For William Hague, the purpose of yesterday’s House of Commons statement was to allay fears that Britain’s security services piggyback on the privacy invasions of their less legally circumscribed US counterparts.
Taking care to give little away, the Foreign Secretary described such suggestions as “baseless” and talked convincingly of a system replete with checks and balances.
But even if our own spies are models of integrity, and our own laws paradigms of privacy-protection, the less stringent standards in the US are hardly less of a cause for concern.
Yes, we live in a dangerous world. Just weeks after the Woolwich murder and the Boston bombing, it would be difficult to maintain otherwise. A degree of privacy is therefore compromised, in the interests of mutual security. But this is no binary choice, it is a balance to be struck; and the latest revelations from the US suggest that the scales have tipped too far.
It is nonsense that the National Security Agency’s blanket monitoring of non-US citizens’ internet activity is necessary to combat terrorism. The majority of attacks are homegrown. Moreover, the fact that the same indiscriminate approach is not applied to US residents indicates Washington is well aware how badly such measures play with voters. But while NSA access to telephone records raised questions for the US, the Prism internet surveillance system raises questions for everyone else. It is also an incidence of gross overreach.
At this stage, there is some dispute about Prism. The companies involved – Google, Facebook, Skype et al – deny that the NSA has access to their servers. But the broader issue remains pertinent regardless of the specifics.
Europe and the US have been at loggerheads over data protection for more than a decade. In the past few months alone, EU proposals for new rules have provoked a storm of protest from US internet giants and warnings of a “trade war” from its diplomats. The latest insights only add fuel to the fire, even more so given that talks are set to start on a groundbreaking EU/US trade pact next month and American technology companies are lobbying for a watering down of the Commission proposals as part of the deal.
Much as trade liberalisation is to be welcomed, Brussels must stick to its guns on matters of privacy. Data hoards that were troubling enough in the context of commercial activity are more unacceptable still when potentially accessible by the US government – or, indeed, any government. Nor is it enough to claim that the innocent have nothing to fear. The internet requires the fundamentals of privacy and ownership to be re-written. These new principles must be clarified in law, not allowed to drift, guided by considerations of national security alone. Such concerns are neither wrong, nor necessarily malevolent; but they are limited.
Even if enough of an agreement can be reached to allow an EU/US deal to go ahead – by drawing a line around matters of national security, perhaps – the problem is unlikely to be solved. With US companies so dominant online, however, they cannot be fudged forever. Indeed, even as we are spooked by foreign ownership of British infrastructure, foreign ownership of vast swathes of personal data – the potential uses of which can barely be imagined – is going ahead largely unchecked.
There is, then, a compelling case for global rules on data usage by which all internet companies would be bound. Such things take time, though. In the meantime, the US must take care not to ruin one of its most successful industries. Internet users may flock to Google and the rest now, but a non-American, NSA-free rival might find itself with a competitive advantage