September 18, 2014
Fact or Fiction? U.S. Government Surveillance in a Post-Snowden World
Bret Cohen Hogan Lovells US LLP
2
The “Snowden effect”
www.hoganlovells.com
U.S. cloud perception post-Snowden
• July 2013 survey of non-U.S. Cloud Security
Alliance members
– 66% either cancelled a project with or reported that they
were less likely to use U.S.-based cloud providers
• May 2014 survey of European IT professionals
– 51% do not trust U.S.-based clouds (13% unsure)
– 47% believe data is more secure in EU-based clouds
– 59% do not believe EU governments conduct surveillance
to the same extent as the U.S.
3
www.hoganlovells.com
Bottom-line cost estimates
• Information Technology & Innovation Foundation:
– “The U.S. cloud computing industry stands to lose $22 to
$35 billion over the next three years” (Aug. 2013)
• Forrester Research
– “We think [ITIF’s] estimate is too low and could be as high
as $180 billion or a 25% hit to overall IT service provider
revenues in that same timeframe.” (Aug. 2013)
4
www.hoganlovells.com
Overheard from a non-U.S. provider
“[The] Service is based and operated by companies in
the European Union – offering European customers
full compliance with EU data protection laws and a
safe haven from the reaches of the US Patriot Act.”
5
http://www.anniemayhem.com/blog pics/BigMouth.jpg
www.hoganlovells.com
Overheard from a non-U.S. provider
“EU customers can now benefit from the savings and
flexibility enabled by cloud-based database services
safe in the knowledge that they will not fall under the
jurisdiction of the Patriot Act. Under the Patriot Act
data from EU users of US-owned cloud-based
services can currently be shared with US law
enforcement agencies without the need to tell the
user.”
6
http://www.anniemayhem.com/blog pics/BigMouth.jpg
www.hoganlovells.com
Overheard from a non-U.S. provider
“The Americans say that no matter what happens I’ll
release the data to the government if I’m forced to do
so, from anywhere in the world. Certain German
companies don’t want others to access their systems.
That’s why we’re well-positioned if we can say we’re a
European provider in a European legal sphere and no
American can get to them.”
7
http://www.anniemayhem.com/blog pics/BigMouth.jpg
8
The Facts: What exactly can the U.S. government do?
www.hoganlovells.com
How can the U.S. obtain customer data?
9
www.hoganlovells.com
I noticed you didn’t mention the Patriot Act.
So why do I keep hearing about it?
Uniting and Strengthening
America by Providing
Appropriate Tools Required to
Intercept and Obstruct
Terrorism Act
10
www.hoganlovells.com
What are the concerns of non-U.S. companies?
11
12
Can a company with U.S. ties
guarantee that the U.S. government
won’t access non-U.S. customer
data?
13
So, customer data must be less
safe from government access in the
U.S., right?
www.hoganlovells.com
“A Global Reality”
14
• All provide authority to
compel disclosure of
customer data
• In almost all instances,
government can compel
remote disclosure
• Outside of the U.S.,
most countries permit
voluntary disclosure
• MLATs mitigate issue of
foreign access
www.hoganlovells.com
“A Sober Look”
• The U.S. imposes at
least as much, if not
more, due process in
national security
investigations
• Other countries protect
economic interests
• Many programs are run
by national security
establishment, not
subject to court review
15
16
How, then, should companies with
U.S. ties respond to concerns from
non-U.S. customers?
www.hoganlovells.com
How to respond to concerns
• Dispel misconceptions about the Patriot Act
17
• Compare laws to those outside of the U.S.
– The U.S. absolutely prohibits voluntary disclosure of
data customers store in the cloud
– Providers outside of the U.S. with U.S. ties can’t
guarantee that their data won’t be accessed, either
– Most countries permit the same level of surveillance and
access, some with greater authority than the U.S.
• Release a transparency report detailing the number
of government requests
www.hoganlovells.com
Questions?
18
Bret Cohen | [email protected]
www.hldataprotection.com
Detailed outline
included with
handouts
www.hoganlovells.com
Hogan Lovells has offices in:
Alicante
Amsterdam
Baltimore
Beijing
Brussels
Budapest*
Caracas
Colorado Springs
Denver
Dubai
Dusseldorf
Frankfurt
Hamburg
Hanoi
Ho Chi Minh City
Hong Kong
Houston
Jakarta*
Jeddah*
Johannesburg
London
Los Angeles
Luxembourg
Madrid
Miami
Milan
Moscow
Munich
New York
Northern Virginia
Paris
Philadelphia
Prague
Rio de Janeiro
Riyadh*
Rome
San Francisco
São Paulo
Shanghai
Silicon Valley
Singapore
Tokyo
Ulaanbaatar
Warsaw
Washington DC
Zagreb*
"Hogan Lovells" or the "firm" is an international legal practice that includes Hogan Lovells International LLP, Hogan Lovells US LLP and their affiliated businesses.
The word "partner" is used to describe a partner or member of Hogan Lovells International LLP, Hogan Lovells US LLP or any of their affiliated entities or any employee or consultant with equivalent standing. Certain individuals, who are
designated as partners, but who are not members of Hogan Lovells International LLP, do not hold qualifications equivalent to members.
For more information about Hogan Lovells, the partners and their qualifications, see www.hoganlovells.com.
Where case studies are included, results achieved do not guarantee similar outcomes for other clients. Attorney Advertising.
© Hogan Lovells 2014. All rights reserved.
*Associated offices
Top Related