The Americans Want Your Information

If you happen to use the Internet for sharing or storing sensitive information, it may be at risk of seizure by the American government without your knowledge. In fact, it may already be in their hands.

This tremendous privacy risk was highlighted last year when BC’s
Liberal government outsourced the storage of the province’s medical
records to a US firm. Out of the government’s hands, even though still
under its ownership, that information is now subject to American
anti-terrorism legislation, which grants the FBI and other secret
service agencies sweeping powers of information seizure and reuse.

The “USA Patriot Act” is a piece of legislation that materialized in
the weeks after 9/11. It introduced the Foreign Intelligence
Surveillance Court, essentially a secret court that operates in the
shadows of US and international law.

The court can provide spy agencies like the FBI with orders to seize
information from any American company with neither reason nor
notification. In fact, information seizures ordered by the court carry
a gag order, so whoever holds the information may not inform the
information owner of its seizure.

In the case of the BC government’s medical records, the implications
are quite clear and onerous. Now that it’s held by an American company,
subject to US laws, the US government may seize any medical information
on a BC resident and inform neither the BC government nor the resident
of that seizure.

The BC government feels that the fact the information is held by a
Canadian subsidiary of the US firm will shield it from US legislation.
While this legal question remains unanswered, most experts believe
there is no protection for foreign subsidiaries of US corporations and
that the parent firms would be liable for the any demands issued under
the Patriot Act.

The US government may reuse any information they seize in any way they
choose. Most likely, it will be used to build an information profile in
a larger, centralized database. This technique of information retrieval
and reconstruction, called “data mining,” has become extremely popular
with US intelligence agencies. It’s key to how they identify terror
suspects.

The fact that the BC government’s outsourced IT contract has exposed
the province’s citizens to such potential gross invasion of privacy
should be a lesson to us all, especially if we use the Internet to
manage sensitive information.

Just take email. If you use an email system that is owned, even in
part, by an American company to deliver and receive sensitive
information, then you’re at risk. This would include Microsoft’s
Hotmail, Yahoo’s Mail, and Google’s GMail. This matter becomes
especially prevalent when you consider that email storage space is
increasing and people are starting to leave messages in their email box
on the Internet.

Google’s GMail, for example, offers a gigabyte of email storage space.
The intent of the service is that users will leave important emails and
other files in their GMail box. In light of the Patriot Act, a user’s
GMail box becomes a very attractive data mining resource for federal
intelligence. Users of GMail could have their entire email database
seized by the FBI without even being aware.

Web site and e-commerce data is another major concern. If you have a
web storefront, for example, that is housed by a US company or its
subsidiary, the entire contents of your customer and order database are
fair game to the US government as far as the Patriot Act is concerned.

Even if you don’t use US email or file systems, data you share with
others might be at risk. Look at your colleagues’ email addresses. Do
they end in “hotmail.com” or “gmail.com,” for example? Anything you
send to those types of addresses will be governed by the Patriot Act
and therefore accessible to US intelligence services. If you’re sharing
sensitive information with people using US-owned Internet services,
communicate with caution.

Admittedly, the risk of having your information seized by the FBI is probably minimal.

If your information is in US hands, however, who knows how it will be
used? Personal profiles based on data mined information are generally
not objective entities. If the FBI is building one on you, it’s
probably representative of US intelligence interests and not your
personal ones. It’ll contain every terrorist joke you ever emailed to
your friends and will omit the recipes you’ve been sharing with the
other members of your cooking club.

To be cautious, it may be wise to stay away from US-based Internet
services. Ditch your Hotmail account. Forego the invitation to be a
GMail tester. Move your web site off that cheap server in San Diego.
There are plenty of Canadian-based services that are the equivalent of,
and maybe even better than, their US competitors and many of them are
probably located right in your home town.

BC residents may have been powerless to prevent Gordon Campbell’s
Liberals from selling off their medical histories to the US government
via a lowball IT contract bid. You, however, can control whether your
own information will be data mined by US intelligence.

Andrew Robulack is an IT Business Strategist and Architect based in Whitehorse.

Originally published in the Yukon News on March 25, 2005.
Copyright Andrew Robulack 2005