Yahoo UK Moves To Dublin To Escape Surveillance; UK Asks It To Stay… For The Spies

from the won't-someone-think-of-the-data-harvesters? dept

Yahoo discovered, as many tech companies did last year, that they had been opted-in to broad surveillance programs operated by the NSA and GCHQ. While these companies had always responded to official requests coming through official channels (the sort of thing detailed in their transparency reports), they were unaware that these agencies were also pulling data and communications right off the internet backbone and tech company servers.

This left most companies with no way to opt out of these collections. With the global reach of these two agencies, along with the others in the “Five Eyes” surveillance network, there are very few ways to avoid becoming another tool in the surveillance state toolchest.

Yahoo is exploring one option, which would limit its exposure to surveillance efforts. In the wake of revelations showing GCHQ collected tons of Yahoo webcam chats, it announced its plan to move its center of European operations to Ireland and out of Scotland Yard’s reach.

Following the Guardian’s disclosures about snooping on Yahoo webcams, the company said it was “committed to preserving our users trust and security and continue our efforts to expand encryption across all of our services.” It said GCHQ’s activity was “completely unacceptable..we strongly call on the world’s governments to reform surveillance law.”Explaining the move to Dublin, the company said: “The principal change is that Yahoo EMEA, as the new provider of services to our European users, will replace Yahoo UK Ltd as the data controller responsible for handling your personal information. Yahoo EMEA will be responsible for complying with Irish privacy and data protection laws, which are based on the European data protection directive.”

Under the Regulation of Investigatory Powers Act (RIPA), the UK government can force UK-based service providers to turn over data from their servers. Ireland, however, operates under European data privacy laws, not the UK’s, which would theoretically help Yahoo hold onto its customers’ data.

The potential loss of a large data source seems to have touched off a mini-panic within the intelligence community, which strongly suggested UK Home Secretary Theresa May take the internet company aside and discuss “security concerns.”

[C]harles Farr, the head of the office for security and counter-terrorism (OSCT) within the Home Office, has been pressing May to talk to Yahoo because of anxiety in Scotland Yard’s counter-terrorism command about the effect the move to Dublin could have on their inquiries…

“There are concerns in the Home Office about how Ripa will apply to Yahoo once it has moved its headquarters to Dublin,” said a Whitehall source. “The home secretary asked to see officials from Yahoo because in Dublin they don’t have equivalent laws to Ripa. This could particularly affect investigations led by Scotland Yard and the national crime agency. They regard this as a very serious issue.”

Well, chances are RIPA won’t apply, which would be the only reason these agencies are “concerned.” They may have to go elsewhere to collect thousands of potentially naked webcam photos and videos. I’m sure the argument that terrorists will shift to Yahoo services as a result of the company’s move is right around the corner. But the reality is that UK agencies will be forced to clear one additional minor hurdle before gaining access to the info it feels serves national security interests.

From Friday, investigators may have to seek information by using a more drawn out process of approaching Yahoo through a Mutual Legal Assistance Treaty between Ireland and the UK.

And how difficult can a “mutual assistance” process actually be? As we’ve seen detailed repeatedly since the leaks began, the world’s intelligence communities enjoy relationships that range from “symbiotic” to “incestuous.” That agency heads would feel the need to send a top government figure out to persuade Yahoo to stay within the easy reach of surveillance tentacles shows that these agencies love having tons of data, but really hate having to make the slightest amount of effort.

Filed Under: , , ,
Companies: yahoo

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Yahoo UK Moves To Dublin To Escape Surveillance; UK Asks It To Stay… For The Spies”

Subscribe: RSS Leave a comment
24 Comments
plaguehush says:

Unfortunately...

…for those users in Europe, it’s a largely academic change. Yahoo is still a US headquartered organisation, which legally means it has to play by US law. That includes the USA PATRIOT Act, under which the US Government can either compel Yahoo to give up it’s data while denying that it’s done so, or can go into the datacentre a physically sieze the storage media.

As the Act applies to data held by the company, wherever in the world it is stored, and whether the data is owned by the company, or held on behalf of its users, a move to Ireland becomes little more than a publicity stunt that is likely motivated more by the financial savings than any real desire to protect European user’s privacy.

John Fenderson (profile) says:

Re: Re: Re: Unfortunately...

They have less, as the NSA (et al) can and does engage in surveillance activities abroad that they wouldn’t even be able to get the FISC to approve domestically.

According to US law — even including the secret interpretations — there are many, many fewer restrictions to NSA activities when it is operating internationally (since the entire purpose of its existence is to spy internationally) than domestically.

As an example: the recent news about targeting sysadmins. If those sysadmins are domestic, US laws have clearly been violated. If they are foreign to the US, the activity is 100% legal in US law.

John Fenderson (profile) says:

Re: Re: Re:3 Unfortunately...

Indeed.

Just to be clear, I don’t think this means that the US should be considered “better” or “safer”. I think it means that there’s no safe place at all. The best move is to stop storing personal data on third party servers, including Yahoo, at all regardless of where they put their centers of operation.

John Fenderson (profile) says:

Re: Re: Re:3 Unfortunately...

“The USA law is not the only law that matters”

Yes and no. Yes, in an ideal world, everyone would actually obey the laws of the nations that they are operating in. For one thing, that would end almost all spying done by anybody.

However, in the real world we live in, the only law that constrains government actions are that government’s own laws. So for the likes of the NSA and such, US law is indeed the only thing that matters. And even that only barely matters.

This is precisely the same as every other nation’s intelligence agency. UK spies break US law when they operate in the US, too, for example. However, they’re not breaking UK law.

plaguehush says:

Re: Re: Re:4 Unfortunately...

“UK spies break US law when they operate in the US, too, for example. However, they’re not breaking UK law.”

Not strictly true. The “Five Eyes”, and other similar agreements, essentially allow countries to spy on each other’s citizens and companies legally, as long as they share the data with the country they’re spying on. This allows the UK to spy on US citizens, as long as they hand over their findings to the the US Government.

The statement “The US Government does not spy on the US people” needs to be read for what it doesn’t say, rather than what it says.

The clarifying point however, is that the UK Government does not have a legal framework that allows it to require a UK company to compromise the privacy of its users and lie about it. There is a mechanism for targeting individual accounts for investigation, but this request is a matter of public record.

There is also no legal means whereby they could compel a UK company to give up data stored in, say, India. The law in the UK and in the EU considers that data to be governed by the law of the country in which it resides only. Which is where the USA PATRIOT Act overreaches so disagreeably.

Anonymous Coward says:

Re: Re: Re:2 Unfortunately...

“They have less, as the NSA (et al) can and does engage in surveillance activities abroad that they wouldn’t even be able to get the FISC to approve domestically.”

You can bet they do it anyway, just add another layer of obfuscation.

If you really think they wouldn’t you are a fool. And should they get caught, they either get a law to retroactively rubberstamp it, create a new homebrew terror plot and point at it as a diversion, or just plain don’t care, because nothing happened to them so far and most likely nothing ever will.

Anonymous Coward says:

Re: Hiring Practices?

The ones directly employed are usually look to make a nice, comfy government career out of it, so they wouldn’t be concerned.

But, more people work for the NSA as contractors than as employees. All the NSA has to do to protect these people is just declare their NSA work history “secret” and then give them impressive, fake work histories for their resumes that will get them just about any job they want. What a deal!

Anonymous Coward says:

Pfft! A good look at Anglo-Irish history in the last 70 years will reveal more collaboration than you knew existed. Add to that the fact that Yahoo’s HQ is in America and that their CEO is unwilling to upset the NSA…

I wouldn’t get too excited over what is essentially privacy theatre. Remember how Ireland rolled over for the **AAs’ SOPA-style law? http://www.techdirt.com/articles/20120229/13541517916/ireland-signs-controversial-irish-sopa-into-law-kicks-off-new-censorship-regime.shtml

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...