The US National Security Agency (NSA) surveillance programmes (PRISM) and Foreign Intelligence Surveillance Act (FISA) activities and their impact on EU citizens' fundamental rights - briefingnote_en.pdf.
Questo è un rapporto straordinariamente interessante con delle raccomandazioni per l'Europa, realizzato dalla DG Internal Policies (DG IPOL), dal dipartimento per i diritti dei cittadini e gli affari costituzionali. il titolo è
Foreign Intelligence Surveillance Act (FISA) activities and their impact on EU citizens' fundamental rights
alcuni highlights:
Raccomandazioni:
Conclusioni
Questo è un rapporto straordinariamente interessante con delle raccomandazioni per l'Europa, realizzato dalla DG Internal Policies (DG IPOL), dal dipartimento per i diritti dei cittadini e gli affari costituzionali. il titolo è
Foreign Intelligence Surveillance Act (FISA) activities and their impact on EU citizens' fundamental rights
alcuni highlights:
Raccomandazioni:
- Prominent notices should be displayed by every US web site offering services in the EU to inform consent to collect data from EU citizens. The users should be made aware that the data may be subject to surveillance (under FISA 702) by the US government for any purpose which furthers US foreign policy. A consent requirement will raise EU citizen awaren ess and favour growth of services solely within EU jurisdiction. This will thus have economic impact on US business and increase pressure on the US government to reach a settlement.
- Since the other main mechanisms for data export (model contracts, Safe Harbour) are not protective against FISA or PATRIOT, they should be revoked and renegotiated. In any case, the requirement above for informed consent after a prominent warning notice should apply to any data collected, in the past or in the future, by a public or private sector EU controller, before it can be exported to theUS for Cloud processing.
- A full industrial policy for development of an autonomous European Cloud computing capacity based on free/open-source software should be supported. Such a policy would reduce US control over the high end of the Cloud e-commerce value chain and EU online advertising markets. Currently European data is exposed to commercial manipulation, foreign intelligence surveillance and industrial espionage.
- Investments in a European Cloud will bring economic benefits as well as providing the foundation for durable data sovereignty.
- ...
- The published new Regulation omitted 'Art.42' (according to the numbering of a draft leaked two months before the final version), reportedly after very heavy lobbying by US interests. Article 42 prohibits Third Countries (such as the United States and other non-EU Member States) from accessing personal data in the EU where required by a non-EU court or administrative authority without prior authorization by an EU Data Protection Authority. The article has been described as the “anti-FISA clause”
- Even after BULLRUN, cryptography is probably intact in theory, however it is not known which encryption implementations and products may have been rendered insecure.
- Therefore consideration should be given to extending the scope of 'Art.42' also to cover vendors of systems/products (as well as Controllers/Processors) in EU markets.
- Existing encryption security product accreditations, especially if influenced by NSA or GCHQ, must be regarded as suspect
- Systematic protection and incentives for whistle-blowers should be introduced in the new Regulation. Whistle-blowers should be given strong guarantees of immunity and asylum, and awarded 25% of any fine consequently exacted. The whistle-blower may have to live in fear of retribution from their country for the rest of the lives, and take precautions to avoid “rendition” (kidnapping). Ironically, US law already provides rewards of the order of $100m for whistle-blowers exposing corruption (in the sphere of public procurement and price-fixing)
Conclusioni
As noted earlier, one of the most extraordinary aspects of the PRISM affair is that not only have the rights of non- Americans not been discussed in the US, they were not even discussed by the European media until well after the story first broke. The rights of non-Americans were rarely raised, and a casual reader would not understand that the intended target of surveillance was non-Americans, and that they had no rights at all.
It seems that the only solution which can be trusted to resolve the PRISM affair mustinvolve changes to the law of the US, and this should be the strategic objective of the EU.
Furthermore, the EU must examine with great care the precise type of treaty instrument proposed in any future settlement with the US. Practical but effective mechanisms are also needed to verify that disclosures of data to the US for justifiable law enforcement investigations are not abused.
...
The thoughts prompted in the mind of the public by the revelations of Edward Snowden cannot be unthought. We are already living in a different society in consequence.
Everybody now knows, that the US intelligence community might know any personal secret in electronic data sent in range of the NSA. These developments could be profoundly destabilising for democratic societies, precluding exercise of basic political and human rights, and creating a new form of instantaneous and coercive Panoptic power.
It seems that the only solution which can be trusted to resolve the PRISM affair mustinvolve changes to the law of the US, and this should be the strategic objective of the EU.
Furthermore, the EU must examine with great care the precise type of treaty instrument proposed in any future settlement with the US. Practical but effective mechanisms are also needed to verify that disclosures of data to the US for justifiable law enforcement investigations are not abused.
...
The thoughts prompted in the mind of the public by the revelations of Edward Snowden cannot be unthought. We are already living in a different society in consequence.
Everybody now knows, that the US intelligence community might know any personal secret in electronic data sent in range of the NSA. These developments could be profoundly destabilising for democratic societies, precluding exercise of basic political and human rights, and creating a new form of instantaneous and coercive Panoptic power.
Commenti