The world is reacting with alarm to revelations that the United States has been committing wholesale violations of privacy rights on a global scale, particularly through its PRISM initiative which was revealed to be targeting personal data of web users by accessing the servers of major internet companies.
The intense international reaction threatens to complicate U.S. bilateral and multilateral relations, and could pose legal problems for the U.S. government. It also calls into question the United States’ claimed leadership on internet freedom.
The PRISM program, as revealed by a set of leaked top-secret PowerPoint slides, enables the NSA to obtain private emails and other user data directly from the servers of companies such as Google, Microsoft, Facebook, and Yahoo. While much of the controversy in the United States revolves around Americans’ privacy rights and possible violations of the Constitution’s Fourth Amendment, the scope of the PRISM story is actually global.
As Ryan Gallagher at Slate.com explains,
The existence of PRISM provides vindication for privacy advocates worldwide who have been voicing alarm about the U.S. government’s ability to conduct mass surveillance of foreigners’ communications sent and received using services like Google’s Gmail and Microsoft’s Hotmail and Skype. Earlier this year, a prescient report produced for the European Parliament warned that the U.S. Foreign Intelligence Surveillance Act had authorized “purely political surveillance on foreigners’ data” and could be used to secretly force U.S. cloud providers like Google to provide a live “wiretap” of European users’ communications.
That appears to be precisely what PRISM enables. NSA agents can reportedly use the system to enter search terms into a “Web interface” that allows them to request and receive data—some of it in real time—from one or all of the participating companies. Director of National Intelligence James Clapper has confirmed that it operates under a controversial section of FISA that authorizes broad surveillance of non-U.S. persons—from foreign government agents, to suspected terrorists, and “foreign-based political organizations,” a vaguely defined category that could feasibly be used to target journalists and human rights groups.
The European Commission on Monday expressed concern about the U.S. internet snooping, saying in a statement it would be demanding more information from U.S. officials regarding the program. “This case shows that a clear legal framework for the protection of personal data is not a luxury or constraint but a fundamental right. This is the spirit of the EU’s data protection reform,” said EU justice commissioner Viviane Reding, who urged ministers to push through new privacy reforms.
On Tuesday, the Commission outlined plans to raise the PRISM matter with U.S. authorities “at the earliest possible opportunity” and will “request clarifications as to whether access to personal data within the framework of the PRISM program is limited to individual cases and based on concrete suspicions, or if it allows bulk transfer of data.”
Finnish communications minister Pia Viitanen more bluntly claimed that the National Security Agency is likely breaking the laws of Finland. Viitanen said she plans to take up the issue with the European Commission, and several European countries are apparently considering unleashing Neelie Kroes, the feared European Commissioner for the Digital Agenda, in an effort to fight back against the PRISM program.
The German government is also demanding explanations from the U.S. after it emerged that PRISM has been collecting more information from Germany than any other EU country. German Chancellor Angela Merkel is expected to raise the issue when she meets with President Obama in Berlin next week.
German justice minister Sabine Leutheusser-Schnarrenberger wrote that the reports about PRISM are “deeply worrying” and “dangerous.” She took issue with Obama, who recently said that it’s not possible to have 100 percent security and 100 percent privacy at the same time.
“I do not share this view,” she wrote at Spiegel Online. “A society is less free, the more its citizens are being surveilled, controlled and scrutinized. In a democratic system, security is not an end itself, but a means to ensure freedom.”
The Swiss are also raising alarms about the NSA’s hacking activities on their territory, concern that has been compounded by other revelations shared by whistleblower Edward Snowden about CIA agents engineering a drunk driving incident in Switzerland as part of an alleged blackmail ploy.
“What is really very serious is that [US] agents are active on foreign territory, and violate the laws of the country where they are,” former Swiss parliamentarian and prosecutor Dick Marty told public radio on Monday. “This is not the first time they have done this, and I must say that they have been spoiled by the Swiss. For too long Switzerland has tolerated CIA agents doing more or less whatever they wanted on our territory.”
Further, U.S.-based internet companies that are cooperating with the NSA under the PRISM program could face legal action in the European Union. Companies that operate in the EU and serve citizens of the bloc are subject to its relatively strict privacy laws, which limit the actions of companies that collect data, and require them to be clear about how it will be used and to whom it could possibly be disclosed.
On Tuesday, the European Commission warned U.S. tech companies that they must adhere to EU law or face the consequences. “Non EU companies when offering goods and services to EU consumers will have to apply the EU data protection law in full,” said the Commission.
“U.S. companies that have gathered personal data from Europeans, such as Facebook, and then given access to U.S. government agencies are in something of a bind,” says Ian Brown, senior research fellow at Oxford University’s Internet Institute. “They had no choice but to obey U.S. surveillance law, but may well now face legal challenges in European courts.”
A statement was delivered by the Association for Progressive Communications on Monday to the Human Rights Council on behalf of civil society regarding the impact of state surveillance on human rights. The statement read, in part,
We express strong concern over recent revelations of surveillance of internet and telephone communications of US and non-US nationals by the government of the United States of America and the fact that US authorities makes the results of that surveillance available to other governments such as the United Kingdom. Of equal concern is the indication of apparent complicity of some US-based Internet companies with global reach.1 These revelations suggest a blatant and systematic disregard for human rights as articulated in Articles 17 and 19 of the International Covenant on Civil and Political Rights (ICCPR), as well as Articles 12 and 19 of the Universal Declaration of Human Rights.
The civil society statement reminded the Human Rights Council that it unanimously adopted Resolution 20/8 last year, which “Affirms that the same rights that people have offline must also be protected online, in particular freedom of expression.”
But during the current session of the Human Rights Council, the Special Rapporteur on Freedom of Expression, Frank La Rue, reported worrying new trends in state surveillance of communications with serious implications for the exercise of the human rights to privacy and to freedom of opinion and expression.
La Rue noted that inadequate and non-existent legal frameworks “create a fertile ground for arbitrary and unlawful infringements of the right to privacy in communications and, consequently, also threaten the protection of the right to freedom of opinion and expression.”
Human Rights Watch noted this week that the recent revelations of NSA surveillance are impinging on privacy in ways that were unimaginable just a few years ago. “There is an urgent need for the U.S. Congress to reevaluate and rewrite surveillance laws in light of those technological developments and put in place better safeguards against security agency overreach,” HRW said.
The human rights group expressed particular concern over the total lack of concern for the rights of non-U.S. citizens:
Human Rights Watch is deeply troubled by the apparent lack of any consideration by the US government for the privacy rights of non-US citizens. The US Constitution may have been interpreted to grant privacy rights only to US citizens or people in the United States, but international human rights law recognizes that everyone is entitled to respect for their privacy. With so many electronic communications traveling through the United States, the lack of any regard for the privacy rights of non-US citizens raises very troubling concerns. …
Human Rights Watch also expressed concern about the precedent these programs might set globally because they could give other governments a rationale for adopting widespread and arbitrary surveillance of phone and Internet activity.
“The U.S. government’s credibility as an advocate for Internet freedom is at serious risk unless it ensures that privacy is protected along with security and acts with much greater transparency,” said HRW executive director Kenneth Roth. “There is a real danger that other governments will see U.S. practice as a green light for their own secret surveillance programs. That should be chilling to anyone who goes online or uses a phone.”
When the initial story broke last week of the U.S. government collecting metadata on the communications habits of millions of Americans, Obama attempted to downplay the domestic controversy and quell concerns over possible constitutional violations by reassuring Americans that it was aimed not at U.S. citizens but at the other 95 percent of the world’s population.
“With respect to the Internet and emails, this does not apply to U.S. citizens and it does not apply to people living in the United States,” the president said, strongly implying that the other seven billion people on the planet are fair game.
Judging by the international outcry, however, it appears this may have been a miscalculation on the president’s part. The demands for the U.S. and American companies to adhere to the laws of countries in which they are operating might bring a degree of accountability that appears to be missing in the U.S. political system.