On 6 June 2013, articles in the Guardian and Washington Post based on information from former US National Security Agency employee Edward Snowden stoked up the debate on internet data surveillance. Further allegations that US and UK intelligence agencies had accessed and stored large quantities of data followed.
US Prism programme
According to press sources, the US National Security Agency (NSA)‘s Prism programme collects various communication data flowing through the US from nine major US internet firms – Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. Several providers disclosed that they received between 4 000 and 13 000 government requests for user data in six months. It was not indicated how many of them were criminal or national security requests or whether they were related to Prism.
The US legal background is the Foreign Intelligence Surveillance Act (FISA), which provides a framework for electronic surveillance and collection of “foreign intelligence information” between “foreign powers” and “agents of foreign powers”. Requests are adjudicated by the Foreign Intelligence Surveillance Court, a secret 11-member court (hearings and records are not open to the public). The US President may authorise surveillance through the Attorney General without a court order for periods of up to one year if there is no “substantial likelihood” that a US citizen is involved.
UK Tempora programme
Snowden also leaked information on the UK’s Tempora programme to the press. Apparently, the British GCHQ had extracted and stored data from more than 200 transatlantic fibre-optic cables (including connections to EU Member States and the US) and shared it with the NSA. Full data were preserved for three days while metadata (e.g. in an e-mail the sender, recipient, IP address, date and time) were kept for 30 days. The data included recordings of phone calls, content of e-mail messages, Facebook content and internet users’ histories. Apparently 300 GCHQ and 200 NSA analysts were working on this project in May 2012.
A source with knowledge of intelligence explained to the Guardian that the programme focuses on security, terror and organised crime. Even if a large amount of data was accessible, the vast majority of it was discarded without being looking at.
EU, US, and analysts’ views
Central to the discussion is the right balance between data protection and security. EU and US views differ in this regard. Academics consider that the US’s response to 9/11 relied heavily on an expeditionary military effort, whereas the EU considers terrorism a problem of internal security best addressed by law enforcement and intelligence agencies. However, there is also a growing consensus.
In the plenary debate of 11 June 2013, MEPs criticised the US’ distinct rules for US citizens and foreign nationals. During the 20 June debate in the Civil Liberties, Justice and Home Affairs Committee with Commissioner Viviane Reding, most MEPs agreed that the Prism case highlights an urgent need to pass legislation to protect EU citizens’ personal data. In the 2000 debate on the existence of a global system for intercepting communications among the USA, the UK, Canada, Australia and New Zealand, Parliament set up a temporary committee which drafted the Echelon report.
Concerning Tempora, press sources report several German government requests to British counterparts on the legal basis and the extent of surveillance. Commissioner Reding has also written to UK Foreign Secretary William Hague.