More on accessibility of data – judicial imperialism, the right to be forgotten, and spies

August 4, 2014

There is more to data accessibility than eDiscovery / eDisclosure which is my main subject. The use of data in one jurisdiction which exists in another is of growing concern, and not just to lawyers. The subject comes up again only a few days after I last wrote about it.

My recent article Conflicting positions on accessibility of data covered two different aspects of an increasingly important subject, the so-called “right to be forgotten”, and the increasingly insistent demands from US courts and agencies for access to emails and other data held outside the US. The work of the NSA comes into a third and rather different, since at least the first two involve some consideration of competing interests and conflicting laws; spies don’t worry too much about that sort of thing.

The first two subjects were conjoined in an article by Neil Cameron to which I referred in my own article. He has written again on the “right to be forgotten” following the publication of a report by the House of Lords EU sub-committee to which Neil gave evidence. The report is called EU Data Protection: a “right to be forgotten”? Note both the quotation marks around “right to be forgotten” and the question mark at the end. Neil Cameron says:

The good news is that the Committee has unreservedly, if not robustly, concluded overall that the so-called “right to be forgotten” (as it is currently defined by the ECJ and demonstrated by Google’s current attempts to conform to the judgment) “must go. It is misguided in principle and unworkable in practice” and that in the light of current technology “it is no longer reasonable or even possible for the right to privacy to allow data subjects a right to remove links to data which are accurate and lawfully available.”

Meanwhile, Microsoft has lost in its current bid to deny a US court access to emails stored on its Dublin servers. You might like to see an article on ZDNet called Microsoft ordered to hand over overseas email, throws EU privacy rights in the fire. The subject is further analysed in an Inside Counsel article called Microsoft will appeal judge’s decision on data stored in Ireland.

You may be interested also in Google’s reply to the EU’s article 29 working party to its complaints about Google’s implementation of the decision by the European Court of Justice in the Google statement case.

As with so many things, it is easy to be dogmatic and black and white about these conflicts. Speaking for myself:

I am against the US judicial imperialism implicit in the claimed right to demand documents from foreign servers.

I am against the idea that Google is a data controller which can be muzzled at the behest of the court, an individual or a business apart from questions of defamation and the proper protection of intellectual property.

I am against the UK’s so called “Snoopers’ Charter” not on principle, but because I do not believe that the relevant authorities can be trusted either as a matter of competence or as one of ethics – how long before the snooping right is abused by some semi-literate and officious pen-pusher in a local authority, by a humourless and stupid little runt at the Crown Prosecuting Service like the one who initiated the airport Twitter prosecution, or by those under-cover policemen recently caught sharing the lives of environmental activists incognito?

Most of all, I am against the untargeted collection of communications data by the NSA.

A more rounded view is required, however. Is it right that US corporations can put data beyond the reach of US courts by simply moving it to foreign servers controlled by foreign subsidiaries? Should Google be at liberty to disseminate personal data without any right given to the subject of that data to complain about it? At a time of increasing terrorist and criminal cyber-activity, can one properly deny to the state the power to keep an eye on those who would do us harm?

If you think there are simple choices here, you are not thinking enough.


Conflicting positions on accessibility of data

July 28, 2014

Neil Cameron wrote recently about two different aspects of accessibility of data in an article called Update on US land grab for foreign emails. One is the demands made by the courts and authorities of one country (usually the US) in respect of data which lies outside their jurisdiction. The other is the so-called right to be forgotten. I am slow to come to it because I spent much of last week at the Sedona Conference Cross-Border Programme on the same and related subjects. They are simultaneously important and intractable.

As its title implies, the article leads on claims made by the US Government for emails held on Microsoft’s servers in Dublin. Privacy campaigners may claim this subject as their own, but it has much wider commercial implications than privacy. One of the subjects which comes up in the New York Times article to which Neil Cameron refers is the question whether Germany will allow its data to sit on Microsoft’s servers anywhere. This is sub-set of a wider question about the business lost by all US cloud providers as customers world-wide decide against keeping data within reach of US subpoenas as well as their spies (though I think you can take it that the spies have a wider range of investigatory tools at their disposal than the courts).

Neil Cameron was recently invited to give evidence to the House of Lords EU Sub-Committee F on the so-called “right to be forgotten” – he is no enthusiast for the unrealistic posturing of EU courts and politicians whose idealistic vision is uncluttered by any commercial or practical good sense. The second part of his article covers this separate but related topic.

His conclusion that we need “a new kind of global regulatory framework… for controlling electronic commercial and criminal activity on some kind of rational and universally agreeable basis” is obviously right. Before we can aspire to this at a diplomatic level, however, we first need a consensus at a state level within each relevant part of the globe. US spies have interests which do not align with those whose purpose is commercial comity; Chinese trade officials conflict with colleagues who guard Chinese “state secrets; EU privacy campaigners have legitimate fears about the use being made of private data by commercial organisations who themselves say that their expansion (and with it their contribution to the economy) depends on cross-border freedom of information as well as of goods and services.

Don’t hold your breath waiting for a global regulatory framework.


Blurmany and Spain, you and me – the trade-off between convenience and privacy

May 28, 2014

Loss of privacy is the price we pay for the convenience of Internet and mobile technology. Different countries and different age groups accord varying degrees of value to the one and to the other. Germany and Spain have their own reasons for thinking about the balance more carefully than others. Is it worth doing without Street View because Honecker’s East Germany set neighbours to spy on each other? What, if any, is the relationship between the horrors of the Spanish Civil War, the so-called (and probably illusory) ‘right to be forgotten”, and the Google Spain case? Is there a difference in attitude between the generation above me (which lived through the war) and the one below (which happily surrenders its personal information in exchange for social benefits). What about me – what do I think?

I don’t purport to answer all these questions, but it is worth kicking them around.  If you can’t deduce what “Blurmany” is, the answer lies below.

The use of Google’s Street view in Germany came my way twice recently, once in connection with my own attempts to use it and once through a blog post by someone else which linked back to an old post of mine. The theme is the trade-off between loss of privacy and the benefits derived from data-sharing. The point about Street View is that its burden (the loss of privacy) is asynchronous with the benefit (which generally accrues to someone else).

First, why did I want to look at German Street View? My degree was in history, and I retain an interest in it. I like standing in the place where some historical event took place. In Oxford, where I live, you can still see the notch cut in a column in the University Church which supported the back of the platform on which Thomas Cranmer stood to hear that he would be burnt to death the following day; you can stand where he stood. Charles I escaped from Oxford by riding down the lane where I walk every day; Lawrence went that way also on his way to investigate a mound on Port Meadow (that’s T E Lawrence, not D H btw – they were interested in different kind of mounds). I can’t see a scene from a photograph without wanting to know exactly where it was taken. Read the rest of this entry »

Nigel Murray gets hip – and rides again for Help for Heroes

March 10, 2014

eDiscovery and data privacy consultant Nigel Murray is again cycling across northern France on the Big Battlefield Bike Ride between 1 and 8 June in support of Help for Heroes. Two things make this a special year – one is that this is the 100th anniversary of the start of the Great War; the other is that Nigel has recently had a hip replaced.

Most of us would consider that this entitled us to give it a rest. Nigel has always, however, made much of the fact that many of those who take part in this demanding ride are themselves disabled, some of them seriously so. He compares the difficulties posed by his own operation with those who are missing whole limbs, in many cases multiple limbs, and gets back on his bike.

His operation means that he has only just been able to start training. He doesn’t seem to need much encouragement, but let’s give it to him anyway by making a contribution through his fund-raising page. As well as allowing you to donate, this page gives you more information about the adventure.


Washington and New York to Mitchell via privacy, Singapore and Lobachevsky

February 17, 2014

The problem with running a website which offers news and updates is that people notice when it lies silent – the essence of news is that it is new. In fact, I have never aspired to timeliness and, as I say often, if it is important now, it will be important in a month’s time. This post supplements a brief note which I put up last week. Most of it is about Washington and its wonderful memorials, about the week in New York with my panels on eDiscovery technology and privacy, and about the things which got in the way when I got home. That includes some ruminations on the fall-out from Mitchell v NGN, on the unpleasant and economically-illiterate thug who carries the proud title “Lord Chancellor” and his minions at the Ministry of Justice, and on the decline of London’s aspirations to be a forum of choice for international litigants, with side references to Hong Kong (where I go next) and Singapore. There is also a bit about plagiarism illustrated by Tom Lehrer. You get variety here, if not necessarily thematic consistency.

I was at LegalTech in New York, the biggest eDiscovery industry show in the world. This was my eighth LegalTech and I know the form by now – back-to-back meetings, a couple of panels to sit on, five party invitations every night, dinners with varying degrees of learning and entertainment thrown in, and someone to talk to round every corner. This year brought the added element of sudden snowfalls leading to deep pools of slush at every crossing, particularly tiresome when your meetings alternate between the Hilton on one side of Sixth Avenue and the Warwick Hotel on the opposite corner.

Our attempts, some four months earlier, to book hotel rooms were defeated by some sporting event which apparently drew most of the US population into New York for the weekend. The cost of flights to the US falls steeply if you include a Saturday, so we went first to Washington D.C. – “we” being me, my wife Mary Ann and our youngest son William. The weather was fine and, as always, we were drawn first to the war memorials. Read the rest of this entry »

Evidence, privacy and proportionality at Lawtech Europe Congress in Prague

January 30, 2014

I have no particular ambition to write up events as soon as they finish. Distance lends perspective, and anything worth reporting at all will be as valuable a couple of months later. The Civil Procedure Rules of England and Wales gave me enough to be getting on with at the tail end of last year and I only now turn to what was covered at the Lawtech Europe Congress in Prague, the second one organised there by Frederick Gyebi-Ababio.

My own interview filmed on the day gives a summary of why it is important to hold events in central Europe, and correspondingly important for eDiscovery people be there. Prague sits in the middle of a big region and one which is full of potential, not least because of its trade with the US. It is important for businesses and those who advise them to understand the expectations of US discovery, both because they have to face it and because it will become increasingly necessary for these jurisdictions to adopt their own discovery rules – as I say in the interview, a jurisdiction which establishes the content and validity of documents by notarised prints or screenshots has some catching up to do.

This is not just because of litigation – we see a activity by regulators from the US, the EU and within each region, all of whom wants to know what the story is. The story lies in the electronic evidence, and whilst much of the interest perhaps still lies in criminal investigations, civil eDiscovery cannot be avoided. Those who provide professional and technical services will cede the ground to the big four consultants, who are already there for other reasons, if they do not register their presence to some extent.

Paul Salazar of Siemens gave the keynote address, sponsored by Exterro. He ranged broadly over the duties of internal counsel, describing the processes which they must develop in order to anticipate and manage eDiscovery demands.

The emphasis on process can easily obscure the importance of data as evidence. Yuval Ben Moshe of Cellebrite opened the show with a panel whose focus was eDiscovery and the rise of evidence on mobile devices. He had as his panel members Patrick Burke eDiscovery Counsel at Reed Smith, Jo Sherman of edt. and Damian Murphy, an English barrister establishing his own chambers specialising in eDisclosure.

2013-10-E-4236Damian Murphy, Jo Sherman, Patrick Burke, Yuval Ben Moshe

Between them they gave us a good balance between the technical components and the need to focus on what really matters. It is not necessary for proportionality to be enshrined in the rules to get the idea that resources must be proportionate to what you are trying to achieve.

My first panel covered the relationship between scope, method and cost – how much do you need to collect, what is the best way of doing it, and how do you keep the costs within reasonable bounds whilst doing a good job? Read the rest of this entry »

UK court orders disclosure against French party despite Blocking Statute

September 30, 2013

Those who have read my occasional fulminations about US courts ordering discovery in breach of French blocking statutes will recall that much of the argument turns on whether the French will actually enforce the statute by imposing penalties on those who export data. In an article called Cross-Border Discovery – Federal Judge makes a monkey of the cheese-eaters, I put it this way:

…it is perhaps relevant to consider the likelihood that the French will act to enforce the blocking statute. I say “perhaps relevant” because I am not entirely convinced that the “due respect to the data protection laws of any foreign sovereign” lies in the pragmatic assessment that the French will not react. One can illustrate my point this way: a combination of resource cuts and an attachment to their cosy, warm police stations means that the chances of an English policeman arresting a burglar are pretty slim – the actual statistics are the source of much debate and deliberate, self-serving obfuscation, but a career in burglary is fairly risk-free in the UK.  You would not, I think, find a US judge willing to approve of UK burglary on the basis that the police are unlikely to do anything about it.

You may be interested to know that the English High Court has recently considered the same factors, concluding that discovery should be ordered. US lawyers should resist the conclusion that this means that the argument has suddenly become respectable so far as they are concerned. Blocking statutes raise the same issues as the EU-wide data protection and privacy laws, with the difference that they are expressed to be absolute. If all this was a problem before we learned about PRISM, how much worse is the position now?

The case is National Grid Electricity Transmission Plc v ABB Ltd & Ors [2013] EWHC 822 (Ch) (11 April 2013). I am obliged to my friend Browning Marean of DLA Piper US for drawing my attention to it.

The opening sentence leaves us in no doubt as to the central issue:

These applications raise an important question as to the approach the court should take in the light of the so-called French blocking statute, French law No 68-678 of 26 July 1968

This is a complex judgment, full of quotations from earlier cases and the (divided) opinions of the (mainly French) experts whose views are reported. Extracting what seems to be important in sequence will give you a broad idea of the issues. If you want more, you may need some damp towels for your forehead. Read the rest of this entry »


Get every new post delivered to your Inbox.

Join 168 other followers