What you need to know about cloud backup

No sooner does the world agree to one request from US law enforcers for the right to snoop on its citizens than they are back with yet more demands. This week, however, the US may finally have pushed too far: the EU is not happy – and it is pushing back.

First up is the news that, little over a month since signing up to the Swift agreement that both enables and restricts the US’ right to collect information about bank transfers in and out of the United States, the Obama administration has unilaterally decided to tear up the agreement and claim the right to monitor any and every financial transaction, whether it can show good cause or not.

When this activity became public, in 2006, the US administration agreed to negotiate with the EU, while keeping the programme up and running. According to EUobserver, the European Parliament’s in-house paper, current rules mean that US officials can request European data relevant to a specific terrorist investigation. This request needs to be approved by the EU's police cooperation unit, Europol, and to meet certain requirements, including a lower limit on transactions monitored, of $10,000.

However, the Washington Post reported this week that "transactions between European and US banks would be captured regardless of whether there is a substantiated need".

It also suggested that the Obama administration now "wants to require U.S. banks to report all electronic money transfers into and out of the country", describing this as "a dramatic expansion in efforts to counter terrorist financing and money laundering".

The European Commission and MEPs are reported to be "requesting clarifications" – Eurospeak for "are spitting blood" - from Washington. Dutch Liberal MEP Sophie in 't Veld met with EC officials behind closed doors on Monday to discuss the matter and later issued a public statement. She said: "We are all getting a bit tired of being taken by surprise all the time. The US is our friend and ally, so we shouldn't be treated this way."

On the same day, the New York Times reports details of a further encroachment on personal privacy launched this week by federal law enforcement and national security officials. They are getting ready to request sweeping new regulations for the internet, on the grounds that their ability to wiretap criminal and terrorism suspects is "going dark" as people increasingly communicate online instead of by telephone.

The bottom line is that these officials would like Congress to require all services that enable communications — including encrypted email transmitters like BlackBerry, social networking websites and software that permits direct "peer to peer" messaging such as Skype — to be technically capable of complying if served with a wiretap order.

This demand was criticised by James X Dempsey, vice president of internet policy group the Center for Democracy and Technology, an internet policy group, who accused the authorities of wanting to turn back the clock and "make Internet services function the way that the telephone system used to function".

These sentiments were echoed by Liberal Democrat European justice and human rights spokeswoman and London MEP Sarah Ludford. Ludford is also vice-chair of the European Parliament's delegation to the US. She told us: "How the US chooses to snoop on people within its own borders is its own business. But there seems little point in struggling to reach transatlantic agreements on data transfer such as those on financial transactions (SWIFT/TFTP) and Passenger Name Records if the US is going to undermine them through constantly moving the goalposts.

"We need an overarching EU-US deal not only on privacy safeguards but also on the broad limits of what personal information will be sought by law enforcement agencies. Permanent mission creep is very destabilising of the trust necessary to reach long-term agreements.

"MEPs are fully supportive of necessary and proportionate efforts to catch major criminals. But the US must be stopped from trashing the international boundaries of privacy. The European Commission and EU governments must in particular make crystal clear - as they have so far failed to do - what the rules are on data-mining and profiling." ®

Agentless Backup is Not a Myth