PRISM && Excited Guardianista
Peter Fairbrother
zenadsl6186 at zen.co.uk
Sat Jun 8 12:31:53 BST 2013
On 07/06/13 11:56, Ian Batten wrote:
> The Graun are very excited about: http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data
>
> The most interesting thing to me is that he slides they have say it has a budget of $20m per year.
>
> Given the likely costs of even the fairly anodyne proposals in the Data Communications Bill, either there a few zeros missing or the content of the project is being somewhat over-interpreted.
I think there are a few zeros missing ..
I hear BritGov has gotten some data from the PRISM program - but where's
the quid pro quo?
It used to be, in the bad old echelon days, that if a UK spy bod wanted
some data (often comms content, ie telephone taps) on a UK subject in
the UK he would ask the Yanks to obtain it for him, and vice-versa. Is
GCHQ spying on the Americans?
Also, as I read the DPA, if some EU private data is processed by being
demanded by a US court because it's stored in a US cloud, then the data
controller is guilty of an offence.
That's a bit uncertain and there may be those who disagree, eg there are
exceptions for processing required by an enactment, but I take that to
mean a UK or EU enactment, and not a US enactment.
and then there's 5.1.(a) {...this Act applies to a data controller in
respect of any data only if .. the data controller is established in the
United Kingdom and the data are processed in the context of that
establishment}, which I take to mean normally or occasionally so
processesed, and that if a specific processing is outside that context
it is not excluded - but that's far from clear.
Or maybe it's still within that context, as it's processed from their
cloud space.
Apart from those maybes, it looks to me like it's an offence.
Doesn't matter whether the controller processed it or not, or authorised
the processing. it's still an offence under section 21(1) if processing
as in 17.(1) happens without a relevant entry.
Of course, data controllers might just add "processing in accordance
with a FISA warrant" in their DPA register entries - would that be
allowed? I'm not very good on DPA.
-- Peter Fairbrother
More information about the ukcrypto
mailing list