Today the Eurocrats upped the stakes significantly with a call for all existing data sharing agreements between Europe and the US - including the Patriot Act and Foreign Intelligence Surveillance Act (FISA) - to be revoked, warning that EU data protection authorities have failed to understand the “structural shift of data sovereignty implied by cloud computing”, and the associated risks to the rights of EU citizens.
"Since the main mechanisms for data export [such as] model contracts [and] Safe Harbour, are not protective against FISA or Patriot, they should be revoked and renegotiated."
The report, prepared by UK privacy advocate Caspar Bowden, pulls no punches:
"The EU citizen is...particularly fragile in this configuration connecting US intelligence services, private companies that provide services at the global level and the ownership they can exercise over their data.
"It is clear that if EU citizens do not have the same level of protections as the US citizens, because of the practices of the US intelligence services and the lack of effective protections, they will become the first victims of these systems."
Among the key findings of Bowden's analysis:
- The complexity of inter-related US legislation pertaining to ‘foreign intelligence information’, and its interpretations by secret courts and executive legal memoranda, has led to unlawful practices affecting both US citizens and non-US citizens.
- The consequences of this legal uncertainty, and lack of Fourth Amendment protection for non-US citizens, means that no privacy rights for non-Americans are recognized by the US authorities under FISA.
- The accelerating and already widespread use of cloud computing further undermines data protection for EU citizens.
- A review of the mechanisms that have been put in place in the EU for data export to protect EU citizens’ rights shows that they actually function as loopholes.
Commercial pressure on the US
Neelie Kroes, European Commissioner for the Digital Agenda, has suggested that US cloud services providers should be worried about losing overseas custom as non-US users should be wary of the potential for their data to be spied upon.
The new report takes the next logical step and actively calls for the EU to use the threat of lost business for the US cloud industry in order to force the US government to the negotiating table:
“A consent requirement will raise EU citizen awareness and favour growth of services solely within EU jurisdiction. This will thus have economic impact on US business and increase pressure on the US government to reach a settlement.”
Alongside this threat of what is effectively commercial war on the US cloud industry, there's the inevitable call to conjure up a European cloud industry out of thin air to replace the existing US-dominated one:
"A full industrial policy for development of an autonomous European Cloud computing capacity based on free/open-source software should be supported.
"Such a policy would reduce US control over the high end of the Cloud e-commerce value chain and EU online advertising markets.
"Currently European data is exposed to commercial manipulation, foreign intelligence surveillance and industrial espionage. Investments in a European Cloud will bring economic benefits as well as providing the foundation for durable data sovereignty."
And just in case there's a risk of the US government taking any of this posturing seriously, the report does the one thing guaranteed to have its complaints ignored in Washington: it calls for whistleblowers such as Edward Snowden, to be given asylum and immunity rights.
"Whistle-blowers should be given strong guarantees of immunity and asylum, and awarded 25% of any fine consequently exacted.
"The whistle- blower may have to live in fear of retribution from their country for the rest of the lives, and take precautions to avoid “rendition” (kidnapping).
"Ironically, US law already provides rewards of the order of $100m for whistle-blowers exposing corruption (in the sphere of public procurement and price-fixing)."
At the end of the day it's difficult not to see this as a protectionist document, indeed some might argue near jingoistic in its seeming intent.
Its purpose is to wag a disapproving finger at the US, an approach that can only aggravate the increasing tension, especially when it goes so far as to call for legistlative regime change!
The report declaims:
"One of the most extraordinary aspects of the PRISM affair is that not only have the rights of non-Americans not been discussed in the US, they were not even discussed by the European media until well after the story first broke.
"The rights of non- Americans were rarely raised, and a casual reader would not understand that the intended target of surveillance was non-Americans, and that they had no rights at all.
"It seems that the only solution which can be trusted to resolve the PRISM affair must involve changes to the law of the US, and this should be the strategic objective of the EU."
Not helpful. Not at all helpful.
As we've said before, the whole PRISM revelations scandal clearly casts a dubious light on aspects of US policy.
But Europe's reaction to this is defaulting now to self-righteous US-bashing.
Calls to make forcing changes to US law official European Union policy are as pompous as they are pretentious.
There's a need for a calm reasoned debate on this subject in Europe and the US. There's too much at stake here for both sides, but the real loser could be Europe if the Eurocrats turn the region into a hostile market for US providers.
Frankly this is all getting a bit Dr Strangelove now...