The long-besieged Privacy Shield agreement proposed by US and European officials faces a new round of challenges following recent decisions by the US Foreign Surveillance Intelligence Court (FSIC) and the Supreme Court.
A committee of the US Supreme Court made changes last week to Rule 41 of the Federal Rules of Criminal Procedure, allowing judges to issue warrants outside their districts. The change would grant expansive powers to law enforcement agencies to hack and access information on computers if device location information “has been concealed through technological means".
The change would also remove limitations on law enforcement agencies in investigations of Computer Fraud and Abuse Act (CFAA) violations if “the media are protected computers that have been damaged without authorisation and are located in five or more districts”.
“Make no mistake: the Rule 41 proposal implicates people well beyond US borders. This update expands the jurisdiction of judges to cover any computer user in the world who is using technology to protect their location privacy or is unwittingly part of a botnet,” wrote Electronic Frontier Foundation's (EFF) Rainey Reitman of the changes to Rule 41, on an EFF blog post. “People both inside and outside of the United States should be equally concerned about this proposal.”
These changes come as the EU regulatory bodies struggle to resolve challenges facing the Privacy Shield agreement, especially as US lawmakers seek expansive surveillance powers that threaten European privacy concerns. The proposed Privacy Shield pact aims to replace the Safe Harbour agreement that was invalidated by a European court last year.
“Encrypting information is easy. Decrypting and accessing information when you need it is huge,” Nok Nok Labs CEO Phil Dunkelberger told SCMagazine.com. “When authorities start talking about weakening security to access information, it's a lose-lose situation.”
The DOJ unveiled a document last week demonstrating the US FSIC's approval of 1457 requests from the Federal Bureau of Investigation and the National Security Agency to intercept email and phone communications. The document showed that the intelligence court did not reject any request made by either agency.
“If the Justice Department cuts a deal with US tech companies, it would not be an internationally binding agreement, because it does not adhere to the data breach laws in Europe. You can't force companies to turn over user information to intelligence authorities and at the same time threaten to throw CEOs in jail if there is a data breach,” said Nok Nok Labs CEO Phil Dunkelberger, discussing the challenge of adhering to subpoenas such as the Justice Department's request of Apple, while also adhering to stricter data breach regulations enacted in Europe. “That isn't working for us.”