The Commission is considering what to do to encourage more European governments, businesses and individuals to use the Cloud.

As most people know, the Cloud is a means to allow companies to outsource all their activities on platforms and infrastructure on to the internet. It promises productivity boosts. However, take up has been lower than it might have been. One big concern is the integrity of data held by cloud providers.

Users - businesses and individuals - may be right in their concerns. In a recent Queen Mary university project study, researchers examined the terms and conditions (T&Cs) of dozens of Cloud providers including Amazon, Microsoft 365 and Apple, and found they left something to be desired. Reading the small print carefully, researchers found that compensation is paltry and there are powerful get out clauses if things go wrong.

Another worrying finding: Every single Cloud service provider they investigated reserved the right to disclose information stored by their customers in certain circumstances. Some require a court order, but other Cloud providers base disclosure on a perception of their business interests or what they regard to be the public interest.

That means that they can give up data to law enforcement agencies that ask for it if, for instance, they want to keep in good standing with a government.
Claims about encrypted data should be taken with a pinch of salt. The popular information storage service Dropbox was embarrassed earlier this year when it had to admit its claim that "our staff are unable to access your information" was not quite true. The clarified formulation goes "Staff are prohibited from accessing information". In fact, a few key executives can indeed access customer data - precisely to comply with emergencies like law enforcement agency requests.

There are fears in Brussels that the long arm of US law enforcement, armed with the Patriot Act, will put political pressure on the US Cloud providers (which dominate the market on this side of the Atlantic too) to give out information on European citizens on very easy pretexts.
It has definitely affected the willingness of, for instance, Dutch local authorities to use the Cloud. T-Mobile and other European providers are making hay with the anxiety and are lobbying Brussels for a certification process that would favour them over US providers when bidding for European government cloud contracts. The claim is that Europe-based providers would be more resistant to the US authorities.

So far so good. But are Eurocrats blind to some intrusive legislation in their own backyard?
In fact, another paper by Queen Mary outlines the new European Evidence Warrant and the proposed European Investigation Order could be just as great threat as US initiatives ever could be. The European Arrest Warrant, which has been in use since 2004, has already led to much criticism: that people are being automatically extradited on trivial offences committed in other EU countries.

One carpenter was tracked down in the UK and sent back to Poland because he had fitted wardrobe doors and then removed them when the customer refused to pay him. In another case, a man was extradited for the suspected theft of a dessert. Under EU law, British police cannot refuse the requests on grounds of disproportionality. Military planes fly back to eastern Europe every week.
Will the new warrants mean cops being asked by their EU colleagues to carry out data server seizures on their behalf, no questions asked?

All in all, the Queen Mary reports confirm that users of the Cloud might be quite vulnerable. Of course, users could always take a "accept as is" attitude to the services and, for security, encrypt the data themselves before putting it in the Cloud.

Ultimately the challenge may not be not America, much as Brussels tries its usual game of rallying the troops against it - but extensive EU legislation that is not debated properly, and the informalisation of justice that results from complex legal issues over multiple jurisdictions.


QMUL Cloud Legal Project


http://www.cloudlegal.ccls.qmul.ac.uk/

-------------------------
Pelle Neroth -- EU correspondent