U.S. Internet Spying Draws Anger, and Envy

http://www.nytimes.com/2013/06/08/business/global/us-internet-spying-draws-anger-and-envy.html

Version 0 of 1.

SERRAVAL, France — Europe’s reaction Friday to news of a sweeping international digital surveillance program by the U.S. government ranged from the outrage of citizens and politicians to the muted envy of some law enforcement agencies on this side of the Atlantic.

Privacy is an emotional issue in Europe, where memories of state-sponsored snooping by communist and fascist regimes still linger. And so the revelation Thursday that the U.S. National Security Agency had obtained routine access to e-mail, Web searches and other online data from many of the biggest U.S. Internet companies — whose users stretch far beyond U.S. shores — prompted hand-wringing about America’s moral authority.

“If the U.S. complains about foreign governments spying and then it turns out it is doing the same thing — well, what are you complaining about?” said Yaman Akdeniz, a law professor at Istanbul Bilgi University in Turkey, where anger over restrictions on civil liberties has fueled anti-government protests.

The Guardian, the British news organization that first reported existence of the U.S. snooping program on Thursday, noted in an editorial that its report appeared on June 6, the anniversary of D-Day in 1944 — the beginning of the end of Hitler’s police state.

“The young Americans who fought their way up the Normandy beaches rightly believed they were helping free the world from a tyranny,” The Guardian wrote. “They did not think that they were making it safe for their own rulers to take such sweeping powers as these over their descendants.”

Google, Facebook, Apple and other companies cited in news reports of the U.S. surveillance program, known as Prism, denied on Friday that they were providing the National Security Agency continuous backdoor access to their subscribers data. Instead, the companies said they had disclosed user data to the U.S. government only when legally required to do so.

“We have never heard of Prism,” Apple said in a statement late Thursday. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order."

While privacy advocates condemned the U.S. surveillance program, official reaction from European capitals was more muted. That might be in part, analysts said, because some governments already have, or would like to wield, similar powers to monitor Internet communications.

The Guardian reported Friday, for example, that Government Communications Headquarters, a British intelligence agency, had been given access to Prism since 2010. A spokesman for the agency declined to comment.

The government of Prime Minister David Cameron last year proposed legislation that would have given the secret services broad digital surveillance powers, including access to e-mail records and the digital addresses used to identify computers. The proposal followed street riots in London, which Mr. Cameron said were fueled by the use of private communications networks like BlackBerry Messenger.

Opposition from the Liberal Democratic Party, the junior partner to Mr. Cameron’s Conservatives in the governing coalition, appeared to sink the bill this spring. But there has been talk of reviving it in the wake of an attack in London last month, in which a man was hacked to death.

In the Netherlands, too, the authorities have been pushing for broader digital surveillance powers. A draft bill would let the Dutch police break into the computers of crime suspects, including those based outside the country. The country’s Intelligence Act is also being revised, and there has been talk of adding snooping abilities like those apparently possessed by the N.S.A.

“There will be a lot of jealousy among services that the U.S. has these powers,” said Simone Halink, a spokeswoman for Bits of Freedom, a Dutch digital rights group. “The fact that a powerful government is doing this, and saying it is doing it in accordance with the law, is alarming and a reason for increased vigilance.”

In Europe, privacy is also a business and trade issue. The European Union is actively debating how best to update its data protection laws for the digital era. The process has been shaped by an intense trans-Atlantic lobbying campaign by U.S. Internet companies that want to soften some of the proposed privacy protections, which worry that tight strictures could crimp online advertising sales and other digital commerce.

European privacy advocates said Friday that the disclosure of Prism could bolster the push for stricter data protection in the new laws, including a proposed “right to be forgotten,” which would let Internet users scrub unflattering online references to themselves.

Members of the European Parliament said outrage over Prism could also increase pressure on European trade negotiators to demand American respect for the European Union privacy rules as in coming months they attempt to work out a trans-Atlantic trade pact. That effort is intended to drop trade barriers between the Union and the United States and seek to synchronize regulations.

“The highest standards of data privacy” should be a baseline in the trade talks, Hannes Swoboda, an Austrian member of the European Parliament, said in a statement Friday.

“Retrieving information from private companies’ servers, without the knowledge of either the companies or the users concerned, does not comply in any way with European data privacy standards,” Mr. Swoboda said. He called on the European Commission, the Union’s executive body, to determine whether any E.U. laws had been broken.

Cecilia Malmstrom, the Union’s commissioner for home affairs, said Friday that she would “get in contact with our U.S. counterparts to seek more details” on the revelations about Prism.

But the European Commission appears to have previously bowed to American pressure to soften the E.U.’s new privacy rules in order to accommodate U.S. intelligence gathering.

When drafts of the proposals appeared two years ago, they included a key provision: Companies in Europe that store or process personal data would need to seek authorization from a “supervisory authority” before they could transfer personal information outside the Union at the request of a foreign government or court.

An “informal note” dated December 2011 that the U.S. government circulated in Brussels said that the provision “appears to interfere in dramatic fashion with the domestic investigations of third countries’ public agencies.” That article is no longer in the latest proposed changes to Europe’s data privacy laws.

Finding a long-term solution that balances the civil liberties of Europeans against the vast power wielded by the United States over the data that circulates inside Europe and circles the globe will be fiendishly difficult, warned Sophie in ‘t Veld, a Dutch member of the European Parliament and a prominent campaigner for robust enforcement of privacy rights.

“Strictly speaking, the burden is on companies to make sure data on Europeans is not made available to U.S. authorities,” Ms. in ‘t Veld said by telephone on Friday. “But obliging these companies to follow that standard is very hard, because they are caught between two jurisdictions in Europe and the United States, and they need to make a choice about what law to comply with.”

While U.S. Internet companies have also lobbied against proposed data privacy protections they consider onerous, some analysts said the disclosure of the Prism program could become a competitive issue for them. If individual or corporate users in Europe thought that using U.S. online services could subject them to eavesdropping by American intelligence services, they might turn elsewhere.

“There’s a big difference between a national security investigation into a foreign individual who poses a terrorist threat to the U.S., and foreign individuals or corporations being spied on because they happen to use an e-mail service that runs through California,” said Emma Carr, deputy director of Big Brother Watch, a British privacy group.

One company that understands this phenomenon is Huawei, a Chinese provider of telecommunications equipment. U.S. lawmakers have called Huawei a security risk because of allegations — denied by the company — that its gear might contain technology allowing the Chinese government to snoop on foreign communications.

That is why Huawei seized upon reports Friday that American Internet companies might actually have cooperated in the N.S.A.’s intelligence-gathering operation.

“If proven, there is indeed some irony in this story, especially given some malicious and badly informed comments made about Huawei earlier this year,” said Roland Sladek, a spokesman for Huawei in Shenzhen, China.

At least one digital consumer on Friday shrugged in resignation when asked about the controversy.

“There’s no liberty anymore," said Jean-Luc Mélice, 59, a research director in the oceanography department at the University of Paris, who was sending e-mails on his smartphone on Friday evening at a cafe inside the Midi train station in Brussels.

“But this is no surprise,” said Mr. Melice. As a climate scientist, he said he and his peers assumed that surveillance was commonplace. “Big companies want to know who their enemies are,” he said.

<em>James Kanter reported from Brussels.</em>