Perhaps the most depressing aspects of the Snowden affair has been not the fact that everything we do online is being spied upon, but the fact that few people in the UK seem to care. That’s partly because the UK is in it up to its neck, thanks to the complicity of GCHQ in most of the NSA’s crimes, and partly because the UK government has been so mealy-mouthed in its response. Its claims that everything it has done has been lawful is based on the fact that the only law that regulates such online spying activity – the Regulation of Investigatory Powers Act - dates back to 2000, and is so utterly out of date that it is trivially easy to circumvent its puny safeguards.
Against that woefully inadequate background, yesterday’s meeting of the European Parliament’s LIBE committee, which is responsible for Civil Liberties, Justice and Home Affairs, was heartening. First of all, for the following decision:
The justice and civil liberties committee voted 36-2 with one abstention on Thursday to seek testimony from the former NSA contractor, who has exposed the reach of the US secret surveillance apparatus.
No date has been proposed and it was not immediately clear if Snowden would accept the invitation.
The main business was presenting a draft report [.pdf] on “the US NSA surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ fundamental rights and on transatlantic cooperation in Justice and Home Affairs”. The Rapporteur for this is the British MEP Claude Moraes (and coincidentally, one of my MEPs here in London.)
Since it is only a draft at this stage, and may therefore undergo changes, I’ll save a full description of its analysis and recommendations for a later column, when the final version is released. Here, I’d just like to give an idea of the report’s hard-hitting style by quoting two paragraphs from its main conclusions:
[The European Parliament] Considers that recent revelations in the press by whistleblowers and journalists, together with the expert evidence given during this inquiry, have resulted in compelling evidence of the existence of far-reaching, complex and highly technologically advanced systems designed by US and some Member States’ intelligence services to collect, store and analyse communication and location data and metadata of all citizens around the world on an unprecedented scale and in an indiscriminate and non-suspicion-based manner;
[The European Parliament] Condemns in the strongest possible terms the vast, systemic, blanket collection of the personal data of innocent people, often comprising intimate personal information; emphasises that the systems of mass, indiscriminate surveillance by intelligence services constitute a serious interference with the fundamental rights of citizens; stresses that privacy is not a luxury right, but that it is the foundation stone of a free and democratic society; points out, furthermore, that mass surveillance has potentially severe effects on the freedom of the press, thought and speech, as well as a significant potential for abuse of the information gathered against political adversaries; emphasises that these mass surveillance activities appear also to entail illegal actions by intelligence services and raise questions regarding the extra-territoriality of national laws;
To its credit, the report does not restrict itself to splendid fulmination: it also offers a range of practical measures – for example, those that the European Parliament can take to protect itself better. Two of them are of particular interest here:
the use of more open-source systems and fewer off-the-shelf commercial systems;
an analysis of the benefits of using the GNU Privacy Guard as a default encryption standard for emails which would at the same time allow for the use of digital signatures;
In terms of protecting the rest of Europe’s citizens, the report makes the following intriguing suggestion:
[The European Parliament] Decides to launch A European Digital Habeas Corpus for protecting privacy based on the following 7 actions with a European Parliament watchdog:
Action 1: Adopt the Data Protection Package in 2014;
Action 2: Conclude the EU-US Umbrella Agreement ensuring proper redress mechanisms for EU citizens in the event of data transfers from the EU to the US for law-enforcement purposes;
Action 3: Suspend Safe Harbour until a full review has been conducted and current loopholes are remedied, making sure that transfers of personal data for commercial purposes from the Union to the US can only take place in compliance with highest EU standards;
Action 4: Suspend the TFTP agreement until (i) the Umbrella Agreement negotiations have been concluded; (ii) a thorough investigation has been concluded on the basis of an EU analysis, and all concerns raised by Parliament in its resolution of 23 October have been properly addressed;
Action 5: Protect the rule of law and the fundamental rights of EU citizens, with a particular focus on threats to the freedom of the press and professional confidentiality (including lawyer-client relations) as well as enhanced protection for whistleblowers;
Action 6: Develop a European strategy for IT independence (at national and EU level);
Action 7: Develop the EU as a reference player for a democratic and neutral governance of the internet;
Again, you can see just how bold and specific the recommendations are. Moraes and his colleagues are to be congratulated for pulling together such a high-quality report, on a such a complex and evolving situation, in such a short time. Let’s hope the European Parliament supports the conclusions, and the European Commission agrees to work towards their implementation.