Two of the biggest stories over the last year have been data protection and – of course – Edward Snowden’s revelations of massive spying by the NSA and GCHQ on all online activity in Europe (and elsewhere). As it happens, both of these important issues are coming to a head this week: after a preliminary debate tomorrow, on Wednesday the European Parliament will vote on both (draft agenda.) That means we still have time to drop them a friendly email today asking them to support strong privacy and civil liberties in Europe.
There are dedicated pages with all the background information for both data protection and surveillance, but another important new document that you might like to read before contacting your MEPs is this testimony [.pdf] from Edward Snowden to the European Parliament’s Civil Liberties, Justice and Home Affairs (LIBE) committee. Here are a few highlights:
One of the foremost activities of the NSA’s FAD, or Foreign Affairs Division, is to pressure or incentivize EU member states to change their laws to enable mass surveillance. Lawyers from the NSA, as well as the UK’s GCHQ, work very hard to search for loopholes in laws and constitutional protections that they can use to justify indiscriminate, dragnet surveillance operations that were at best unwittingly authorized by lawmakers. These efforts to interpret new powers out of vague laws is an intentional strategy to avoid public opposition and lawmakers' insistence that legal limits be respected, effects the GCHQ internally described in its own documents as "damaging public debate."
In other words, the NSA has been pressuring European governments to change their laws to make them more convenient for surveillance purposes – which means less protection for European rights. The NSA also plays off EU nations against each other in such a way as to circumvent what few local restrictions on spying remain, and to gain a complete picture of all EU online activity:
The result is a European bazaar, where an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn’t search it for Danes, and Germany may give the NSA access to another on the condition that it doesn’t search for Germans. Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements. Ultimately, each EU national government’s spy services are independently hawking domestic accesses to the NSA, GCHQ, FRA, and the like without having any awareness of how their individual contribution is enabling the greater patchwork of mass surveillance against ordinary citizens as a whole.
Basically, that means the NSA is making mugs of us. Snowden also reveals that the NSA works extremely closely with EU agencies – to the point of giving them spying kit to play with:
The best testimony I can provide on this matter without pre-empting the work of journalists is to point to the indications that the NSA not only enables and guides, but shares some mass surveillance systems and technologies with the agencies of EU member states. As it pertains to the issue of mass surveillance, the difference between, for example, the NSA and [Sweden’s spy agency] FRA is not one of technology, but rather funding and manpower. Technology is agnostic of nationality, and the flag on the pole outside of the building makes systems of mass surveillance no more or less effective.
He also says that there are more revelations to come about how we were spied upon:
There are many other undisclosed programs that would impact EU citizens' rights, but I will leave the public interest determinations as to which of these may be safely disclosed to responsible journalists in coordination with government stakeholders.
Against that background, and bearing in mind attempts by US companies to water down the strong data protection for European citizens, here’s what I’ve sent to my MEPs (you can find yours at WriteToThem for the UK, or here for all the EU.)
I am writing to you in connection with two of the many votes that will take place in plenary on Wednesday. These are:
"Protection of individuals with regard to the processing of personal data (A7-0402/2013)"
"US NSA surveillance programme, surveillance bodies in various Member States and impact on EU citizens' fundamental rights (A7-0139/2014)"
They are both about privacy and fundamental rights in the EU, and I would like to urge you to support measures that will protect both effectively.
As you know, the revelations of the whistleblower Edward Snowden have alerted us to massive surveillance of the online activities of European citizens (and of people elsewhere.) We now know that every email we send, every Web page we visited, every social network message we post is captured, analysed and stored by the NSA (and often by the UK’s GCHQ too). In Snowden’s evidence to the LIBE inquiry into this mass spying, he explained how it achieves this despite numerous agreements that would seem to forbid it:
"an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn’t search it for Danes, and Germany may give the NSA access to another on the condition that it doesn’t search for Germans. Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements. Ultimately, each EU national government’s spy services are independently hawking domestic accesses to the NSA, GCHQ, FRA, and the like without having any awareness of how their individual contribution is enabling the greater patchwork of mass surveillance against ordinary citizens as a whole."
Thus the NSA’s activities not only undermine privacy and fundamental rights in the European Union, they undermine the EU itself by playing member states off against each other.
It is probably impossible to stop the NSA from trying to infiltrate European networks using technical means: the very nature of the Internet is connectivity, and cutting off Europe from the rest of the global network is clearly not an option. This means that Europe’s response needs to be a question of making the political cost of this spying too high. An obvious way to do this is to cancel both the Safe Harbour and TFTP agreements, and to negotiate new ones that would put respect for European privacy and fundamental rights at their heart on a non-negotiable basis: without them, there would simply be no access for the US to these valuable programs.
Another important lever is the Transatlantic Trade and Investment Partnership (TTIP) agreement. As the LIBE committee recommended, I urge the European Parliament to set down that it will not accept TTIP unless the final agreement fully respects the fundamental rights enshrined in the EU Charter, and unless data protection is completely excluded.
That’s not least because data protection needs to be dealt with separately, not as part of a larger package where horse-trading may result in compromises that damage privacy in the EU. Again, the EU is in a very strong position to demand strong protections, since the ability to forbid US companies from transferring overseas personal data concerning European citizens would cause major problems for the US.
Wednesday’s votes on surveillance and data protection provide a unique opportunity both to protect European citizens, and to confirm the European Union’s leadership in these crucial areas. A vote for strong protection is not only a vote for European rights, but also a vote for Europe’s future.
Update: both of these passed – thanks to everyone who wrote to their MEPs and helped make this happen. Important victories, even if much work remains.
Find your next job with computerworld UK jobs