You could hardly have asked for a more timely conference. Computers, Freedom and Privacy (CFP) had subtitled their 2013 gathering “Can You Trust Anyone in the Digital Age?”. Just weeks before the conference in Washington, DC, Edward Snowden blew the whistle on Prism and related giant surveillance programs. In addition to already slated sessions ranging from cybersecurity to homegrown drones, the conference organizers quickly gathered experts to discuss the Snowden revelations, including former whistleblowers William Binney and Thomas Drake.
That “Prism-Plus” should be front and centre at the conference is obvious. But there is also an important background to the Prism story that North Americans know very little about. Geographically it’s an ocean away and news-wise, it’s far off in policy wonk land where headlines are hard to grab. The battle for the global standard of privacy protection in underway in Europe right now.
Prism is a secret U.S. surveillance program that harvests personal information from the big Internet companies, like Facebook and Google. One of the critical privacy issues embedded in the Prism revelations is about what information companies can collect and retain, and thus have stored for access by government surveillance programs. Data protection is almost non-existent in the U.S. There is no overarching framework for privacy regulation in the U.S., there are only some individual pieces of specific legislation pertaining to certain categories of information, like medical records. In essence, as Barry Steinhardt from Friends of Privacy USA put it, the U.S. “is the wild west of privacy”.
In contrast, the European Union recognizes privacy as a fundamental human right and has strong data protection laws. Canada’s privacy laws follow the EU model of regulation, which is viewed as the global privacy standard. That standard is now under attack. The EU is currently revising its data protection framework to update it in light of technological developments and the need to strengthen enforcement powers. The revision process has drawn a vast and arguably unprecedented lobbying campaign from the U.S. and U.S. Internet companies (aka: the companies working with the Prism program) aimed at weakening the law instead of strengthening it.
The bottom line is that if the EU does not hold to a high privacy protection standard, Canada and other countries will find it almost impossible to maintain strong privacy laws. We’ll see a race to the bottom on privacy protection globally. “Harmonization” will drag us all down to the lowest common denominator.
This is why the BCCLA initiated the Washington Statement in Support of Data Protection calling for the EU to set a high global privacy standard. Citizens of countries the world over have two mammoth battles to fight over the privacy our communications: 1) to prevent the wholesale capture of our personal information and private communications by the private sector, and 2) to prevent the government from vacuuming up all our personal information and communications straight out of the databases of the private sector. The question of data protection is about the first of those fights, about limiting what information about us can be collected and stored. Limiting collection and retention is one important way to protect ourselves from disproportionate government surveillance. The private and public sectors are linked in this matter.
As for governmental surveillance programs, there are daily and sometimes hourly updates and commentaries to absorb. A critical lesson emerging is that even where there are systems in place to provide some means of accountability for secret surveillance on national security grounds, these systems are being systematically abused. So, for example, while it has long been known that the U.S. has a secret “court” under its Foreign Intelligence Surveillance Act that issues surveillance orders, the public had never seen a secret FISA order before. While no one would be surprised that the U.S. National Security Agency sought a FISA order for information held by a telephone company, what the release of an actual FISA order has done is to confirm the fears of privacy advocates about how such orders could be abused. The order is essentially to hand over everything. So much for checks and balances and accountability. We’re thinking this could be a good time for privacy advocate re-branding: “Privacy Advocates – We’re Not Paranoid; We’re Right!”
The confirmation that FISA orders are being abused is important for Canadians for two reasons:
1) because many of our communications are captured in the U.S. net, and
2) there are many reasons for believing that Canada, which has been “harmonizing” with the NSA on national security surveillance, is essentially doing the same thing.
Stay tuned for revelations to come.
Press Release: BCCLA reacts to revelations of Canada-U.S. spy-on-everyone programs
From the Blog: It’s Secret Spying Scandal Week!