News that the NSA has unfettered access to most of the leading Internet services inevitably has an international dimension. After all, Microsoft, Yahoo!, Google and the rest of the Naughty Nine all operate around the world, so spying on their users means spying on people everywhere. Indeed, as Mike explained earlier today, the NSA is actually trying to quell criticism by selling this news as something that purely concerns non-Americans (although that's clearly rubbish.)
Despite that fact, the European Commission's Home Affairs department made the following reply to the journalist David Meyer when he asked them for a statement of the latest revelations:
We do not have any comments. This is an internal U.S. matter.
It was only later that it realized this was a ridiculous position, and issued the following statement:
We have seen the media reports and we are of course concerned for possible consequences on EU citizens' privacy. For the moment it is too early to draw any conclusion or to comment further. We will get in contact with our U.S. counterparts to seek more details on these issues.
That dismissive initial comment followed by the rather feeble backtracking suggests that the European politicians have not yet realized how big a problem this is going to be for them, as well as for the US authorities. For example, The Guardian has confirmed today that the UK has been tapping into Prism for a while:
The UK's electronic eavesdropping and security agency, GCHQ, has been secretly gathering intelligence from the world's biggest internet companies through a covertly run operation set up by America's top spy agency, documents obtained by the Guardian reveal.
It says the British agency generated 197 intelligence reports from Prism in the year to May 2012 -- marking a 137% increase in the number of reports generated from the year before. Intelligence reports from GCHQ are normally passed to MI5 and MI6.
Already, one Labour MP, Tom Watson, has said that he will table questions in the House of Commons next week, and it seems likely that others will be demanding to know how much the UK government knew of this pervasive spying activity, what information it received -- and what it gave in return.
Another European asking questions is Peter Schaar, Germany's federal commissioner for data protection, who told David Meyer the following:
Given the large number of German users of Google, Facebook, Apple or Microsoft services, I expect the German government... is committed to clarification and limitation of surveillance.
He then went on to make an important connection:
As Techdirt has reported, new data protection rules currently being discussed by the European Union have come under fierce attack by US companies, who want them watered down. For the most part, they were succeeding, but it's possible that the revelations that the very same companies who have lobbied so hard to neuter EU regulations have allowed the NSA to access customer data may start to tip the balance the other way.
Some want to go further than simply strengthening data protection in Europe. The European privacy advocate, Alexander Hanff, is calling for the US's "safe harbor" status to be revoked. Here's why that matters:
The European Commission's Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-European Union countries that do not meet the European Union (EU) "adequacy" standard for privacy protection. While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the EU.
Without Safe Harbor status, no US company would be allowed to transfer personal data about Europeans out of the EU. It's unlikely that the European Commission would contemplate such a drastic move, but it's an indication of how high feelings are starting to run -- and this is only a few hours after the NSA story broke.
In order to bridge these differences in approach and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "Safe Harbor" framework and this website to provide the information an organization would need to evaluate -- and then join -- the U.S.-EU Safe Harbor program.
Mind you, however bad the situation is in Europe, President Obama can take comfort from the fact that it could be worse:
Peng Liyuan, the wife of Chinese leader Xi Jinping, appears to have an iPhone. And now, according to reports, US intelligence agencies may be spying on iPhone users through a secret data harvesting program. Does that mean there’s a possibility that the US is spying on the private messages of China’s first lady?
If confirmed, I don't think that's going to go down too well with the Chinese government...
Follow me @glynmoody on Twitter or identi.ca, and on Google+