Smaller U.S. businesses fear freeze from EU privacy ruling

Yasmeen Abutaleb and Julia Fioretti, Reuters,  Thursday, October 08, 2015

U.S. businesses from online coupon company RetailMeNot Inc to security software company Symantec Corp said a European change to rules governing transatlantic personal data transfers would hurt U.S. companies and called for a quick fix. An EU court on Tuesday struck down a deal to let U.S. and European companies easily transfer personal data between continents, leaving some U.S. companies concerned that they will be frozen out of the market or replaced by EU competitors.

The $98.6 Billion E-Mail

Dina Bass, Bloomberg Business,  Thursday, October 08, 2015

If Microsoft ultimately loses the case, says Lee Tien, senior staff attorney at the Electronic Frontier Foundation, the U.S. would be able to compel companies to hand over data held overseas, regardless of local law. Moreover, “this principle, if you applied it consistently, would mean our laws would provide no protection against a request from, say, a German or Italian government” for information held by a non-U.S. provider on American soil, even if that data was generated by U.S. citizens or companies.

EU Safe Harbor ruling could have bearing on Microsoft email dispute

John Ribeiro, CIO,  Wednesday, October 07, 2015

Microsoft has cited a ruling by an European Court on transatlantic transfers of personal data as having a bearing on its litigation over turning over email held in Ireland to U.S. law enforcement. The ruling Tuesday by the Court of Justice of the European Union declared invalid a “safe harbor” agreement that governs data transfers between the U.S. and the European Union as U.S. law and the actions of the country's government "inadequately respect European 'fundamental rights' of personal data privacy," Microsoft's lawyer E. Joshua Rosenkranz brought to the notice of the U.S. Court of Appeals for the Second Circuit.

Domestic surveillance on foreign shores: The case of Microsoft’s servers in Ireland

Event video, American Enterprise Institute,  Wednesday, October 07, 2015

It is not often you see panelists on a topic as divisive as government surveillance find more reasons to agree than disagree. But this was precisely the case on Tuesday, as stakeholders from civil liberties groups, the media, and former government officials met at AEI to discuss the “Microsoft Ireland” case and its varied implications. Overall, the panelists accepted that the matters at stake here are broader than the answers and precedents our courts can adequately provide. A fitting resolution to this issue must involve Congress — and it must take into account that nothing less than our freedom of speech, our national security, and our international relationships are at stake.

A message to our customers about EU – US Safe Harbor (Microsoft)

Brad Smith, Microsoft on the Issues,  Tuesday, October 06, 2015

We appreciate that some of our customers have questions about the impact of the ruling today by the European Court of Justice (ECJ) about the EU – US Safe Harbor Framework. In particular some customers may ask if this means that they will no longer be able to transfer their customer data from the European Union to the United States. For Microsoft’s enterprise cloud customers, we believe the clear answer is that yes they can continue to transfer data by relying on additional steps and legal safeguards we have put in place. This includes additional and stringent privacy protections and Microsoft’s compliance with the EU Model Clauses, which enable customers to move data between the EU and other places – including the United States – even in the absence of the Safe Harbor. Both the ruling and comments by the European Commission recognized these types of steps earlier today.

EU Court Says Data-Transfer Pact With U.S. Violates Privacy

Natalia Drozdiak and Sam Schechner, Wall Street Journal,  Tuesday, October 06, 2015

The European Union’s highest court on Tuesday struck down a trans-Atlantic pact used by thousands of companies to transfer Europeans’ personal information to the U.S., throwing into jeopardy data traffic that underpins the world’s largest trading relationship. The decision now sets off a costly effort by companies and privacy lawyers to preserve companies’ ability to transfer Europeans’ personal data to the U.S. before regulators move in with fines or orders to suspend data flows. Hanging in the balance is billions of dollars of trade in the online advertising business, as well as more quotidian tasks such as companies’ ability to store human-resources documents about European colleagues.

Sunken Safe Harbor: 5 Implications of Schrems and US-EU Data Transfer

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, October 06, 2015

Beyond this holding that a country has the power to disregard Safe Harbor and make its independent adequacy findings, the ECJ declared Safe Harbor to be invalid. The main reason for the invalidity of Safe Harbor is the failure of US law to provide adequate limitations and redress from government surveillance, especially NSA surveillance. In particular, the ECJ was troubled by the fact the NSA could engage in massive surveillance and that US courts had failed to provide a way for people to challenge that surveillance. Essentially, the ECJ held that because the NSA's surveillance is virtually unstoppable, the Safe Habor cannot guarantee an adequate level of protection.

Opinion: The troubling rise of Internet borders

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Monday, October 05, 2015

Something is rotten at the core of our conception of Internet governance. Almost unnoticed, nations are trying to impose – often successfully – sovereign borders and legal demands on a digital realm that is inherently borderless. Left unchecked, this instinct to create sovereign barriers risks fracturing the Web in ways that will jeopardize its economic, political, and social utility.

Exposed! Researchers reveal crypto key vulnerability in Amazon cloud

First Post Staff,  Monday, October 05, 2015

A team of researchers at Worcester Polytechnic Institute have developed a technique that allows an attacker use an account on Amazon Elastic Compute Cloud (EC2) to steal cryptographic keys of other AWS users.

Federal agencies may not be an innovation laggard after all

James Bach, Washington Business Journal,  Monday, October 05, 2015

The federal government has had to endure its fair share of criticism for its slow adoption of IT, particularly when it comes to the cloud. But a new report released this week by Govini indicates agencies are accelerating their purchases of cloud solutions pretty sizably. According to the report, the federal government nearly tripled the size of its cloud purchases in fiscal 2014 compared with fiscal 2013, and that number has only increased in fiscal 2015.