«Compiled and edited by Simon Davies June 2014 A Crisis of accountability 2 Contents Contents Acknowledgments ...»
2. Danish Administrative Order for data retention In December 2013 the Court of Justice of the European Union concluded that the Data Retention Directive is incompatible with the Charter of Fundamental Rights. The Danish Department of Justice and Minister of Justice, Karen Hækkerup, opined that the EU Court decision had no consequence with regard to the Danish Administrative Order. 10 However on June 2nd. the the Danish Minister of Justice, Karen Hækkerup declared, that the extensive logging of traffic was to stop within a couple of weeks. "It is doubtful if the collection of session data can be regarded as suited for achieving the purpose of creating possibilities for use of the information as part of an investigation of criminal activities", a press release from the Danish Department of Justice stated.18 By phrasing the reasons for shutting down the log files, The Minister avoided coupling the decision to any of the criticism received and left a door open to introducing more effective procedures for collecting session data in the future. Furthermore: How the already collected data will be handled is still uncertain.
ITEK is a part of the Confederation of Danish Industry (DI). 14 The body represents some 300 companies working with IT, Telecom, Electronics and Communications, and issues an annual report about recent security threats and advice to protect companies and individuals against industrial espionage.
This year the first edition of the report was dropped due to internal criticism.
The second edition was published and only available for two days before it was dropped and now a third edition is in the works, though it's unknown which fate it will meet when published. It has been suggested, that censoring has taken place and terms such as "GHCQ", NSA" and four pages of text on Snowden have been significantly edited out of the various editions.
Newspaper Politiken has revealed that changes took place after a confirmed meeting between ITEK and the Danish Defence Intelligence Service. 15, 16, 17
3 Danish Security and Intelligence Service, Politiets efterrentingstjeneste 4 http://fe-ddis.dk/cfcs/omos/opgaver/Pages/Opgaver.aspx 5 Minister: Fin balance i ny lov om cybersikkerhed http://politiken.dk/indland/ECE2227381/minister-fin-balance-i-ny-lov-omcybersikkerhed/ 6 Hemmelig tjeneste får magten over private data http://politiken.dk/forbrugogliv/digitalt/ECE2225888/hemmelig-tjeneste-faarmagten-over-private-data/ 7 Law Proposal of May 2nd, 2014 by Minister of Defence, Nicolai Wammen Forslag til Lov om Center for Cybersikkerhed http://www.ft.dk/samling/20131/lovforslag/l192/html_som_fremsat.htm 8 http://en.wikipedia.org/wiki/Data_Retention_Directive#Criticism 9 Ekspert efter EU-dom: Logning bør suspenderes http://www.information.dk/493873 10 http://www.b.dk/politiko/haekkerup-vil-ikke-aendre-overvaagningsregler-trods-eu-dom 11 https://www.prosa.dk/aktuelt/prosabladet/artikel/artikel/giv-snowden-nobelsfredspris/?tx_prosamag_pi1[pageid]=5438 12 http://www.information.dk/463313 13 http://www.information.dk/486285 14 http://di.dk/English/Pages/English.aspx 15 Fire sider om Snowden blev slettet i vejledning fra Dansk Industri http://politiken.dk/indland/ECE2251274/fire-sider-om-snowden-blev-slettet-ivejledning-fra-dansk-industri/ 16 DI drøftede omstridt vejledning med spiontjeneste http://politiken.dk/indland/ECE2280839/di-droeftede-omstridt-vejledning-medspiontjeneste/ 17 Second, withdrawn version of report from ITEK http://multimedia.pol.dk/archive/00834/Scan_834583a.pdf (Newspaper Politieken).
Finland Despite widespread media coverage of the Snowden disclosures, there have been few concrete actions by politicians to end surveillance, and practically no concrete outcomes.
Media coverage of the disclosures has been extensive, and the reaction has been mostly pro-whistleblowing. Reporting has been largely US/NSA focused;
spying by other countries or the local national Government didn’t receive so much press (but see below for the related national cybersecurity programme).
There has been some investigative journalism: the main Finnish newspaper Helsingin Sanomat published a lengthy investigative report on “Nokia Lumia phones leaking information to foreign countries [that is, the US]” (2014).
Helsingin Sanomat also published an objective analysis of the Snowden material it obtained; due to Snowden’s cautious publication policy, the most sensitive material was not available.
Greenwald’s book (2014) on the disclosures is available in Finnish.
There has been no significant public action such as demonstrations or large campaigns that have triggered a measurable impact. The citizens’ legislative initiative “Lex Snowden” (“law for protecting privacy and free speech internationally”, including whistleblower protection) supported by Effi received 4 179 supporters out of 50 000 required for the initiative to be processed by the Parliament.
Some members of the Parliament have, for example, mentioned the Snowden disclosures in their speeches. However, there have been no formal investigations, resolutions or other such actions with tangible outcomes, although there have been public debates that may have affected legislative processes.
There have been no disclosures-related cases brought before courts, police or judicial authorities.
to obtain surveillance rights similar to those provided by Sweden’s FRA legislation. (1) The Government (except certain ministers/ministries) has taken no action to improve legislation as a result of the Snowden disclosures.
The execution programme (11 March 2014) of the Finnish national cybersecurity strategy shows an inclination to undermine online privacy and extend state surveillance to confidential communications. A few months after the first Snowden disclosures, cyber attacks on the Ministry of Foreign Affairs were publicized (2013). Consequently, work for a new online surveillance legislation draft commenced: security officials requested more power to monitor online communications. The group that wrote the draft consisted solely of officials; the majority of them were national security authorities. The Ministry of Transport and Communication organized a public debate, where several participants criticized the draft. (2) In another public debate (April 2014) on the proposed cyber surveillance legislation, industry representatives were mostly anti-surveillance, while security officials were pro-surveillance. (3) A proposed legislative package on the information society (30 Jan 2014) contained no reaction to the disclosures. Instead, there were plans to incorporate old requirements on telecom data retention in the package, also extending the requirements towards communication content retention and a centralized storage model.
The Government has not publicly announced how the Digital Rights Ireland ruling by the EU court will affect said legislation. Fortunately, some politicians have reacted positively to the ruling. For example, the Minister for Education and Science promised that the ruling’s effects on Finnish legislation shall be examined in order to repeal those parts of legislation that are in conflict with the ruling. (4) Some companies have used Finland’s alleged privacy-friendliness as a marketing point for ICT services such as cloud-based services; this is at least indirectly related to the Snowden disclosures.
(1) http://www.talouselama.fi/uutiset/supo+haluaa+seurata+sinua+tarkemmin+ver kossa/a2191293 (2) http://www.itviikko.fi/uutiset/2014/01/21/kybertiedustelulaki-kuumentaa-yritykset-ja-jarjestot-eivat-mukana-valmistelussa/2014993/7 (3) http://www.taloussanomat.fi/uutiskommentit/2014/05/03/uusi-pahaurkintalaki-vai-pienen-suomen-suojakilpi/20146096/12 A Crisis of accountability 37 (4) http://www.lvm.fi/tiedote/4395687/eu-tuomioistuin-totesi-tietojensailyttamista-koskevan-direktiivin-laittomaksi
France The Snowden revelations have caused in France the same schizophrenic uproar that occurred after the NSA/Echelon scandal fifteen years ago. At first, the reports caused a general outcry in media and political circles, but soon after the revelations about French surveillance capabilities were put into light, the outcry silenced and all legal suits that were launched against the US-led SIGINT spying apparatus came to nothing.
In 2013, French Foreign Minister Laurent Fabius made his first public statement more than three weeks after the first Snowden revelations (PRISM). He urged an “official explanation” from the US, as echoed by other major European leaders, after newspapers Der Spiegel and The Guardian reported how the NSA had targeted its spying inside EU institutions.
The only major diplomatic gesture taken by Laurent Fabius took place on October 21, 2013, when he stated he had “called immediately” the US Ambassador for a special meeting. That gesture came after daily newspaper Le Monde published new documents from the Snowden files showing how massive was the scale of NSA spying of French special interests.
Just after the first Guardian article on June 5, media columnists and major political figures urged the French government to ask for official explanations.
Some argued for the opening of Parliamentary inquiries. In fact, these special investigation powers — like the one that was launched in Germany, for instance — were never engaged in the French Parliament (National Assembly and Senate). Not even a single MP dared to merely propose a resolution that would have created a “commission d'enquête”. Some left-wing MPs recently quoted the NSA-led spying scheme, explaining that it must be stopped as a “prelude” to pursuing talks regarding the Transatlantic treaty. In fact, French Socialist EuroMPs — allies to the French President Hollande — declared on July 1st that the inquiry should be led by the European Parliament. The “Committee of Inquiry on Electronic Mass Surveillance of EU Citizens” was launched four days later.
security and civil rights experts for a conference called “Numérique, renseignement et vie privée : de nouveaux défis pour le droit” (Digital issues, intelligence and privacy: new challenges for the legal system).
Regarding the PRISM scandal, the French judiciary opened a preliminary inquiry on August 28, 2013, responding to a lawsuit launched by the civil rights group FIDH (International Federation of Human Rights Groups). The preliminary suit is still pending (the second step would be the opening of an official judicial inquiry).
Last November, newspaper Le Monde published details of how the French intelligence services deployed similar sniffing techniques in order to store and analyse huge quantities of phone and internet metadata for internal use.
The French Data Protection Agency (CNIL), which is currently head of the “Article-29” EU privacy working party, failed to put minds at rest when it published shy memos regarding PRISM’s legal impact on internet users in France. All of CNIL's initiatives now, are engaged in the A-29 inquiry, launched on August 20, 2013.
Ironically, the only legal consequences of the Snowden/NSA files was not good news for France's citizens and foreign residents. A “military programmatic law” — prepared in July 2013 and voted in December — introduced new metadata surveillance measures, including geo-tracking capabilities, for the intelligence community. Security experts said all these measures were often used in law. Another “geo-tracking” law was adopted at the end of March 2014, aimed this time at judicial bodies, in order to similarly “legalise” localisation techniques already used by police in day-to-day investigations. The “Snowden earthquake”, as this scandal has been called here, seems to have helped French authorities to clean its Criminal Code, more than it contributed to build a better privacy shield for ordinary people.
The European Union The Snowden revelations generated a great deal of noise in the discussions around privacy, security and data protection. However, in the absence of any specific decision-making process (apart from the Data Protection Regulation), much of the reaction was in the form of platitudes.
On July 2013 Justice Commissioner Viviane Reding announced a review of the Safe Harbor Agreement, which was adopted in order to permit transfers of personal data in a way which was recognised by the EU as being compliant with the 1995 Data Protection Directive. This review led to the creation of thirteen recommendations that Commission Vice-President Reding sent to her US counterparts to address some of the flaws of the agreement.
As the failings of Safe Harbor were already an open secret, it is difficult to determine how much influence the revelations created. However, judicial redress for EU citizens, both as part of an update of Safe Harbor and in the context of a planned umbrella agreement on data protection in the law enforcement sector, are currently being negotiated between the EU and the US. While this latter agreement has been collecting dust in the Commission's drawers since the negotiations started back in 2010, the Snowden revelations have heavily contributed to a relaunch of the talks, as evidenced by the strength of a letter from Commissioner Reding to the US Attorney General in reaction to the PRISM revelations.
However, a more comprehensive - albeit non-binding - response came from the European Parliament. From September 2013 to February 2014, the European Parliament's inquiry received testimonies from tech experts, whistleblowers, journalists, privacy experts, representatives of EU members states and EU intelligences agencies and a written testimony from Edward Snowden. Subsequently, the Parliament has adopted a report which includes seven recommendations intended to guarantee more robust protections of EU citizens’ fundamental rights.