Three US laws require its companies operating overseas to hand over customer data to US 007s. And FISA 702 and EO 12333 laws can oblige companies to transfer Italian data, while keeping the activity confidential.
These days, I decided to “design” the national cloud of strategic and sensitive public administration data and prevent it from ending up in the hands of big tech companies with the real risk of mass surveillance, as we’ll explain.
National Cloud, players in the field (so far)
In the past few hours, a different game plan seems to be taking hold, centered around a public-private union to give life to the national “cloud”. Cassa Depositi e Prestiti (CDP) –suji, which are the two public entities for implementing cloud computing for the Palestinian Authority e Leonardo e Tim (Behind the presence of The Google), the two private companies, as technical partners.
“We are intensively engaged, and we are in dialogue on several fronts, both with the national telecom operator and with the CDP. We are evaluating how to cooperate on this front, and we are absolutely sure that like Leonardo we can give a significant added value in the service component”, He said Alessandro Profumo, CEO of the Leonardo Group, at a hearing in the room.
Mass surveillance and technological desertification problems with data for US companies
We do not know how the picture will develop and what are the possible solutions. It is known that in PNRR . number predicted 900 million To create a cloud infrastructure for central and local Italian public administrations, where the data of more than 60 million Italians can be relayed.
If the data is going to end up in the US corporate cloud, here are the serious problems from a data protection standpoint and in terms of technological independence.
US laws that require companies operating abroad to give away customer data بيانات
There are three laws in force in the United States, namely Cloud LawAnd the FISA 702 and EO 12333, which requires US companies operating abroad to hand over their customers’ data to US services.
The Cloud Act (Clarification of the External Legal Use of Data Act) reformed the previous legislation to give more powers to data access”owned, managed or controlled” of electronic communications services subject to United States law. Legislation is the first priority for scholars on the issue of legal accessibility of data. What is new is that it allows a US judge, in the case of a crime investigation, to issue an access order to data he deems relevant, even if it is owned by foreign nationals. However, it must be known that the order will be executed automatically without the ability to oppose it unless your country has entered into specific agreements with the USA to implement it.
But the biggest danger to the mass surveillance of our data is binding (Foreign Intelligence Surveillance Act), con la sua Section 702.
It is the Anti-Terrorism Act that authorizes the collection of any electronic communication by computer or telephone (against any foreign national outside the United States. Without the authorization of a judge.
Let’s talk about:
- The names of the speakers on the phone.
- Text of emails.
- History of web browsing motivated by the fight against terrorism.
Mass surveillance is permitted under Foreign Intelligence Surveillance Act 702
According to FISA 702, i “electronic communication service providers” Americans (as Google, Amazon, Apple, Microsoft, Facebook, Google e Hey ho), may be obligated to grant US security authorities access to the personal data ofpeople outside the United States, defined as any person who is not a U.S. citizen or permanent resident of the United States. Control orders under this Act shall not be specific to a single purpose, but allow a complete comprehensive surveillance program such as Prism a upstream. There is no individual judicial approval for non-US persons. FISA 702 also allows monitoring for fairly broad purposes, such as “Information … relating to … the conduct of foreign affairs of the United States”.
Using the National Cloud, would you like to create a mass CIA surveillance of our data as Italian citizens?
How do we protect the data of the future national strategic pole?
The French strategy, very pretentious, provides for licenses. That is, France has provided the possibility to use American technologies in the field of cloud computing under a license from French and European companies. But Big Tech’s licenses are proprietary and thanks to their software they can always get their hands on the data.
The solution comes from the head of Leonardo:
Mechanism of data protection through a certified encryption algorithm“
“The transmission of sensitive company data to the cloud or other infrastructures is a critical element: the Internet does not guarantee that digital data, originating in Italy and its destinations, will not cross borders,” Leonardo chief Luciano Carta warned. “It would be important”, Karta recommendedProvide a mechanism to protect data through an encryption algorithm approved by the National Security Agency that manages and distributes security keys.
If you lose your cloud computing capacity…
Finally, when designing the national cloud, it is not enough to just think about privacy and cybersecurity by design and by default. If all cloud computing capacity is transferred to Google and/or other big tech companies, Italy will lose control of the country’s economy. We will have one “Technological desertification”, As warned Antonio Baldasara.