The EU Parliamentary Inquiry's Report on Mass Surveillance

Saturday 11 January 2014

After about five months of hearings and investigating, the European Parliament's civil liberties committee has published its report on the revelations about mass surveillance leaked by the American former National Security Agency contractor Edward Snowden.

The comprehensive 52-page report, published Wednesday in draft form [pdf], contains a large number of important findings and recommendations — some of which I think it's worth highlighing here.

The report accuses spy agencies — particularly in the US (NSA) and the UK (GCHQ) — of operating dragnet snooping programs that appear to involve illegal actions. It says that the UK government has on at least two occasions breached the European Convention on Human Rights and the EU Charter in how it has tried to crack down on reporting of the Snowden leaks (examples cited are the detention of former Guardian journalist Glenn Greenwald's partner and the destruction of Guardian computers). In addition, the committee calls for the European Parliament to suspend data sharing deals with the US government, and it says new legal protections are necessary for journalists and whistleblowers.

Crucially, the report does not shy away from attempting to address some of the larger issues — such as the profound and unprecedented existential questions new mass surveillance technologies raise for modern democracies. It calls on US authorities and EU member states to "prohibit blanket mass surveillance activities and bulk processing of personal data," adding:

[The committee] sees the surveillance programmes as yet another step towards the establishment of a fully fledged preventive state, changing the established paradigm of criminal law in democratic societies, promoting instead a mix of law enforcement and intelligence activities with blurred legal safeguards, often not in line with democratic checks and balances and fundamental rights, especially the presumption of innocence. [Emphasis added.]

This kind of policing, it warns, is leading to "every citizen being treated as a suspect." For that reason, the report notes that the committee

condemns in the strongest possible terms the vast, systemic, blanket collection of the personal data of innocent people, often comprising intimate personal information; emphasises that the systems of mass, indiscriminate surveillance by intelligence services constitute a serious interference with the fundamental rights of citizens; stresses that privacy is not a luxury right, but that it is the foundation stone of a free and democratic society; points out, furthermore, that mass surveillance has potentially severe effects on the freedom of press, thought and speech as well as a significant potential for abuse of the information gathered against political adversaries; emphasises that these mass surveillance activities appear also to entail illegal actions by intelligence services and raise questions regarding extraterritoriality of national law.

UK surveillance laws are singled out for criticism, with the inquiry concluding that the UK's legal framework is in need of an overhaul because it is outdated. But the finger is not pointed solely at the spooks in the UK and the US. The report accuses countries including France, Germany, and Sweden of running their own mass surveillance programs, too. It also rightly blasts the general incompetence of oversight committees — both in Europe and the US — that are supposed to be tasked with holding spy agencies accountable:

despite the fact that oversight of intelligence services’ activities should be based on both democratic legitimacy (strong legal framework, ex ante authorisation and ex post verification) and an adequate technical capability and expertise, the majority of current EU and US oversight bodies dramatically lack both, in particular the technical capabilities. [Emphasis added.]

Moreover, it calls on the European Commission — the EU's executive body — to evaluate the possibility of introducing legal liabilities that could be used to punish technology companies for not fixing known vulnerabilities in their software or for installing secret backdoors for spying. It wants the European Parliament to consider only procuring software that is open source, so that the software code can be reviewed to ensure it is secure and free from backdoors inserted for spying. And it also urges European Union member states to initiate investigations into "possible cybercrimes and cyber attacks committed by governments or private actors in the course of the activities under scrutiny."

"Trust has been profoundly shaken," the report says. "Trust between the two transatlantic partners, trust among EU Member States, trust between citizens and their governments, trust in the respect of the rule of law, and trust in the security of IT services...in order to rebuild trust in all these dimensions a comprehensive plan is urgently needed."

It's worth a read if you have the time. The full report is here [pdf].