A few days ago the European Parliament's Office of Citizens' Rights and Constitutional Affairs released a notably pointed briefing paper arguing for Europe to stop trusting American Internet services. The briefing and the committee are the latest forum to suggest that European states create domestic cloud computing capacities to provide member states legal protection for NSA data surveillance. The report has the not-at-all-subtle title "The US National Security Agency Surveillance Programmes (PRISM) Foreign Intelligence Surveillance (FISA) Activities and Their Impact on EU Citizens' Fundamental Rights." Among the findings:
Prominent notices should be displayed by every US web site offering services in the EU to inform consent to collect data from EU citizens. The users should be made aware that the data may be subject to surveillance (under FISA 702) by the US government for any purpose which furthers US foreign policy.
The argument there being that people will have an incentive to find other websites to use. Particularly for e-commerce. Companies like Amazon, and U.S. airlines and ticketing agencies—Expedia and the like—won't be pleased, and that in turn will create economic pressure to alter surveillance strategy, the report argues.
A consent requirement will raise EU citizen awareness and favour growth of services solely within EU jurisdiction. This will thus have economic impact on US business and increase pressure on the US government to reach a settlement.
That isn't all. The report argues for the European Union to simply swear off U.S.-based cloud computing, and to develop local capacity. Again, the argument is largely economic.
Such a policy would reduce US control over the high end of the Cloud e-commerce value chain and EU online advertising markets. Currently European data is exposed to commercial manipulation, foreign intelligence surveillance and industrial espionage. Investments in a European Cloud will bring economic benefits as well as providing the foundation for durable data sovereignty.
Further along, the report notes the different ways the NSA scandal has been understood inside and outside the US. Inside the U.S. a key issue was whether the NSA has been spying domestically, on U.S. citizens, and the implications of that question for domestic data security. Abroad, the report notes, people are understandably more interested in their own ability to protect personal data from the NSA. The briefing suggests E.U.-U.S. negotiations on data security, though efforts at such negotiations have failed previously.
...a casual reader would not understand that the intended target of surveillance was non-Americans, and that they had no rights at all. It seems that the only solution which can be trusted to resolve the PRISM affair must involve changes to the law of the US, and this should be the strategic objective of the EU. Furthermore, the EU must examine with great carethe precise type of treaty instrument proposed in any future settlement with the US. [boldface as printed] Practical but effective mechanisms are also needed to verify that disclosures of data to the US for justifiable law enforcement investigations are not abused.
In sum, Europe's still upset, and talking seriously and in public about how to protect itself from American eavesdropping. Yesterday, Slate's Ryan Gallagher flagged a want ad for a counterintelligence professional posted on a Parliament website last July, shortly after the Edward Snowden affair broke. The same body is housed in a Brussels building ID'd as an NSA target in the Snowden papers, according to the Slate report.