GCHQ’s “light oversight regime” as situation comedy

One of the more memorable quotes to have been featured in the Snowden reporting to date for me is the unnamed senior legal official from GCHQ’s briefing note that “We have a light oversight regime compared with the US”.

For an illustration of how this works, I highly recommend reading Intelligence Services Commissioner Sir Mark Waller’s evidence to the Home Affairs Select Committee from last Tuesday. The Committee had to fight to get Waller to appear before it and, seeing what transpired, you can understand why. All the comparisons to Yes, Minister are entirely justified (although, as you may gather from his evidence, Mark Waller is in fact a retired senior judge rather than a career mandarin).

A representative sample:

Sir Mark Waller: …I just thought it was absolutely wrong to publish my report without going down to GCHQ in order to see whether there was anything in the allegation that was being made [in the Snowden reporting]. The allegation that was being made at that time was that GCHQ were taking no notice of UK law. They were doing it all through America and they were behaving unlawfully.

Chair: You went down to GCHQ.

Sir Mark Waller: Yes.

Chair: You went to see who there?

Sir Mark Waller: I saw the second head of the agency, in fact.

Chair: How did you satisfy yourself? It seems, from your comment, that what you did was you had a discussion with them, you heard what they had to say and you have accepted what they had to say.

Sir Mark Waller: Certainly.

Chair: Is that it?

Sir Mark Waller: Certainly.

Chair: Just a discussion?

Sir Mark Waller: Certainly.

Chair: Nothing else?

Sir Mark Waller: Certainly.

Chair: That is the way you were satisfied that there was no circumventing on UK law. You went to see them. You sat round a table. You had a discussion-

Sir Mark Waller: You have to remember that I had done a year and a half’s inspection. I have a very good idea as to what the ethos of this agency is.

Chair: Of course.

Sir Mark Waller: They know perfectly well that they have to make out their case and the legality of their cases and so on and I have absolutely, clearly, accepted that-

Chair: Of course. How many times have you visited GCHQ in the three years and two months that you have been the Commissioner?

Sir Mark Waller: Three years and two months. Well, again, each visit in 2012 is in the report. Effectively, I do two inspections a year.

Chair: So you have been about six times?

Sir Mark Waller: Yes.

Chair: Six times in three years?

Sir Mark Waller: Yes.

Liberty and Others v GCHQ

The legal challenges made by Liberty, Privacy International, Amnesty International, the ACLU and others in the wake of Edward Snowden’s revelations had their first hearing in the Investigatory Powers Tribunal today. The IPT is the tribunal set up under the Regulation of Investigatory Powers Act (RIPA).  It does not usually meet in public, so the announcement below is a bit of a souvenir.

This is the first of two groups of challenges against GCHQ’s interception and information sharing practices. The other is an appeal direct to the ECtHR (Big Brother Watch v United Kingdom), which the Strasbourg court has decided to fast track.

Today’s hearing was a directions hearing, which means that none of the substantive claims were argued, but questions as to approach were tackled and dates were set. The full hearing has been scheduled for 14-18 July this year – which is rather earlier than the ECtHR will hear their case, even though they’ve decided to fast track. The July hearing will be open to the public, although it sounds like there may also be sections of argument that are closed (more on that below).

dramatis personae

There are three separate groups of claimants: Amnesty International (represented by Kirsty Brimelow of Doughty Street Chambers), Privacy International and Bytes For All (Ben Jaffey of Blackstone Chambers) and Liberty and the ACLU (Matthew Ryder of Matrix Chambers). As far as I am aware, the only groups to have made their initial documentation public are Privacy International and Bytes for All. Privacy International’s claim deals with two main issues: the extent to which information sharing is regulated under RIPA (lets’s broadly call that issue PRISM) and the legality of mass surveillance (that’s Tempora).

The first issue dealt with was Amnesty joining the proceedings. Today’s hearing isn’t quite the first time Snowden’s revelations have been brought before the IPT (even in public). On 30 January, Abdel Hakim Belhaj and Fatima Boudchar were granted a limited injunction against the use of any legally privileged information that may have been acquired by surveillance (the court did not rule on whether any surveillance had in fact happened). The violation of legal privilege in breach of article 6 of the ECHR appears to be part of Amnesty’s argument in this case too, so there was some discussion as to what should be discussed purely in relation to the Belhaj case and what should be included in July’s hearing.

“This tribunal is unique in being able to proceed on assumed facts”

The bulk of the morning hearing saw attempts to reach agreement on the hypothetical premises on which the argument could proceed. Part of the difficulty here is that the UK government is still adopting a strict ‘neither confirm nor deny’ policy when it comes to Tempora – to the extent of not even being willing to confirm or deny how the word is pronounced.  It became evident over the course of the morning that the government would have preferred to restrict the court to an assessment of whether the RIPA framework itself was in accordance with ECHR rather than adjudicating whether particular alleged actions would be legal under RIPA itself or the Human Rights Act.

That approach was decisively rejected (“surely if you’re not allowed to do it at all, we can say so?”) so we will be hearing arguments about whether Tempora activity would be lawful – although the points at issue will be presented as “claimants allegations” rather than “agreed premises”.

In the absence of authoritative advice to the contrary, by the way, Mr Justice Burton decided that the IPT would go with the ‘Latin’ rather than ‘Japanese’ pronunciation of tempora. That means an emphasis on the first, rather than the second syllable.

Metadata and communications data

An interesting question that came up was whether communications data and metadata is synonymous – as it transpired, this was brought up by Matthew Ryder as a result of David Omand asserting that there was a difference (listen back to the LSE debate to hear for yourself). It seems that the government has responded to the effect that there is no meaningful difference between the two terms.

Afternoon

The afternoon session confirmed dates for the main hearing in July and then returned to the main theme of the morning, this time in detailed discussion about how the main issues of the case should be framed. Should the government be able to limit discussion to an assessment of the compatibility of its legal framework with the ECHR or should the question be whether the alleged practices themselves are compatible with the law? Is it possible the alleged practices might not be wholly authorised by RIPA, making the first option too narrow?

The argument on these issues was quite dense: at one point, it appeared as though the government was saying that, if the alleged activities took place, they could only have been authorised by RIPA, but that was not conceded formally. The final formulation is still to be confirmed, but it looks like it will represent a bit of a compromise for both sides.

Neither confirm nor deny

As mentioned earlier, the UK government will still neither confirm nor deny that the Tempora programme exists, despite the amount of information now in the public domain. (PRISM is a bit of a different matter, because its existence has already been acknowledged on the other side of the Atlantic). On the basis of some of Ben Jaffey’s submissions today, it looks like this stance will be challenged in July, particularly if – as seems likely – the government moves to hold a closed session after the open one.

#GSOC: strange things are afoot in Ireland

GSOC is the Garda Ombudsman Commission, the independent authority charged with overseeing the Irish police force. The current furore centres around whether its activities have been subject to surveillance. This was the subject of a lengthy statement by the Irish Minister of Justice Alan Shatter yesterday (11 February), the content of which indicates that monitoring has probably occurred, despite the Minister’s assurances otherwise.

What is this about?

In late 2012, two garda whistleblowers  accused senior colleagues of quashing penalty points as a favour to friends. The whistleblowers went to members of the Irish Parliament with their concerns and an internal enquiry was launched. In the manner of many internal enquiries, the police probe did not find anyone culpable, but did recommend that procedures be tightened up. It is clear that significant concerns remained and further investigation has been carried out under the auspices of the Public Accounts Committee.

While I do not follow Irish politics closely, I think it is fair to say that this whole affair has been highly controversial and it is perceived that the reputation of the gardai has been damaged.

On 27 January this year, the Irish Justice Minister Alan Shatter finally referred the allegations to the police ombudsman, GSOC.

On 9 February, the Irish Sunday Times published an article by John Mooney alleging that GSOC was the subject of surveillance by a “government level” entity and that GSOC has been obliged to order a full security audit in September 2013. Unfortunately, a paywall prevents me from telling you much more about that article.

On 11 February, these allegations were the subject of a very long statement from the Minister of Justice. The GSOC chairman Simon O’Brien has said today that he believes his office was subjected to “some sort of surveillance.”

What is of concern in the statement?

The Minister of Justice’s statement describes some of the findings of the GSOC security audit.

“I am advised by GSOC that the sweep identified what they refer to as two technical anomalies which raised a concern of a surveillance threat to GSOC. I should emphasise that my understanding is that what was at issue were potential threats or vulnerabilities, not evidence that surveillance had, in fact, taken place. A subsequent sweep identified a third potential issue. There was no suggestion that there was any risk of unauthorised access to the GSOC databases and the documentation on them.

“The first identified issue arose from a wi-fi device, the property of GSOC acquired in 2007/2008 located in its Boardroom, which was found to have connected to an external wi-fi network. Access to this device was protected by a password, and in the absence of this password any connection should not have been possible. In any event, GSOC does not operate a wi-fi network, and had never therefore activated this device (and does not even know what the password is), but the fact of the connection was a concern. How this occurred is unknown and there is no suggestion by GSOC that it resulted in any information being accessed. I am also advised that the wi-fi device was unable to communicate with any of GSOC’s databases or electronic systems and that the boardroom is not generally used for meetings.

“The second potential issue related to the conference call telephone in the Chairman’s office which was subject to a number of tests. One of the tests involved sending an audio signal down the telephone line. Immediately after this transmission, the conference phone line rang. GSOC conducted a number of checks to establish the source of this telephone call, but was unable to do so. Further checks revealed no additional anomalies or matters of concern. There is no evidence of which I am aware from my meeting with the Chairman of GSOC of any phone call made or received being compromised.

“The third issue related to the security firm reporting the detection of an unexpected UK 3G network in the area in the locality of the GSOC offices which suggested that UK phones registered to that network making calls would be vulnerable to interception. Importantly, I am advised that neither the Chairman nor any other member of GSOC or its employees use UK-registered mobile phones, so that the presence of any such device in the locality would not seem to have posed a threat to the integrity of GSOC’s communications systems. There appears to be no evidence that what was detected had any direct relevance to GSOC.

“As I understand it those three issues represent the totality of the concerns which arose.

Much online comment has been generated around the third issue raised in the statement, which sounds very much like the fake phone towers (IMSI catchers) used to record phone details and intercept phone calls. This technology is not solely the preserve of “government level” actors. In fact, they used by many police forces, including those in the UK and the equipment is commercially available. There is precedent for IMSI catchers to be used without care being taken to configure them properly to the country they are being operated in.

It is probably worth noting that – while misconfigured IMSI catchers may be more visible to those they target – it isn’t true to say that they cannot be used to intercept phone details when they are so misconfigured. It is also unclear why Mr Shatter’s assurances as to the integrity of “databases” should have bearing on the possible interception of communications or metadata. For these two reasons at least, I share the concerns being expressed about this statement. At the very least, further investigation is clearly warranted to ascertain the origin and ownership of the equipment broadcasting that “unexpected UK 3G network.”

Updates

1.

GSOC Chair Simon O’Brien has been answering questions from the Oireachtas Petitions and Public Service Oversight Committee on this subject today. Proceedings are being liveblogged here – much of the questioning appears to focus on how the Sunday Times had word of the story, which evidently took much of the Irish government by surprise (although it seems that Alan Shatter did have advanced notice of the GSOC security audit).

2.

Embarrassingly, the Irish Taoiseach Enda Kenny has had to ride back on comments which blamed GSOC for not reporting their suspicions of surveillance rather than tackling the subject of the surveillance itself.

3.

Tonight’s episode of Late Debate on RTE provides an excellent account of Simon O’Brien’s evidence and the likely next steps.

In brief, by mid-2013, GSOC had expressed dissatisfaction with the garda’s compliance with their procedures on more than one occasions. In June, concerns about “some public discourse appearing to be unexpectedly well informed” led to a security audit company being contracted.  Two security sweeps were carried out: one from 23-27 September and another on 19-20 October: it was on the second of these that the (likely) IMSI Catcher was detected. 

On 8 October, GSOC launched an investigation into potential garda misconduct based on the results of the security sweeps.

As Mark Kelly of the Irish Council for Civil Liberties points out in the programme, in his statement, Minister of Justice Alan Shatter have assurances on the existence of unauthorised surveillance:

It is important to say at the outset that the Garda Síochána Ombudsman Commission has informed me that, after an investigation, they concluded that no definitive evidence of unauthorised technical or electronic surveillance of their offices was found.

Whether surveillance of GSOC could have taken place on an authorised basis is an open question, one that appears on the front page of today’s Irish Examiner.

It looks like the Minister of Justice Alan Shatter will be called back to testify to the committee, which is also requesting an unredacted copy of the GSOC report resulting from the security audit. It also sounds very much like the Irish Sunday Times may be publishing more on this on Sunday.

4.

(17 Feb)

Richie Tynan has written a really good summary of the technical issues for Privacy International and the Irish Examiner has an account of the political reception and media reaction.

This week’s Irish Sunday Times has revealed that it was indeed a suspicion of surveillance by the garda which provided the impetus for GSOC to order a security audit. As the Sunday Times is behind a paywall, it’s also worth listening to John Mooney’s comments on RTE’s This Week:

This particular event has its roots in a collusion enquiry that GSOC ran between members of an elite garda unit in Dublin and a drugs trafficker called Kieran Boylan. That inquiry, which was a public interest inquiry, concluded late last year and had reached very damning findings about the activities of guards running black operations off the books outside of normal legislation.

That file was sent to the DPP with recommendations to charge a certain officer and Kieran Boylan. The DDP would not proceed with charges because in the national interest it would reveal too much about covert police operations. At that point…

What proof do you have that was the reason for the DPP not proceeding?

I know what I know. I’m aware that at that point GSOC made it very clear they were furnishing a special report to Alan Shatter and then they were going to release a report into the public domain raising their concerns about what had happened. At that point, and we published this on the front page of the Sunday Times today, there was a threat made by a senior garda officer to have analysts employed to find out how the Sunday Times in particular was obtaining information about what was going on.

5.

(19 Feb)

A recent article in the Irish Independent provided additional details about the security audit’s findings and questioned the legitimacy of some of them. This in turn ha prompted the company that performed the security audit, Verrimus, to make a statement (leading, in its turn to a hamfisted and unacknowledged edit in the original report). Richie Tynan has a great post on this for Privacy International.

How much classified information is there?

Last night, the Columbia School of Journalism hosted an “After Snowden” panel discussion with Jill Abramson, Janine Gibson, David Schultz and Cass Sunstein. Video of the event is available and I’ve been watching it back today.

Barton Gellman – who wasn’t on the panel – asks a question about an hour into the event about the US Government’ attitude towards national security journalism. It turned out to be one of those cases where the question asked was a lot more interesting than any of the answers it received. Here’s part of what Gellman said:

almost everything you want to write about, if you’re writing about intelligence or diplomacy or defence, is classified. Everything but the press release and the news conference is classified. That’s just the way the US Government works and there may be more classified information now than there is open source information on the planet. There’s a good article that a Harvard professor wrote that estimated that was the case.

This – and a hat-tip to Kevin M. Gallagher (@ageis) who found and posted the link last night – is the article Gellman was referring to, Removing Knowledge by Peter Galison, a specialist in the history of science. It’s worth reading.

Writing in 2004, Galison noted that classified information from 1979 or earlier that was considered historically valuable (a subset of the whole) amounted to some 1.6 billion pages, compared to the 7.5 billion pages he estimated the entire Library of Congress to contain. Given the likely acceleration in classification since 1979:

about give times as many pages are being added to the classified universe than are being brought to the storehouses of human learning, including all the books and journals on any subject in any language collected in the largest repositories on the planet.

Galison is primarily focused on scientific research and uses a lot of examples from the US Department of Energy. Still, US Government statistics seem to support that 1.6 billion pages figure. So if there isn’t already more scientific information (at least) hiding behind clearances than out in the open, it’s only a matter of time before that is the case. It’s pretty staggering stuff.

Through a PRISM, darkly

I’m currently working my way through the many excellent presentations given at the 2013 CCC Congress (you can look through the videos yourself here). This talk, given by Kurt Opsahl, Senior Staff Attorney at the Electronic Frontier Foundation is a really good introduction to the US legal framework around the NSA’s activities. Once you’ve watched this, the next thing on your list should be Jacob Appelbaum’s To Protect and Infect, Part 2, which explains some of the most recent stories to emerge from the Snowden document cache.

UK MPs debate oversight of the security services

Earlier today, MPs took part in a three hour debate on oversight of the security services. Video of today’s three hour debate is now available here, and it’s well worth viewing:

31.10.13 Westminster Hall debate on oversight of the security services

Of particular note are the exchanges between members of the Intellifenge and Security Committee (ISC) and Parliamentary colleagues, which reveal that no scrutiny of Prism or Tempora took place in that committee before Edward Snowden’s disclosures put the existence of those programmes into the public domain. It is not at all clear that members of the committee knew what GCHQ was up to until the Guardian drew their attention to it.

A full transcript of the debate should be available soon (here) and I’ll highlight some of the key passages when it is.

Update (4/11)

I promised to identify the sections of the debate which tackled the degree of information open to the ISC, particularly about the PRISM and Tempora programmes. The first came about in a question from Tom Watson to George Howarth, a member of the ISC:

Mr George Howarth (Knowsley) (Lab):

Let me demonstrate that by reference to the issue that the hon. Gentleman has talked about at some length, and legitimately so. I am talking about the Prism programme—what the UK’s involvement in it was and so on. Not once during his speech, unless I missed it, did he refer to the fact that the Intelligence and Security Committee, which he considers to be inadequate, has already looked at the Prism programme and what our own agencies’, and particularly GCHQ’s, involvement in and knowledge of that was. We issued a statement—an interim statement, I might add—in July. In the course of that statement, which has not been referred to so far, we arrived at some important conclusions. The first one was:

“It has been alleged that GCHQ circumvented UK law by using the NSA’s PRISM programme to access the content of private communications. From the evidence we have seen, we have concluded that this is unfounded.”

For obvious reasons, it is impossible for me to go into detail about all the evidence that we were able to look at, but we did look in detail at very important pieces of information and we were able also to look at what authorisations were involved in the process of accessing the information, particularly the communications within it. The law has not been broken.

Mr Watson: I am reassured by my right hon. Friend’s thoroughness in the investigation. Was July the first time that the Committee had examined Prism, and was that after the Guardian revelations? [Laughter.]

Mr Howarth: It was after the Guardian revelations. The hon. Member for Cambridge seems to think that that is funny. Actually, he would still be sitting here today if we had not gone and looked at this matter after the allegations emerged. He would be accusing us of being inadequate in our responsibilities.

So, the ISC did not examine GCHQ’s involvement in PRISM before information about the programme’s existence reached the public domain. That could mean that the committee didn’t know about it, or knew about it and chose not to concern itself with it. George Howarth was pressed on the issue of whether the ISC knew about the programme by Rory Stewart – and his answer is incredibly evasive.

Rory Stewart: Will the right hon. Gentleman clarify why the Committee did not look into Prism before The Guardian published its allegations?

Mr Howarth: Let me answer the hon. Gentleman very carefully; I hope that he will forgive me for being none too specific in my answer. Part of our responsibility, which did not just emerge after the revelations about Prism, is to look at what the agencies do, what their capacities are and how they use those capacities. It is a continuous process. We have in the head of GCHQ. We take evidence. We probe what it is doing and what it is capable of doing. Therefore, it is not that we did not have any concerns or any interest in what GCHQ was capable of. That is an ongoing process, but inevitably, when something new emerges, it is appropriate that, as a Committee, we look into it.

I have answered the hon. Gentleman’s question perhaps not as accurately as he would have liked, but—I am not being evasive when I say this—if I went any further, I would be going into detail that at this stage I do not think is relevant.

The issue was later put to the chair of the committee, Sir Michael Rifkind, who refused to answer the question:

Mr Meacher: Will the right hon. and learned Gentleman explain why the Committee did not find out about the Tempora programme when it began to operate?

Sir Malcolm Rifkind: The right hon. Gentleman does not have the faintest idea whether the Committee was aware of programmes of any kind. We are given classified information, and the whole point of an independent Committee having access to top secret information, whatever that is, is that we do not announce what such information is. If he can devise a system whereby secret information can be made available to all law-abiding British citizens, without its being simultaneously made available to the rest of the world, I am interested in hearing about it, but I do not think that he is likely to meet that requirement.

Also of note was the question put by Julian Huppert to the Under-Secretary of State James Brokenshire – but answered by Michael Rifkind:

Dr Huppert: The Minister makes the extremely good point that it is “past operations” that can be looked at, and there are constraints on what the ISC can look at; it does not have a completely free rein on operational matters. What happens if an operation lasts for many, many years? At what stage is there any sort of scrutiny of that?

James Brokenshire: To be fair to the hon. Gentleman, he took part in the consideration of the Justice and Security Act 2013, although he did not make then a number of the points that he has made this afternoon. However, we need to be very careful to ensure that scrutiny does not seek to cut across into direct, ongoing operational activity. I am quite sure that, given the robustness of the new powers that the ISC itself will hold, that consideration is very much in the forefront of the minds of the Committee members.

Sir Malcolm Rifkind: In response to the perfectly reasonable issue raised by the hon. Member for Cambridge (Dr Huppert), I must say that this point was seized on by the ISC itself. We have completed discussions with the Government, the results of which will appear in a memorandum of understanding that will be published and include details of how these matters will be dealt with. That will ensure that that consideration cannot be used as an improper way of preventing the ISC from obtaining access to operations that—by any normal, common-sense approach—could be considered as completed.

Finally, as a reminder of the quality of rhetoric that tends to prevail when issues are not subjected to proper scrutiny:

Mr Adam Holloway (Gravesham) (Con): If in the last few weeks, we had lost a city to nuclear terrorism or there had been a gigantic mass casualty, I wonder whether the hon. Gentleman’s constituents would see Edward Snowden as a trendy, cool whistleblower or as a traitor.

Two developments that are certainly not linked in any way

One

Two

Rebekah Brooks Phone Hacking Trial Begins In London http://t.co/xR1vgyKTqQ via @thedailybeast

— Peter Jukes (@peterjukes) October 28, 2013

Fourth European Parliament hearing on surveillance: special whistleblower edition

Monday’s fourth #EPInquiry hearing was relatively well-reported, largely because Edward Snowden supplied a statement, delivered to the inquiry by the Government Accountability Project’s Jesselyn Radack.

Audio of the full hearing is available here, thanks to Henrik Alexandersson, who has also posted the audio of the previous three hearings.

The speakers were Marc Rotenberg (EPIC), Catherine Crump (ACLU), Thomas Drake (NSA whistleblower), J. Kirk Wiebe (NSA whistleblower), Annie Machon (MI5 whistleblower), Jesselyn Radack (Government Accountability Project) and John Devitt (Transparency International). Video of the following presentations has been made available by the Government Accountability Project:

Jesselyn Radack

Thomas Drake

J. Kirk Wiebe

The next hearing is tomorrow, Thursday 3rd October and one of the subjects up for discussion will be GCHQ’s aggressive actions against the Belgian national telecoms company, Belgacom – whose clients include the European Parliament. Unfortunately, GCHQ’s director has declined the opportunity to justify himself in front of the Committee.

Missed my posts on the first three #EPInquiry hearings? Find them here (one, two, three).

Update (3/9)

Full video of the hearing is now available:

European Parliament holds third surveillance hearing

Unlike previous hearings (one, two), I’ve been able to follow this one as it proceeded (and even, eventually, found a machine that will relay the European Parliament’s  livestream properly). This storified account of the hearing will be updated throughout the day.

[View the story “#EPInquiry hearing three” on Storify]

It is worth noting that the full-day hearing concludes with an acknowledgement that responses given by members of the EU-US Transatlantic group of experts on data protection and the speakers from EuroPol and SWIFT were unsatisfactory – those relate to the first two sessions recounted at that storify link. Caspar Bowden’s presentation in the fifth session is well worth your time too.

The next #EPInquiry hearing is scheduled for Monday 30 October and will include another set of interviews with representatives from US civil society (I think the ACLU this time around) and a second session on whistleblower protections. The hearing after that, on  Thursday 3 October will look into GCHQ’s compromise of the mobile network Belgian national telecoms company, Belgacom, which coincidentally provides services to EU institutions. UK representatives have been invited to this hearing, although it remains to be seen whether any will turn up.

Update (2/10)

GCHQ have declined the opportunity to justify their actions at the fifth #EPInquiry hearing tomorrow.

#GCHQ director has declined the invitation to the #EPinquiry on mass surveillance tomorrow at 16:00.

— Ralf Bendrath (@bendrath) October 2, 2013

@IanBrownOII Yes, but also: “The UK government has a policy of not commenting on intelligence, but our oversight is the best in the world.”

— Ralf Bendrath (@bendrath) October 2, 2013

 

A few #EPInquiry-related updates

Next #EPInqury hearing tomorrow

In my last few posts, I’ve been tracking the European Parliament Inquiry into surveillance in and by EU member states (first hearing, second hearing).

Tomorrow (Tuesday), the Civil Liberties Committee (LIBE) holds its third hearing, which it trails as follows:

There are five sessions foreseen in the programme focusing on “Allegations of NSA tapping into the SWIFT data used in the TFTP programme”, “Exchange of views with US Administration”, “Feedback of the meeting of the EU-US Transatlantic group of experts on data protection of 19/20 September 2013″, “Exchange of views with US Civil Society (part I)” and “Presentation of the study on the US surveillance programmes and their impact on EU citizens’ privacy”.

The study referred to on US surveillance programmes and their impact on EU citizens’ privacy, prepared by Caspar Bowden is available here.
 The hearing will be broadcast live from 8am UK Time.

More on The Athens Affair

Jacob Appelbaum’s presentation to the first #EPInquiry hearing used an incident in Greece in 2004-5 as a potential example of NSA interference abroad which is not subject to any meaningful limits whatsoever:

the NSA is not bound by European laws and they don’t care what your laws say. So when you say it would be proportionate and balanced to wiretap people for the purposes of terrorism, you are also tacitly endorsing the NSA to wiretap everyone in your country without any judicial process or any proportionality whatsoever.

This is what happened in Greece with the Athens affair, almost certainly – we don’t know it was the NSA, but it was an actor with sufficient capabilities. They were able to wiretap the Prime Minister as well as Members of Parliament. It also moves the risk from a world that was military to one where someone operates a computer and they’re your last line of defence between your Prime Minister being wiretapped or not.

In the case of the Vodafone incident in Greece, the person in charge of that telephone switch was found hanged to death in his apartment. And the reason is he wasn’t trained to do these things or defend an entire nation in that way. So it[NSA impunity] changes the balance of power in a very serious fashion.

Most of the reporting on the Athens Affair in the English-language media appeared in 2007 when the news initially broke. Greekemmy has now updated the story at WikiLeaks-press.org with information on the evidence turned up by a subsequent public inquiry in 2010-11. This inquiry identified the US Embassy in Athens as the agency responsible for the interception. An announcement of a criminal investigation into US embassy employees followed, but this seems to have been quietly dropped.