JULY 3, 2013
BLOWN COVER: THE NSA AND THE UNRAVELING US-EU INTELLIGENCE RELATIONSHIP BY TYSON BARKER The National Security Agency (NSA) may not have grasped that its alleged surveillance of European citizens would be a major breach of the spirit of US-EU relations. Europe’s trust in the US is nevertheless subsequently in freefall. The EU response to the allegations has been measured, offering time for clarification and explanation. But if the administration does not move aggressively to stem the fallout, the damage to US soft power in Europe could be the most severe since the run-up to the Iraq war. The latest reports of NSA programs conducted in Germany and on EU institutions have created the potential for a populist backlash that could ricochet throughout the European political system by affecting US relations with the European Parliament (EP), Transatlantic Trade and Investment Partnership (TTIP) negotiations, and Germany’s September national election.
Brussels’ Baggage Europe’s problems with the US’s usage of private data didn’t just start with Edward Snowden’s recent disclosures of the NSA’s surveillance programs. In fact, navigating the highly sensitive area of intelligence sharing has been one of the front lines of the US-EU relationship under the Obama administration. Brussels became the epicenter for negotiating the contours and limits of US access to EU data. These negotiations also served as grounds for a fundamental recalibration of the US’s relationship with the EU in general and the EP in particular.
EXECUTIVE SUMMARY Recent revelations of alleged NSA surveillance of Europeans and EU offices could inflict the most severe damage on American soft power since the run up to the Iraq War. At the same time, the scandal creates the potential for a populist backlash that could frustrate a successful conclusion to TTIP negotiations. These negotiations could have been the venue through which past differences over SWIFT, PNR data and ACTA were overcome, but this possibility is imperiled. In Germany, Chancellor Angela Merkel’s tepid approach to the reports of NSA activities has blemished her crisismanagement style and raised concerns about her party’s prospects in an approaching national election.
The EP sees itself as the guardian of data protection and privacy, which are enshrined in the EU’s Charter of Fundamental Rights and considered to be more extensive than the protections afforded US citizens
under the fourth amendment to the Constitution.1 Although hardly noticed in the US, the Brussels legislature used these issues to cut its teeth on its new Lisbon Treaty powers that came into force in December 2009.2 In its first major act as the EU’s equal co-legislator on international agreements, the EP struck down an accord between the European Commission and the US on tracking terrorism financing through the SWIFT database, the global network through which almost all inter-bank financial transactions pass.3 The EP’s rejection of the SWIFT agreement caught the US national-security establishment off-guard and triggered a rapid re-orientation of US outreach toward the EP. The agreement was eventually authorized, but only after a painstaking re-negotiation that included on-site oversight by EU officials of the methods used to access the personal data of European citizens. In 2011, the re-authorization of an agreement on US usage of passenger-name-record (PNR) data led to a second major row between US and EU negotiators over data protection.4 In particular, the lack of nondiscriminatory clauses and the potential for judicial redress in US courts led to contentious negotiations between the Department of Homeland Security and some of the EP’s most vocal civil libertarians. When an agreement was finally reached in April 2012, the EP had been instrumental in drawing out greater protections and recourse for Europeans by limiting the scope of data mining and giving European passengers broader access to the management of their data.5 In 2012, the EP rejected the controversial Anti-Counterfeiting Trade Agreement (ACTA), a relatively obscure plurilateral agreement on intellectual property that was perceived by many in the EU as a vehicle for US interests.6 ACTA required no changes to current law and, as such, received no vote in Congress and little attention in the US. In Europe, however, it was a topic of heated debate. ACTA included a footnote referencing a French “three-strikes-you’re-out” law as a potential best practice for signatories seeking to step illegal online piracy. The French legislation—the “loi Hadopi”—allows governmental monitoring and enforcement of copyright laws, including the ability to penalize threetime violators with a permanent ban on Internet usage.7 In Europe, but particularly in Germany and the post-Communist states of Central and Eastern Europe, ACTA set off waves of protests in cities such as Berlin, Prague and Warsaw.8 They were the largest
1 See Charter of Fundamental Rights of the European Union.
Retrieved from: http://www.europarl.europa.eu/charter/pdf/text_en.pdf.
2 For more information regarding data protection and privacy regulation changes made under the Lisbon Treaty, see Covington & Burling LLP. (November
23, 2009). “The Lisbon Treaty and Data Protection: What’s Next for Europe’s Privacy Rules”. (Media Advisory). Retrieved from: http://www.cov.com/files/Publication/4dfffab6-0024-4ced-9c8a-2b4daab69a68/Presentation/PublicationAttachment/85521d91-d69a-4211-bdfb2ef683b239ae/The%20Lisbon%20Treaty%20and%20Data%20Protection%20%20What%E2%80%99s%20Next%20for%20Europe%E2%80%99s%20Privacy%20Rules.pdf 3 “European Parliament Rejects SWIFT deal for Sharing Bank Data with US”. (November 11, 2010). Deutsche Welle. Retrieved from: http://www.dw.de/european-parliament-rejects-swift-deal-for-sharing-bank-data-with-us/a-5239595 4 See Agreement Between the United States of America and the European Union on the Use and Transfer of Passenger Name Records to the United States Department of Homeland Security. (December 8, 2011). Retrieved from: http://register.consilium.europa.eu/pdf/en/11/st17/st17434.en11.pdf 5 European Parliament. (April 19, 2012). “Parliament Gives Green Light to Air Passenger Data Deal with the US” (Press Release). Retrieved from: http://www.europarl.europa.eu/news/en/pressroom/content/20120419IPR43404/html/Parliament-gives-green-light-to-air-passenger-data-deal-withthe-US 6 Warman, M. (July 4, 2012). “European Parliament Rejects ACTA Piracy Treaty”. The Daily Telegraph. Retrieved from: http://www.telegraph.co.uk/technology/news/9375822/European-Parliament-rejects-ACTA-piracy-treaty.html 7 “La loi Hadopi, qu’est-ce que c’est?” (June 25, 2009). L’Express. Retrieved from: http://www.lexpress.fr/actualite/media-people/media/la-loi-hadopi-quest-ce-que-c-est_512898.html. (French) 8 Lee, D. (February 11, 2012). “ACTA Protests: Thousands Take to Streets Across Europe.” BBC. Retrieved from: http://www.bbc.co.uk/news/technology16999497
demonstrations—some attracted tens of thousands—against a trans-Atlantic issue since the Iraq war. The EP salivated at the chance to reject ACTA, which it did in summer 2012. In the wake of the SWIFT, PNR and ACTA debacles, there was a growing awareness in Washington and Brussels that an embryonic framework for regulating digital commerce and intelligence gathering should be addressed head on. Negotiations on the current headline transatlantic project, TTIP, were supposed to be the venue in which this would be comprehensively addressed. That possibility has now been shattered. In fact, the entire TTIP has been placed in jeopardy. Viviane Reding, the EU’s spirited justice commissioner, has called for negotiations of the US-EU free-trade agreement to be put on hold until the extent of any surveillance of EU institutions is known.9 The French government, always lukewarm to a free-trade agreement with the US, has made similar statements.10 Some European TTIP opponents claim that any deal would be a “backdoor ACTA”. 11 They are using the reports of NSA activities as grounds to call off talks and are planning to use US data protection and privacy as a bludgeon in the EU debate on any agreement that is reached. Germany’s Elmar Brok, Chancellor Angela Merkel’s closest ally in the EP and foreign-affairs committee chairman, has openly questioned if launching TTIP negotiations in such a poisoned environment is appropriate.12 Others in the EP have gone further, stating that other recent intelligence-sharing agreements should be suspended. A delegation of EP members, due in Washington later this month, to discuss cooperation in the TTIP negotiations will undoubtedly put the NSA’s alleged activities at the top of their agenda. After vigorous consultations, the European Commission has stated that technical negotiations—slated to begin in early July in Washington—will begin as planned. TTIP’s champions in the Commission have stated that this agreement is in the EU’s self-interest as a potential source of much-needed jobs and growth. However, the Commission could undermine its own negotiating position if the EP and other legislative bodies that can reject an agreement believe the NSA scandal has not been properly addressed. Such authorities are more likely under these circumstances to reject any accord.
Bad Timing The surveillance allegations could not have come at a worse moment in Brussels. The EU is reviewing a torrent of legislation related to a comprehensive EU cyber security strategy, data protection and retention by governments, the role of cloud computing, and privacy requirements for online providers. 13 The data-protection legislation, based on a directive established in the proto-Internet era of 1995, was 9 “MEPs Call for Freezing EU-US Trade Talks over Spying Allegations”. (July 2, 2013).
EurActiv. Retrieved from: http://www.euractiv.com/globaleurope/meps-call-freezing-eu-us-trade-t-news-529020 10 See Gardner, A. (June 2, 2013). “Spying Scandal Casts Shadow on Trade Talks”. European Voice. Retrieved from: http://www.europeanvoice.com/article/2013/july/spying-scandal-casts-shadow-on-trade-talks/77731.aspx 11 See “Will the TTIP be ACTA through the Back Door?” in TTIP: Questions and Answers. European Commission. Retrieved from: http://ec.europa.eu/trade/policy/in-focus/ttip/questions-and-answers/ 12 See Deighton, B. and Breidhardt, A. (June 30, 2013). “EU Confronts U.S. over Reports it Spies on European Allies”. Reuters. Retrieved from: http://www.reuters.com/article/2013/06/30/us-usa-eu-spying-idUSBRE95T09C20130630 13 See European Commission. (February 7, 2013). “Cybersecurity Strategy of the European Union: An Open, Safe, and Secure Cyberspace”. (Joint Communication). Retrieved from: http://eeas.europa.eu/policies/eu-cyber-security/cybsec_comm_en.pdf
set to tighten requirements for online companies to protect EU citizens’ data.14 These measures include obtaining users’ explicit consent before personal data can be used for commercial analysis, tougher notification procedures if the security of personal data has been breached and tougher requirements for enforcing “right-to-be-forgotten” provisions that allow users to request the full deletion of their data from, for example, Facebook and Twitter.15 This data-protection law is the most amended and lobbied piece of legislation in EU history. More than 3,000 amendments have been debated in the EP, and companies such as Google, Facebook and Microsoft have worked hard to strip out elements they dislike. But the revelations around the cozy relationship between the US government and the commanding heights of digital industry have further fueled the debates about some of the law’s more onerous provisions. One of these, Section 42, also known as the anti-Foreign Intelligence Surveillance Act (FISA) clause, would require a legal framework for the authorization of data transfers to third countries such as the US.16 This would fundamentally slow the rate of data exchange to the US from Europe, though there are exemptions for reasons of national security. The EP has now become a hotbed of indignation, and its legislation will undoubtedly reflect this. Europe could become off limits to US intelligence, and American industry could get caught in the legal crosshairs of being forced to comply with US law or violating emerging EU law. US Internet giants such as Google, Yahoo! and Facebook face a more hostile working environment that threatens a lucrative digital relationship. Tenders by American companies offering cloud-computing services for European governments and private industry could be at risk.
Discovering Neuland In Berlin, Chancellor Merkel’s response to the allegations has reflected the caution with which she approaches major political events. At the joint press conference with President Barack Obama during his visit to Berlin, she urged a more deliberate policy on digital surveillance. Referring to onlinecommunications intelligence policy as Neuland—a German term roughly meaning “uncharted territory”—she highlighted that surveillance programs should be guided by the notion of “proportionality”, the German legal principle that contends that the state should react commensurate to a threat.17 German President Joachim Gauck has echoed this sentiment, stating that “protection must always be relative to the threat”.18 For Germans, the dragnet approach of intercepting 500 million of their discrete phone calls, emails and text messages hardly passes the proportionality test. This is especially true when compared to the two million interceptions in France under the auspices of the same program. Chancellor Merkel and President Gauck lived in the communist German Democratic Republic and have personal experience with the Stasi’s vast surveillance apparatus. Hostility to
14 European Commission. (January 25, 2012). “Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with
Regard to the Processing of Personal Data and on the Free Movement of such Data (General Data Protection Regulation)”. (2012/2011 COD). Retrieved from: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0011:FIN:EN:PDF 15 Ibid. 16 Ibid 17 “Internet Monitoring Must Have Proper Limits, Merkel tells Obama”. (June 19, 2013). Reuters. Retrieved from: http://www.reuters.com/article/2013/06/19/us-obama-berlin-monitoring-idUSBRE95I0JH20130619 18 Gauck, J. (July 1, 2013). “Reise mit dem Diplomatischen Korps nach Suedbaden”. (speech). Retrieved from: http://www.bundespraesident.de/SharedDocs/Reden/DE/Joachim-Gauck/Reden/2013/07/130701-Diplo-Ausflug.html (German).
pervasive intelligence structures is particularly acute in the East, but it also strikes a deep cord with a rising generation of millennial civil libertarians throughout Germany. Merkel’s sedate approach to the disclosures has blemished her crisis-management style, which had otherwise been popular at home. Her conservative interior minister, Hans-Peter Friedrich, stated that German outrage was motivated by a “mixture of anti-Americanism and naivety”, a gross misreading of public opinion. As a September federal election draws closer, Merkel’s potential complicity in the programs is being savaged by the center-left Social Democrat and Green parties.19 The Pirate Party, emergent in recent years in state and local elections, is beset by internal infighting and is polling well below the five-percent threshold necessary for entry into the Bundestag. But the alleged NSA activities have given the beleaguered party new impetus. The group’s core issue is at the top of the political agenda in the run-up to the September 22 election, and the Pirates are taking advantage of this by protesting the alleged surveillance and Merkel’s glacial response to it. Privately, the chancellery has voiced deep concerns about how the NSA scandal will affect her party’s electoral prospects.
Crisis of Confidence The EU has long pined for greater respect from Washington. Negotiations over data sharing were more than discrete talks on limited framework agreements. They were a vehicle by which to develop a broader strategic relationship based on equal partnership and mutual respect with a post-Lisbon Treaty EU. US officials often found the negotiations tedious and exasperating. Since 2010, the administration and members of Congress have held extensive consultations with the European Commission and waves of EP delegations to ensure them that the systems used for data collection and analysis are limited, carefully monitored, and operating under judiciously crafted and transparent guidelines. Such assurances went a long way toward repairing the US’s damaged image in Europe. The recent disclosures have obliterated much of this effort. Even while negotiating an intricate framework for the usage of narrowly defined classifications of personal data, the NSA was voraciously aggregating Europeans’ personal and institutional data across wide swaths of territory. It will be difficult to justify this action as vital to US national security. The public debate on both sides of the Atlantic has returned to the hubristic bravado characteristic of the George W. Bush era. Former NSA chief and CIA head Michael Hayden has stated that fourthamendment privacy protections are not part of an “international treaty” and that Europeans should “look first and find out what their own governments are doing”.20 For their part, Europeans brandish images from the 2007 German film “The Lives of Others”, which explored the deep human impact of pervasive surveillance in authoritarian East Germany. In their eyes, USA stands for “United Stasi of America.”21 19 Steininger, M. (July 2, 2013). “Merkel Under Fire as Germany Seethes over NSA Spying”.
Christian Science Monitor. Retrieved from: http://www.csmonitor.com/World/Europe/2013/0702/Merkel-under-fire-as-Germany-seethes-over-NSA-spying 20 Boerma, L. (June 30, 2013). “Former NSA, CIA Director: ‘The United States Does Conduct Espionage’”. CBS News. Retrieved from: http://www.cbsnews.com/8301-3460_162-57591682/former-nsa-cia-director-the-united-states-does-conduct-espionage/ 21 Ellsberg, D. (June 10, 2013). “Edward Snowden: Savings us from the United Stasi of America”. The Guardian. Retrieved from: http://www.guardian.co.uk/commentisfree/2013/jun/10/edward-snowden-united-stasi-america
Secretary of State John Kerry’s comment that the NSA’s alleged activities were “not unusual” reflects the indifference with which the US has treated the EU’s governing pathos.22 This apathy could now lead to a crisis of confidence. The Obama administration has touted the reparation of US’s global soft power as one of its greatest foreign-policy achievements. How it handles relations with Europe in its wake could demonstrate whether that achievement is enduring.
Tyson Barker is director of trans-Atlantic relations at the Washington, DC-based Bertelsmann Foundation. tyson.barker@bfna.org
22 Sink, J. (July 1, 2013). “Kerry Calls Spying on Allies ‘Not Unusual’, Downplays EU Claims”.
The Hill. Retrieved from: http://thehill.com/blogs/globalaffairs/europe/308669-kerry-downplays-report-that-nsa-bugging-european-allies-as-not-unusual