Personal information uploaded by British computer users to cloud services such as Apple’s iCloud and Google’s Drive can be spied upon by US intelligence without the need to apply for a warrant, it has emerged.
All documents and photographs stored on computer systems based in the US can be accessed without telling the owners under newly approved legislation.
Cloud services are a cheap and supposedly secure way for computer users to store information. Rather than saving it on their own machines, they upload it via the internet where it is held on central computer servers.
In addition to the private users, it is estimated that 35 per cent of British companies store information on cloud systems.
The Foreign Intelligence Surveillance Act allows US government agencies open access to any electronic information stored by non-American citizens by US-based companies.
Introduced towards the end of President George W Bush’s administration in 2008, it was renewed in December. But only now are privacy campaigners and legal experts waking up to the extent of the intrusion, according to The Independent.
Caspar Bowden, who served as Microsoft Europe’s chief privacy adviser for nine years until 2011, told the newspaper: “What this legislation means is that the US has been able to mine any foreign data in US Clouds since 2008, and nobody noticed.”
Bodies such as the National Security Agency, the FBI and the CIA can gain access to any information that potentially concerns US foreign policy for purely political reasons – with no need for any suspicion that national security is at stake – meaning that religious groups, campaigning organisations and journalists could be targeted.
The information can be intercepted and stored in bulk as it enters the US via cables crossing the Atlantic Ocean.
A Google spokesperson said: “It is possible for the US government (and European governments) to access certain types of data via their law enforcement agencies. We think this kind of access to data merits serious discussion and more transparency.”