As the European Parliament sunk its teeth yesterday afternoon into the subject of US government surveillance activities – in particular new claims by whistleblower Edward Snowden that the US government bugged US-based European Union offices – anger and indignation were to be expected.
Doing anything about such activities will take more than speeches from the parliament floor, however.
The real challenge for Europeans, as well as for Americans and anyone else alarmed by Snowden’s revelations of the US government’s surveillance activities (some of which have been acknowledged by the US), is to determine how to ensure greater transparency in the oversight process for approved surveillance and prevent unwarranted, broadbased surveillance activity in future.
Even before German magazine Der Spiegel broke the EU-bugging story this past week, Europe wanted explanations about Snowden's earlier revelation of Prism, a computer-based system for requesting data on non-US citizens from internet and social media companies such as Facebook, Microsoft and Google.
EU vice-president and justice commissioner Viviane Reding, who met US attorney general Eric Holder in Dublin recently, told The Irish Times, "The Europeans won't let this go. They want to know clearly what has really been going on." The EU wanted to understand precisely what mechanisms were in place to ensure adequate oversight, she said, and wanted EU citizen data handled with the greater privacy protections afforded them under European law.
Euractiv.com reported this week that the European Parliament would announce the establishment of a special committee to investigate the reports on US surveillance activities. The committee would fall under the parliament’s Committee on Civil Liberties, Justice and Home Affairs and produce a report by the year’s end.
But TJ McIntyre, UCD law lecturer and chairman of Digital Rights Ireland, said adequately addressing and preventing unwanted surveillance done outside European legal frameworks would be extraordinarily difficult for Europe.
“The US-dominated online services are going to be subject to US laws, which allow for this level of activity,” he said. “To a large extent, this is going to be governed by realpolitik. There’s relatively little governments like Ireland can do.”
On the other hand, European governments with more stringent views on privacy, such as Germany, might apply real pressure for change, he said.
Flawed institutions
But the institutions that have oversight of surveillance activities within the US do not do this job adequately, according to damning comments by US congressman Rob Holt, a former member of the House Permanent Select Committee on Intelligence and former chairman of the House Select Intelligence Oversight Panel.
Writing in the Huffington Post recently, Holt noted that "the Foreign Intelligence Surveillance Court, the judicial body designed to review – and if necessary refuse – government surveillance requests" has approved more than 33,000 requests and refused only 11 since 1979.
“If federal authorities want to see the data of an American citizen, they should be forced to come through the front door – and only with a court order based on probable cause, as our founders intended,” he concluded.
But will the US government reform sweeping and permissive surveillance legislation brought in via the Patriot Act after the 9/11 terrorist attacks that deeply shook the US?
McIntyre says it may be citizens as well as businesses themselves who force change, either through government pressure or simply changing their products and activities to be more privacy-focused.
Some business-focused pressure is already circulating through the European Parliament, where some MEPs want pending EU-US trade talks to be frozen for two weeks until Europe receives further information from the US on the spying allegations.
McIntyre argues that growing global concerns about privacy may also offer a business opportunity for companies that offer services with greater privacy protection.
Interest has risen in existing companies that offer alternatives to online services such as Google. Gabriel Weinberg, the chief executive of Duck Duck Go, a search engine that claims to anonymise all searches, said Duck Duck Go has had a 33 per cent jump in users since reports emerged about the National Security Agency’s surveillance programmes.
There’s also been some business response. Clearly discomfited by public ire, companies associated with Prism asked the US government for permission to clarify their role and how they respond to data requests. Meanwhile, in the immediate aftermath of the first NSA revelations, 85 organisations came together to set up a new pro-privacy organisation, Stop Watching Us.
“The revelations about the National Security Agency’s surveillance apparatus, if true, represent a stunning abuse of our basic rights. We demand the US Congress reveal the full extent of the NSA’s spying programmes,” the organisation says in an open letter. Over half a million individuals, organisations and businesses have signed its petition.
Several thousand have signed another requesting NSA spying activities be suspended pending public discussion, put forward by US privacy watchdog the Electronic Privacy Information Centre. The petition has the support of leading privacy advocates and security pioneers, including James Bamford, Whitfield Diffie and Bruce Schneier.
McIntyre says perhaps the only sure route to protect privacy and prevent surveillance is for individuals to choose services and software that block prying eyes. That means using anonymised web browsing programmes and encrypted email and call services.
However, most people are unlikely to shift from services, social media sites and companies they know well and have used for years, especially not to use encrypted email, which can be fiddly and complex.
Privacy protection
But there may be hope in a new generation that might have different expectations of governments, technology and data management. In a keynote speech last week at the National College of Ireland's annual Dotconf social media conference, 20-year-old CoderDojo founder James Whelton argued that young programmers have taken in what has been happening and will build stronger privacy protections into tomorrow's software, online services and companies. "We're seeing cultural shift from openness, to being wary about privacy," he argued.
Politicians should not be making decisions about technologies they do not understand, and governments should serve the people, not large corporations, he said. If the rest of his generation feels the same way, snoopers will have a much harder time in years to come in gathering and perusing personal data – whether legally mandated or not.