While the rest of the world looks on, rightly aghast at the revelations that the United States National Security Agency (NSA) has been spying on some 200 million of its own citizens’ every move, most should also be aware that not only are their own governments likely engaged in similar activity (if not on quite the scale achieved by the NSA), but that the NSA itself has access to huge amounts of their personal information and internet behaviour. Furthermore, many governments, notably the British government, appear to have used this data to circumvent national data protection laws.
The Patriot Act
The international scope of the US Patriot Act, pushed through in the aftermath of 9/11, and the legal basis upon which the NSA’s mass surveillance scheme rests, was chillingly and almost accidentally admitted by Microsoft UK at the launch of its Office 365 cloud based service in June 2011 (although it had been suspected for some time).
Managing director Gordon Frazer revealed that US companies were legally required under the Patriot Act to hand over information on their servers to US intelligence agencies, even if that information resided on servers inside the EU, and solely pertained to EU citizens. Basically, US agencies can access any data held by a US company on non-US European citizens, as longs as it has any servers inside the EU (as nearly all major US companies do).
Although he said that ‘customers would be informed wherever possible’, he also admitted that gaging orders, injunctions and US National Security Letters might not allow it.
In December last year Congress approved a five year extension to the 2008 Foreign Intelligence Surveillance Amendment (FISAA) which, in a similar manner to powers already granted under the Patriot Act, allows US agencies to access information stored in cloud databases located in the EU, but owned by US companies. This includes information about and belonging to Europeans.
All that US authorities need do is get a secret court to issue a secret surveillance order, which when presented to US company they have no option but to comply. US citizens subject to such surveillance can at least expect to treated in accordance with the Fourth Amendment (which requires probable cause), but a US judiciary subcommittee on FISAA has decided that this ‘has no relevance’ to non-US citizens who are not resident in the US.
Brussels has declared the FISAA a ‘grave risk’ to data protection and citizens’ rights, while a Directorate General for Internal Policies report described it ‘heavy-calibre mass surveillance firepower’ that could be used against EU citizens and individual everywhere.
The US government’s ambition to pry on everyone’s every action is both monumental in its ambition, and terrifying in its reach. That it seeks to trample the basic human rights it claims to hold so dear speaks not just of unbridled power, but of a hubris that must be stopped lest George Orwell’s dystopic nightmare vision of a Big Brother State end up looking like a rose-tinted fantasy.
Fortunately, as outlined in this article, there steps you can take to minimize your susceptibility to online surveillance, making it difficult enough to track your digital life that you are likely to pass unnoticed.
If everyone took these security measures then it would make the task of the likes if the NSA much more difficult, providing an effective way for ordinary people to fight back against ever more secretive and authoritarian regimes the world over.