US Websites Should Inform EU Citizens about NSA Surveillance, Says Report
EUROPE, 30 Sep 2013
Bryan Glick, Computer Weekly – TRANSCEND Media Service
All existing data sharing agreements between Europe and the US should be revoked, and US web site providers should prominently inform European citizens that their data may be subject to government surveillance, according to the recommendations of a briefing report for the European Parliament.
The report was produced in response to revelations about the US National Security Agency (NSA) snooping on internet traffic, and aims to highlight the subsequent effect on European Union (EU) citizens’ rights.
The report warns that EU data protection authorities have failed to understand the “structural shift of data sovereignty implied by cloud computing”, and the associated risks to the rights of EU citizens.
It suggests “a full industrial policy for development of an autonomous European cloud computing capacity” should be set up to reduce exposure of EU data to NSA surveillance that is undertaken by the use of US legislation that forces US-based cloud providers to provide access to data they hold.
Current regulations such as Safe Harbour allow US firms to process EU data outside EU borders subject to conditions about how that data is handled. But the European Parliament report, written by British privacy expert Caspar Bowden, says that recent revelations show that such agreements are no longer sufficient, citing US legislation such as the Patriot Act and Foreign Intelligence Surveillance Act (FISA).
“Since the main mechanisms for data export [such as] model contracts [and] Safe Harbour, are not protective against FISA or Patriot, they should be revoked and renegotiated,” said the report.
To put pressure on the US government, the report recommends that US websites should ask EU citizens for their consent before gathering data that could be used by the NSA.
“Prominent notices should be displayed by every US web site offering services in the EU to inform consent to collect data from EU citizens. The users should be made aware that the data may be subject to surveillance by the US government for any purpose which furthers US foreign policy,” it said.
“A consent requirement will raise EU citizen awareness and favour growth of services solely within EU jurisdiction. This will thus have economic impact on US business and increase pressure on the US government to reach a settlement.”
Other recommendations include the EU offering protection and rewards for whistleblowers, including “strong guarantees of immunity and asylum”. Such a move would be seen as a direct response to the plight of Edward Snowden, the former NSA analyst who leaked documents that revealed the extent of the NSA’s global internet surveillance programmes.
The report also says that, “Encryption is futile to defend against NSA accessing data processed by US clouds,” and that there is “no technical solution to the problem”. It calls for the EU to press for changes to US law.
“It seems that the only solution which can be trusted to resolve the Prism affair must involve changes to the law of the US, and this should be the strategic objective of the EU,” it said.
The report was produced for the European Parliament committee on civil liberties, justice and home affairs, and comes before the latest hearing of an inquiry into electronic mass surveillance of EU citizens, due to take place in Brussels on 24 September.
European commission vice-president Neelie Kroes warned recently that US cloud service providers could suffer loss of business in light of the Prism revelations.
“If businesses or governments think they might be spied on, they will have less reason to trust cloud and it will be cloud providers who ultimately miss out,” she said.
Read more on NSA internet surveillance
- NSA reveals how Snowden accessed secret Prism files
- New Snowden docs reveal secret NSA hacker unit
- US acts to restore faith in encryption standard after NSA backdoor revelation
- NSA and GCHQ unlock online privacy encryption
- NSA Prism scandal could hit US cloud providers, says EC vice-president
- NSA allowed to collect US email records, secret documents reveal
- FBI spies on internet users
Go to Original – computerweekly.com
DISCLAIMER: The statements, views and opinions expressed in pieces republished here are solely those of the authors and do not necessarily represent those of TMS. In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.