Safe Harbour and the age of the Digital Maginot Line.

Posted on October 8, 2015


The online forums and commentary have been hot in debate following the 50 Calibre class head shot taken by the Safe Harbour agreement, R.I.P . Many now conceding it was mortally wounded on its inaugural outing but stoically staggered in ‘forlorn hope’ in the face of a duplicitous adversary.

Looking around, everyone is ducking and diving, seeking the definitive legal remedy to mitigate exposures in the vacuum left by an invalidated Safe Harbour agreement. Be that winging it by holding out for a rapid ratification of Safe Harbour v2 or implementing some other contractual option such as EU Model Clauses, Consent or blend of viable remedies. The former will be too high risk for many so the latter are the only viable routes, fraught with cost and complications with no guarantees. In the end none of these current remedies will do for the true protection of EU citizens data, making this a paper exercise in replacing one fig leaf with another for proprieties sake.

The cold reality is dawning on many that such alternative interim remedies, even if deployed correctly, ignore the overriding issue that ANY legal countermeasures to fill the Safe Harbour vacuum are put in serious jeopardy by the prevailing attitude of the US Government and its agencies. These entities continue to act in a way that demonstrates they believe they have just cause to ignore the laws of other sovereign powers. Executed in a brutish way akin to the school bully, when it comes to strong arming US entities to disclose or give up assets (digital or physical) wherever they may reside in the world, irrespective of any local jurisdictions.  This is illustrated in the current Dublin eMail Warrant case against Microsoft that rumbles on (‘U.S. judge rules search warrants extend to overseas email accounts’), and in more conventional terms through the experiences of US citizens hounded into every corner of the globe by US IRS. In many circles, doing business with any US entity is simply less desirable due to the invasive oversight demanded and imposed by US agencies, fully underwritten by their Government.

The US is backing itself into a corner and in so doing compromising its citizens and businesses with such strong arm tactics. Practices that are becoming so unilateral across a broad scope of legislative and regulatory instruments and invasive on business that for the US to concede on one would see a domino effect across the others. To expect the US to give up its self appointed wide ranging freedoms is perhaps like getting a long term Methamphetamine, aka crystal meth, addict to drop their habit overnight.

Just like a junkie, promises and trust are being tested to the limit, and they stand severely compromised. In sometimes the most arrogant and self serving way US national intelligence agencies have demonstrated time and again their disregard for any democratic and accountable process. What kind of example is being set, and message communicated, on the global stage, when their most senior representatives are caught out to have lied before courts, Senate committee’s etc? See the Guardian Article by way of independent commentary on this point ‘Everyone should know just how much the government lied to defend the NSA’. Not just one indiscretion but repeatedly and in a premeditated way, so the 2nd chance card (and 3rd and 4th in some cases) has already been played. Oh yes all in the name of the war on terror, in a vacuum of hard proof that such behaviour and practice is warranty at all. Your model contract clauses, contractual consent or whatever with EU citizens provide NO certainty against the US government or its agencies.

Today if Uncle Sam wants it, and they have a US entity they can use as a conduit, then we have manifested the digital equivalent of Frances World War II folly, the Maginot Line. Do we ever learn ….

And if our Swiss friends in their Alpine eyries feel safe in the comfort of their own ‘US-Swiss Safe Harbour Framework’, which is not legally bound by the European Court of Justice (ECJ) ruling , then cloud and cuckoo come to mind. See the advice from your own Federal Data Protection and Information Commissioner (FDPIC).

Until the US come to terms with such feral practices, the sovereign states comprising the EU would be better accepting the situation and communicating a challenging reality to EU citizens. Allowing EU business to pursue the real commercial opportunities that this offers their communities economically by usurping their US counterparts to deliver locally build and based digital services that do not incur the embugerance of dealing with the US. If only to try and rein in the US, the wallet can be a soft target.

As for the parade of US politicians who have stood up in horror accusing the EU of a wanton act of vandalism to US/EU digital harmony and affront to their beloved Silicon Valley, they need to look closer to home for the true source of their angst.