Is Data Privacy really safe seen through Commissioner’s PRISM?

Eric Holder, Alan Shatter and Viviane Reding in the EU/US Justice Ministerial Meeting (from left to right) (EC Audiovisual Services)

Eric Holder, Alan Shatter and Viviane Reding in the EU/US Justice Ministerial Meeting (from left to right) (EC Audiovisual Services)

It was last Friday that the European Commissioner for Justice, Viviane Reding, had a ministerial meeting in Dublin with Mr Eric Holder, U.S. Attorney General. The topic of the meeting would have normally been the ongoing discussion on the transatlantic data privacy agreement. That would have been effectively the 15th round of negotiations to bridge the gap between the two world powers and everyone was waiting for a conclusive step forward.

However, the interest of that ministerial meeting under the gloomy weather of Dublin was monopolized by the biggest state surveillance scandal in the US political history, that only broke out at the beginning of this month.  I am talking of course about the infamous leak concerning PRISM, the up till now covert National Security Agency’s (NSA) programme of the USA that has divided citizens and policy makers in both continents.

The PRISM Scandal

The scandal came to the surface after an IT consultant, who also happens to be a former CIA agent, suddenly decided to put his name in the American history as one of the most famous whistleblowers together with Daniel Ellsberg (Pentagon Papers on Vietnam War) and Bradley Manning (Wikileaks). The 29-year old, Edward Snowden, current employee of the defense contractor Booz Allen Hamilton, in the beginning had trusted a 41-slide PowerPoint presentation, classified as top secret by NSA, to the Washington Post and the Guardian. They both published a part of the presentation that was allegedly used for training purposes to NSA agents participating at the notorious PRISM spying programme on the 6th and 7th of June respectively.

Slide of PRISM Programme Presentation (source: The Guardian)

Slide of PRISM Programme Presentation (source: The Guardian)

The PRISM, until recently secret, programme is part of the Foreign Intelligence Surveillance Act (FISA) that was first signed into law in 1978. After 9/11 it underwent continuous amendments though. In October 2011 President Obama signed an extension of FISA. This is the Section 702 and according to the Director of National Intelligence, Mr James Clapper, who after the revelations had to eventually accept the existence of the PRISM, this Section is its legal basis.

Slide of PRISM Programme Presentation (source: The Guardian)

Slide of PRISM Programme Presentation (source: The Guardian)

Let’s see now what the notorious PRISM is about. As described in the slides that have seen the light of publicity, this programme is something like a contract between the National Security Agency of the USA and 9 big American software/Internet companies: Microsoft, Google, Yahoo, Facebook, PalTalk, Youtube, Skype, AOL and Apple. The slides define that the NSA can have direct access to the servers of those companies and gain access to emails, Chats, Videos, Photos, Stored data, VoIP, File transfers, Video Conferencing, Logins, Social Networks and “Special Requests”. If the above slide cannot make you lose your sleep at night, then words have lost their meaning.

Slide of PRISM Programme Presentation (source: The Guardian)

Slide of PRISM Programme Presentation (source: The Guardian)

On top of that, another slide gives away the age of the Prism programme and the exact time that each of the 9 American companies joined it. Microsoft was the first in 2007 to join, followed by Yahoo in 2008, Google, Facebok and PalTalk in 2009, Youtube in 2010, Skype and AOL in 2011. Apple seems to have resisted the most until they finally conceded with this outrageous Private Data bazaar and only joined the PRISM at the end of 2012.

No privacy seen through the PRISM

That the NSA reserves the right to request from companies specific access to private data from their users is not something new. The National Security Agency of the USA even has the right to ask for a court order that will grant the agency access to the data required. However, it seems that the American Government regarded this as a time consuming and painful task, especially when they had to fight in court with true Internet Giants like Google or Facebook. The NSA would not afford that and most of all would not afford the publicity of a legal adventure like that.

Hence, they invented the PRISM, which according to the reportage of the Guardian gives direct access to the servers of the 9 companies mentioned above, without the need for polite requests or court orders. Obviously the PRISM is nothing but an open backdoor to your emails and my facebook profile together with the skype calls of potential Al Qaeda members in Afghanistan.

Everyone is Innocent

What is astonishing, though, despite how clearly the top secret slides indicate the way PRISM functions, is that all those 9 companies unanimously after the scandal came out to claim that it is the first time they find out about the PRISM and how it operates. Google replied to Guardian’s invitation for comment that: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a back door for the government to access private user data.”… “If they are doing this, they are doing it without our knowledge”. What is more, an Apple spokesman stated:  “We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”

Moreover, Mark Zuckerberg posted a message on his Facebook account concerning this issue: “Facebook is not and has never been part of any programme to give the US or any other government direct access to our servers,” he maintained. “We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn’t even heard of PRISM before yesterday.” Microsoft also denied any relation to the PRISM: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”

AOL did not omit to comment on this either: “We do not have any knowledge of the Prism programme. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers.” Last, but not least, the online video chat room PalTalk made also a similar announcement: “We have not heard of PRISM. Paltalk exercises extreme care to protect and secure users’ data, only responding to court orders as required to by law. Paltalk does not provide any government agency with direct access to its servers.”

Numerous requests but none for American citizens?

At the same time, after the revelations companies admitted that they have indeed received data surveillance requests by the NSA. Microsoft stated that it has received around 6.000 to 7.000 requests from US government agencies that affect anything between 31.000 and 32.000 customer accounts. Moreover, Facebook announced that they have received 9.000 to 10.000 requests that concern 18.000 to 19.000 accounts. Google in its turn accepted that in 2012 only they have received from 1 to 999 data requests. Apple, allegedly the last company to join the PRISM, admitted that they have received from December 2012 to May 2013 requests that link to around 9.000 to 10.000 accounts. Last, but not least, Yahoo said that they have received in 2013 more than 12.000 data requests. It seems that the American companies accept the fact that they receive enormous amounts of data requests from the US Government but they all deny any knowledge about the infamous PRISM programme.

Right after the publication of the information on the PRISM, Mr Clapper, Director of National Intelligence, came to state that the PRISM is dedicated to acquire “foreign intelligence information” of only non-US citizens outside the USA. Mr Clapper argues later in his Press Release that “Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats”. Mr Clapper concludes by saying that the PRISM is an “entirely legal” programme. What we clearly see here is that companies deny the existence of the PRISM while the NSA accepts it. Isn’t that at least suspicious?

Slide of PRISM Programme Presentation (source: The Washington Post)

Slide of PRISM Programme Presentation (source: The Washington Post)

Seeing through the European PRISM

Mrs Viviane Reding, Vice President of the European Commission, having seen this last slide cited above where the bandwith of information between Europe and the USA has the lion’s share, felt the urge to take up this matter immediately with Mr Holder, US Attorney General. Hence, at the beginning of last week, only days before their meeting in Dublin on the 14th, she wrote a letter to Mr Holder with the “European questions and worries” about the PRISM issue:

  • “Are they only aimed at gathering the data of US citizens and residents, or are they also – or even primarily – targeting non-US nationals, including EU citizens?
  • Is the data collection limited to specific and individual cases and, if so, what criteria is applied?
  • How regularly is the data of individuals collected or processed in bulk?
  • What is the scope of Prism and other such programmes? Is it limited to national security and foreign intelligence, and if so how are such terms defined?
  • How might companies in the US and EU challenge the efforts to access and analyse the data?
  • What ways might EU citizens find out if they have been affected? How is this different to the situation for US citizens and residents?
  • How might EU citizens and companies challenge any effort to access and process their personal data? How does this compare to the rights offered to US citizens and residents?”

Europe is nodding along

Despite the numerous questions by Mrs Reding and by the European citizen, that she needed to represent in Dublin, it seems that Mr Holder did not have any particular difficulty to convince the Vice President of the European Commission that everything is just fine for the data privacy of European citizen. The only thing that the US Attorney General had to do basically was to repeat what he had stated during his Press Released issued before the ministerial meeting.

Mrs Reding, however, turning a blind eye on the horrible and obvious breach of data privacy for the European citizen because of the PRISM, she appeared reassured and convinced that the PRISM is not “invasive” either “overall spying”. In fact she repeated like a parrot almost exact excerpts from Mr Holder’s press release: “It is about foreign intelligence, targeted at non-US citizens under investigation on terrorism and cyber crime. So it’s not bulk collection but individuals and groups [targeted] and is the basis of a court order and congressional oversight”. She concluded by stating “I have been given answers and assurances. For me, this is the beginning of a dialog.” Is that so?

It is more than evident that the PRISM scandal has tremendous repercussions for the data privacy of the European citizen, because since 2007 the NSA had open access to your emails, his skype calls and later my Facetime. This is rather unacceptable. But what is more unacceptable is to see the Vice President of the European Commission not challenging even a bit the US Attorney General on this one. This was probably for Mr Holder one of the easiest ministerial meetings he ever had in his career. Instead of asking about the fortune of specific data from European citizens that the PRISM stored and elaborated, Mrs Reding was apparently nodding during the whole meeting. Was it because the Vice President of the Commission is rather a naïve and innately kind-hearted individual?

Without regulation Europe will be always the victim

I am afraid Mrs Reding realized from the very first moment that she was truly unarmed in this battle. While the US have been constantly upgrading their FISAs like a new app version for Android, the EU is unreasonably stuck in that old 1995 Data Protection Directive that is supposed to protect Europeans’ data privacy with standards of an era when the Internet was nothing else but an ambitious idea. Consequently, it is unfortunately well expected that the EU has nothing to do or say on this issue. The USA are so much ahead on data privacy or better “data privacy violation” that by the time we finally upgrade our data privacy regulation they will be inventing PRISM Version 15.

Mr Joe McNamee, executive director of European Digital Rights stated at Bloomberg BNA last Friday that before the EU reaches any agreement with the USA on data privacy protection, Brussels needs to finalize first its own directive.

It is clear that last week it was not only Mrs Reding that was unarmed and truly unprotected, but most of all the European consumer.

You may watch here the discussed exclusive interview of the PRISM whistleblower, Edward Snowden, to Glenn Greenwald from The Guardian:

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

This is where obesity places the biggest burden on healthcare

Things are bad and getting worse for South Africa. Or are they?

UN calls for action to tackle ‘ubiquitous but invisible’ global road safety crisis

Press conference by EC Vice-Presidents Valdis Dombrovskis (left) and Jyrki Katainen, on the Commission's proposals in the framework of the financial union (Source: EC Audiovisual Services / Copyright: EU, 2018 / Photo by Georges Boulougouris)

EU Finance ministers agree on new banking capital rules and move closer to Banking Union

‘The welfare of the Libyan people’ the UN’s sole agenda for the country, says Guterres in Tripoli

Foreign Affairs Council (Trade) of 22/05/2018: EU relations with key trading partners

‘Counter and reject’ leaders who seek to ‘exploit differences’ between us, urges Guterres at historic mosque in Cairo

These clothes were designed by artificial intelligence

Senior UN adviser sees ‘rare’ victory for humanitarian diplomacy as aid convoy reaches desert camp in Syria

Let us keep ‘their spirit of service alive’: Guterres leads tributes to UN workers who died in Ethiopia crash

New UN bullying report calls for ‘safe, inclusive’ schools for all children

Europe provides financial support to African countries while Turkey denies to change terrorism laws jeopardising the EU deal

MWC 2016 LIVE: Gamelab founder talks Apple TV, VR and monetisation

Right2Water initiative: Is the Commission ready to listen to citizens?

5 ways Denmark is preparing for the future of work

The relationship between Dengue and the rainfall in Boa Vista, Brazil

International Court of Justice orders Pakistan to review death penalty for Indian accused of spying

Here’s how to bring agility into the boardroom

‘Revved up climate action’ needed to counter ‘prolonged’ and deadly storms like Cyclone Idai: Guterres

Chart of the day: These countries have the highest share of electric vehicles

How we can work together in the fight against NCDs

3 ways activists are being targeted by cyberattacks

Germany hides its own banks’ problems

Here are three ways blockchain can change refugees’ lives

Sudan: New political transition, bolstered by peacebuilding, could bring long-term stability to Darfur, Security Council told

UN human rights office urges Egypt to immediately release detained protestors

When is Berlin telling the truth about the EU banking union?

UN honours peacekeepers who ‘paid the ultimate price’, for the sake of others

3 technologies that could define the next decade of cybersecurity

Member states jeopardising the rule of law will risk losing EU funds

‘Violence, atrocities and impunity’ reign throughout Libya, ICC prosecutor tells UN Security Council

Gaza blockade causes ‘near ten-fold increase’ in food dependency, says UN agency

GSMA Announces Final Event Lineup for Highly Anticipated 2019 “MWC Los Angeles, in Partnership with CTIA”

Hunger, displacement and disease: 4.3 million people remain in dire need of aid in Chad

Q&A on the 19th China-EU Summit to be held on 01-02 June 2017 in Brussels

Will the outcome of the UK referendum “calm” the financial markets?

Charles Michel advocates a strong Europe that acts where it can add real value

Nature is our strongest ally in ensuring global water security

To tackle climate change, we need city diplomacy

How can newspapers survive? By measuring their social impact

Low quality healthcare is increasing the burden of illness and health costs globally

Commission presents EU-Vietnam trade and investment agreements for signature and conclusion

Real EU unemployment rate at 10.2%+4.1%+4.7%: Eurostat Update

Bundestag kick starts the next episode of the Greek tragedy

Can the national and age groups pockets of unemployment cause irreparable damages to Eurozone?

Building cybersecurity capacity through benchmarking: the Global Cybersecurity Index

‘Disaster resilient’ farming reduces agriculture risks, yields economic gains, says new UN agriculture agency report

Eurozone’s bank resolution mechanism takes a blow

Human rights breaches in Iran, Egypt and Tanzania

OECD sees global growth moderating as uncertainties intensify

Over 80 per cent of schools in anglophone Cameroon shut down, as conflict worsens

Spain will soon overtake Japan in life expectancy rankings. Here’s why

Ingredients for a new life: how cooking helps refugees and migrants blend in

The ECB accuses the politicians of inaction, continues injecting billions to banks

Investment and Financing under the Belt and Road Initiative (BRI): EU and Chinese stakeholders share their views at European Business Summit 2018

How Big Food is responding to the alternative protein boom

MEPs call for EU rules to better protect minorities’ rights

Estonia is making public transport free

Cohesion Policy: EU invests €880 million to improve Poland’s railway system

Political power of women suffering ‘serious regression’, General Assembly President warns

More Stings?

Comments

  1. Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my blog that automatically tweet my newest twitter updates.
    I’ve been looking for a plug-in like this for quite some time
    and was hoping maybe you would have some experience with
    something like this. Please let me know if you run into anything.

    I truly enjoy reading your blog and I look forward to your new
    updates.

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s