US authorities can access foreign users' iCloud data without their consent

If you don't live in the United States but make use of Apple's online storage system, iCloud, US authorities could technically obtain and view your information without your consent. Actually, this doesn't just affect iCloud, but any cloud storage service such as Dropbox, Google Drive, and any other service that is based in the United States.

While this isn't new news, nor reason to stop using all your cloud storage accounts, it's still interesting and worth knowing, especially if you live outside the US but have a lot of your data stored with iCloud or another service. The Independent has an intriguing story on the subject and what it means for international users -

Amendments to the Foreign Intelligence Surveillance Act, known as FISA, allow US government agencies open access to any electronic information stored by non-American citizens by US-based companies. Quietly introduced during the dying days of President George W Bush’s administration in 2008, the amendments were renewed over Christmas 2012.

This basically means that if US authorities found reason, they could search your cloud storage accounts for information. Most of this was probably put into place to prevent acts of terrorism considering this rule doesn't apply for United States residents. Even so, it just goes to show that sometimes convenience comes at the price of privacy.

The Independent goes on to explain why the rule may have went into affect -

Significantly, bodies such as the National Security Agency, the FBI and the CIA can gain access to any information that potentially concerns US foreign policy for purely political reasons – with no need for any suspicion that national security is at stake – meaning that religious groups, campaigning organisations and journalists could be targeted.

Basically FISA was put into place to target any potential threats. Basically, unless you give them a reason or raise a red flag for them to follow up on, your data probably won't ever be looked at our touched. Any foreign readers out there have any input on whether this would affect your decision to use cloud storage services?

Source: The Independent

Allyson Kazmucha

iMore senior editor from 2011 to 2015.

  • "Basically, unless you give them a reason or raise a red flag for them to follow up on, your data probably won't ever be looked at our touched" is a bit too close to "what does anyone need privacy for, if you're not guilty you've got nothing to hide" and that's not an argument any government or business should ever be allowed to make.
  • Exactly. Great comment to say the least.
  • +10000
  • Yeah I've never been a fan of such argument.
  • I just wonder what European Commission would make of that.
  • They could raise a stink but I doubt it'll go anywhere.
  • Well, they have long history of slapping large US tech companies.
  • You can also look at this another way. The location (or locations) where your data resides is governed by the laws of that country. So if the privacy laws in that country are weak, your protection is weak. iCloud, DropBox, Evernote etc. but also, Gmail, livemail etc. are also shared on servers around the world. I just hope they don't have the KFC recipe stored in the cloud!
  • "Basically, unless you give them a reason or raise a red flag for them to follow up on, your data probably won't ever be looked at our touched" I have seen better ways to justify bad behaviors.
    Would you write the same if this law apply to US citizens?
  • It does. You just don't want to believe it. It's in there somewhere
  • Yeah I would be surprised if it wasn't.
  • As an employee of a Canadian university in order to comply with the BC Freedom of Information and Protection of Privacy, I cannot use any cloud service to store personal information
    As a researcher, I must complly with the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans and in order to guarantee the anonymity and confidentiality of my subjects I cannot store any data in the cloud. I imagine it would be policy in any organization in Canada to forbid the use of any cloud service with servers in the US to store any data whatsoever. We've known about FISA for a while and wonder why you put up with similar breaches of your 4th amendment rights.
  • This sickens me. The US government is hell-bent on removing all privacy protection not only for its citizens but for the entire world. All in the name of "national security". What is more secure: spying on the whole world in the hopes of spotting the next terror attack, or examining your past actions to see what provoked the terrorists in the first place.
    I'm neither on the US nor the terrorists' side. I just want everyone to grow the bleep up and take responsibility for their past actions.
  • How about we do both? Works for me...
  • This is one of the reasons I moved lots of my cloud storage to servers guaranteed outside the U.S. There are quite some cloud providers using this as business model (e.g. Cubby or AeroFS).
  • I looked up Cubby - servers are in the US.
  • You don't need their servers, you can directly sync ;)
  • Sorry, I picked these two, because both allow synching P2P - without the need of an external server... If you're looking for a cloud provider with non-US-servers, start here:
  • Ah yes, I see. I'm trying Tonido which is similar. It's actually quite hard to restrict cloud, especially on an iOS device.
  • I too, have a Tonido (and a Pogoplug, Sheevaplug, etc...), but they'll cost you money if you want to sync YOUR data (which is quite stupid, because YOU own the plug, the drive, the infrastructure and they just offer a relay). A better - and in the long term much cheaper and saver approach is to buy a Synology NAS. They have a built-in Dropbox-like functionality (Cloudstation) which costs you nothing (beside the drive). The only thing you must take care of is backup, but there's Crashplan (US), Strato (EU), 1&1 (EU) and others....
  • Looks like what I want. Thanks.
  • "Basically FISA was put into place to target any potential threats. Basically, unless you give them a reason or raise a red flag for them to follow up on, your data probably won't ever be looked at our touched." The FBI and other agencies have a long history of targeting people for political (peace activists, MLK, John Lennon, etc) reasons. The word terrorism does not have an easy definition, and so it is useful for laws such as these. It allows the agencies great latitude in the exercise of their powers. Latitude with which I do not believe they have shown that they can be trusted. The author makes the assumption, as many people do, that her criteria(for a "red flag") coincide with the FBI's criteria for such. Evidence suggests that the FBI's criteria is in fact much lower.
  • True.
  • Yeah, like the government wouldn't decide to use it to check on your personal financials for Income Tax purposes, explore your files if you're a member of a Party not currently the Administration, or if you've publicly (or even privately - say, in letters to government departments) challenged federal policies. Or you simply lived in a country with a neurotic, clueless Head of State - like Canada.
  • Imagine what would US citizens feel like if they found out that T-mobile was spying on them on behalf of German government and Swedish intelligence was reviewing their Spotify playlists :)
  • What makes you think that's not happening?
  • It might be happening, but it's probably more disturbing to actually read about it in an article, isn't it? Anyway, I'd rather be spied on by MI6 than CIA. How about you?
  • Well, since I'm a US citizen, the answer is obviously yes -- I'd prefer that the CIA doesn't spy on its own citizens.
  • I don't understand why people are getting so upset about this. If you want privacy, build your own ftp server to store your files. The cloud gives you convenience and the cost of that is privacy. Dropbox, google drive, sky drive, they are all just ftp sites with a nice UI that someone else is hosting. Most people don't realize that the "Cloud" has been has existed way before dropbox or any of these storage services. Don't get me wrong, dropbox and google drive have their uses and I do use them. I just don't put any personal documents (finance papers, secret plans to over turn the government, etc) on them. Do you think the people managing these services don't look at your data? I'm a systems admin and have access to all of my users emails and their "private" drives. Ask any admin if they have ever looked at a user's email or opened up a picture file while doing some troubleshooting, if they say no feel free to call him/her a liar to their face. People are just upset because it's the government. If you were really concerned about your privacy then you wouldn't be using these services to begin with.
  • Plenty of folks are no where near as computer savvy as you are, and rely on a common sense expectation of privacy no more complicated then having to show some kind of reason based upon some type of legal standard to go through your personal items. If I was an exchange student living in a dorm. Authorities would require a warrant to search my room and laptop. The same standard should be held here. This should concern americans more than foreign nationals, because from the use of guantanamo to deny folks their legal rights to due process and declaring soldiers "enemy combatants" to skirt around the geneva convention to drone strikes on u.s citizens. The american government regardless of which party is in power or who is president has shown a pattern of moral indifference yo the rights of the individual, citizen or not. In this case exploit ing the fact that laws have not caught up with technology. As foreigners our governments would simply have to demand that cloud storage servers be placed in our respective nations. But your problem remains.
  • We use these services because they provide convenience and actual real life use to us. We aren't using them to give the US government a chance to spy on us. Whenever a service is related to holding data about people is there, the US government takes it as a chance to spy on people to prevent this vaguely defined "terrorism". People don't really store their top secret information in these cloud based storage places.. They still store many important stuff that they don't necessarily want people to have access to. Just because these admins of yours do what you said they do doesn't make it okay.
  • You are exactly right. It doesn't make it ok. My argument here is that people seem to be ok with it until the government does it. It happens all the time without you knowing and as soon as the government starts doing it it becomes an issue.
  • The issue isn't that the government can view your files - we already knew that - it's that they can do so without any checks or balances, not even the facade of one.
  • I do not use iCloud and only store encrypted data on Dropbox. I would never in my life trust the tinies part of my privacy on Apple's hands. As Americans, they are only too happy to breach my privacy should there be a financial benefit in doing so, for that is the cultural norm over there. A European, I employ local cloud providers as much as I can.
  • "Basically, unless you give them a reason or raise a red flag for them to follow up on, your data probably won't ever be looked at our touched" Yes, because the government has never used anti-terrorist bills for anything but to fight terrorism, certainly not to violate due process in drug investigations [ ], or to drive MPAA-related inquiries into the webmaster of a Sci-fi fan site [ ], and never, ever to hound professors after their spouses die of heart attacks [ ] Yes, let us all give thanks to a government that takes such strong measures to protect us -- what true Patriot would want Constitutional guarantees of privacy and liberty when you could instead have the safety that comes from never knowing when you are being watched, and why? And for those about to quote Ben Franklin back at me -- the above was sarcasm. The enabling attitude of "you have nothing to fear if you have nothing to hide" is just as sickening as the attitude our lawmakers (left and right) have taken towards civil liberties. It is too bad that the first George Bush convinced so much of the electorate that ACLU was a four-letter-word, because they seem to be the only people willing to fight the good and necessary fight.
  • I hope they are not looking in my photo stream, it's not pg-13.