• United States



Shaming America in Europe, US Gov’t argues against citizens’ privacy protections

Jan 22, 20137 mins
Data and Information SecurityMicrosoftSecurity

Both the European Digital Rights and the ACLU discuss a curiously odd document, with no letterhead to prove it is from the U.S. government, which seems to go out of its way to lobby more for national security and corporation rights than for better protecting Americans' privacy.

Due to the new privacy laws that the EU is working on, the ACLU’s Jay Stanley and Ben Wizner are in Europe. “Unlike the United States, Europe has a set of basic rules and institutions in place to protect individuals’ privacy, and is trying to update its existing rules and institutions for the digital age,” the ACLU wrote.

The United States needs similar protections-a basic, overarching privacy law, and institutions with the teeth to enforce it. We are an outlier in the world in lacking those things. However, some U.S. companies seem to be terrified at the prospect of basic, fair privacy rules being put into place in Europe. Not only are companies such as Facebook and Google furiously lobbying against those rules, but the U.S. government has “shocked” Europeans by also lobbying hard against many elements of this update.

Ugh, there’s no grand feeling when other countries think our nation sucks and the U.S. apparently isn’t done shocking Europe as European Digital Rights [EDRI] reported. Although there is no United States letterhead on a new lobbying document [PDF], the paper is penned “to influence the European Union’s decision making on European citizens’ fundamental right to privacy and data protection.”

Indeed, when reading the lobbying document, there were many mentions of law enforcement and how this might adversely affect sharing data. The document seems to suggest, why make new laws, when it would save a bunch of hassle to keep the old ones and simply “grandfather” them in? Perhaps there is plausible deniability since this document has nothing to prove the U.S. wrote it.

European Digital Rights wrote:

Instead of reasoned argument, the document launches straight into a bizarre range of desperate and groundless claims about how the proposals are going to lead to terrorism, financial meltdown and… the last refuge of the morally bankrupt politician… child pornography. Condescendingly, the Americans suggest that European policy makers should undertake ‘careful, thorough examination’ of the consequences of the proposals, implying that such an examination would otherwise not take place.”

Ouch. But we have seen the U.S. take this stance numerous times when it comes to anyone trying to cut down on the out-of-control spy machine that America has become. Object to mass surveillance, which is for the children of course, and instead demand privacy, then you must surely be in favor of helping terrorism and child pornography. Although you can’t see my eyes roll at that, those two scare tactic reasonings are America’s favorite cards to play here at home as well.

The lobbying document allegedly by the U.S. states [PDF], “Like the EU, the United States recognizes the need to apply out privacy principles to new, rapidly evolving technologies.” Then it pointed to the Consumer Privacy Bill of Rights [PDF] introduced by the Obama Administration, before urging the EU “to look more toward outcomes that provide meaningful protection for privacy and focus less on formalistic requirements.”

Skipping over the pro-spying, data-sharing for law enforcement agencies, the document states that instead of “regulatory processes that may lack the flexibility to adapt to rapid technological advancements,” the U.S. recommends a “more flexible approach to consent.” For example, the United States believes that “consent need not always be express, affirmative consent, and the means for individuals to communicate their choices should match the scale, scope, and sensitivity of the personal data that organization collect, use, or disclose.”

Additionally, the U.S. wants the EU to “carefully examine the proposed ‘right to be forgotten’ and ‘right to erasure’ and make appropriate modifications to avoid hampering the ability to innovate, compete, and participate in the global economy.” One might argue that many of us would like the right to be forgotten from the surveillance monster’s databases.

EDRI was on a roll, ticked in general at the audacity of United States, and reported, “Again with unintentional irony, this section of the paper makes reference to the ‘Universal Declaration of Human Rights and the International Covenant of (sic) Civil and Political Rights’. One of the main reasons that civil society rejected the OECD Communiqué was wording (pushed by the USA) which invited states to reject the rule of law and place regulation of free speech online in the hands of private companies, which would inevitably lead to breaches of, for example, Articles 17 and 19 – of the ICCPR!”

You should read the entire EDRI article which adds, “U.S. national security access to personal data, esp. in the cloud, is not subject to either meaningful substantive limitations or serious judicial oversight. Unless all of these issues are addressed, there is barely any basis for a meaningful EU-USA discussion on mutual respect for privacy and data protection.” All of this seems to the EDRI to demonstrate “a lack of willingness to address this issue seriously.”

The ACLU then let loose and wrote, “The sad fact is that the United States has gotten out of balance. Harmonization is necessary for many reasons-law enforcement agencies need to cooperate across the Atlantic, and we want businesses to work smoothly across markets. But in the United States, the political power of business … is probably now at an all-time high, distorting our pursuit of the public good in favor of corporate interests. And our national security establishment is enormous and bloated, protected by a shield of unchecked secrecy, endowed with dangerous new powers, and wields a dangerous influence on American public policy.

The job of the U.S. government abroad is to protect the interests of Americans. In Europe, instead of protecting the basic, long-term interests of its citizens, our government is protecting the narrow, short-term business interests of some companies. The U.S. is arguing that harmonization is critical-but we don’t see the administration lobbying Congress to strengthen American privacy laws-only to weaken Europeans’.

Take a look around at the state of privacy in America. Surveillance in the name of security constantly trumps privacy, so it’s hard to argue that America is pro-privacy. Corporations win over citizens as well, such as when the FBI was recently exposed for acting as the secret police for banks and Wall Street. Another example is a new recent Video Privacy Protection Act amendment that okays big business “to sell or share consumer video rental histories and data” with no written consent required from consumers. Much like how software companies such as Microsoft do it, whether you really agree or not, your choices are to accept and continue or to deny and no software for you.

You should probably take a couple minutes to read this newest lobbying document [PDF]. Sadly, it seems like the U.S. did indeed write it and then hand it over to the EU.

Like this? Here’s more posts:
  • Critical Infrastructure Malware Infections: From ICS-CERT report to SCADA Strangelove
  • Police State starts in tiny Arkansas town
  • Testing The Privacy Company Mega: 50GB free storage, 2048-bit encrypted protection
  • Bugged guesthouse: Eric Schmidt’s daughter reveals North Korea trip details
  • Don’t faint: Microsoft applauds hacker for Windows RT jailbreaking attempt
  • Oracle releases emergency Java patch; experts warn flaws may take 2 years to fix
  • Valve’s Steam Box controllers may use biometrics and gaze tracking
  • 20 Seconds to jailbreak Windows RT
  • Phys.Org Hacked, serving up malware? Google blocks site, but Bing doesn’t
  • Unpatched TRENDnet IP cameras still provide a real-time Peeping Tom paradise
  • Meet Red October, the latest cyber-spy malware for digital espionage

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.