Category: Surveillance

The limits of government surveillance according to the ECtHR

Limits? What do you mean by 'limits'?

Limits? What do you mean by ‘limits’?

In two very recent judgements, the European Court of Human Rights (hereafter ECtHR) has made several essential points in regards of surveillance conducted by public authorities and its relation with Article 8 of the European Convention of Human Rights (hereafter ECHR).

Article 8 provides that governmental interference with the right to privacy must meet two criteria. First, the interference must be done e conducted “in accordance with the law” and must be “necessary in a democratic society”. Such interference must aim to achieve the protection of the “interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others”.

In previous cases regarding surveillance conducted by public authorities, the ECtHR had already concluded that any interference with the right to respect for private life and correspondence, as enshrined in Article 8 of the ECHR, must be strictly necessary for safeguarding the democratic institutions. However, it has now further clarified its interpretation.

In these recent decisions, the ECtHR concluded that the secret surveillance, as carried out in the manner described in the facts of the cases, violated Article 8 of the Convention.

The Roman Zakharov v. Russia decision, issued on the 4th December 2015, concerned the allegations of the editor in chief of a publishing company that laws enabling the installation of equipment which permitted the Federal Security Service (“the FSB”) to intercept all his telephone communications, without prior judicial authorisation, three mobile network operators interfered with his right to the privacy of his telephone communications.

The Court considered that “a reasonable suspicion against the person concerned, in particular, whether there are factual indications for suspecting that person of planning, committing or having committed criminal acts or other acts that may give rise to secret surveillance measures, such as, for example, acts endangering national security” must be verified and the interception shall meet the requirements of necessity and proportionality.

The Szabó and Vissy v. Hungary decision, issued on the 12th January 2016, concerned the allegations of members of a non-governmental organisation voicing criticism of the Government that the legislation enabling police to search houses, postal mail, and electronic communications and devices, without judicial authorization, for national security purposes, violated the right to respect for private life and correspondence.

The Court considered that: “the requirement ‘necessary in a democratic society’ must be interpreted in this context as requiring ‘strict necessity’ in two aspects. A measure of secret surveillance can be found as being in compliance with the Convention only if it is strictly necessary, as a general consideration, for the safeguarding the democratic institutions and, moreover, if it is strictly necessary, as a particular consideration, for the obtaining of vital intelligence in an individual operation. In the Court’s view, any measure of secret surveillance which does not correspond to these criteria will be prone to abuse by the authorities with formidable technologies at their disposal.” Consequently, it must be assessed if “sufficient reasons for intercepting a specific individual’s communications exist in each case”.

In both cases, by requiring surveillance activities to be individually targeted, the ECtHR has established that any indiscriminate interception is unacceptable. This is a most welcomed position considering the well-known legislative instruments and initiatives intended to strength the legitimacy of massive monitoring programs in many EU Member States.

Opinion of the EDPS on the dissemination and use of intrusive surveillance technologies

We need some more surveillance here!

We need some more surveillance here! 1)Copyright by Quevaal under the Creative Commons Attribution-Share Alike 3.0 Unported

In a recently published opinion, the EDPS addressed its concerns in regards of the dissemination and use of intrusive surveillance technologies, which are described as aiming “to remotely infiltrate IT systems (usually over the Internet) in order to covertly monitor the activities of those IT systems and over time, send data back to the user of the surveillance tools.”

The opinion specifically refers to surveillance tools which are designed, marketed and sold for mass surveillance, intrusion and exfiltration.

The data accessed and collected through intrusive surveillance tools may contain “any data processed by the target such as browsing data from any browser used on that target, e-mails sent and received, files residing on the hard drives accessible to the target (files located either on the target itself or on other IT systems to which the target has access), all logs recorded, all keys pressed on the keyboard (this would allow collecting passwords), screenshots of what the user of the target sees, capture the video and audio feeds of webcams and microphones connected to the target, etc.

Therefore these tools may be adequately used for human rights violations, such as censorship, surveillance, unauthorised access to devices, jamming, interception, or tracking of individuals.

This is particularly worrisome considering that software designed for intrusive surveillance has been known to have been sold as well to governments conducting hostile surveillance of citizens, activists and journalists.

As they are also used by law enforcement bodies and intelligence agencies, this is a timely document, considering the security concerns dictating the legislative amendments intended to be implemented in several Member States. Indeed, as pointed by the EDPS, although cybersecurity must not be used for disproportionate impact on privacy and processing of personal data, intelligence services and police may indeed adopt intrusive technological measures (including intrusive surveillance technology), in order to make their investigations better targeted and more effective.

It is evident that the principles of necessity and proportionality should dictate the use of intrusion and surveillance technologies. However, it remains to be assessed where to draw the line between what is proportional and necessary and disproportional and unnecessary. That is the core of the problem.

Regarding the export of surveillance and interception technologies to third countries, the EDPS considered that, despite not addressing all the questions concerning the dissemination and use of surveillance technologies, “the EU dual use regime fails to fully address the issue of export of all ICT technologies to a country where all appropriate safeguards regarding the use of this technology are not provided. Therefore, the current revision of the ‘dual-use’ regulation should be seen as an opportunity to limit the export of potentially harmful devices, services and information to third countries presenting a risk for human rights.

As this document relates to the EU cybersecurity strategy and the data protection framework, I would recommend its reading for those interested in those questions. You can find the document here.

References   [ + ]

1. Copyright by Quevaal under the Creative Commons Attribution-Share Alike 3.0 Unported

What do your Internet connection records reveal about you?

Not anymore!

Not anymore!

When I brought up in a conversation the issue regarding the measures intended to be taken by some governments, in particular the access to Internet connection records foreseen in the UK draft Investigatory Powers Bill, I was quite surprised to realise that some people around me seemed to accept that online privacy should be curtailed in order to ensure stronger security, a view with which I strongly disagree.

But more importantly for this post, they did not consider it excessively intrusive.

And then I just realised that, none withstanding the fact that Internet is an intrinsic part of our daily lives, many are simply clueless about the detailed digital fingerprint they leave behind, website after website visited, and how much revealing that is.

It never ceases to amaze me how, in this Internet dependent era, so many people actually ignore how much information regarding their lives, habits, and ultimately, their privacy is at stake.

One thing is to ponder the pros and cons of registering in a website or downloading an app and take a decision accordingly. Another completely different is to simply be unaware of the risks, to not wonder: what is done with this information?… And subsequently take completely unaware decisions and form and convincingly express their opinions on flawed grounds.

Let’s be clear here: to have access to someone’s Internet connection records is to have access to their Internet browsing history!

Yes, the very same some people delete for the most various reasons, but that essentially amounts to one and only: for it not to be known.

Now consider that there is little in our real life that does not reflect in our online activities. From booking flights and hotels, buying books and clothes, or other less random items, online dating, participating in discussion groups and forums, ‘googling’ in general… Imagine, for instance, googling a specific health condition that is worrying you…

And what can be inferred and the correlations which can be made from those searches and websites accessed… From your interests, to your lifestyle, to your personal life and your health…

And, yes, that includes the most embarrassing little details that your browsing history can reveal.

In this context, I would say that the time and amount of times you visited a website would be the less worrisome but even these can be quite informative, if a pattern emerges.

Only someone who is not familiar at all with the concept of ‘profiling’ of interests and behaviour and the detailed conclusions which can be reached can argue that the access to the browsing history is not sufficiently revealing and intrusive to raise any concerns from a privacy viewpoint.

This is not about having ‘something to hide’ or ‘anything to be ashamed of’. It is about unwilling exposure and the complete unaware loss of privacy. Even for those who truly believe to be utter uninteresting, there is certainly something they would rather keep secret. And it is that little bit that should be considered before taking a stance on the issue of government surveillance.

Tech companies: The new assistants of police and security services

Yes, these guys!

Yes, these guys!

It seems that tech companies are what is left standing between citizen’s privacy rights and governments’ surveillance…

This has been demonstrated in the past by Microsoft stance in regards of the access to the tech companies networks by intelligence agencies and law enforcement authorities, in order to collect information about its users.

More recently, it has been the turn of Apple, which has expressed substantial objections to the proposals intended to update UK’s surveillance laws in its written submission to the Joint Committee on the Draft Investigatory Powers Bill.

According to the draft, police and security services will be able to access the Internet browsing history of UK citizens, without prior judicial authorisation being required. Moreover, in order to comply with a judicial order, companies could be required to hack devices and accounts to acquire information.

Apple argues convincingly that such measures amount to implement a ‘back door’, which will weaken the end-to-end encryption methods used by tech companies precisely to protect communications between devices and the associated customer data, thus allowing for an easier interception by third parties. As put by Tim Cook himself, “any back door is a back door for everyone”.

One would dare to think that, considering all the news regarding data breaches and hacking, implementing ‘back doors’ would be spontaneously deemed an foolish idea and automatically excluded from discussion.

Apparently not.

It is a common view of many national governments, fuelled by the successive terrorist attacks in Paris, that the strengthening of the capabilities of law-enforcement agencies is required in order to prevent terrorist attacks.

However, the view that privacy should be traded for increased and stronger national security is exaggeratedly one-dimensional, as they are not forcefully as closely related as some want them to appear.

Considering that the terrorists involved in those attacks were already well-known from the competent authorities, it is difficult to accept how more privacy-intrusive tools, directed to everyone, and which actually entail further exposing citizens to online threats, will help preventing future attacks.

The ‘Dick-Pic Programme’

How unfortunate it is that people are not generally very concerned about government mass surveillance… except when pictures of their private parts are involved.

The good news is that there is no such ‘dick-pic programme’. The bad one is that, well, the intelligence services do collect those kind of pictures and they are only a small part of the information which has been collected – and depending on each individual’s exhibitionist tendencies – not the most privacy-infringing one.

The impact of the attack against Charlie Hebdo on our rights and freedoms

This will be the excuse for more intrusion.

This will be the excuse for more intrusion.

I do not particularly appreciate the work of the satirical magazine Charlie Hebdo. I frequently find it distasteful and offensive. And I do like to live in a society where others are able to freely express themselves and I am able to openly dislike or disagree with. That is what the right of expression is about. Of course it is not an absolute right and, of course, when the critique is about sensitive issues, such as religion, race, sexual orientation or gender, someone will most certainly get offended. This is not the main purpose of the satire. As history shows us, this kind of critique has prompted reflections, discussions and cultural, political and social changes.

Thus said, a cold-blooded attack was conducted against the headquarters of the magazine, in Paris, and 12 innocent persons were killed, due to the drawing of a cartoon. I cannot help lingering on the absurdity of these words as I write them. And to feel, over again, the shock, the incredulity, the anger, the frustration, the revolt, the hope. And the fear. The fear of this invisible enemy who is able to strike anywhere, at any time, against anybody. The very same feelings that are awaken each time a terrorist attack occurs.

Looking at the solidarity marches held in Paris, it is unavoidable to outline the particular unifying effect of this particular attack. It has united those in favour of freedom of speech, freedom of information, and, ultimately, the rule of law and democracy ideals. Values that are so deeply anchored in our mindsets and yet so frequently put at risk. On the other side, it has ignited one of the most powerful and basic feelings, the fear. The same fear which has empowered anti-immigration movements with an afresh wave of arguments, increased xenophobia and fed the confusion of concepts such as Muslims, Islamism, extremism and terrorism. As strange as it can be, this event has joined in solidarity existing conflicting ideals that would not be put side to side otherwise. And this is where the scission happens.

In fact, when individuals feel insecure and threatened, intolerance, regarding minorities, cultural, ethnic and religious, for instance, arises. It has happen before. It has been happening more frequently due to the economic crisis. And it has happened again a few days ago, considering the almost immediate popularity of some extreme right political parties on social networks.

Moreover, fear does not only compel individuals to pacifically accept the sacrifice others’ rights and freedoms in order to preserve their own privileges and liberties. In the name of an alleged bigger value, such as national security, individuals also tend to more easily allow, without questioning, restrictions on their own civil and fundamental rights. Anything to feel safe again or at least live the comfort of that illusion.

Times like these, where these kinds of emotions and beliefs so vividly oppose a common threat, are therefore treacherous. One particular danger subsists in the appearance of legitimacy from which certain not so legitimate political ideals and governmental initiatives may benefit.

For instance, in the wake of the abovementioned attack, the French government has notified the European Commission of the impending publication of decrees allowing that websites advocating or promoting terrorist practices or ideals could be blocked without the intervention of a judge.

In this particular case, I sincerely fail to see any relation between the attack itself and such online activities or to perceive how such decrees will somehow help to prevent any eventual similar attacks in the future. However, it is much certainly a first step to take control over the content of online communications and to achieve the desired Internet governance. In the wake of Edward Snowden’s revelations, it was already been made clear how interesting our communications can be to some intelligence services. Of course, if censorship can ever be defensible, it is particularly in this case. Nevertheless, it is a very hazardous path. Where to draw the limit? What guarantees do we have that this is just not the climbing of the first step of the staircase? When will surveillance measures be enough?

Furthermore, the fight against terrorism being primarily of their competence, and in what seems to be the result of passionate emotions and precipitation, some EU Members States are already developing extra security measures. No surprise here. Following a terrorist attack, it is quite common for governments to push for increased surveillance.

I have to admit that I am very sceptic in regards of the efficiency of a more intrusive government surveillance. I do believe that surveillance is needed to be conducted in order to tackle terrorism. But the police and the intelligence services do already conduct surveillance activities which allow for the identification of people involved in terrorist activities. For instance, the Cherif and Said Kouachi brothers, the authors of the attack conducted against Charlie Hebdo, were already known to the security services and this has not prevented the horrific murder of those people. Moreover, Charlie Hebdo was already known as a potential target, as it has been firebombed in 2011.

So to argue that more invasive powers of surveillance on a larger scale, which will imply to treat everyone as a suspect, are required in order to prevent future attacks is very unconvincing. Surveillance must be targeted and limited and the competence of courts in regards of restrictions to individuals’ fundamental rights cannot be diluted.

Considering the existing fear, it is very easy to turn terrorist attacks into the perfect excuse for the practice of mass surveillance and a full government control over the Internet. However, this would get us dangerously close to the very same political regimes we are so proud to differ of. Contrarily to what some of us might think or say, we do not want to risk living in a society where we all are monitorized and afraid to express ourselves. Mass surveillance does not only violate our privacy, it also undermines our ability to speak freely. In this context, the line to censorship can be smoothly crossed. Which is the opposite of what Charlie Hebdo actually stands for.

I mean, if this attack was primarily directed to the freedom of expression of a democratic country, counter-attacking on the same freedom of expression – although in its online manifestation – does seem a little bit odd. Shouldn’t we aim precisely the opposite: to protect the very rights and freedoms that have been attacked? Our freedoms are not protected by further limitations.

At the EU level, border management, internal security, the “foreign fighters” travelling and the online terrorist propaganda were already very vivid concerns. In the wake of the Charlie Hebdo attacks, the European Commission has pledged to present a new programme to fight terrorism. Under the present scenario, it is very likely that the discussions in regards an EU PNR will be boosted.

Only time will tell to what extent these terrorists attacks were able affect our core values. But in the aftermath, it seems that, if the intention of the attack was to undermine our fundamental rights, in the long run, they may be successful.

 

National Security: The new
responsibility of Tech
Companies?

Let's take a closer look on... everything!

Let’s take a closer look on… everything!

Private tech companies are no longer expected to only aim profit. No. Besides having been assigned with the task of distinguishing public and private interest, they are now required to act as watchdogs to the intelligence services.

I am referring today to the very interesting opinion article of Robert Hannigan, published on Financial Times, last week, which I highly recommend.

Hannigan is the new Director of CGHQ, which stands for Government Communications Headquarters, meaning the British electronic intelligence agency. It operates closely with the British security service, MI5; the overseas intelligence service, MI6; and the United States National Security Agency (NSA).

In the above-mentioned article, Hannigan called for “better arrangements for facilitating lawful investigation by security and law enforcement agencies than we have now” in order to find “a new deal between democratic governments and the technology companies in the area of protecting our citizens”.

He mainly referred to the radical group Islamic State, a.k.a. ISIS and ISIL, “whose members have grown up on the Internet” and are “exploiting the power of the web to create a jihadist threat with near-global reach.” In this context, he qualified tech companies as “the command and control networks of choice” for terrorists.

Basically, and summing it up, let’s all forget about Snowden’s revelations (which I already addressed here) and see the big picture: because terrorists are using the social media websites, tech companies such as Facebook and Twitter ought to share all our private data with law intelligence agencies to stop terrorism. As we all have a common enemy, let’s allow a more undisturbed sharing of information between the intelligence community and private technology companies of our data. In these dangerous times, who needs privacy, anyway, right?

Coincidentally or not, these declarations came in the wake of Apple and Google sophisticated encryption initiatives regarding data on their mobiles and email systems. Indeed, encryption makes the collection of data off the wires more difficult. Unsurprisingly enough, these statements are also in line with FBI Director James Foley efforts.

However, despite seemingly intended to be simultaneously inspiring, alarmist and paranoia inducing, I couldn’t help to notice that the article is actually full of contradictions which I assume were intended to go unacknowledged.

To begin with, the conclusion according to which techniques for encryption or anonymisation through mobile technology in fact help terrorists to hide from the security service – or, as stated, “are the routes for facilitation of crime and terrorism” – is quite a far-fetched one. Terrorism has been here long before new technologies as we know them and, unfortunately, terrorists have always found ways of hiding their operations quite successfully.

As for the allusion that the leaking of information by Edward Snowden has actually helped the development of terror networks… Seriously? Of course, the problem was not mass surveillance in itself. The real issue was that those monitoring activities were revealed to the world.

Besides, the use of Internet by radical groups for promotion, intimidation and online recruitment of potential fighters is already a general concern. But the thing is, as these activities happen in fact on social media platforms, everybody can actually see it. So, where does the need for a more direct and thorough access to social platforms data comes from? It is not as secret terrorist operations are expected to be conducted on Facebook or Twitter. I mean, these companies are not really known for the security of their communications.

Moreover, nobody actually believes that privacy is an absolute right. The ECHR is quite clear on that. The right to privacy shall always be balanced with other rights, freedoms and needs, as for instance the right to information, the freedom of expression and the need to ensure national security. However, I fail to see the balance between civil liberties and national security in Hannigan’s speech. Similarly, I fail to understand how the free and secretive interference in our privacy – for security reasons, always, of course – can be lawful and how its proportionality is ensured.

Likewise, why isn’t a prior court order appropriate to intelligence agencies regarding requests for data? It should be up to the courts, not the GCHQ, nor tech companies, to decide when our personal data shall be shared with the intelligence services. Courts are the only guarantee of individuals’ rights and freedoms and of principles such as necessity and proportionality of the measures taken. Tech companies cannot refuse these requests when they are based on a Court order. So, when Hannigan calls for ‘better arrangements‘ and ‘new deals’, it is very questionable what is truly meant.

Thus said, the consideration that users of social media platforms “do not want the media platforms they use with their friends and families to facilitate murder or child abuse” was just the cherry on top of a very bitter anniversary cake, the 25th anniversary of the world wide web, that Hannigan obviously hasn’t failed to mention.

These arguments are not fit for a “mature debate on privacy in the digital age”. Indeed, the fear, uncertainty and doubt (FUD) is quite a well-known strategy regarding perception influence and public misinformation.

For more regarding this brilliant-for-all-the-wrong-reasons article, check the following posts.

Uncle Sam is watching EU

I know what you're doing!

I know what you’re doing!

Surveillance is commonly defined as the, often surreptitious and illegal, monitoring of behaviours and activities of people for the most diversified ends, which normally include the purposes of supervision, influence or manipulation, control or protection.

Therefore, mass surveillance means to watch over an entire or substantial fraction of a population and is usually conducted by governments or by corporations on their behalf in order to, allegedly, fight terrorism, national security or child pornography, just to mention some of the justifications.

I still remember the worldwide chilling feeling that followed Edward’s Snowden’s revelations, published by The Guardian, back in summer 2013, regarding the extent and the scope of the surveillance programme known as PRISM conducted by the NSA (National Security Agency).

That feeling still remains and the worldwide debates that followed concerning the illegality of the measures taken and the violation of privacy rights and civil liberties are not about to end any time soon.

The news according to which some technology and telecommunications companies granted the NSA direct access to their servers or handed over detailed reports about their customer’s databases most certainly didn’t help.

Despite the denials from the companies concerned that ensued, mass surveillance has become, since then, a concern of the EU.

First, the surveillance measures undertaken affected the fundamental rights of European citizens, namely their right to privacy and to protection of personal data.

Moreover, the surveillance programmes conducted by the USA outlined the connection between the state or government surveillance and the processing of data by private companies.

In addition, the disclosure of large-scale intelligence data collection programmes affected negatively the trust in the transatlantic relationship.

And, in this regard, there is quite a lot at stake.

Indeed, both parties have concluded several agreements regarding the exchange of personal data for the purposes of law enforcement, including the prevention and combating of terrorism and other forms of serious crimes. These are the Mutual Legal Assistance Agreement, the Agreement on the use and transfer of Passenger Name Records (PNR), the Agreement between Europol and the US and the Agreement on the processing and transfer of Financial Messaging Data for the purpose of the Terrorist Finance Tracking Program (TFTP).

In addition, the legal basis for the exchanges for commercial purposes between the EU and the USA is provided by the Safe Harbour Decision, which concerns transfers of personal data from the EU to companies established in the U.S. which have adhered to the Safe Harbour Principles. Efforts to negotiate amendments to the program have been ongoing since the fall of 2013.

Besides, the EU and the USA are currently negotiating the ‘umbrella agreement’, a framework agreement on data protection regarding the transfer and processing of data in the field of police and judicial cooperation.

Last, but not the least, it should be also mentioned the ongoing negotiations for the controversial Transatlantic Trade and Investment Partnership (TTIP), the world biggest trade agreement.

While it is supposed to increase trade and investment, there is a noteworthy apprehension around its potential negative impact on privacy. But, as it is being negotiated behind closed doors, it is yet to be known how much these concerns are justified in the light of the ACTA (Anti-Counterfeiting Trade Agreement), which would have allowed to carry out intrusive surveillance on all of our Internet usage, regardless of whether we had actually infringed anyone’s copyright. This lead the European Parliament to reject it in 2012. All things considered, the EU Ombudsman recommendations are therefore much welcomed.

In this context, the documents very inconveniently released by Edward Snowden revealed that the USA accessed the SWIFT database, the biggest storage of financial transactions in the world, thus accessing millions of personal financial records, in the margin of the Terrorist Financing Tracking Programme (TFTP).1)The TFTP agreement allows the U.S. Treasury to access some data stored in Europe by international bank transfer company Swift (Society for Worldwide Interbank Financial Telecommunication) for the prevention, investigation, detection, and prosecution of conduct pertaining to terrorism or terrorist financing.

Last November, the European Commission released a communication in which it shared its concerns regarding the protection of personal data within the existing instruments.

The European Parliament has already called for the ‘immediate suspension’ of the Safe Harbour as it considered that the principles do not provide adequate protection for EU citizens and for the immediate suspension of the TFTP agreement until a “thorough investigation has been concluded”.

Meanwhile, leaders from the EU and the USA reiterated their commitment in a joint statement.

Although Jean-Claude Juncker has pressed the “conclusion of negotiations on the reform of Europe’s data protection rules, as well as the review of the Safe Harbour arrangement with the U.S.”, Andrus Ansip, who is slated to become the European Commission’s Vice-President for the Digital Single Market, affirmed, during a European Parliament confirmation hearing, that, unless the differences are resolved, the USA – EU Safe Harbour could be suspended. Ansip said that “we have to be absolutely sure that the national security exception will be used as an exception, not on a regular basis.”

It is beyond any doubt that the plea of terrorism or national security concerns can only fall down when facing revelations according to which NSA collects data related to international trade and monitors the telecommunications of leaders from Brazil and Germany. It is evident that those are mere excuses to conduct this kind of surveillance in the name of less honourable goals.

As if this wasn’t enough, documents delivered by Edward Snowden, and recently released by The Intercept, show that the agency has “under cover” agents embedded in foreign companies for the purpose of extending its surveillance reach.

Thus said, transparency reports, while presenting statistics of government’s requests for data, could be a useful tool to disclose the scope and scale of surveillance. However, governments are obviously not that keen in reporting on their surveillance activity and they will make sure to exempt from the report requested information related to ‘national security’.

It doesn’t come as a surprise that technology companies such as Facebook, Yahoo, Google, Microsoft, are now investing in barriers, mainly through the refusal of access requests and encryption of internal traffic, to make it harder for governmental intelligence agencies to ‘snoop around’. Even though some concerns regarding the impact on police investigations, namely of paedophilia suspects, have been raised, it is questionable if they are completely justified, mainly because there are several other ways to access the information stored. For instance, the information stored in the Cloud will still be ‘easily’ accessible.

Nevertheless, these and similar companies are businesses and shouldn’t be assigned with the role of guardian’s of individuals’ rights. It is all very wrong, and very totalitarian regimes look alike, when the governments themselves are attacking the most private parts of our lives.

Encryption measures have lead some to the conclusion that governments should be entitled to have a golden key – a back door access – in order to unlock and access individuals’ communications. The main viewpoint is that, by allowing so, personal safety and national security could be properly ensured…

Thus said, it might not come as the most surprising event that Russia is requiring social network companies, as Facebook and Twitter, to store the personal data of national citizens in servers based within the country’s borders or face being blocked without a previous court ruling. Conveniently, the initiative – which represents an open door to enforce censorship – is even presented as a necessary remedy to protect against foreign threats and USA spying.

It is difficult not to wonder – and worry – if this is the first step for the blocking of all websites with user generated contents, as an already proved effective mean to control the right to information and freedom of expression and any democratic expressions.

In this context, the hypothesis according to which the European Commission (DG Home) has been collaborating with the USA administration regarding the EU data protection reform raises some deep and justified concerns. Mainly if we consider that the former EU Home Affairs Commissioner, Cecilia Malmström, is very likely soon to be confirmed by the European Parliament as the EU’s new trade commissioner, conducting the negotiations over the TTIP, from the EU side. But then, again, if it is true that the European Commission knew about PRISM all along… Conspiracy theories apart, Cecilia Malmström has denied the allegations at the hearing with the Members of the European Parliament.

Of course, according to the principle of conferral or attributed powers, the EU may only exercise competences conferred on it by the Treaties to attain the objectives set out therein.2)See article 5[2] TEU This means that competences not conferred upon the Union in the treaties remain within the Member States.3)See article 4 TEU National security is deemed an essential State function and the sole responsibility of each Member State.

Considering that matters related to national security are usually exempted from surveillance activity reports, I guess that it all comes full circle, after all…

And while one can be glad that the UN issued a report stating that Mass Surveillance Violates Human Rights, one is also entitled to be sceptical regarding its effects on the government programs.

 

References   [ + ]

1. The TFTP agreement allows the U.S. Treasury to access some data stored in Europe by international bank transfer company Swift (Society for Worldwide Interbank Financial Telecommunication) for the prevention, investigation, detection, and prosecution of conduct pertaining to terrorism or terrorist financing.
2. See article 5[2] TEU
3. See article 4 TEU

© 2017 The Public Privacy

Theme by Anders NorenUp ↑