Privacy and Civil Liberties: Will the EU Prevent NSA-Like Suspicionless Surveillance?

By Vicki S. Nikolaidis

The telephone records were not enough. Some members of United States President Barack Obama’s surveillance task force were calling for more types of data around the end of 2013. They wanted to include email metadata. Simultaneously, Computer Security and Industrial Cryptography professor Bart Preneel was recommending to a European Parliament (EP) inquiry committee that data mining should focus on as few categories as necessary and concentrate on “high quality data.” The difference in attitudes towards privacy between the American surveillance task force and the European Parliament’s Committee on Electronic Mass Surveillance of EU Citizens (LIBE) were diametrically opposed.

Oddly enough, some of the worst reports on surveillance of US citizens on US soil actually give hope. For example, in 2010 the Electronic Frontier Foundation (EFF) cited a government report that between 2006 and 2010 “wiretaps were… thwarted by encryption zero times.” This points out an opportunity to start encrypting private communication devices as a way to block the intrusions. Encryption is somewhat complex, but it is essential to protect privacy.

Professor Preneel explained to the committee that the problem is not the technology but the human factor. Employees of companies, for example, are coerced and blackmailed to allow unauthorized access to back doors. In addition, citizens use their devices unthinkingly; however they can start to make better decisions if given better choices.

Recommendations to EP Inquiry Committee on How to Safeguard Privacy

The committee’s guests, who included Prof. Preneel, Director of the Institute for the Protection and Security of the Citizen Stephan Lechner, Principal Technologist of the Speech, Privacy and Technology Project Christopher Soghoian, the American Civil Liberties Union (ACLU), and IT–Security Consultant in Germany Christian Horchert, made presentations during the inquiry and the following general recommendations.

Philosophical issues

• A common definition of privacy is required.
• Information Technology (IT) scientists and engineers must make privacy a priority at the design stage.
• The European Union (EU) must redesign the architecture of IT so that privacy is difficult to compromise.
• Europe should invest in defending IT capabilities, not in offensively using IT.
• Europe should rely on IT experts and good research.
• The EU should not collect billions of data pieces, hold them en masse at one location and declare “we are secure.”

Open processes, open source and transparency

• Europeans should set their own high standards, with governmental support, and not use cheaper IT applications.
• Use open technology with integration of open source codes and open source applications to change the environment from secrecy to transparency. Currently only the US is driving the cryptology and, ironically, the NSA is simultaneously undermining it. Open source solutions will give more choices to citizens and help them regain a sense of liberty.
• Protect metadata.
• Find and remove back doors.
• Design accountability into the system.
• Control the endpoints.
• Pass privacy laws that uphold the free will of users.
• Check surveillance activities of agencies and the government to track what they have done and hold them responsible.

The biggest threats were seen as being the US and cyber criminals. The US government’s use of cyber war tactics against other nations has motivated other countries to prepare for the worst-case scenarios in a cyber attack. Europe’s weakest links are mobile communications, because the governments decided they could not trust citizens with encryption knowledge in their pockets.

Citizens must take precautions of their own. At the least, they should routinely read the terms and conditions of their computers, phones and other devices to decide whether or not they agree with them. According to Preneel, although WiFi is open and insecure, the Internet and websites are secure, and if they are not secure, they can be made secure. Encryption applications can be downloaded to meet the need for privacy and enhance the technology for daily routines. Now is the time for a transformation by the government and citizens. Everyone can make changes to protect their privacy.

“Suspicionless Surveillance” by the National Security Agency (NSA)

One of the meeting’s guests was US Journalist Glenn Greenwald. After his presentation, the most asked questions by members (which Greenwald declined to answer until the documents had been appropriately vetted) regarded the contents of NSA documents from Edward Snowden on their own countries. In his discussion of “suspicionless surveillance,” Mr. Greenwald stressed the following. “[T]he ultimate goal of the NSA along with its most loyal, one might say subservient junior partner the British agency Government Communications Headquarters (GCHQ), is nothing less than the elimination of individual privacy worldwide.” Despite hundreds of millions of Germans being targeted for metadata collection, the government took no action until Chancellor Andrea Merkel herself was found to be under surveillance. “Invisible and ubiquitous” surveillance presents the danger that people act differently when they know they are being watched. Finally, governments that have benefited from Edward Snowden’s information should offer the “reciprocal courtesy” of protecting him.

On the subject of Mr. Obama’s January 17, 2014 NSA surveillance speech, Claude Moraes, European Parliament member for London and Rapporteur for the European Parliament Inquiry into the Mass Surveillance of EU citizens, diplomatically noted that concerns of the EU member states about the NSA’s spying activities were addressed in the speech. But on the subject of privacy for EU citizens in the US, Obama’s “comments may not have been enough to restore confidence following the confusion and concern over surveillance and spying allegations in relation to EU citizens, EU Member States, EU leaders and EU Institutions.” The assurances of protections provided by law were insufficient to give “EU citizens and other non-US targets of NSA alleged surveillance” confidence that their privacy and civil liberties would be guaranteed in the near future.

Editor’s Notes: Vicki S. Nikolaidis is a political activist and a freelance writer who specializes in technology, environmental engineering, and the petroleum industry. She often writes for Yahoo and Yahoo Voices, and in spring 2011 was recognized as a Yahoo Top 500 content provider. She directs the Internet Radio program Vicki Chats and blogs at Dissected Dreams, Deliberative Decisions. Vicki grew up in Iowa, has traveled extensively in the US, resided in Italy and later emigrated to Greece where she lives on an island between Europe and Africa. Photographs one, two and seven by Nolifebeforecoffee. Photographs three, four, five, six and eight by Snapsi.