Modern field guide to security and privacy

Opinion: With pervasive government surveillance, there are no safe harbors

This week's European ruling striking down the transatlantic Safe Harbor deal is a stark reminder that no one's data is safe until governments around the world reform digital surveillance practices.

Reuters
An undated aerial handout photo shows the National Security Agency headquarters building in Fort Meade, Maryland.

The Court of Justice of the European Union decision to strike down the transatlantic Safe Harbor agreement gives EU officials and their American counterparts a chance to start over on data protection.

The two sides should take this opportunity to hammer out a deal that fixes the inherent problems with the original arrangement in order to offer meaningful data protection that respects the rights of everyone.

But for any real movement to improve on the Safe Harbor agreement will require meaningful political reform to curb the digital eavesdropping practices at the National Security Agency as well as at spy agencies across Europe.

In fact, NSA spying was at the heart of the European ruling on Safe Harbor. The court's decision stemmed from a case brought by Austrian privacy activist Max Schrems, who claimed that Facebook violated the Safe Harbor deal due to the NSA's PRISM program.

Exposed in 2013, PRISM is a massive surveillance program authorized in the 2008 amendments to the Foreign Intelligence Surveillance Act. Congress passed the FISA Amendments Act to authorize surveillance that had previously been carried out under the so-called warrantless wiretapping program. The law vastly expanded the government's legal authority to surveil international communications in the US.

Mr. Schrems claimed that PRISM demonstrated that Facebook – which, like many companies, transfers scores of data from servers in Europe to those in the US – couldn't comply with Safe Harbor. Notably, the case does not address surveillance under other authorities such as Executive Order 12333, which grants broad surveillance powers for information stored outside of the US and doesn’t require any judicial involvement and has little oversight or accountability.

Plenty of digital rights and civil society groups have long pointed to the failings of Safe Harbor. The deal requires that companies only self-certify they are complying with the principles of the arrangement. In 2013, the European Commission identified 13 additional areas in which the Safe Harbor arrangement needs reform, including transparency and redress.

Another problem with Safe Harbor was that the protections it sought to provide were limited "to the extent necessary to meet national security, public interest, or law enforcement requirements." This, coupled with the NSA’s broad surveillance authorities and failure to meaningfully recognize the human rights of people outside the US, means that innocent people in the EU – and around the world – have routinely had their personal data collected in US government surveillance programs.

But government surveillance isn’t a problem only at America's harbor – it’s a global problem.

Last year, Britain issued a policy that rationalized bulk surveillance programs. The German surveillance agency, Bundesnachrichtendienst, or BND, has collected information on its own citizens and shared that data with the NSA. France is in the midst of passing an incredibly draconian surveillance law, as are several other countries in Latin America and Africa. Australia passed its own suite of overly broad surveillance laws last year.

It remains to be seen what will replace Safe Harbor in the long term. In the immediate future, companies will likely have to negotiate individual agreements with EU countries to store information outside Europe. But if PRISM is the deal-breaker, it is difficult to see how a new Safe Harbor agreement would fix the surveillance problem. A solution requires vastly overhauling US surveillance authorities like the FISA Amendments Act in a way that recognizes the rights of those in the EU and around the world.

In something of an ironic twist in all of this, because Safe Harbor's collapse means more information will be stored outside the US, it'll therefore be within the jurisdiction of Executive Order 12333. Therefore, the court's ruling may actually mean fewer safeguards against surveillance of Europeans than under PRISM.

The European court's decision is a loud and impactful statement about pervasive government surveillance that continues to harm individuals and companies. But the damage won't stop until serious reforms take place in the US and abroad. If the NSA’s PRISM program means that the US isn't a safe harbor for individuals' private data and personal communications, it's difficult to find a place where one exists.

Amie Stepanovich is the US policy manager for Access. Follow her on Twitter @astepanovich.

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.