Ap­ple’s FBI clash risks pierc­ing trust in EU pri­vacy shield

The Pak Banker - - COMPANIES/BOSS -

Ap­ple Inc.'s fight with the U.S. govern­ment over whether it can be forced to help un­lock an iPhone has spilled across bor­ders, threat­en­ing to de­lay a trans-At­lantic pact pro­tect­ing Euro­pean data from Amer­i­can eyes.

Na­tional reg­u­la­tors from across the Euro­pean Union promised to give their ver­dict next month on the so-called pri­vacy shield deal, which tough­ens EU pro­tec­tions where the U.S. is in­volved. The Ap­ple case is rais­ing con­cerns that the new plan doesn't go far enough, re­gional politi­cians, of­fi­cials and lawyers said. That in turn could mean more de­lib­er­a­tion and push back the com­ple­tion date.

Data-pro­tec­tion reg­u­la­tors will prob­a­bly "be think­ing about the FBI's de­mands on Ap­ple when re­view­ing the vi­a­bil­ity of the shield and its level of safe­guards," said Wim Nauwe­laerts, a pri­vacy lawyer at Hun­ton & Wil­liams LLP in Brus­sels. Europe has tra­di­tion­ally had tighter pro­tec­tions for per­sonal data than in the U.S., and rev­e­la­tions by Ed­ward Snow­den show­ing the ex­tent of Amer­i­can se­cu­rity agen­cies' snoop­ing into com­mu­ni­ca­tions over­seas have ex­ac­er­bated ten­sions be­tween the two re­gions.

The EU was al­ready strug­gling to garner sup­port to rat­ify the shield when the fight be­tween Ap­ple and the FBI be­gan last month and raised aware­ness of how far law en­force­ment can go to get around peo­ple's en­cryp­tion and se­cu­rity devices.

Last month's draft deal set­ting up the shield was de­signed to en­sure Euro­pean users' data is safe from ac­cess in the U.S. when com­pa­nies ship it across the At­lantic for com­mer­cial rea­sons.

The EU her­alded the agree­ment, say­ing that, for the first time, the U.S. gave it bind­ing as­sur­ances that law en­force­ment and na­tional se­cu­rity would have strictly lim­ited ac­cess to Euro­peans' data. Among the pro­posed com­mit­ments was the cre­ation of a spe­cial om­buds­man in the U.S. State Depart­ment who would fol­low up on com­plaints and in­quiries by in­di­vid­u­als about data ac­cess.

The EU and U.S. were forced to the ne­go­ti­at­ing ta­ble af­ter the EU's high­est court in Oc­to­ber struck down a pre­vi­ous 15-year-old pact, called safe har­bor, for fail­ing to of­fer suf­fi­cient safe­guards against se­cu­rity ser­vices.

The EU court found "that the ac­cess that U.S. au­thor­i­ties had to EU cit­i­zens' data was too easy," said Paul Ber­nal, a le­gal scholar at the Univer­sity of East Anglia in Eng­land. If Ap­ple loses the fight with the FBI and "au­thor­i­ties can ef­fec­tively back­door phones, that makes this ac­cess even eas­ier."

Vi­viane Red­ing, the EU's for­mer jus­tice com­mis­sioner, said a re­cent case in­volv­ing Amer­i­can de­mands for ac­cess to Hot­mail mes­sages held on Mi­crosoft Corp.'s Ir­ish servers shows that Euro­peans are right to be wary of the U.S.

Soon af­ter the EU and U.S. her­alded a sep­a­rate deal last Septem­ber on data pri­vacy in law en­force­ment co­op­er­a­tion, "the U.S. Depart­ment of Jus­tice ar­gued in front of a U.S. Fed­eral court to by­pass ex­ist­ing le­gal frame­works be­tween Europe and Amer­ica," she said. "That was the Mi­crosoft case. This dou­ble­s­peak is just ter­ri­ble.

Here we do have ex­actly the same prob­lem with the Ap­ple case." While the pri­vacy shield gives Euro­peans stronger pro­tec­tions in some ar­eas, said Red­ing, who is now a mem­ber of the Euro­pean Par­lia­ment, "when it comes to the in­tel­li­gence ser­vices, the text is the same as it was when I left of­fice in 2014." On bulk data col­lec­tion, she said new ex­emp­tions have been added.

The Euro­pean Com­mis­sion, which led ne­go­ti­a­tions with the U.S., in­sisted that the ques­tions re­lated to the Ap­ple case aren't com­pa­ra­ble.

"The whole con­cept of the shield in re­la­tion to na­tional se­cu­rity and law en­force­ment is to set out clear lim­i­ta­tions and safe­guards to what might be tech­ni­cally fea­si­ble for U.S. au­thor­i­ties," said Chris­tian Wi­gand, a spokesman for jus­tice pol­icy. "And we will of course hold the U.S. ac­count­able to th­ese strong com­mit­ments made through a mon­i­tor­ing and re­view sys­tem put in place through the shield."

Still, some reg­u­la­tors in the EU say the Ap­ple case, and the is­sues at stake, makes it harder to re­build lost con­fi­dence about data pri­vacy.

"We are con­cerned about a global back­lash in user trust, if com­pa­nies can be forced to is­sue weak se­cu­rity ver­sions of their prod­ucts," said Ja­cob Kohn­stamm, head of the Dutch data pro­tec­tion au­thor­ity, who sits on the panel of na­tional of­fi­cials known as the Ar­ti­cle 29 Work­ing Party. While the Ap­ple case has trig­gered a storm of con­tro­versy, the fo­cus may quickly shift to EU na­tions, in­clud­ing the U.K. and France, which are also grap­pling with how to de­ploy tech­nol­ogy to take on Is­lamist ter­ror­ists and hos­tile states with­out tram­pling on civil lib­er­ties.

Newspapers in English

Newspapers from Pakistan

© PressReader. All rights reserved.