USA Freedom Act Would Help Restore European Privacy, Sensenbrenner Says
The U.S. National Security Agency has “weakened, misconstrued and ignored” civil liberties protections that Congress built into the Patriot Act, but the USA Freedom Act would fix that, Jim Sensenbrenner, chairman of the House Judiciary Committee Subcommittee on Crime, Terrorism, Homeland Security and Investigations, told the European Parliament Civil Liberties, Justice and Home Affairs (LIBE) Committee Monday. The legislation would deliver “real reform” by ending the NSA dragnet of information from Europeans and Americans, he said. Google, Microsoft and Facebook, meanwhile, denied they give intelligence agencies back-door access to users’ data, sparking skepticism from Parliament members (MEPs).
Under the Freedom Act, the NSA could no longer collect data indiscriminately, either from Americans or foreigners, Sensenbrenner said. It would create a privacy advocate at the Foreign Intelligence Surveillance Act court, and boost NSA reporting, transparency and oversight requirements, he told LIBE, which is doing a wide-ranging probe of electronic mass surveillance. While abuses such as the reported monitoring of German Chancellor Angela Merkel’s mobile phone took place outside congressional authority, he said, lawmakers shouldn’t underestimate the power of reform. Revelations of NSA spying on Merkel and other European leaders have done a lot to harm the trust between the U.S. and EU built up since World War II, he said. International cooperation is crucial to stopping terrorism, but trust is integral, he said.
Asked if he saw any opportunity for aligning the privacy rights and safeguards of U.S. and non-U.S. citizens, Sensenbrenner said EU Justice Commissioner Viviane Reding and Attorney General Eric Holder will discuss that at a meeting next week in Washington. Also on the agenda are ongoing negotiations between the EU and U.S. on data protection in criminal investigations, he said. Even if the Freedom Act is enacted -- and there’s opposition to it from the White House, House and Senate leadership and intelligence agencies -- the NSA will likely continue to push the boundaries, so rigorous oversight will be necessary, he said.
In another session, MEPs hammered representatives from Microsoft, Google and Facebook about their role in giving NSA and other intelligence agencies access to customers’ data. All three said they only disclose data only in response to valid orders; don’t allow information to be swept up through back doors; aren’t paid, or receive costs only, for pulling out data for government intelligence programs; and get only a relatively small number of such requests for user data. Google put on record a letter outlining its position (http://bit.ly/16YDyeU). Apple, which wasn’t at the hearing, submitted a report on government information requests (http://bit.ly/HKOHXl)
Google has categorically denied giving the U.S. government access to its services and refuses to take part in any program that requires it to install technology to allow such access, said Public Policy and Government Relations Director Nicklas Lundblad. A Google transparency report shows a breakdown by country of government requests for user data, he said. After this summer’s revelations, Google sought permission to publish information on FISA requests but was denied, he said. Transparency is just the first step, he said. Mutual legal assistance treaties can provide the right framework but need to be revamped, he said. To balance security and privacy, more universally agreed to rules and principles governing access to customers’ data are needed, said Dorothee Belz, Microsoft vice president-legal and corporate affairs for Europe, Middle East and Africa.
Google wants clarity on conflict of laws, said Lundblad. Once government-to-government relationships are made clearer on this issue, the picture will improve, he said. Facebook juggles responsibilities in the U.S., Ireland, where it’s supervised by the Irish data protection commissioner, and other countries that issue requests for data, said Richard Allan, director EMEA public policy (http://bit.ly/HKP4RG). Harmonizing those responsibilities would be great, he said, but MEPs should not let the “edge” cases determine the general case. Most data requests come in regular criminal investigations with appropriate checks and balances to deal with the excesses Parliament is worried about, he said.
Information given to the committee indicates around 98 percent of Prism’s surveillance was based on data from Microsoft, Google and others, said Claude Moraes, of the Socialists and Democrats and U.K., who will write the LIBE report on its investigation. He said Belz “simply swept those allegations away today.” Belz said she could confirm only that Microsoft didn’t know about Prism until press reports surfaced and that the company doesn’t give unfettered access to its data centers. She urged lawmakers to look at the whole ecosystem to determine where such access could be obtained.
The systems reported in the press appear to be from inside the NSA, and Facebook has no awareness of them, said Allan. Facebook has been open about the data access requests it gets and how it handles them, he said. They don’t involve bulk access, he said.
The companies’ presentations were all “carefully prepared legal statements,” said MEP Sophie in ’t Veld, of the Alliance for Liberals and Democrats in Europe and the Netherlands. “We want to hear the truth,” she said. The Internet companies’ desire for transparency comes rather late, she said, saying the testimony was like listening to civil liberties associations, not companies that have been cooperating with government, albeit under pressure. Belz said she understands the frustration but lawmakers can’t expect businesses to make statements infringing laws and putting CEOs in jail. All of the companies favor more transparency, but aren’t allowed to talk under U.S. law and similar EU laws, Belz said. Microsoft isn’t aware of violating any EU rules, she told in ’t Veld. “Don’t make quick conclusions on what is happening,” she warned. Facebook and others are willing to publish data on the requests they received, but governments seeking the data in their citizens’ names should also have to go public with the information, Allan said.
In’ t Veld only partially blames the companies that have data swept up, she said in an interview Tuesday. They're in a tight spot because the U.S. and other governments are pressuring them to comply, but that doesn’t absolve them from complying with EU law, she said. The EU should do more to enforce its law, she said.
The European Parliament so far is the only legislature doing any kind of investigation into mass surveillance, but it has no powers to subpoena witnesses and take testimony under oath, in ’t Veld said. Ultimately, however, it has leverage over governments because its consent is needed for free trade and other agreements, she said. If lawmakers aren’t satisfied with the probe’s results, they may be reluctant to sign off on agreements, she said. The European Parliament is seeking allies in national legislatures, she said. It’s an uphill battle, but shrugging the situation off isn’t an option, she said.
The LIBE report will likely not hold any big surprises, said in ’t Veld. There will be a lot about parliamentary oversight of secret services and reining them in, as well as a call for better protections for individuals, she said. The big question, however, is “what kind of follow-up will there be?” she said. The European Parliament will dissolve soon after the report is adopted, and its composition will likely be completely different, she said. There could be a large contingent of Euroskeptics and public opinion may change, she said. But it’s obvious that EU governments won’t “lift a finger” to curb spying, she said.
People should be “realistic” about spying, said Digital Agenda Commissioner Neelie Kroes Monday at a cyber summit in Bonn. It may be unacceptable but it’s been going on for some time and isn’t about to stop, she said. The recent news about the scale of online spying has been “astonishing. But let’s not just sit there stunned like a rabbit in the headlights. Nor submit to hysteria,” her written remarks said. The answer isn’t to constrain data within national borders but to bring down cross-border barriers by boosting cybersecurity, she said. LIBE’s investigation continues Nov. 14.