The PRISM scandal gets bigger

By EDRi · July 17, 2013

This article is also available in:
Deutsch: [PRISM-Skandal weitet sich immer mehr aus |]

Privacy campaigners have filed claims against Prism and Tempora, the US
and British spy programmes that allow intelligence agencies to gather,
store and share data on millions of innocent people.

Privacy International has submitted a claim to the Investigatory Powers
Tribunal (IPT), hoping for a public hearing and early rulings, due to
the seriousness of the issue. Privacy International’s statement refers
to the Prism programme, which allows the NSA to intercept the
communications of non-US citizens living outside America from global
Internet companies such as Google, Facebook and Yahoo. It transpires
that this information has been shared with the UK agency GCHQ. Privacy
International also ask for a temporary injunction against the Tempora
programme, which allows GCHQ to tap into the transatlantic fibre-optic
cables used for telephone and Internet services and gather large amounts
of sensitive data.

“If UK authorities are to be permitted to access such information in
relation to those located in the UK in secret and without their
knowledge or consent, the European convention on human rights (ECHR)
requires there to be a legal regime in place which contains sufficient
safeguards against abuse of power and arbitrary use. There is no such
regime,” says PI’s statement.

Also, emails and phone calls made in the UK that pass electronically
through the US can be intercepted by the NSA, which has access to these
data as well. Moreover, the UK agency, by accessing the US programme,
can “obtain private information about UK citizens without having to
comply with any requirements of RIPA (the Regulation of Investigatory
Powers Act)”

Privacy International intended to file the claim in the Administrative
Court, which would have had public proceedings. They were however forced
to file the claim with the IPT, a secret tribunal that does not make its
proceedings public and does not have to give reasons for its decisions.

“One of the underlying tenets of law in a democratic society is the
accessibility and foreseeability of a law. If there is no way for
citizens to know of the existence, interpretation, or execution of a
law, then the law is effectively secret. And secret law is not law. It
is a fundamental breach of the social contract if the government can
operate with unrestrained power in such an arbitrary fashion,” said Eric
King, head of research at Privacy International.

The civil rights group Liberty has also made a complaint to the IPT. The
group believes its own electronic communications and those of its staff
may have been unlawfully intercepted by the security services and GCHQ.

In the US, a broad coalition of organizations teamed up for a freedom of
association lawsuit. The coalition filed a suit against the National
Security Agency (NSA) for the violation of the First Amendment right of
association by illegally collecting their call records. The coalition is
represented by the Electronic Frontier Foundation (EFF), a digital
rights group, also a member of EDRi, with years of experience in
fighting illegal government surveillance in the courts.

To make things worse, the PRISM scandal continues after the Guardian
revealed documents disclosed by former NSA employee Edward Snowden that
appear to show that Microsoft collaborated with US intelligence services
to allow users’ communications to be intercepted, including helping the
NSA to circumvent the company’s own encryption.

The documents appear to show that Microsoft collaborated with the FBI
and CIA and the material collected through Prism is shared by all three
agencies. Skype was revealed as one source of information.

“This makes it clear that trusting Microsoft with your critical company
data is downright negligent. In both the public and the private sector,
those responsible for security and data protection urgently need to take
action to protect their organisations, customers and clients,” says
Karsten Gerloff, President of the Free Software Foundation Europe.

In its statement to the Guardian, Microsoft said that its “compliance
team examines all demands very closely, and we reject them if we believe
they aren’t valid”. Also, that the company said that it only complies
with “orders about specific accounts or identifiers”, “would not respond
to the kind of blanket orders discussed in the press over the past few
weeks, as the volumes documented in (its) most recent disclosure clearly

The company added: “when we upgrade or update products, legal
obligations may in some circumstances require that we maintain the
ability to provide information in response to a law enforcement or
national security request. There are aspects of this debate that we wish
we were able to discuss more freely. That’s why we’ve argued for
additional transparency that would help everyone understand and debate
these important issues.”

US and UK are not alone in this electronic information gathering
race. France is not that far behind. Le Monde has also revealed that
DGSE (Direction générale de la sécurité extérieure) systematically
collect electromagnetic signals from computers and phones in France
including the traffic between French citizens and people abroad.
Information from emails, telephone calls, access to Facebook or Twitter
are then stored for long periods of time. The database can be accessed
by all French intelligence services.

Revelations on French Big Brother (only in French, update 7.07.2013)

NSA and GCHQ spy programmes face legal challenge (8.07.2013)

Privacy International files legal challenge against UK government over
mass surveillance programmes (8.07.2013)

New Snowden leak: Storing your data at Microsoft is negligent

How Microsoft handed the NSA access to encrypted messages (12.07.2013)

Unitarian Church, Gun Groups Join EFF to Sue NSA Over Illegal
Surveillance (16.07.2013)