ripa. This could particularly affect investigations led by Scotland Yard and the national crime agency. They regard this as a very serious issue."
From Friday, investigators may have to seek information by using a more drawn out process of approaching Yahoo through a Mutual Legal Assistance Treaty between Ireland and the UK.And how difficult can a "mutual assistance" process actually be? As we've seen detailed repeatedly since the leaks began, the world's intelligence communities enjoy relationships that range from "symbiotic" to "incestuous." That agency heads would feel the need to send a top government figure out to persuade Yahoo to stay within the easy reach of surveillance tentacles shows that these agencies love having tons of data, but really hate having to make the slightest amount of effort.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: gchq, ireland, theresa may, uk
Companies: yahoo
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Unfortunately...
As the Act applies to data held by the company, wherever in the world it is stored, and whether the data is owned by the company, or held on behalf of its users, a move to Ireland becomes little more than a publicity stunt that is likely motivated more by the financial savings than any real desire to protect European user's privacy.
[ link to this | view in thread ]
It is depressing
[ link to this | view in thread ]
Re: Unfortunately...
[ link to this | view in thread ]
[ link to this | view in thread ]
Hiring Practices?
Just have Google, Yahoo, Apple and the rest advertise that they will no longer consider current and former employees of GCHQ and NSA for employment. Watch the rats jump ship.
[ link to this | view in thread ]
[ link to this | view in thread ]
Perhaps they should be allowed all the electronic fast food they can stuff into their ever-open gullets while glued to their monitors. Nature in the form of obesity and heart disease might take care of them faster than regulation. Natural population control.
[ link to this | view in thread ]
Biznatch Haderach
[ link to this | view in thread ]
Re: Re: Unfortunately...
[ link to this | view in thread ]
Re: Hiring Practices?
But, more people work for the NSA as contractors than as employees. All the NSA has to do to protect *these* people is just declare their NSA work history "secret" and then give them impressive, fake work histories for their resumes that will get them just about any job they want. What a deal!
[ link to this | view in thread ]
Citation
http://www.theguardian.com/technology/2014/mar/20/theresa-may-yahoo-dublin-security-worry
[ link to this | view in thread ]
RIPA
It's like they don't even understand that Yahoo is doing this because RIPA won't apply.
[ link to this | view in thread ]
I wouldn't get too excited over what is essentially privacy theatre. Remember how Ireland rolled over for the **AAs' SOPA-style law? http://www.techdirt.com/articles/20120229/13541517916/ireland-signs-controversial-irish-sopa-into-la w-kicks-off-new-censorship-regime.shtml
[ link to this | view in thread ]
Re: Re: Re: Unfortunately...
According to US law -- even including the secret interpretations -- there are many, many fewer restrictions to NSA activities when it is operating internationally (since the entire purpose of its existence is to spy internationally) than domestically.
As an example: the recent news about targeting sysadmins. If those sysadmins are domestic, US laws have clearly been violated. If they are foreign to the US, the activity is 100% legal in US law.
[ link to this | view in thread ]
Re: Re: Re: Re: Unfortunately...
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Unfortunately...
Just to be clear, I don't think this means that the US should be considered "better" or "safer". I think it means that there's no safe place at all. The best move is to stop storing personal data on third party servers, including Yahoo, at all regardless of where they put their centers of operation.
[ link to this | view in thread ]
Re: Re: Re: Re: Unfortunately...
It's still illegal in the foreign law. They are violating laws either way.
The USA law is not the only law that matters.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Unfortunately...
Yes and no. Yes, in an ideal world, everyone would actually obey the laws of the nations that they are operating in. For one thing, that would end almost all spying done by anybody.
However, in the real world we live in, the only law that constrains government actions are that government's own laws. So for the likes of the NSA and such, US law is indeed the only thing that matters. And even that only barely matters.
This is precisely the same as every other nation's intelligence agency. UK spies break US law when they operate in the US, too, for example. However, they're not breaking UK law.
[ link to this | view in thread ]
Re: Re: Re: Re: Unfortunately...
You can bet they do it anyway, just add another layer of obfuscation.
If you really think they wouldn't you are a fool. And should they get caught, they either get a law to retroactively rubberstamp it, create a new homebrew terror plot and point at it as a diversion, or just plain don't care, because nothing happened to them so far and most likely nothing ever will.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Unfortunately...
I never said otherwise. I was making a rather different point.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Unfortunately...
Not strictly true. The "Five Eyes", and other similar agreements, essentially allow countries to spy on each other's citizens and companies legally, as long as they share the data with the country they're spying on. This allows the UK to spy on US citizens, as long as they hand over their findings to the the US Government.
The statement "The US Government does not spy on the US people" needs to be read for what it doesn't say, rather than what it says.
The clarifying point however, is that the UK Government does not have a legal framework that allows it to require a UK company to compromise the privacy of its users and lie about it. There is a mechanism for targeting individual accounts for investigation, but this request is a matter of public record.
There is also no legal means whereby they could compel a UK company to give up data stored in, say, India. The law in the UK and in the EU considers that data to be governed by the law of the country in which it resides *only*. Which is where the USA PATRIOT Act overreaches so disagreeably.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Unfortunately...
Check
Check this out.
[ link to this | view in thread ]