I know what you're doing!

I know what you’re doing!

Surveillance is commonly defined as the, often surreptitious and illegal, monitoring of behaviours and activities of people for the most diversified ends, which normally include the purposes of supervision, influence or manipulation, control or protection.

Therefore, mass surveillance means to watch over an entire or substantial fraction of a population and is usually conducted by governments or by corporations on their behalf in order to, allegedly, fight terrorism, national security or child pornography, just to mention some of the justifications.

I still remember the worldwide chilling feeling that followed Edward’s Snowden’s revelations, published by The Guardian, back in summer 2013, regarding the extent and the scope of the surveillance programme known as PRISM conducted by the NSA (National Security Agency).

That feeling still remains and the worldwide debates that followed concerning the illegality of the measures taken and the violation of privacy rights and civil liberties are not about to end any time soon.

The news according to which some technology and telecommunications companies granted the NSA direct access to their servers or handed over detailed reports about their customer’s databases most certainly didn’t help.

Despite the denials from the companies concerned that ensued, mass surveillance has become, since then, a concern of the EU.

First, the surveillance measures undertaken affected the fundamental rights of European citizens, namely their right to privacy and to protection of personal data.

Moreover, the surveillance programmes conducted by the USA outlined the connection between the state or government surveillance and the processing of data by private companies.

In addition, the disclosure of large-scale intelligence data collection programmes affected negatively the trust in the transatlantic relationship.

And, in this regard, there is quite a lot at stake.

Indeed, both parties have concluded several agreements regarding the exchange of personal data for the purposes of law enforcement, including the prevention and combating of terrorism and other forms of serious crimes. These are the Mutual Legal Assistance Agreement, the Agreement on the use and transfer of Passenger Name Records (PNR), the Agreement between Europol and the US and the Agreement on the processing and transfer of Financial Messaging Data for the purpose of the Terrorist Finance Tracking Program (TFTP).

In addition, the legal basis for the exchanges for commercial purposes between the EU and the USA is provided by the Safe Harbour Decision, which concerns transfers of personal data from the EU to companies established in the U.S. which have adhered to the Safe Harbour Principles. Efforts to negotiate amendments to the program have been ongoing since the fall of 2013.

Besides, the EU and the USA are currently negotiating the ‘umbrella agreement’, a framework agreement on data protection regarding the transfer and processing of data in the field of police and judicial cooperation.

Last, but not the least, it should be also mentioned the ongoing negotiations for the controversial Transatlantic Trade and Investment Partnership (TTIP), the world biggest trade agreement.

While it is supposed to increase trade and investment, there is a noteworthy apprehension around its potential negative impact on privacy. But, as it is being negotiated behind closed doors, it is yet to be known how much these concerns are justified in the light of the ACTA (Anti-Counterfeiting Trade Agreement), which would have allowed to carry out intrusive surveillance on all of our Internet usage, regardless of whether we had actually infringed anyone’s copyright. This lead the European Parliament to reject it in 2012. All things considered, the EU Ombudsman recommendations are therefore much welcomed.

In this context, the documents very inconveniently released by Edward Snowden revealed that the USA accessed the SWIFT database, the biggest storage of financial transactions in the world, thus accessing millions of personal financial records, in the margin of the Terrorist Financing Tracking Programme (TFTP).[1]The TFTP agreement allows the U.S. Treasury to access some data stored in Europe by international bank transfer company Swift (Society for Worldwide Interbank Financial Telecommunication) for the … Continue reading

Last November, the European Commission released a communication in which it shared its concerns regarding the protection of personal data within the existing instruments.

The European Parliament has already called for the ‘immediate suspension’ of the Safe Harbour as it considered that the principles do not provide adequate protection for EU citizens and for the immediate suspension of the TFTP agreement until a “thorough investigation has been concluded”.

Meanwhile, leaders from the EU and the USA reiterated their commitment in a joint statement.

Although Jean-Claude Juncker has pressed the “conclusion of negotiations on the reform of Europe’s data protection rules, as well as the review of the Safe Harbour arrangement with the U.S.”, Andrus Ansip, who is slated to become the European Commission’s Vice-President for the Digital Single Market, affirmed, during a European Parliament confirmation hearing, that, unless the differences are resolved, the USA – EU Safe Harbour could be suspended. Ansip said that “we have to be absolutely sure that the national security exception will be used as an exception, not on a regular basis.”

It is beyond any doubt that the plea of terrorism or national security concerns can only fall down when facing revelations according to which NSA collects data related to international trade and monitors the telecommunications of leaders from Brazil and Germany. It is evident that those are mere excuses to conduct this kind of surveillance in the name of less honourable goals.

As if this wasn’t enough, documents delivered by Edward Snowden, and recently released by The Intercept, show that the agency has “under cover” agents embedded in foreign companies for the purpose of extending its surveillance reach.

Thus said, transparency reports, while presenting statistics of government’s requests for data, could be a useful tool to disclose the scope and scale of surveillance. However, governments are obviously not that keen in reporting on their surveillance activity and they will make sure to exempt from the report requested information related to ‘national security’.

It doesn’t come as a surprise that technology companies such as Facebook, Yahoo, Google, Microsoft, are now investing in barriers, mainly through the refusal of access requests and encryption of internal traffic, to make it harder for governmental intelligence agencies to ‘snoop around’. Even though some concerns regarding the impact on police investigations, namely of paedophilia suspects, have been raised, it is questionable if they are completely justified, mainly because there are several other ways to access the information stored. For instance, the information stored in the Cloud will still be ‘easily’ accessible.

Nevertheless, these and similar companies are businesses and shouldn’t be assigned with the role of guardian’s of individuals’ rights. It is all very wrong, and very totalitarian regimes look alike, when the governments themselves are attacking the most private parts of our lives.

Encryption measures have lead some to the conclusion that governments should be entitled to have a golden key – a back door access – in order to unlock and access individuals’ communications. The main viewpoint is that, by allowing so, personal safety and national security could be properly ensured…

Thus said, it might not come as the most surprising event that Russia is requiring social network companies, as Facebook and Twitter, to store the personal data of national citizens in servers based within the country’s borders or face being blocked without a previous court ruling. Conveniently, the initiative – which represents an open door to enforce censorship – is even presented as a necessary remedy to protect against foreign threats and USA spying.

It is difficult not to wonder – and worry – if this is the first step for the blocking of all websites with user generated contents, as an already proved effective mean to control the right to information and freedom of expression and any democratic expressions.

In this context, the hypothesis according to which the European Commission (DG Home) has been collaborating with the USA administration regarding the EU data protection reform raises some deep and justified concerns. Mainly if we consider that the former EU Home Affairs Commissioner, Cecilia Malmström, is very likely soon to be confirmed by the European Parliament as the EU’s new trade commissioner, conducting the negotiations over the TTIP, from the EU side. But then, again, if it is true that the European Commission knew about PRISM all along… Conspiracy theories apart, Cecilia Malmström has denied the allegations at the hearing with the Members of the European Parliament.

Of course, according to the principle of conferral or attributed powers, the EU may only exercise competences conferred on it by the Treaties to attain the objectives set out therein.[2]See article 5[2] TEU This means that competences not conferred upon the Union in the treaties remain within the Member States.[3]See article 4 TEU National security is deemed an essential State function and the sole responsibility of each Member State.

Considering that matters related to national security are usually exempted from surveillance activity reports, I guess that it all comes full circle, after all…

And while one can be glad that the UN issued a report stating that Mass Surveillance Violates Human Rights, one is also entitled to be sceptical regarding its effects on the government programs.



1 The TFTP agreement allows the U.S. Treasury to access some data stored in Europe by international bank transfer company Swift (Society for Worldwide Interbank Financial Telecommunication) for the prevention, investigation, detection, and prosecution of conduct pertaining to terrorism or terrorist financing.
2 See article 5[2] TEU
3 See article 4 TEU