European authorities have known since mid-2011 that the US could conduct surveillance on EU citizens. But experts say that European countries had little interest in picking a fight with their ally in Washington.
There has been widespread outrage in Europe over the scope of the National Security Agency's PRISM surveillance program. European experts, however, are not surprised by American whistleblower Edward Snowden's revelations.
"What Snowden revealed about PRISM was already known to certain well-connected people for a long time," Benjamin Bergemann, the author of the German blog netzpolitik.org and a member of the Digitale Gesellschaft (Digital Society) e.V., told DW.
The European Parliament commissioned a report in 2012, which showed that US authorities had been able theoretically to access European citizens' data since 2008. The report's authors were hard on European authorities.
In the EU, there was no awareness that mass political surveillance was possible, according to the authors of the study. Incredibly, since 2011 "neither the EU Commission nor the national lawmakers nor the European Parliament had any knowledge of FISAAA 1881a."
FISAAA 1881a refers to a section of a 2008 amendment to the US Foreign Intelligence Surveillance Act of 1978. That section of the 2008 amendment empowers US spy agencies to collect information stored by American cloud computing providers.
The authors of the EU study warned that US authorities had access to the data of non-US citizens in these so-called data clouds. The report came to the devastating conclusion that the EU was failing to protect its citizens.
Focus on China and Russia
Europeans had long invested their energy in the fight for consumer protection in the Internet and against cyber crime, according to Julien Jeandesboz of the Centre d'Etudes sur les Conflits. Jeandesboz said that the focus in the EU was not on state-sponsored threats to its citizens.
"The focus is on cyber crime, on identity theft but also on the regulation of company behavior," said Jeandesboz. "And when it comes to state-linked issues the concern was much more with the actions and activities of government-sponsored hacking, like the red hacker activities from Chinese operatives or from Russia."
Jeandesboz believes that political motivations explain the EU's blind eye to US spy activities. The Patriot Act, which gave Washington broad wiretapping authority after the September 11, 2001 attacks, was controversial and publicly discussed in the EU.
"It’s one thing to take measures against non-state actors, ‘cyber criminals’ if you want to call them," argued Jeandesboz. "It’s another thing to take action against the US Government, which at the end of the day is an ally of most EU governments, a very strong trade partner and the provider of internet access and internet services for the entire planet. It’s a very delicate matter."
European intelligence agencies complicit?
According to Britain's Guardian newspaper, European intelligence agencies may have profited from the Americans' surveillance activities. The Guardian reported that Britain's equivalent to the NSA, GCHQ, appears to have made use of American intelligence gleaned from PRISM.
Every European user of Facebook and Google should be aware that their data may be subject to PRISM, said blogger Benjamin Bergemann.
"One could say, 'what interest does the US have in me?' But one should not forget that the European criminal justice systems have an interest in such surveillance and so a coalition of interests could form," Bergemann said.
EU citizens' rights violated
While Internet users in Europe can sue in court for the control of their own data, no such legal right exists in the US. And European law is at a loss when it comes to transnational data transfers.
According to Nicolas Hernanz of the Center for European Policy Studies in Brussels, many laws that are passed in the US now also affect EU citizens: "In the EU, each individual has the right to control their own data. So it’s striking to see that a lot of policies are made in the United States that apply to EU citizens where basically the right to be the sole proprietor of your own data is thrown into the trash can."
US lobbyists have managed numerous times to water down tough data protection provisions in EU treaties, according to Bergemann. He hopes that the importance of data protection and privacy will be reflected in pending EU legislative initiatives.
Jeandesboz believes that this is an issue of central importance: "If the discovery of PRISM doesn’t contribute to a thriving public debate, then maybe I’m too pessimistic here, but then nothing will - because we’re dealing with data collection on a massive scale that we thought was possible but not actual."
Jeandesboz said that Europeans need to stand up for their legal tradition in the face of the US. Otherwise, more civil liberties could be sacrificed for security.
"The fear of terrorism and the preventative security concept have reached their high point," said blogger Benjamin Bergemann.
Data protection directive
There are many proposals for how the EU can protect its citizens from US surveillance. But there is little unity in the 27-member bloc. A data protection directive, which is supposed to be passed before the 2014 EU elections, has been vigorously debated.
EU parliamentarians have proposed several changes to the directive. One proposal would flag American web services, warning EU users that the site is governed by US law and could be under the control of US authorities. Another proposal would extend protection to the whistleblower Edward Snowden.
Disturbing trends in Europe
At the very least, political pressure would be placed on the US if Washington were forced to sign a law enforcement treaty with the EU. But not even that exists at the moment. And experts warn that pointing the finger across the pond is not enough.
Within the EU too, there has to be a discussion about whether or not data protection should be sacrificed to counterterrorism, the experts say. The concept of preventive security is gaining more weight in the EU too, according to Bergemann.
"The telecommunications providers have been forced to set up an electronic interface for the authorities so that IP addresses can be retrieved," Bergemann said. "These trends also exist in Europe."