By Duncan Campbell | Original English version. Translated to French for publication in LE MONDE on 01 July 2013
The public and political class in Britain and the United States may never want to fully comprehend the significance of the torrent of recent revelations about global electronic listening supplied by fugitive intelligence whistleblower Edward Snowden, but for the rest of the world and for Europe in particular it is an existential moment.
European political leaders should now be compelled to ask – since when were human rights not universal? When and how did the non Anglo-Saxon world agree to abandon intellectual property rights or commercial confidentiality or personal privacy in return for the privilege of storing or processing data in the United States?
French reaction to the revelations has been led by the data protection agency CNIL, who say that Google in particular has broken French law by agreeing to co-operate in the secret surveillance system. CNIL President Isabelle Falque-Pierrotin has ordered Google to change its policies within three months, or face a fine of up to €150,000. Spain’s data protection agency has followed France’s lead.
The leaked documents reveal how in secret the US and Britain granted themselves and each other legal powers to spy on all personal and commercial communications passing through any global telecommunications system they can reach into. Whether the communications they collect happen to involve terrorism or crime is unknown and irrelevant. Everything is taken for examination. No warrants are required.
Put another way, Britain’s secret services have pimped the country’s geographical ability to harvest European data to make a secret claim to power - that the UK has become a bigger internet intelligence superpower than the United States.
The multinational listening organization, set up by secret post war treaties between the US and the UK known as UKUSA, now calls itself the “Five Eyes”. Its member agencies have been shown to be competing for who has the greatest penetration into private and commercial communications of the Internet.
The “Five Eyes” are the signals intelligence (“sigint”) agencies of the USA, UK, Canada, Australia and New Zealand. They include the US National Security Agency (NSA) and Britain’s Government Communications Headquarters (GCHQ). The documents include many informal, casual remarks that demonstrate that the more surveillance they can do, the more privacy systems they can break, the better the intelligence agents feel.
The documents show that members of the “Five Eyes” team appear to compete with each other for primacy in their secret supra-national world. They also show that while legal regulations are applied with precision when interceptions pick up the communications of their own citizens, they have no concern at all when the citizens are foreign.
According to the documents from Snowden, today and tomorrow and for the past three years any data or e-mail or file or text that leaves Europe for processing in the United States, is likely copied and analysed by a British surveillance system codenamed “Tempora”.
This includes e-mail networks provided by US companies such as Google and Microsoft and the Skype computer telephone system, as well as ordinary telephone calls that route to and through the United States because of the huge data capacity crossing the North Atlantic Ocean.
Every bit of information sent on intercepted links is tapped, copied, and held for three days while British intelligence computers scan it and extract information about senders and recipients. The contents of some target communications are then selected to be held permanently.
For the rest, the information about who called or connected to whom is filtered out and transferred to another computer storage system. After sorting and filtering, the information from Tempora becomes part of a huge shared database of who has called or connected to whom, at any time, from any place.
There may still be protection for a minority of communications passing through submarine cables which do not land in Britain, but which instead connect directly from North America to the European mainland on the French, Spanish, or Portuguese coasts. We do not know. Snowden probably does know - but has not yet revealed whether these cables are also intercepted when they land in the United States or Canada, allowing their data to be captured and processed there. This seems likely, based on the past practices of the collaborating agencies.
The scale and ubiquity of this surveillance creates a real and immediate question for European countries and institutions, because Snowden’s revelations also confirm that nothing foreign that goes into the internet in America, or into the hands of US internet providers, is or will be allowed to be private.
Delicate and complex EU-US negotiations about data protection in the internet “cloud” of massive remote data storage and processing systems have been under way for some months. They are now in turmoil.
Critically, campaigners in Britain, Germany and the Netherlands have long been trying to alert the world to the significance of an updated US law passed in 2008 and which authorises the US government to issue secret court orders requiring US internet companies to hand over all their foreign derived data.
The new law was passed partly for the purpose of legalising secret surveillance of telephone networks inside and outside the US, which the US government began soon after 9/11. The system is known as “warrantless wiretapping”. New laws also granted US companies who had previously complied with secret government demands to hand over data immunity from prosecution or lawsuits from the customers whose information had been copied.
President Obama, then a Senator, voted in favour of these new laws.
The extraordinary new US law is the Foreign Intelligence Surveillance Act Amendment Act of 2008. It is commonly called “FISAAA”. FISAA was an update of a 1978 law passed after the Watergate investigations had revealed programs of illegal spying by US intelligence agencies. The information uncovered in these investigations caused Senator Frank Church, chairing the main investigating committee, to warn that NSA’s power gave it “the capacity … to make tyranny total”.
Thirty years later, that appears to have been the business plan.
Not only does FISAAA not require that surveillance only take place in cases of terrorism or serious crime, it specifically allows all forms of political and economic spying on non-Americans. FISAAA protects US citizens from generalised and warrantless surveillance - but no-one else. It specifically authorises collecting information about any “foreign-based political organization”, or information which concerns any “foreign territory [and which] relates to the conduct of the foreign affairs of the United States”. In effect, unless you are a US citizen and located in the United States, there are no restraints.
That the US has always done such spying was admitted in March 2000 by former CIA director James Woolsey, when responding to a European Parliament report on the “Echelon” network used to spy on commercial communications satellites. (I was the author of the report.)
Explaining “why we spy on our allies”, Woolsey thundered, adding, “Yes, my continental European friends, we have spied on you. And it's true that we use computers to sort through data by using keywords”. He then argued that this was because European companies, in his opinion, paid bribes.
The Echelon report led to many recommendations to protect privacy and commercial security being placed before the European Parliament. All were passed in the autumn of 2001. Six days later, terrorists struck in New York and Washington. The recommendations were forgotten, until now.
European digital rights campaigners argue that FISAAA authorises “blanket surveillance of non-US citizens by US security agencies” and that it is incompatible with the fundamental rights set out in the European Charter and Convention on Human Rights.
Because of the Echelon affair and earlier similar controversies, there have been international suspicions for four decades that the Anglo-Saxon run global electronic listening organization has secretly gained access to virtually all the world’s civilian as well as military communications, and for every sort of purpose – not just to fight terrorism and serious crime, which they are ready to admit, but also to gain economic, political and personal intelligence of every type.
These suspicions have been given substance by the abundance of top secret documents that Snowden has given to British and US newspapers. German politicians from all sides of the political spectrum, including justice minister Sabine Leutheusser-Schnarrenberger, have described the British and American actions as “a catastrophe."
The revelations from Snowden confirm how completely the Anglo Saxon “sigint” (Signals Intelligence) have integrated their personnel, their monitoring systems, and their spying operations. Although an American working in Hawaii, Snowden apparently had access to a huge range of documents classified above “Top Secret” created by and belonging to GCHQ. They include reports of a huge surveillance operation mounted against delegations to the G20 summit held in London in 2009. The targets were all the US and Britain’s G20 partners, as well as smaller states including Turkey and South Africa,
The British government has made it a condition of granting licences to install submarine cables that when the cables land in Britain, there must be two connections going ashore. One connection goes to the normal telephone or internet exchange; the second secretly goes to intelligence centres located at Bude, on the west coast of Cornwall or to GCHQ itself in Cheltenham, in the centre of England. Other large collection sites are in Cyprus, and on Ascension Island, in the south Atlantic.
Another large US run listening base is located in northern England, at Menwith Hill in Yorkshire. It specialises in satellite interception, and was reportedly successful in intercepting the calls of Russian President Putin when he attended the 2009 summit.
Snowden also leaked details of an NSA system called PRISM, which allows operators in the US and “Five Eyes” countries to access full logs and content from nine major internet companies, including Google and Facebook.
US citizens have learned from the revelations that their private connections have not been completely exempt from NSA surveillance. The first revelation was a secret court order, renewed automatically every three months, requiring telephone company Verizon to continuously feed all call records to the FBI and NSA. The leaking of the order confirmed that US telephone companies have been systematically handing over complete information on every telephone call made and received in the United States. The practice, which was started by President Bush after 9/11, has been continued and enlarged by President Obama.
While the British and American authorities contend that they are working within law and to protect society, they remain uninterested in the harm they do to democratic societies and free speech just by setting up their spy system. Widespread untargeted surveillance leads automatically to self-censorship, to inhibition of dissent, and in more severe cases to restriction of freedom of assembly and the restriction of freedom of communication.
Democratic discourse and participation are the ultimate casualties. Campaigners, such as British privacy expert Caspar Bowden, say that “it is still not too late to wake up from a long sleepwalk towards an irreversible loss of data sovereignty in the Cloud”. For that to happen, EU institutions must act decisively to stop the data privacy invasion managed from across La Manche.