Sir David Davis warns about the potential for privacy issues in Government’s drive for cloud storage


As reported in the Independent;

“MPs call for Government to consider ending use of Cloud amid concerns that US authorities can access information

The Government should consider stopping sharing intelligence services with the US and end the use of Cloud computing due to concerns that sensitive personal information about British citizens can be spied upon by US authorities, MPs said today.

The warning comes during a Whitehall drive for government departments to store their electronic information externally with private companies, meaning taxpayers’ private data could be left vulnerable to large-scale surveillance.

US law allows American agencies to access all private information stored by foreign nationals with firms falling within Washington’s jurisdiction, if the information concerns US interests, without a warrant. Four suppliers of the UK Government’s G-Cloud system are located in the US, leading to questions over the security of information is being stored overseas.

Tory MP David Davis told The Independent: “The Americans have got to remember who their allies are and who their enemies are.” Referring to an RAF base in Yorkshire which aids US intelligence services in intercepting communications, he added: “There are people like us who they rely on to provide them with listening stations, like Menwith Hill for example. Do they really want Parliament to start asking Government to limit what Menwith Hill can do? There are all sorts of possibilities if they carry on with this.” He warned that there is “a whole cascade of constitutional and privacy concerns for ordinary British people”.

Liberal Democrat MP Julian Huppert said the revelations were “very alarming”.

“I have a particular concern about UK government data,” he said. “If the Government starts to do more work on a cloud system – which is being looked at for obvious reasons – have we had assurance that the US government would not access such data as foreign intelligence information, and whether there would there have to be unambiguous consent of UK citizens?

He added: “If the US will not give a clear assurance about government data then we will have to stop using the Cloud, as we cannot allow that to happen.”

Mr Huppert, who has been a vocal critic of proposals for a UK surveillance law known as the ‘snooper’s charter’, continued: “A lot of people wouldn’t realise where data is stored, and hence wouldn’t expect to be subject to US law… The Government has a specific responsibility for personal data, and sensitive data can be stored offshore. There is a very sensible increase in the government use of cloud computing, there are excellent reasons for cloud services, however there are concerns around security and this highlights one of them.”

The Cabinet Office is yet to respond to questions about the status of government data on Cloud services.

Amendments renewed last month to the Foreign Intelligence Surveillance Act, known as FISA, allow the US authorities to access files and information directly from within the Cloud centres holding it. Experts have warned that this renders data encryption protection useless, as this only defends information from being read while it is passing from the user to their cloud provider – once it reaches the cloud, it is unprotected.

Nick Pickles, director of privacy and civil liberties campaign group Big Brother Watch, said: “It’s clear that what this legislation permits surveillance that would be ruled unconstitutional if the US government tried to use these powers on its own citizens.

“The reality is that every time a British person uses a cloud service, whether email, social media or online shopping, they are at risk of having their entire communications stored and analysed in a way that few people would argue is necessary or something that sets an example to the world that blanket surveillance should never be not the norm.

“At a time of greater use of services like Google Docs by public authorities in the UK and the increasing volume of data that is stored on overseas servers, these powers are potentially giving the US agencies the ability to reach into personal information never available before without a court warrant.””