Will the PRISM scandal lead to concrete privacy reform?


This is the original English version of an article that was published in German in the Frankfurter Allgemeine on August 10, 2013 (see article here). 

PRISM: It’s not too late to do something

Over the last few weeks, nearly every day has brought with it a new disclosure in the NSA surveillance scandal: a new target uncovered or a new foreign government intelligence agency found to be complicit. Yet, with limited public outcry in the United States, one can’t help but wonder if — and why — citizens of other Western democracies may be more offended over this spying than Americans themselves.

The difference between privacy expectations in the United State and the European Union has
long been known. In Europe, both privacy and data protection are understood to be fundamental human rights, codified under the Charter of Fundamental Rights of the European Union. In the United States, privacy is regarded more as a negative right, relying on a patchwork of laws limiting the ways in which the government can engage in surveillance (e.g., the Electronic Communications Privacy Act or the Foreign Intelligence Surveillance Act) and private sector obligations (e.g., data breach notification), instead of a comprehensive and enforceable framework, as in Europe (under the 1995 Directive).

Furthermore, when the U.S. understanding of the right to free speech — more absolutist than European interpretations of the right to free expression — has come into conflict with the right to privacy, the U.S. has historically sided with its First Amendment, often to the detriment of privacy rights. In Europe, courts and legislatures have long taken an approach that has sought to balance these often-competing concerns.

Despite the differences in public expectations, it is undeniable that these revelations have caused an awakening on both sides of the Atlantic. As the international media coverage has put privacy concerns on the tip of everyone’s tongues, there is reason to believe that citizens are beginning to seriously question the post-9/11 bargain states have presented to citizens: that a nation could defend its national security or its privacy, but not both. However, even with this public reassessment, the question remains: will these disclosures, and ensuing outcry, lead to concrete (and much needed) reforms on privacy?

With the explosion of information communications technology, our data is being collected, analysed, and stored in various databases, often without our knowledge or consent. The PRISM scandal is only the latest example showing both the increasing tendency and relative ease at which governments (both foreign and domestic) can get at our information.  Here in Europe, the Data Retention Directive ensures all the telecommunications data of every European citizen is collected and stored by companies from between 6 months to 2 years, depending on the Member State’s implementation.

There’s an international perception that citizens of the United States are more suspicious of their government, constantly pushing back on expanded social and public services and efforts at national regulation. So when the news of the NSA’s spying broke, many assumed that the American public would respond with outrage to this unprecedented level of governmental intrusion into their private lives. However,
recent polling has indicated otherwise: while 53% of respondents felt that the NSA phone-scanning program was too great of an intrusion on citizen’s privacy rights, 51% said they supported the program. While there have been shifts in these numbers recently, Americans and their representatives are still clearly figuring out what they think about these government surveillance programs.

While protests erupted in Berlin, and most recently near
Frankfurt at an alleged NSA surveillance facility, it is curious to note that they did not spread elsewhere throughout the continent. Like many activists I’m spoiled by the waves of protest that erupted last year over the controversial Anti-Counterfeiting Trade Agreement (ACTA), where citizens around Europe filled the streets in protest of the secretive Treaty. So where’s the rage this time?

It’s possible that citizens outside of the US might not see the use in protesting against a foreign government’s actions, whose legal justification for the surveillance specifically targets “non-US” citizens, leaving these citizens of other countries without clear protections or redress mechanisms.

What’s more, the depth of surveillance and the implications for individual citizens is difficult to fathom. A recent
Cambridge University study underlined the alarming amount of personal details that can be gleaned from analysing Facebook “likes,” including religious beliefs, political leanings, sexual orientation, and ethnicity. Now that was only one feature on one social network of a relatively small test group; imagine the analysis that can be produced by combining social networking with location data, emails, phone calls, banking information, and so on.  In short, how can citizens protest against something they don’t know about?

The Cambridge study underlines the reality that online consumer platforms may know more about us than we know about ourselves. By the time we wrap our heads around the implications of that, we run a great risk of these programs being normalised. So perhaps the question isn’t about who cares most, but where can we go from here?

From a reform point of view, comprehensive, strong and enforceable rules regulating the collection and processing of personal data are absolutely critical in the age of near ubiquitous surveillance. The European Commission’s Data Protection Regulation has proposed just that.

However, since the Commission introduced its legislative proposal to update and strengthen privacy rules on the continent, it has been
under full-scale attack by large (mostly US-based) companies and the US government (which successfully diluted the original legislation before it was even published). These actors have been attempting to weaken the very provisions that could have offered European citizens protections from programs like PRISM. Many assumed lobbying efforts by the US were in support of the US business interests, but the revelations about NSA spying over few weeks suggest additional motives.

The Regulation is currently being debated in both the European Parliament and the European Council so
there’s still time to make your voice heard. This is our chance to enact real reform on the way our very basic rights are protected. That includes standing up to foreign and domestic programs that undermine our freedoms.