NSA inquiry: what experts revealed to MEPs


[12-02-2014 – 14:13]
Conclusion time: after months of investigating mass surveillance by the NSA in Europe, the EP inquiry has finished penning its findings. The inquiry was launched last year in the wake of revelations by NSA whistle-blower Edward Showden and involved more than 15 hearings with representatives of EU institutions, national parliaments, the US Congress, IT firms, NGOs and journalists. The civil liberties committee votes on the draft report on 12 February. Read on to discover what MEPs found out.

At the first hearing in early September journalists stressed the need for democratic scrutiny over the work of security services. “[Mass surveillance] technologies can be used for purposes other than to fight terrorism,” warned Jacques Follorou, of the French daily Le Monde. Reporters also spoke of the importance of protecting whistle-blowers and journalists that make such stories public.

In a statement for the inquiry, NSA whistle-blower Edward Snowden said he disclosed secret NSA document with the aim of launching a public debate on the balance between security and human rights. “Public debate is not possible without public knowledge (…) the surveillance of whole populations, rather than individuals, threatens to be the greatest human rights challenge of our time,” he said . Glenn Greenwald, the journalist Mr Snowden spoke to, later told MEPs that “most governments are beneficiaries of Snowden’s choice”.

Two former NSA employees and one former MI5 officer testified in the hearings, with ex-NSA senior executive and whistle-blower Thomas Drake saying he had never imagined “that the US would use the ‘Stasi guidebook’ for its secret mass surveillance programmes”. US congressman Jim Sensenbrenner, chairman of the subcommittee on crime, terrorism, homeland security, and investigations, told MEPs that abuses by the NSA had been carried out outside congressional authority. “I hope that we have learned our lesson and that oversight will be a lot more vigorous,” he said.

Questions were raised during the hearings whether the surveillance had violated various EU-US agreements, including one on the transfer of financial data for identification of terrorist activities (TFTP agreement), or another agreement on the data protection standards that US companies should meet when dealing with Europeans’ private data (Safe Harbour agreement).

Microsoft, Google and Facebook managers invited to speak denied giving unfettered access to their servers. Experts suggested setting up a European “privacy cloud” – a secure data storage to protect internet users’ privacy.

The hearings also looked into surveillance activities in EU countries, including Denmark, Belgium and the UK. “The Parliament inquiry was already looking not just into the NSA allegations, but also to our own backyard. We knew that the national oversight arrangements in many member states are inadequate to citizens,” said Claude Moraes, a British member of the S&D group in an interview in November.

NSA snooping: MEPs table proposals to protect EU citizens’ privacy

Committees Committee on Civil Liberties, Justice and Home Affairs [12-02-2014 – 20:11]

The European Parliament should withhold its consent to an EU-US trade deal unless it fully respects EU citizens’ data privacy, says an inquiry report on US National Security Agency (NSA) and EU member states surveillance of EU citizens, approved by the Civil Liberties Committee on Wednesday. It adds that data protection rules should be excluded from the trade talks and negotiated separately with the US.

The text, passed by 33 votes to 7 with 17 abstentions, condemns the “vast, systemic, blanket collection of personal data of innocent people, often comprising intimate personal information”, adding that “the fight against terrorism can never be a justification for untargeted, secret or even illegal mass surveillance programmes”.

“We now have a comprehensive text that for the first time brings together in-depth recommendations on Edward Snowden’s allegations of NSA spying and an action plan for the future. The Civil Liberties Committee inquiry came at a crucial time, along with Snowden ́s allegations and the EU data protection regulation. I hope that this document will be supported by the full Parliament and that it will last beyond the next European Parliament’s mandate”, said rapporteur Claude Moraes (S&D, UK), after the vote.

Data protection must be excluded from trade talks

Parliament’s consent to the final Transatlantic Trade and Investment Partnership (TTIP) deal with the US “could be endangered as long as blanket mass surveillance activities and the interception of communications in EU institutions and diplomatic representations are not fully stopped and an adequate solution for data privacy rights of EU citizens, including administrative and judicial redress is not found”, MEPs say.

Parliament should therefore withhold its consent to the TTIP agreement unless it fully respects fundamental rights enshrined in the EU Charter, the text adds, stressing that data protection should be ruled out of the trade talks.

MEPs call for the “immediate suspension” of the Safe Harbour privacy principles (voluntary data protection standards for non-EU companies transferring EU citizens’ personal data to the US). These principles “do not provide adequate protection for EU citizens” say MEPs, who urge the US to propose new personal data transfer rules that meet EU data protection requirements.

The Terrorist Finance Tracking Programme (TFTP) deal should also be suspended until allegations that US authorities have access to EU citizens’ bank data outside the agreement are clarified, say MEPs. The EU-US data protection framework agreement to be struck in spring 2014 must ensure proper judicial redress for EU citizens whose personal data are transferred to the US, they add.

Digital “new deal”

The EU needs a “digital new deal”, to be delivered by the joint efforts of EU institutions, member states, research institutions, industry and civil society, say MEPs, noting that some telecoms firms have clearly neglected the IT security of their users and clients. MEPs also urge member states to accelerate their work on draft EU data protection reform legislation so that it can be passed by the end of this year.

Trust in US cloud computing and cloud providers has been damaged by surveillance practices, MEPs note. They propose that Europe should develop its own clouds and IT solutions to ensure a high standard of personal data protection. They note that by 2016, the cloud market is likely to be worth $207 billion a year, double its 2012 value.

EU whistleblower and media protection programme

The resolution urges the European Commission to examine whether a future EU law establishing a “European whistleblower protection programme” should also include other fields of EU competence “with particular attention to the complexity of whistleblowing in the field of intelligence”. EU member states are also asked to consider granting whistleblowers international protection from prosecution.

MEPs also cite the UK’s detention of David Miranda and seizure of material in his possession under the UK Terrorism Act and its demand that the Guardian newspaper hand over or destroy such material. They see these acts as “possible serious interference with the right of freedom of expression and media freedom”, as recognised by the European Convention on Human Rights and the EU Charter.

EU countries should check their own secret services

The UK, France, Germany, Sweden, the Netherlands and Poland should clarify the allegations of mass surveillance – including potential agreements between intelligence services and telecoms firms on access to and exchange of personal data and access to transatlantic cables – and their compatibility with EU laws, it says.

Other EU countries, in particular those participating in the “9-eyes” (UK, Denmark, France and the Netherlands) and “14-eyes” arrangements (those countries plus Germany, Belgium, Italy, Spain and Sweden) are also urged to review their national laws and practices governing the activities of intelligence services, so as to ensure that they are subject to parliamentary and judicial oversight and public scrutiny and that they comply
with fundamental rights obligations.

MEPs deem bilateral “anti-spying” arrangements concluded or under negotiation between some EU countries (the UK, France and Germany) and the US as “counterproductive and irrelevant, due to the need for a European approach to this problem”.

Next steps

The full Parliament will vote on the resolution on 12 March in Strasbourg.

The Civil Liberties Committee inquiry into mass surveillance of EU citizens began in September 2013. A total of 15 hearings have been held since then.

In the chair: Juan Fernando López Aguilar (S&D, ES)


BXL: (+32) 2 28 44301
STR: (+33) 3 881 73661
PORT: (+32) 498 98 39 85
EMAIL: libe-press@europarl.europa.eu

Isabel Teixeira NADKARNI
BXL: (+32) 2 28 32198
STR: (+33) 3 881 76758
PORT: (+32) 498 98 33 36
EMAIL: libe-press@europarl.europa.eu

from here (complete report)



New documents provided by Snowden/Greenwald show the elite of nations collaborating with the NSA.

  • The “five spying eyes” are the well known inner circle of USA, Great Britain, Canada, Australia and New Zeeland, based on the UKUSA agreement.
  • First level friends are Denmark, Netherlands, Norway and France. Together with the inner circle we have to talk about “The 9 spying eyes”.
  • Second level friends are Germany, Belgium, Italy, Spain and Sweden. (It is little bit strange to call Sweden a second level friend, because the FRA is spying for the NATO. 70% of international Internet traffic of Russia is routed over Sweden and scanned by FRA for spying purposes in cooperation with NSA.)
  • Third level friends are all cooperating intelligence services in Middle East and Afghanistan, 41 countries at all.

Germany has long protested at its exclusion from 9-Eyes and were a little grumpy at not being invited to join the group. Now, using the scandal following the disclosure of Merkels phone tap, the German intelligence service want to became a part of the inner circle. Official it is called “No-spy-agreement”, but such an agreement covered by a second secret cooperation agreement forms the basis for entering the inner circle. The partners of the inner circle have to collect large scale of information, pre-processing and send relevant results to the NSA/GCHQ data pool. In this case NSA and GCHQ may stop or reduce the spying in Germany.

Some German politicians are ready to go this way. By an internal paper of CDU/CSU (link only in German) the surveillance of Internet should be extended in NSA-style. German intelligence services should be improved to watch directly at Internet exchange nodes like DE-CIX.

from here

We see the writing on the wall


Last week the email provider Lavabit.com was closed. It was one of few secure email provider. It was used by Edward Snowden along with other privacy sensitive users. Ladar Levison (founder of Lavabit.com) did not say what it had been asked to do, only that it was legally prohibited from sharing the events leading to its decision. He don’t want to “become complicit in crimes against the American people.”. In an interview he said:

If you knew what I know about email, you might not use it either.

A second secure email service was closed last week too. Lavabit’s note has led to Silent Circle dropping its email service, saying “We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail now.”. In the opinion of Phil Zimmermann and other privacy activist working for Silent Circle there is no way to get email secure:

Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure.

Because of publications by NSA whistleblowers like Snowden, Binney, Bamford or Drake we get knowledge about vast surveillance programs. Email is one of the first targets for communication surveillance. It seems, there is no email privacy any more. You may re-think you communication behavior and don’t use email anymore as far as possible in future. Think about Jabber (XMPP), private messages in forums, TorChat… More ideas are welcome.

from here