Feeds

US gives in to EU demands over data

PNR and Swift finally put to bed - but still restless

Beginner's guide to SSL certificates

The US has capitulated to EU demands that its use of European data in counter-terrorism operations should be subject to foreign scrutiny.

The two sides finally compromised this week on their long-running disagreements over the US requisition of personal data about European citizens from passenger name records (PNR) held by airlines, and their financial transactions processed by Swift, a Belgian mediator of international financial transactions.

In both sets of negotiations the EU had insisted that it appoint people in Washington to oversee the US use of European data. It believed that US privacy laws would not protect European citizens' data from being abused. The US had maintained as a point of principle that European oversight would be a violation of its sovereignty, said EU sources. But both deals have given the EU the power to inspect US investigators.

"The optimistic view is that this is a victory for the EU," said Gus Hossein, a director of Privacy International. However, he and EU officials said the jury was out until the details of the oversight arrangements had been agreed. And the EU had won only limited oversight over the US use of PNR data.

The US had an undeniably strong position on PNR - it had a right to know who was entering its country. Yet the two required legal cover for the transfer to take place and the EU was insistent that, in the absence of firmer US privacy laws, it must have someone inspect the arrangements. Nevertheless, according to the draft agreement still waiting for ratification of member states, the oversight would only occur "periodically". One EU official said this would consist of just one half-term review and someone watching over the US implementation of the agreement. The EU is also sceptical about how binding the agreement would be on the US.

The EU won greater concessions over US use of data commandeered from Swift, even though it did not have a negotiating position and no power to hold the US to a formal agreement. Swift held records of EU financial transactions on US soil, thus the US had a right to access Swift's data. But US interests were sensitive to Swift - it could not afford to undermine the confidence of other firms who hold data on EU soil by failing to assure Swift's customers that the privacy of their financial transactions would not be violated. The question of industrial espionage had even been raised.

So the US took a unilateral position on Swift, but one that guarantees ongoing, independent EU oversight of all its subpoenas on the financial firm.

EU officials still had reservations about both deals. The Swift arrangement allows the US to share data requisitioned from Swift with third countries. The US has assured the EU that it will insist data is treated by third countries according to the principles of data protection. Yet there would be no binding arrangement over third countries that do not have data protection laws.

The European Data Protection Supervisor has expressed its reservations about the final details of the PNR arrangement. The US will retain data about European citizens for fifteen years. Even the EU's negotiating position of three and half years had been too long, it said. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.