When details emerged last week about the National Security Agency’s Internet surveillance system PRISM, President Obama attempted to reassure Americans that it was not being used to target them. Instead, he implied, it is aimed at the other 95 percent of the world’s population.
The PRISM system, according to a set of leaked top-secret PowerPoint slides, enables the NSA to obtain private emails and other user data directly from the central servers of major Internet companies such as Google, Microsoft, Facebook, and Yahoo. The companies named as part of the program initially denied involvement, but some anonymous executives have since acknowledged the system’s existence, saying it is used to share information about foreign customers with the NSA and other parts of the U.S. intelligence community. At the heart of the PRISM story is a scandal that is not domestic but global.
The existence of PRISM provides vindication for privacy advocates worldwide who have been voicing alarm about the U.S. government’s ability to conduct mass surveillance of foreigners’ communications sent and received using services like Google’s Gmail and Microsoft’s Hotmail and Skype. Earlier this year, a prescient report produced for the European Parliament warned that the U.S. Foreign Intelligence Surveillance Act had authorized “purely political surveillance on foreigners’ data” and could be used to secretly force U.S. cloud providers like Google to provide a live “wiretap” of European users’ communications.
That appears to be precisely what PRISM enables. NSA agents can reportedly use the system to enter search terms into a “Web interface” that allows them to request and receive data—some of it in real time—from one or all of the participating companies. Director of National Intelligence James Clapper has confirmed that it operates under a controversial section of FISA that authorizes broad surveillance of non-U.S. persons—from foreign government agents, to suspected terrorists, and “foreign-based political organizations,” a vaguely defined category that could feasibly be used to target journalists and human rights groups.
The system may also sweep up Americans’ communications incidentally, because dragnet surveillance is not an exact science. The NSA only has to have “51 percent confidence” that it is targeting a non-U.S. citizen in an attempt to prevent violations of the Fourth Amendment, which protects against unreasonable searches. But for foreigners there does not appear to be any protection at all.
Before the disclosure of PRISM, a handful of European politicians were trying to amend data protection regulations to shield against suspected sweeping secret U.S. surveillance programs. The politicians’ concerns seemed to fall on deaf ears. However, the disclosure of PRISM has provided a level of confirmation that the suspicions were not rooted in paranoia, and the importance of this cannot be overstated. It has finally jolted senior European officials into action. Viviane Reding, vice president of the European Commission, the EU’s executive body, said in a statement Friday that “a clear legal framework for the protection of personal data is not a luxury or constraint but a fundamental right,” suggesting that the commission may support the introduction of more stringent privacy safeguards Europe-wide in response to PRISM.
Sophia in ‘t Veld, a Dutch member of the European Parliament, has been attempting to draw attention to the ability of U.S. powers to monitor European citizens for several years. In a phone interview Sunday, int ‘ Veld told me she was shocked about the PRISM revelations and said that she thought it would “change the context” of data privacy reforms across Europe. “We really need to wake up,” she said. “This is serious stuff. The government knowing everything, literally everything about us, and we are unable to exercise any meaningful democratic scrutiny? That is not a democracy.”
In ‘t Veld, who is also vice-chair of the European Parliament’s committee on Civil Liberties, Justice, and Home Affairs, said that part of the problem is that the European Union has been “passive” and unwilling to stand up to the U.S. government on national security issues in recent years. She said she was not comforted by the Obama administration’s claims in the aftermath of the PRISM revelations that the NSA’s spy powers are overseen by Congress. The Dutch MEP described meeting U.S. Senate Intelligence Committee chairwoman Dianne Feinstein a couple of years ago: “She did not strike me as somebody who was particularly concerned with civil liberties—quite the contrary. We were actually quite shocked by her attitude. So if democratic oversight is taking place under her lead, it doesn’t really reassure me.”
Politicians in Germany, the Netherlands, the United Kingdom, Belgium, and Romania are among those to have called for an investigation into PRISM at a European level. German privacy chief Peter Schaar has demanded that the U.S. government “provide clarity” regarding what he described as “monstrous allegations of total monitoring of various telecommunications and Internet services.” And Schaar has been backed up by German Chancellor Angela Merkel, who plans to raise the issue when she meets in Berlin with President Obama next week. Further afield, Canadian and Australian officials have also been voicing their concerns—with Ontario privacy chief Ann Cavoukian calling the disclosures about PRISM “breathtaking” and “staggering.”
For decades, spy agencies have conducted surveillance of overseas communications as part of their intelligence-gathering mission. But as the U.N. special envoy on free speech noted in an unprecedented report published last week, new technologies have changed the game. Tools available to governments today enable a more ubiquitous form of surveillance than ever before—all happening under a veil of intense secrecy and beyond public oversight—and that is precisely the danger with PRISM. U.S. companies have been strong-armed into complying with U.S. espionage, undermining the civil liberties of everyone who uses these services. No longer is foreign surveillance targeted at specific channels of diplomatic communication or aimed at particular suspects—it is much broader than that, capable of sweeping up data on millions or even billions of citizens’ communications. Edward Snowden, the NSA whistle-blower behind the disclosure of PRISM, has alleged that the agency “specifically targets the communications of everyone.”
Clapper, the U.S. director of national intelligence, said Thursday that the intelligence community was “committed to respecting the civil liberties and privacy of all American citizens.” But the U.S. government claims to endorse the Universal Declaration of Human Rights, which makes it clear that all citizens—not just American citizens—have a right not to be subjected to “arbitrary interference” with “privacy, family, home or correspondence.” And that is exactly the problem with the NSA’s PRISM: it puts the universal right to privacy through the shredder, and encourages other governments to do the same.