Yahoo UK Moves To Dublin To Escape Surveillance; UK Asks It To Stay... For The Spies

from the won't-someone-think-of-the-data-harvesters? dept

Yahoo discovered, as many tech companies did last year, that they had been opted-in to broad surveillance programs operated by the NSA and GCHQ. While these companies had always responded to official requests coming through official channels (the sort of thing detailed in their transparency reports), they were unaware that these agencies were also pulling data and communications right off the internet backbone and tech company servers.

This left most companies with no way to opt out of these collections. With the global reach of these two agencies, along with the others in the "Five Eyes" surveillance network, there are very few ways to avoid becoming another tool in the surveillance state toolchest.

Yahoo is exploring one option, which would limit its exposure to surveillance efforts. In the wake of revelations showing GCHQ collected tons of Yahoo webcam chats, it announced its plan to move its center of European operations to Ireland and out of Scotland Yard's reach.

Following the Guardian's disclosures about snooping on Yahoo webcams, the company said it was "committed to preserving our users trust and security and continue our efforts to expand encryption across all of our services." It said GCHQ's activity was "completely unacceptable..we strongly call on the world's governments to reform surveillance law."Explaining the move to Dublin, the company said: "The principal change is that Yahoo EMEA, as the new provider of services to our European users, will replace Yahoo UK Ltd as the data controller responsible for handling your personal information. Yahoo EMEA will be responsible for complying with Irish privacy and data protection laws, which are based on the European data protection directive."
Under the Regulation of Investigatory Powers Act (RIPA), the UK government can force UK-based service providers to turn over data from their servers. Ireland, however, operates under European data privacy laws, not the UK's, which would theoretically help Yahoo hold onto its customers' data.

The potential loss of a large data source seems to have touched off a mini-panic within the intelligence community, which strongly suggested UK Home Secretary Theresa May take the internet company aside and discuss "security concerns."
[C]harles Farr, the head of the office for security and counter-terrorism (OSCT) within the Home Office, has been pressing May to talk to Yahoo because of anxiety in Scotland Yard's counter-terrorism command about the effect the move to Dublin could have on their inquiries...

"There are concerns in the Home Office about how Ripa will apply to Yahoo once it has moved its headquarters to Dublin," said a Whitehall source. "The home secretary asked to see officials from Yahoo because in Dublin they don't have equivalent laws to Ripa. This could particularly affect investigations led by Scotland Yard and the national crime agency. They regard this as a very serious issue."
Well, chances are RIPA won't apply, which would be the only reason these agencies are "concerned." They may have to go elsewhere to collect thousands of potentially naked webcam photos and videos. I'm sure the argument that terrorists will shift to Yahoo services as a result of the company's move is right around the corner. But the reality is that UK agencies will be forced to clear one additional minor hurdle before gaining access to the info it feels serves national security interests.
From Friday, investigators may have to seek information by using a more drawn out process of approaching Yahoo through a Mutual Legal Assistance Treaty between Ireland and the UK.
And how difficult can a "mutual assistance" process actually be? As we've seen detailed repeatedly since the leaks began, the world's intelligence communities enjoy relationships that range from "symbiotic" to "incestuous." That agency heads would feel the need to send a top government figure out to persuade Yahoo to stay within the easy reach of surveillance tentacles shows that these agencies love having tons of data, but really hate having to make the slightest amount of effort.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: gchq, ireland, theresa may, uk
Companies: yahoo


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That One Guy (profile), 24 Mar 2014 @ 4:12am

    If it annoys and/or inconveniences the spy agencies, sounds like a good plan to me, so hopefully the move goes through without too much trouble.

    link to this | view in thread ]

  2. identicon
    plaguehush, 24 Mar 2014 @ 6:11am

    Unfortunately...

    ...for those users in Europe, it's a largely academic change. Yahoo is still a US headquartered organisation, which legally means it has to play by US law. That includes the USA PATRIOT Act, under which the US Government can either compel Yahoo to give up it's data while denying that it's done so, or can go into the datacentre a physically sieze the storage media.

    As the Act applies to data held by the company, wherever in the world it is stored, and whether the data is owned by the company, or held on behalf of its users, a move to Ireland becomes little more than a publicity stunt that is likely motivated more by the financial savings than any real desire to protect European user's privacy.

    link to this | view in thread ]

  3. identicon
    spodula, 24 Mar 2014 @ 6:12am

    It is depressing

    When the minister for the home office is more concerned about Scotland Yard's potential problems than the real economic impact of hundreds of jobs moving to Ireland.

    link to this | view in thread ]

  4. icon
    John Fenderson (profile), 24 Mar 2014 @ 6:20am

    Re: Unfortunately...

    Actually, as has been pointed out a few times, companies operating outside the US (even if they're US-owned) have less legal protection from NSA spying than companies operating inside the US.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 24 Mar 2014 @ 6:21am

    typical UK moves! not in the least bit interested in anything other than trying to keep the surveillance going! what a pity that the government isn't as concerned about it's citizens as it is on watching everything done, every word spoken etc etc etc!

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 24 Mar 2014 @ 6:43am

    Hiring Practices?

    Want to stop their ability to conduct surveillance?

    Just have Google, Yahoo, Apple and the rest advertise that they will no longer consider current and former employees of GCHQ and NSA for employment. Watch the rats jump ship.

    link to this | view in thread ]

  7. icon
    Watchit (profile), 24 Mar 2014 @ 6:59am

    Does this mean Tumblr is safe from spies now?

    link to this | view in thread ]

  8. identicon
    Laziness, 24 Mar 2014 @ 7:12am

    Why shouldn't spies be lazy in proportion to the general population?

    Perhaps they should be allowed all the electronic fast food they can stuff into their ever-open gullets while glued to their monitors. Nature in the form of obesity and heart disease might take care of them faster than regulation. Natural population control.

    link to this | view in thread ]

  9. icon
    Trails (profile), 24 Mar 2014 @ 7:13am

    Biznatch Haderach

    The spies must flow...

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 24 Mar 2014 @ 7:15am

    Re: Re: Unfortunately...

    No, they have more legal protection (as long as they aren't US-owned), since National Security Letters and similar laws don't apply to them.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 24 Mar 2014 @ 7:16am

    Re: Hiring Practices?

    The ones directly employed are usually look to make a nice, comfy government career out of it, so they wouldn't be concerned.

    But, more people work for the NSA as contractors than as employees. All the NSA has to do to protect *these* people is just declare their NSA work history "secret" and then give them impressive, fake work histories for their resumes that will get them just about any job they want. What a deal!

    link to this | view in thread ]

  12. icon
    nasch (profile), 24 Mar 2014 @ 7:28am

    RIPA

    "There are concerns in the Home Office about how Ripa will apply to Yahoo once it has moved its headquarters to Dublin," said a Whitehall source.

    It's like they don't even understand that Yahoo is doing this because RIPA won't apply.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 24 Mar 2014 @ 7:40am

    Pfft! A good look at Anglo-Irish history in the last 70 years will reveal more collaboration than you knew existed. Add to that the fact that Yahoo's HQ is in America and that their CEO is unwilling to upset the NSA...

    I wouldn't get too excited over what is essentially privacy theatre. Remember how Ireland rolled over for the **AAs' SOPA-style law? http://www.techdirt.com/articles/20120229/13541517916/ireland-signs-controversial-irish-sopa-into-la w-kicks-off-new-censorship-regime.shtml

    link to this | view in thread ]

  14. icon
    John Fenderson (profile), 24 Mar 2014 @ 7:51am

    Re: Re: Re: Unfortunately...

    They have less, as the NSA (et al) can and does engage in surveillance activities abroad that they wouldn't even be able to get the FISC to approve domestically.

    According to US law -- even including the secret interpretations -- there are many, many fewer restrictions to NSA activities when it is operating internationally (since the entire purpose of its existence is to spy internationally) than domestically.

    As an example: the recent news about targeting sysadmins. If those sysadmins are domestic, US laws have clearly been violated. If they are foreign to the US, the activity is 100% legal in US law.

    link to this | view in thread ]

  15. icon
    btrussell (profile), 24 Mar 2014 @ 9:06am

    Re: Re: Re: Re: Unfortunately...

    Mr. Clapper agrees with you.

    link to this | view in thread ]

  16. icon
    Ninja (profile), 24 Mar 2014 @ 9:08am

    If anything this should be enough to make any company in the digital realm avoid the UK (or leave if they are already there). Although this would apply much harder to the US. In the UK they are using absurd laws to do their stuff. In the US the NSA couldn't care less about laws or the Constitution.

    link to this | view in thread ]

  17. icon
    John Fenderson (profile), 24 Mar 2014 @ 9:14am

    Re: Re: Re: Re: Re: Unfortunately...

    Indeed.

    Just to be clear, I don't think this means that the US should be considered "better" or "safer". I think it means that there's no safe place at all. The best move is to stop storing personal data on third party servers, including Yahoo, at all regardless of where they put their centers of operation.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 24 Mar 2014 @ 10:16am

    Re: Re: Re: Re: Unfortunately...

    > If they are foreign to the US, the activity is 100% legal in US law.

    It's still illegal in the foreign law. They are violating laws either way.

    The USA law is not the only law that matters.

    link to this | view in thread ]

  19. icon
    John Fenderson (profile), 24 Mar 2014 @ 10:21am

    Re: Re: Re: Re: Re: Unfortunately...

    "The USA law is not the only law that matters"

    Yes and no. Yes, in an ideal world, everyone would actually obey the laws of the nations that they are operating in. For one thing, that would end almost all spying done by anybody.

    However, in the real world we live in, the only law that constrains government actions are that government's own laws. So for the likes of the NSA and such, US law is indeed the only thing that matters. And even that only barely matters.

    This is precisely the same as every other nation's intelligence agency. UK spies break US law when they operate in the US, too, for example. However, they're not breaking UK law.

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 24 Mar 2014 @ 10:27am

    Re: Re: Re: Re: Unfortunately...

    "They have less, as the NSA (et al) can and does engage in surveillance activities abroad that they wouldn't even be able to get the FISC to approve domestically."

    You can bet they do it anyway, just add another layer of obfuscation.

    If you really think they wouldn't you are a fool. And should they get caught, they either get a law to retroactively rubberstamp it, create a new homebrew terror plot and point at it as a diversion, or just plain don't care, because nothing happened to them so far and most likely nothing ever will.

    link to this | view in thread ]

  21. icon
    John Fenderson (profile), 24 Mar 2014 @ 10:52am

    Re: Re: Re: Re: Re: Unfortunately...

    "You can bet they do it anyway"

    I never said otherwise. I was making a rather different point.

    link to this | view in thread ]

  22. identicon
    plaguehush, 25 Mar 2014 @ 3:31am

    Re: Re: Re: Re: Re: Re: Unfortunately...

    "UK spies break US law when they operate in the US, too, for example. However, they're not breaking UK law."

    Not strictly true. The "Five Eyes", and other similar agreements, essentially allow countries to spy on each other's citizens and companies legally, as long as they share the data with the country they're spying on. This allows the UK to spy on US citizens, as long as they hand over their findings to the the US Government.

    The statement "The US Government does not spy on the US people" needs to be read for what it doesn't say, rather than what it says.

    The clarifying point however, is that the UK Government does not have a legal framework that allows it to require a UK company to compromise the privacy of its users and lie about it. There is a mechanism for targeting individual accounts for investigation, but this request is a matter of public record.

    There is also no legal means whereby they could compel a UK company to give up data stored in, say, India. The law in the UK and in the EU considers that data to be governed by the law of the country in which it resides *only*. Which is where the USA PATRIOT Act overreaches so disagreeably.

    link to this | view in thread ]

  23. icon
    btrussell (profile), 26 Mar 2014 @ 9:38am

    Re: Re: Re: Re: Re: Re: Unfortunately...

    Check
    Check
    Check this out.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.