Yahoo UK Moves To Dublin To Escape Surveillance; UK Asks It To Stay… For The Spies
from the won't-someone-think-of-the-data-harvesters? dept
Yahoo discovered, as many tech companies did last year, that they had been opted-in to broad surveillance programs operated by the NSA and GCHQ. While these companies had always responded to official requests coming through official channels (the sort of thing detailed in their transparency reports), they were unaware that these agencies were also pulling data and communications right off the internet backbone and tech company servers.
This left most companies with no way to opt out of these collections. With the global reach of these two agencies, along with the others in the “Five Eyes” surveillance network, there are very few ways to avoid becoming another tool in the surveillance state toolchest.
Yahoo is exploring one option, which would limit its exposure to surveillance efforts. In the wake of revelations showing GCHQ collected tons of Yahoo webcam chats, it announced its plan to move its center of European operations to Ireland and out of Scotland Yard’s reach.
Following the Guardian’s disclosures about snooping on Yahoo webcams, the company said it was “committed to preserving our users trust and security and continue our efforts to expand encryption across all of our services.” It said GCHQ’s activity was “completely unacceptable..we strongly call on the world’s governments to reform surveillance law.”Explaining the move to Dublin, the company said: “The principal change is that Yahoo EMEA, as the new provider of services to our European users, will replace Yahoo UK Ltd as the data controller responsible for handling your personal information. Yahoo EMEA will be responsible for complying with Irish privacy and data protection laws, which are based on the European data protection directive.”
Under the Regulation of Investigatory Powers Act (RIPA), the UK government can force UK-based service providers to turn over data from their servers. Ireland, however, operates under European data privacy laws, not the UK’s, which would theoretically help Yahoo hold onto its customers’ data.
The potential loss of a large data source seems to have touched off a mini-panic within the intelligence community, which strongly suggested UK Home Secretary Theresa May take the internet company aside and discuss “security concerns.”
[C]harles Farr, the head of the office for security and counter-terrorism (OSCT) within the Home Office, has been pressing May to talk to Yahoo because of anxiety in Scotland Yard’s counter-terrorism command about the effect the move to Dublin could have on their inquiries…
“There are concerns in the Home Office about how Ripa will apply to Yahoo once it has moved its headquarters to Dublin,” said a Whitehall source. “The home secretary asked to see officials from Yahoo because in Dublin they don’t have equivalent laws to Ripa. This could particularly affect investigations led by Scotland Yard and the national crime agency. They regard this as a very serious issue.”
Well, chances are RIPA won’t apply, which would be the only reason these agencies are “concerned.” They may have to go elsewhere to collect thousands of potentially naked webcam photos and videos. I’m sure the argument that terrorists will shift to Yahoo services as a result of the company’s move is right around the corner. But the reality is that UK agencies will be forced to clear one additional minor hurdle before gaining access to the info it feels serves national security interests.
From Friday, investigators may have to seek information by using a more drawn out process of approaching Yahoo through a Mutual Legal Assistance Treaty between Ireland and the UK.
And how difficult can a “mutual assistance” process actually be? As we’ve seen detailed repeatedly since the leaks began, the world’s intelligence communities enjoy relationships that range from “symbiotic” to “incestuous.” That agency heads would feel the need to send a top government figure out to persuade Yahoo to stay within the easy reach of surveillance tentacles shows that these agencies love having tons of data, but really hate having to make the slightest amount of effort.
Filed Under: gchq, ireland, theresa may, uk
Companies: yahoo
Comments on “Yahoo UK Moves To Dublin To Escape Surveillance; UK Asks It To Stay… For The Spies”
If it annoys and/or inconveniences the spy agencies, sounds like a good plan to me, so hopefully the move goes through without too much trouble.
Unfortunately...
…for those users in Europe, it’s a largely academic change. Yahoo is still a US headquartered organisation, which legally means it has to play by US law. That includes the USA PATRIOT Act, under which the US Government can either compel Yahoo to give up it’s data while denying that it’s done so, or can go into the datacentre a physically sieze the storage media.
As the Act applies to data held by the company, wherever in the world it is stored, and whether the data is owned by the company, or held on behalf of its users, a move to Ireland becomes little more than a publicity stunt that is likely motivated more by the financial savings than any real desire to protect European user’s privacy.
Re: Unfortunately...
Actually, as has been pointed out a few times, companies operating outside the US (even if they’re US-owned) have less legal protection from NSA spying than companies operating inside the US.
Re: Re: Unfortunately...
No, they have more legal protection (as long as they aren’t US-owned), since National Security Letters and similar laws don’t apply to them.
Re: Re: Re: Unfortunately...
They have less, as the NSA (et al) can and does engage in surveillance activities abroad that they wouldn’t even be able to get the FISC to approve domestically.
According to US law — even including the secret interpretations — there are many, many fewer restrictions to NSA activities when it is operating internationally (since the entire purpose of its existence is to spy internationally) than domestically.
As an example: the recent news about targeting sysadmins. If those sysadmins are domestic, US laws have clearly been violated. If they are foreign to the US, the activity is 100% legal in US law.
Re: Re: Re:2 Unfortunately...
Mr. Clapper agrees with you.
Re: Re: Re:3 Unfortunately...
Indeed.
Just to be clear, I don’t think this means that the US should be considered “better” or “safer”. I think it means that there’s no safe place at all. The best move is to stop storing personal data on third party servers, including Yahoo, at all regardless of where they put their centers of operation.
Re: Re: Re:4 Unfortunately...
Check
Check
Check this out.
Re: Re: Re:2 Unfortunately...
Re: Re: Re:3 Unfortunately...
“The USA law is not the only law that matters”
Yes and no. Yes, in an ideal world, everyone would actually obey the laws of the nations that they are operating in. For one thing, that would end almost all spying done by anybody.
However, in the real world we live in, the only law that constrains government actions are that government’s own laws. So for the likes of the NSA and such, US law is indeed the only thing that matters. And even that only barely matters.
This is precisely the same as every other nation’s intelligence agency. UK spies break US law when they operate in the US, too, for example. However, they’re not breaking UK law.
Re: Re: Re:4 Unfortunately...
“UK spies break US law when they operate in the US, too, for example. However, they’re not breaking UK law.”
Not strictly true. The “Five Eyes”, and other similar agreements, essentially allow countries to spy on each other’s citizens and companies legally, as long as they share the data with the country they’re spying on. This allows the UK to spy on US citizens, as long as they hand over their findings to the the US Government.
The statement “The US Government does not spy on the US people” needs to be read for what it doesn’t say, rather than what it says.
The clarifying point however, is that the UK Government does not have a legal framework that allows it to require a UK company to compromise the privacy of its users and lie about it. There is a mechanism for targeting individual accounts for investigation, but this request is a matter of public record.
There is also no legal means whereby they could compel a UK company to give up data stored in, say, India. The law in the UK and in the EU considers that data to be governed by the law of the country in which it resides only. Which is where the USA PATRIOT Act overreaches so disagreeably.
Re: Re: Re:2 Unfortunately...
“They have less, as the NSA (et al) can and does engage in surveillance activities abroad that they wouldn’t even be able to get the FISC to approve domestically.”
You can bet they do it anyway, just add another layer of obfuscation.
If you really think they wouldn’t you are a fool. And should they get caught, they either get a law to retroactively rubberstamp it, create a new homebrew terror plot and point at it as a diversion, or just plain don’t care, because nothing happened to them so far and most likely nothing ever will.
Re: Re: Re:3 Unfortunately...
“You can bet they do it anyway”
I never said otherwise. I was making a rather different point.
It is depressing
When the minister for the home office is more concerned about Scotland Yard’s potential problems than the real economic impact of hundreds of jobs moving to Ireland.
typical UK moves! not in the least bit interested in anything other than trying to keep the surveillance going! what a pity that the government isn’t as concerned about it’s citizens as it is on watching everything done, every word spoken etc etc etc!
Hiring Practices?
Want to stop their ability to conduct surveillance?
Just have Google, Yahoo, Apple and the rest advertise that they will no longer consider current and former employees of GCHQ and NSA for employment. Watch the rats jump ship.
Re: Hiring Practices?
The ones directly employed are usually look to make a nice, comfy government career out of it, so they wouldn’t be concerned.
But, more people work for the NSA as contractors than as employees. All the NSA has to do to protect these people is just declare their NSA work history “secret” and then give them impressive, fake work histories for their resumes that will get them just about any job they want. What a deal!
Does this mean Tumblr is safe from spies now?
Why shouldn’t spies be lazy in proportion to the general population?
Perhaps they should be allowed all the electronic fast food they can stuff into their ever-open gullets while glued to their monitors. Nature in the form of obesity and heart disease might take care of them faster than regulation. Natural population control.
Biznatch Haderach
The spies must flow…
Citation
Ah, I take it you mean this:
http://www.theguardian.com/technology/2014/mar/20/theresa-may-yahoo-dublin-security-worry
RIPA
“There are concerns in the Home Office about how Ripa will apply to Yahoo once it has moved its headquarters to Dublin,” said a Whitehall source.
It’s like they don’t even understand that Yahoo is doing this because RIPA won’t apply.
Pfft! A good look at Anglo-Irish history in the last 70 years will reveal more collaboration than you knew existed. Add to that the fact that Yahoo’s HQ is in America and that their CEO is unwilling to upset the NSA…
I wouldn’t get too excited over what is essentially privacy theatre. Remember how Ireland rolled over for the **AAs’ SOPA-style law? http://www.techdirt.com/articles/20120229/13541517916/ireland-signs-controversial-irish-sopa-into-law-kicks-off-new-censorship-regime.shtml
If anything this should be enough to make any company in the digital realm avoid the UK (or leave if they are already there). Although this would apply much harder to the US. In the UK they are using absurd laws to do their stuff. In the US the NSA couldn’t care less about laws or the Constitution.