The Cloud Conspiracy

how the EU was hypnotised that the NSA did not exist

This talk is multidisciplinary and will cover national and international surveillance and privacy law, Five Eyes SIGINT policy, technical security and economics.

In 2011 I started trying to warn EU institutions about what we now call PRISM, after working it out from open sources. Civil society, privacy regulators, and the Commission all did nothing. This is the story of exactly how they did nothing, and why, and what is happening now
There is one law (FISA 702) and one policy (EO12333) which authorizes the US government to conduct mass surveillance on “foreigners in foreign lands”. These are drafted in terms which discriminate the privacy rights you have by the passport you hold – in fact there are no rights at all for non-Americans outside the US.
It is obvious that this is a reasonably important dimension of the whole Snowden affair, because it starkly conflicts with ECHR norms that rights are universal and equal.
The only possible resolution compatible with universal rights is data localization, or construction of a virtual zone in which countries have agreed mutual verifiable inspections that mass-surveillance is not occurring (and at present this seems unlikely). There is a widespread misconception that somehow the new GDPR privacy regulation will curb foreign spying, when in fact it is designed to widen loopholes into floodgates.