It is a common perception that Americans care less about privacy than Europeans, especially after the attacks of September 11, and the Snowden revelations only seemed to reinforce that perception. Last week, President Obama argued that European privacy complaints are really about something else. Europeans, he said, may simply be using privacy fears as a way to protect domestic companies against Google, Facebook, and other American firms that dominate the high technology industry.
This idea is not new; it was a common refrain I heard in the White House early in Obama’s presidency. There even may be some truth in it. However, instead of questioning European motives, it would be more productive to set the record straight about how the United States stacks up against the rest of the world, including Europe, when it comes to controlling its intelligence agencies.
It is a mistake to think that European privacy objections to the practices of the NSA and Silicon Valley are simply a cynical mask for protecting domestic companies. They embody a deep European commitment to fundamental rights and the rule of law---values that are shared by the United States---and an understanding that these values require an enforceable set of rules to protect personal data.
The real issue is---what rules?
As my old colleague Carrie Cordero explained last week, Europe does have more comprehensive consumer privacy rules than the United States. She rightly points out that it does not make sense to compare European consumer rules for privacy and data protection with the American regime for overseeing national security surveillance. That is comparing apples to oranges. However, instead of simply objecting to the unfairness of this comparison, let’s compare apples to apples. How does American intelligence oversight stack up next to European intelligence oversight?
Here, the record is clear: the United States wins, hands down. A comprehensive analysis of worldwide surveillance laws undertaken by the Center for Democracy and Technology shows just how little is required in most countries around the world, including in Europe, for undertaking national security surveillance. For example, under the UK’s Regulation of Investigatory Powers Act (RIPA), such surveillance can be obtained with the approval of a Secretary of State. Germany authorizes such surveillance through a parliamentary committee. These safeguards, structurally inferior to the court orders required by FISA, have been determined by European courts to satisfy the fundamental liberties required by the European Convention on Human Rights.
What about external surveillance? New rules issued by the Obama administration under Presidential Policy Directive 28 (PPD-28) provide practical protection for the privacy of foreigners in NSA collection. These may make only modest changes to surveillance practices in the short run, but it is a mistake to see them as mere “tweaks” in surveillance policy. They are a major paradigm shift. When I served as a privacy official in the intelligence community, I had no law, executive order, or directive that told me that the privacy rights of foreigners matter. The new rules change that. The mechanisms of intelligence oversight---privacy officials and boards, inspectors general, and lawyers---now must pay attention to everyone’s privacy. No other nation has publicly committed its external intelligence services to specific rules designed to respect everyone’s privacy. Germany and many other European nations have protested NSA spying. Will their intelligence services issue oversight rules protecting the privacy not just of their own citizens, but of all of us?
On transparency, the United States wins again. While the United States continues to declassify more and more details of its intelligence operations in the wake of the Snowden revelations, European countries play catch up. Last month, a UK court that oversees UK intelligence services---the Investigatory Powers Tribunal---found in a case brought by civil liberties groups that, although its information sharing with the NSA was consistent with European human rights law, it needed to be much more transparent about the rules under which it operates.
I’m looking forward to the launch of “GCHQ on the record.”
The United States should not be shy in talking about its record on intelligence oversight, nor should it accept the premise that Europeans care more about privacy than Americans. The United States leads the world when it comes to privacy protection in intelligence activities – if only because the rest of the world’s rules are so weak. We should start talking about it.