VIENNA/BRUSSELS: Europeans reacted angrily to revelations that US authorities had tapped the servers of internet companies for personal data, saying they confirmed their worst fears about American Web giants and showed tighter regulations were needed.
In Washington, the US spy chief lashed out at the media yesterday for “reckless disclosures” about vast data mining programmes that trawl through phone and Internet records, defending them as indispensable tools to combat terror.
“Over the last week we have seen reckless disclosures of intelligence community measures used to keep Americans safe,” Director of National Intelligence James Clapper said in a statement.
The Washington Post and the Guardian aroused outrage with reports that the National Security Agency (NSA) and FBI had accessed central servers of Google, Facebook and others and gathered millions of phone users’ data.
Europe, which lacks internet giants of its own, has long yearned to contain the power of the US titans that dominate the Web, and privacy-focused Germany was quick to condemn their co-operation with the US security services.
“The US government must provide clarity regarding these monstrous allegations of total monitoring of various telecommunications and Internet services,” said Peter Schaar, German data protection and freedom of information commissioner.
“Statements from the US government that the monitoring was not aimed at US citizens but only against persons outside the United States do not reassure me at all.” The Post said the secret programme involving the internet companies, code-named PRISM and established under president George W Bush, had seen “exponential growth” during the past several years under Barack Obama.
Some of the companies named in the article have denied the government had “direct access” to their central servers. Nevertheless, the justice minister for the German state of Hesse, Joerg-Uwe Hahn, called for a boycott of the companies involved.
“I am amazed at the flippant way in which companies such as Google and Microsoft seem to treat their users’ data,” he told the Handelsblatt newspaper. “Anyone who doesn’t want that to happen should switch providers.”
The European Union has struggled to assert its citizens’ rights to privacy in the United States for almost a decade. Transatlantic agreements on sharing the financial and travel data of European citizens have taken years to complete, and the European Union is now trying to modernise an almost 20-year-old privacy law to strengthen Europeans’ rights.
International concerns also echoed beyond Europe.
In Australia, the conservative opposition said it was “very troubled” and had voiced concern to US diplomats in Canberra about what it called large-scale, covert surveillance of private data belonging to foreigners.
“There is a massive global trend to cloud services,” said opposition communications spokesman Malcolm Turnbull, noting that the vast majority of providers were U.S. firms.
Fears about the security of data held on US servers have already been a major factor in slow European adoption of “cloud” computing services, in which computing-intensive applications are done by central providers in large server farms.
The US Patriot Act, signed into law after the September 11, 2001, attacks on the country, gave US intelligence agencies significant new powers of data surveillance and had been a focal point of resistance.
“You hear more concerns in Europe than in the US, about the Patriot Act in particular. PRISM just enhances those concerns,” said Mark Watts, a partner in London law firm Bristows specialising in privacy and data compliance.
Europe has tried to protect its citizens by imposing restrictions on the export of data to third countries without strong data protection laws, which can include the United States — but Bristows’ Watts said these were easy to get around.
European Justice Commissioner and Vice President Viviane Reding said: “This case shows that a clear legal framework for the protection of personal data is not a luxury or constraint but a fundamental right.”
Reding, who has been trying to push through an update to Europe’s data protection laws for 18 months, noted that EU government leaders meeting in the European Council had been able to agree the Data Retention Directive relatively quickly.
Their action on the 2006 directive, which stipulates that phone and internet companies must store records to help in fighting serious crime, showed they could act fast when limiting civil liberties. “It is time for the Council to prove it can act with the same speed and determination on a file which strengthens such rights,” she said in an emailed statement.
