Extraordinary Popular Delusions

"Men… think in herds … they only recover their senses slowly, and one by one."

Tag: data protection

A few #EPInquiry-related updates

Next #EPInqury hearing tomorrow

In my last few posts, I’ve been tracking the European Parliament Inquiry into surveillance in and by EU member states (first hearing, second hearing).

Tomorrow (Tuesday), the Civil Liberties Committee (LIBE) holds its third hearing, which it trails as follows:

There are five sessions foreseen in the programme focusing on “Allegations of NSA tapping into the SWIFT data used in the TFTP programme”, “Exchange of views with US Administration”, “Feedback of the meeting of the EU-US Transatlantic group of experts on data protection of 19/20 September 2013″, “Exchange of views with US Civil Society (part I)” and “Presentation of the study on the US surveillance programmes and their impact on EU citizens’ privacy”.

The study referred to on US surveillance programmes and their impact on EU citizens’ privacy, prepared by Caspar Bowden is available here.
 The hearing will be broadcast live from 8am UK Time.

More on The Athens Affair

Jacob Appelbaum’s presentation to the first #EPInquiry hearing used an incident in Greece in 2004-5 as a potential example of NSA interference abroad which is not subject to any meaningful limits whatsoever:

the NSA is not bound by European laws and they don’t care what your laws say. So when you say it would be proportionate and balanced to wiretap people for the purposes of terrorism, you are also tacitly endorsing the NSA to wiretap everyone in your country without any judicial process or any proportionality whatsoever.

This is what happened in Greece with the Athens affair, almost certainly – we don’t know it was the NSA, but it was an actor with sufficient capabilities. They were able to wiretap the Prime Minister as well as Members of Parliament. It also moves the risk from a world that was military to one where someone operates a computer and they’re your last line of defence between your Prime Minister being wiretapped or not.

In the case of the Vodafone incident in Greece, the person in charge of that telephone switch was found hanged to death in his apartment. And the reason is he wasn’t trained to do these things or defend an entire nation in that way. So it[NSA impunity] changes the balance of power in a very serious fashion.

Most of the reporting on the Athens Affair in the English-language media appeared in 2007 when the news initially broke. Greekemmy has now updated the story at WikiLeaks-press.org with information on the evidence turned up by a subsequent public inquiry in 2010-11. This inquiry identified the US Embassy in Athens as the agency responsible for the interception. An announcement of a criminal investigation into US embassy employees followed, but this seems to have been quietly dropped.

Advertisements

European Parliament holds second surveillance inquiry hearing

Following on from my last post, I’m just catching up with the second hearing of the European Parliament’s Civil Liberties Committee into surveillance in and by EU countries. This was held on Thursday 12th September and, like the first hearing, was divided into two sessions.

The first, private, session saw MEPs briefed on the results of a meeting between EU and US data protection experts back in July. There were two strands to the EU’s response to PRISM in mid-June; one was the public inquiry arranged by the European Parliament and the other was the ad hoc working group formed by the Council Presidency and Commission doing the reporting in this closed session.

The second session included a briefing from the Chair of the Article 29 Working Party, Jacob Kohnstamm, on the impact of surveillance on privacy and US-EU Data Protection Agreements. Audio of this second session has been released on the EU website  – although it’s not the most user friendly interface I’ve ever encountered.

Documents from the meeting are also available here.  Of these, Kohnstamm’s letter to EU Commissioner Viviane Reding forms the basis of his presentation to the Inquiry and is certainly worth looking at.

It also needs to be clarified if these American intelligence programs are in line with European and international law. This includes the International Covenant on Civil and Political Rights, which lays down the right to privacy in a general way. More importantly, the necessity and proportionality of these programs according to the Council of Europe Convention 108 needs to be further assessed. WP29 therefore considers it is likely that the current practice of apparent large-scale collection and accessing of personal data of non-US persons is not covered by the Council of Europe Cybercrime Convention. This is particularly relevant in light of the on-going discussion within the Council of Europe Cybercrime Convention Committee (T-CY) on the preparations for an additional protocol meant to facilitate trans-border data flows in this field.

Documents relating to the first #EPInquiry hearing have also been released.

The next #EPInquiry hearing is scheduled for 24th September:

There are five sessions foreseen in the programme focusing on “Allegations of NSA tapping into the SWIFT data used in the TFTP programme”, “Exchange of views with US Administration”, “Feedback of the meeting of the EU-US Transatlantic group of experts on data protection of 19/20 September 2013”, “Exchange of views with US Civil Society (part I)” and “Presentation of the study on the US surveillance programmes and their impact on EU citizens’ privacy”.

Update (19/9)

Kohnstamm does not understate the importance of the Snowden revelations (this from the audio clip):

Based on the reports… it is highly likely that the fundamental rights of human beings have indeed been infringed on… The fundamental trust between government and citizens is at stake.

He also makes clear that the surveillance activities of EU member states will also need to be assessed for their compliance with international law and EU standards, which may themselves need to change to offer better protection for individuals’ privacy.