“It’s a bit boring isn’t it?” remarked one guard to another.
It was a bit boring, stuck in the media centre of Dublin Castle while ministers from the EU and the US discussed cyber crime, counter-terrorism and data protection elsewhere in the building.
Ireland’s Minister for Justice Alan Shatter chaired the EU-US ministerial meeting, as part of the Irish Presidency of the Council of the European Union, while US Attorney General Eric Holder was on hand to represent US interests.
The meeting was also attended by EU Commissioner, and Vice-President of the European Commission, Viviane Reding, who participated in the Citizens’ Dialogue in Dublin in January. Earlier this week, Reding wrote a strongly worded letter to Holder, following public outcry on the now infamous PRISM programme, in which she demanded answers on PRISM at today’s meeting.
PRISM is a data-gathering exercise by the US National Security Agency (NSA), allowed under their Foreign Intelligence Surveillance Act (FISA). PRISM essentially allows the US to spy on the communications of everyone who isn’t a US citizen, by demanding their data from tech-company giants like Google and Microsoft.
Reding asked Holder how much surveillance is conducted under PRISM, how European citizens can find out if they’ve had their data gathered, and what rights of redress European citizens will have if they have been spied on. At a press conference which otherwise focussed on the topic of victims’ rights, Reding confirmed that her questions about the functioning of PRISM were answered “very clearly” by Holder, and that she was satisfied “there has to be a court order, that it can only be done when there is a serious presumption (of) crime”. Minister Shatter also sought to assuage fears EU citizens may have of Big Brother type surveillance. He clarified that PRISM is a “particularised system which may target an individual or an organisation based on solid evidence, as opposed to a catch-all system”.
Reding expects that other areas – such as the right to redress – will be addressed in further dialogue, and Shatter stated there is “a need for greater transparency in the context of the occasions in which it is utilised”.
So is PRISM watching you? Possibly, though probably not, unless for some reason you have come to the attention of US intelligence agencies.
Today’s meeting is unlikely to draw a line under the matter, though. EU Commissioners were sharply criticised by digital rights activists earlier this year for removing a proposed anti-FISA clause from EU data protection legislation currently under debate. The clause would have prohibited the release of EU citizens’ information by tech-companies even on court order in the States. It was dropped after lobbying from the US, ostensibly to not antagonise the US in advance of trade talks, but also because the clause would arguably be ineffective. Much of the data tech-companies hold on EU citizens is stored on servers in the US anyway.
It is unlikely that a push to end the data-gathering exercise will arise at a ministerial level. Shatter stated the importance of not “inhibit(ing) either the United States or Europe’s capacity to protect its citizens from terrorism and terrorist activities”, and while Reding believes “even in security analysis the right of the citizens have to be preserved”, this “does not mean that security analysis cannot take place, it is necessary to protect our countries”.
In the wake of the PRISM scandal, however, it seems possible that Members of the European Parliament’s Civil Liberties Committee could re-introduce the anti-FISA clause when it amends the data protection legislation in July. If this happens, it will fall to the next country hosting the Presidency of the Council of the European Union – Lithuania – to negotiate a compromise between the Commission, the Parliament, and the United States. Either way, it promises to be an interesting debate for many months to come.