• EPO and Microsoft Collude to Break the Law -- Part I (Intro): A Fresh Data Protection Scandal Brewing at the EPO?
• EPO and Microsoft Collude to Break the Law -- Part I (Start of Series): Enter the “Cloud of Unknowing…”
• EPO and Microsoft Collude to Break the Law -- Part II: Steve Rowan Announces Microsoft “Outlook Migration”
• YOU ARE HERE ☞ The PATRIOT Act and Mass Surveillance

The US PATRIOT Act – a refuge for scoundrels?

As a result of Edward Snowden's courageous disclosures which forced him into exile from his homeland public opinion across the globe was alerted to the existence of mass surveillance programmes conducted by US security and intelligence agencies.

"The PATRIOT Act amended eleven other legislative acts and allowed the US government to spy on its own citizens without due process. It was passed in less than a week with little debate and no expert testimony."But the modern era of mass surveillance was already underway long before Snowden took his fateful decision to blow the whistle back in 2013.

Following the September 11 attacks of 2001, domestic and international mass surveillance capabilities increased immensely on the basis of a wide range of legal instruments, including presidential executive orders declaring a continued State of National Emergency, first signed by George W. Bush on September 14, 2001 and then renewed on an annual basis by Barack Obama, along with a number of national security Acts most notably the USA PATRIOT Act and the FISA Amendment Act which established the PRISM surveillance program.

According to critics and political dissenters, the effect of these acts has been to establish an American police state by institutionalising the illegal COINTELPRO tactics used to assassinate dissenters and leaders from the 1950s onwards.

The PATRIOT Act amended eleven other legislative acts and allowed the US government to spy on its own citizens without due process. It was passed in less than a week with little debate and no expert testimony.

In April 2011, the IT news channel ZDNet published a series of detailed posts about the US PATRIOT Act of 2001, a piece of legislation which is formally entitled "An Act to deter and punish terrorist acts in the United States and across the globe, to enhance law enforcement investigatory tools, and for other purposes".

In its analysis of the PATRIOT Act, ZDNet focussed on how its provisions could be used to access data held outside the United States.

According to ZDNet: "U.S. law enforcement could use the USA PATRIOT Act on a U.S.-based organisation -- like Microsoft, Google, Intel or Amazon, for example -- to force its local subsidiary companies across the world into handing over user data to U.S. authorities.

"EU data once may have 'had to stay in Europe', but this is on the most part untrue. The Safe Harbor framework, designed to protect EU data in the United States, protects merely the transfer of data from Europe to U.S. soil. But as soon as it arrived on U.S. soil, Safe Harbor can be superseded by America's counter-terrorism law.

"U.S. corporations survive by having subsidiary or smaller companies in foreign locations, to communicate and collaborate with their clients on the ground in their locale. These subsidiary companies are wholly owned and controlled by their U.S. parent. If a U.S. parent company receives a request from the U.S. government to inspect data held by a subsidiary company in a foreign location, the subsidiary would therefore have no choice but to hand over the data to their U.S.-based parent."

Shortly afterwards, in a June 2011 article entitled "Microsoft admits Patriot Act can access EU-based cloud data" ZDNet reported that Microsoft's UK head had admitted that "no cloud data is safe from the Patriot Act, and the company can be forced to hand EU-stored data over to U.S. authorities".

ZDNet continued to report on the risk of U.S. law enforcement and intelligence agencies accessing cloud-stored data and in February 2013 it published an article entitled "Yes, U.S. authorities can spy on EU cloud data. Here's how":

"EU citizens and businesses are warned against using the cloud over the risk that U.S. law enforcement and intelligence agencies can obtain your personal records. Here's how the U.S. can acquire your data, even if you're based in the EU."

As we will see in the next part, some of the specific features of the legal landscape have been modified in the meantime, but the more or less the same risks reported on by ZDNet back in 2011 and 2013 continue to exist under the terms of the so-called CLOUD Act which was passed by US lawmakers in March 2018. ⬆