Friday, October 25, 2013

Tapping Merkel's phone and other stories

It's been a bumper week for Snowden revelations and EU reactions to them.

The French government expressed their disapproval via Prime minister Jean-Marc Ayrault and President Hollande of the industrial scale tapping of French telephones by the US.

Former editor of The Times and the Sunday Times, Harold Evans, felt compelled to defend the Guardian in the face of government and other news outlets accusations that the paper was undermining national security.
"No editor in his right mind wants to give aid and comfort to murderous enemies, but every editor is duty-bound to scrutinise the use of power – responsibly but fearlessly"
The EU Parliament LIBE Committee on Civil Liberties, Justice and Home Affairs voted through the complex 'General Data Protection Regulation' (Rapporteur: Jan Philipp Albrecht) and the 'Protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (Directive)' (Rapporteur (and former Greek foreign minister): Dimitrios Droutsas). Those MEPs sure know how to coin a catchy title. The associated press release painted a rosy picture of how the new regulations are going to put people
"in control of their personal data while at the same time making it easier for companies to move across Europe...
Responding to mass surveillance cases, MEPs inserted stronger safeguards for data transfers to non-EU countries. They also inserted an explicit consent requirement, a right to erasure, and bigger fines for firms that break the rules."
In the US the vote was seen as a stick to beat the US with in the wake of the Snowden leaks on the NSA.surveillance.

Unfortunately, in spite of the best intentions of MEPs, no one can possibly know the effect of the regulations even if they were to see the light of regulatory day in the form the LIBE committee approved them.

Firstly they are hugely complicated.

Secondly they were subject to 3999 amendments, tabled in various EU committees, the highest number with respect to a single legislative file ever in the parliament's history.

Thirdly because Article 6 of the proposed data protection regulations drives a coach and horses through all of the protections:
"Article 6
Lawfulness of processing
1. Processing of personal data shall be lawful only if and to the extent that at least one of the following applies:
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the a controller or in case of disclosure, by the third party to whom the data is disclosed..."
Seriously? All those words, clauses, pages, negotiations and protections and buried in the midst of it there is a gigantic get-out-of-data-protection-free provision like this. The government and associated public services can process your data "in the exercise of official authority"; and commerce (including 3rd parties) can do so for the purpose of their own "legitimate interests"? With a loophole that enormous it's hard to believe the UK government are still fighting tooth and nail against the package.

Evgeny Morozov did a lovely job of outlining the clear and present danger to democracy posed by the voracious appetite of government and commerce for personal data when combined with privacy blind unrestrained information consumerism.

The Irish High Court granted Maximilian Schrems leave to pursue a judicial review case against the Irish Data Protection Commissioner. Schrems alleged that that esteemed body's refusal to investigate his complaint in June 2013 in relation to Facebook's actions in connection with the NSA PRISM program was unlawful.

Reporter Glenn Greenwald labelled Julian Smith, the MP who is demanding the Guardian gets prosecuted for endangering national security, an authoritarian functionary.

Mr Smith and security minister James Brokenshire shamefully used the platform of a parliamentary committee to abuse Guardian. All attempts at debate in the committee were curtailed by the chairman.

Privacy International wrote to NSA chief, Keith Alexander regarding their unauthorised access to the international financial messaging system, SWIFT.

A powerful cast of US dignitaries noted their objections to mass surveillance via a very well produced EFF video.

The European Parliament voted to suspend the Terrorist Finance Tracking Program (TFTP) agreement with the US - the transfer of the SWIFT finance data of European citizens to the US.

Dutch MEP Sophie in t Veld was pleased
The Commission in the form of Commissioner Malmström rapidly moved to calm US and UK jitters on the matter by issuing a statement saying they would "take note" of the vote and that they "have no indications that the TFTP Agreement has been violated" by the NSA. The Commission have asked for assurances that the agreement has not been violated and
"In the meantime, the provisions of the TFTP Agreement that clearly regulate the transfer of personal data, and that provide effective safeguards to protect the fundamental rights of Europeans, will remain in place."
MEPs also voted for enhanced whistleblower protections but Commissioner Malmström scuppered that notion too:
"For the time being, the commission does not however intend to propose new legislation on the definition of corruption or approximations of statutes or limitations of corruption offences or protection for whistleblowers," 
She's of the opinion that there are adequate international standards in place which will be why Edward Snowden is holed up in Russia of course.

Peter Sommer produced a succinct blueprint of how to engage in better oversight of security and intelligences agencies, specifically GCHQ.

Keith Alexander, head of the NSA, continued to defend his right to defend America in cyberspace.

German Chancellor Merkel was reported as being rather upset that the NSA had been bugging her phone since at least 2006. Even the Taoiseach thought it might be a good idea to speak up against such misbehaviour.

So with France and Germany now less than enamoured with US digital shenanigans, the best laid plans of officials for the EU leaders' meeting got slightly sidetracked.

It wasn't just you Ms Merkel - the NSA monitored the calls of 35 world leaders. So Ms Merkel and Mr Hollande are agreed then that they should have a chat with the US government and that they might well be, contrary to popular belief, undermining the fight against terrorism.

Even David Cameron can't find a way out of signing a relatively innocuous statement from the EU leaders complaining about US surveillance. He hasn't changed his mobile phone though, so I assume he's got nothing to hide...

Some consolation for Mr Cameron was that he may have managed, with Chancellor Merkel's support and the disapproval of certain members of the Commission, to scupper the data protection package until 2015, i.e. beyond the next EU parliament elections, the deadline being pushed by the LIBE committee to get the provisions passed.

The EU Commission proposed a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses. They kinda agree with the LIBE committee but not really.

A study done for the EU parliament LIBE civil liberties committee on National Programmes for Mass Surveillance of Personal Data in Member States and their Compatibility with EU Law looks like a fascinating read.
"In the wake of the disclosures surrounding PRISM and other US surveillance
programmes, this study makes an assessment of the large-scale surveillance
practices by a selection of EU member states: the UK, Sweden, France,
Germany and the Netherlands. Given the large-scale nature of surveillance
practices at stake, which represent a reconfiguration of traditional intelligence
gathering, the study contends that an analysis of European surveillance
programmes cannot be reduced to a question of balance between data
protection versus national security, but has to be framed in terms of collective
freedoms and democracy. It finds that four of the five EU member states
selected for in-depth examination are engaging in some form of large-scale
interception and surveillance of communication data, and identifies parallels and
discrepancies between these programmes and the NSA-run operations. The
study argues that these surveillance programmes do not stand outside the
realm of EU intervention but can be engaged from an EU law perspective via (i)
an understanding of national security in a democratic rule of law framework
where fundamental human rights standards and judicial oversight constitute key
standards; (ii) the risks presented to the internal security of the Union as a
whole as well as the privacy of EU citizens as data owners, and (iii) the potential
spillover into the activities and responsibilities of EU agencies. The study then
presents a set of policy recommendations to the European Parliament."
Finally, for now, has the Guardian just got its own back on Julian Smith MP by accusing him of endangering national security? Apparently Mr Smith posted a picture on his official website of him posing with staff from the high-security US base in the UK, Menwith Hill. Mess with the press at your peril.

No comments: