October 21, 2013

By: Kelly Diamond, Publisher

The EU is in an uproar over the Snowden revelations, and rightfully so.

The EU measures currently in place as well as the ones coming up for a vote aren’t and won’t do much to solve the privacy issues they already have with the United States. 

All Bark, No BiteThe Guardian UK wrote this piece which had me encouraged for all of about five minutes before it all unraveled with the words of the very people trying to push it through.  The EU wants to “curb” the transfer of data between the EU nations and the US, which is noble in theory, but rather absurd in practice, given the GAPING loopholes no one wants to address.

The fines could be in the BILLIONS for noncompliance to the emerging rules the EU is about to lay down!  Well, O.K.! 

“The draft would make it harder for the big US internet servers and social media providers to transfer European data to third countries, subject them to EU law rather than secret American court orders, and authorize singeing fines possibly running into the billions for the first time for not complying with the new rules.”

“The new rules, if agreed, would ban the transfer of data unless based on EU law or under a new transatlantic pact with the Americans complying with EU law.”

No question, the exposure of U.S. violations of EU government privacy was a rather embarrassing event: one that has the EU up in arms, but understandably has the EU citizens rather concerned as well.  As a leverage tactic, they want to tightly restrict the data transfer of information of EU citizens to the US.  A sort of, “Get your act together and reign in your surveillance nonsense, or you aren’t getting this customer base.”  Rather good power play, as statists go with their regulations and magical laws.  (Because after all, once you make something illegal, those shenanigans just stop.  Look at the Drug War!  Oh wait… never mind…)

One of the loopholes is “national security”.  That is the trump card played by every government who wants more information on individuals.  It’s like the “Because I’m your mother/father” play of governments on one another. 

“The EU has no powers over national or European security, for example, nor its own proper intelligence or security services, which are jealously guarded national prerogatives. National security can be and is invoked to ignore and bypass EU rules.”

Viviane Reding, the EU’s commissioner for justice and the leading advocate in Brussels of a new system securing individuals’ rights to privacy and data protection says, “On the basis of the US Patriot Act, US authorities are asking US companies based in Europe to hand over the data of EU citizens. This is however – according to EU law – illegal.  The problem is that when these companies are faced with a request whether to comply with EU or US law, they will usually opt for the American law. Because in the end this is a question of power.”

Well shit.  Checkmate, I guess!

It doesn’t end there.  If any of you are familiar with the “Safe Harbour Accord”, that is the supposed to be a “self-imposed” set of privacy regulations that are meant to keep the transfer of EU citizens’ information secure.  If, god-forbid, any of you actually thought the Safe Harbour seal meant anything, you would be wrong.

There are several false claims of companies who say they subscribe to this accord.  They have poorly doctored logos on their websites, which to the untrained eye, might look as legitimate as any other government seal.  According to the EU Observer, “Christopher Connolly, a director at Galexia, an Australian-based consulting company on internet law and privacy, told the European Parliament’s civil liberties committee on Monday (7 October) that ‘many claims of Safe Harbour membership are false.’  Galaxia research found over 200 false claims in 2008. This had increased to 427 in September 2013.”

To show how effective Safe Harbour is, privacy advocates have been pleading with the FTC (Federal Trade Commission) to investigate the bogus claims of companies who say they participate in this accord; and with six cases filed, not one sanction resulted.

Here are some of the other chasms in the accord that render it utterly useless (but totally praiseworthy of the FTC):

  • Approximately 30% of these supposed self-regulated members of Safe Harbor do not provide any information on dispute resolution options (which is in violation of the Safe Harbour rules).
  • Those who display resolution options direct people to agencies which charge thousands of dollars to file a complaint.  “Over 460 members cite the American Arbitration Association as their dispute resolution provider, which charges the person filing the complaint between $120 and $1,200 per hour with a four-hour minimum charge plus a $950 administration fee.”  Which I’m sure private citizens are only too eager to shell out to track and trace a business for NOT protecting their privacy… after their privacy was already violated. 
  • It has no provisions to stop NSA-type activities from snooping on EU citizens.  (You know, kinda like the Drug War I mentioned, where it can’t stop the big perps from doing their thing…)
  • Financial records, data records, travel records, and data and voice carried by US telecommunications providers are excluded from Safe Harbour jurisdiction.  Which begs the question: why even bother?

Your information is going to get into the hands of the US government.  That’s just an inevitability.  And clearly, the US isn’t restricting its scope to just its own citizens.  If they are willing to spy internationally on other governments, then certainly their citizens are not immune. 

So all the righteous indignation of the EU regulators is really just a bunch of yapping by a toothless dog.  IF you are going to be a country… or a union of countries… you would think that economic leverage would be something easily leveled without equivocation against a country that has all but treated you like garbage.  Alas, no.  No one has the guts to stand up to the US.