U.S. Authorities Can Access Non-Citizen iCloud Data Without A Warrant [Updated]

What could this mean for your data?

What could this mean for your data?

The Foreign Intelligence Surveillance Act (FISA) allows the U.S. government open access to electronic information stored by non-US citizens on US-based servers, like a host of cloud services available today. iCloud, Google Drive, Dropbox, and other popular services are all subject to this law, passed in 2008 by the Bush administration and recently re-authorized by the Obama administration for another 5 years.

What this means is that any data stored by non-American citizens on cloud servers here in the US is able to be looked at in entirety by various agencies in the US federal government, including the NSA, FBI, and CIA.

Caspar Bowden, Chief Privacy Adviser to Microsoft Europe for nine years until 2011, told UK-based The Independent: “What this legislation means is that the US has been able to mine any foreign data in US Clouds since 2008, and nobody noticed.”

Several posts, like this one at the Huffington Post, written around the time of the re-authorization of the FISA mention email and overseas phone calls, but do not take notice of cloud-based data.

Sophie in ‘t Veld, a Dutch MEP who serves as vice chair of the European Parliament’s civil liberties committee, told The Independent, “Let’s turn this around and imagine this is not the United States having unlimited access to our data but the government of Mr Putin or the Chinese government – would we still wonder if it’s an urgent issue? Nobody would ask that question.”

While we may imagine that the US won’t use the data for anything nefarious, we just may be too naive. Even worse, however, is the precedent this sets for countries to gather data on non-citizens via commercial services that may in the future be housed in a location other than our country of origin.

We’ve contacted Apple, Google, and Dropbox for comment, and will update if we receive a response.

Update Google responded to our request for comment with Google’s general policy on these types of issues, saying that the company is unable to comment on FISA, specifically. They also pointed us to the official blog post and FAQ, as well.

Law enforcement agencies must be able to pursue illegal activity and keep the public safe. But it’s just as important that laws protect our users against overly broad requests for their personal information.

Respect for the privacy and security of data that users store with Google underpins our approach. Before complying with a government request, we make sure it follows the law and Google’s policies. We notify users about legal demands when appropriate, unless prohibited by law or court order. And if we believe a request is overly broad, we seek to narrow it — like when we persuaded a court to drastically limit a U.S. government request for two months’ of user search queries.

We’re still awaiting any word from Apple or Dropbox.

  • ScotHibb

    I’m fine with this. If you live in the US and aren’t a US Citizen you give up some liberties that citizenship affords you. When I’m traveling abroad, say Europe, I don’t expect to be governed as if I was a citizen of the country I am in.

  • fracture

    @ScotHibb I think you missed the point of the article. It isn’t that if you’re a non-citizen living in the USA you give up “liberties that citizenship affords”.

    It’s that people like me, in Australia or any other country that ISN’T the US, and who are not living in the US, who have our data stored via iCloud or Dropbox, are afforded no privacy, with the US being able to troll through out data.

  • ulyssesric

    It’s that people like me, in Australia or any other country that ISN’T the US, and who are not living in the US, who have our data stored via iCloud or Dropbox, are afforded no privacy, with the US being able to troll through out data.

    What if the data storage server itself is not hosted in United State ?

  • fracture

    What if the data storage server itself is not hosted in United State ?

    It doesn’t matter. According to the source article; servers in the US, or servers owned by US companies (regardless of geographic location), are subject to the law.

  • seaaalex

    Evidence has shown If they wan’t it they will get it no matter where it is no matter what the “law”says …. And if you think they won’t your kidding yourself.

  • davester13

    Google’s response basically said “We follow the law”, being careful to not agree with you that the law lets the US gov’t rummage through your things based on the absurd requirement of “We think it may be relevant to an investigation”.

  • hanhothi

    “imagine that the US won’t use the data for anything nefarious, we just may be too naive”.

    You kidding? The US authorities are among the most untrustworthy and “badge heavy” in the whole world!

    I was not aware of this until this article. All my stuff is coming off iCloud (which I have only recently started using) and Dropbox. Not that I am engaged in ANY criminal activity, but my PRIVACY is very important to me. Your authorities trample over everyone. And since 9/11 it has gotten far worse. I will not even visit the US now in view of the crap people have to put up with at US airports.

About the author

Rob LeFebvreAnchorage, Alaska-based freelance writer and editor Rob LeFebvre has contributed to various tech, gaming and iOS sites, including 148Apps, Creative Screenwriting, Shelf-Awareness, VentureBeat, and Paste Magazine. Feel free to find Rob on Twitter @roblef, and send him a cookie once in a while; he'll really appreciate it.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , , |