Collaboration SuitesRegulationSecuritySoftwareWorkspace

European Commission ‘Concerned’ At PRISM Privacy Threat

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Commissioners Viviane Reding and Cecilia Malmström express their concern about US mass surveillance

The European Commission has expressed concern about the controversial US PRISM initiative, which was revealed to have targeted personal data of non-US citizens by working with Internet giants.

The Commission said, in a statement sent to TechWeekEurope, it was going to demand more information from US officials.

Last week, leaks to the Guardian and the Washington Post indicated tech giants, including Facebook, Google, Microsoft and Yahoo, had agreed to let the National Security Agency (NSA) access their servers to get data for investigations into terrorist activity.

The revelations came a day after Verizon was shown to have granted the NSA access to comms data of its customers.

Whilst the US government has not denied the existence and broad nature of PRISM’s data snooping, Britain’s GCHQ has also reportedly gained access to PRISM data.

Fotolia: Technology Security © freshidea #39053413European Commission comments

At first the European Commission was reticent, but has felt compelled to talk given the potential impact on EU citizens. It has come at a time when the EU is trying to decide on new privacy laws, as the Commission tries to enforce tougher penalties on companies that fail to respect privacy.

The Commission promised to seek more details on PRISM from the US authorities.

“We have seen the media reports and we are of course concerned for possible consequences on EU citizens’ privacy. For the moment it is too early to draw any conclusion or to comment further,” said home affairs commissioner Cecilia Malmström.

“This case shows that a clear legal framework for the protection of personal data is not a luxury or constraint but a fundamental right. This is the spirit of the EU’s data protection reform,” added EU justice commissioner Viviane Reding, who urged ministers to push through her privacy reforms.

Tech titans’ responses

Meanwhile, the CEOs of both Facebook and Google issued stern denials of collusion with the US government on its PRISM surveillance initiative. Facebook CEO Mark Zuckerberg labelled the press reports “outrageous”.

“Facebook is not and has never been part of any program to give the US or any other government direct access to our servers,” Zuckerberg said on Friday.

“We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn’t even heard of PRISM before yesterday.

“We will continue fighting aggressively to keep your information safe and secure.”

In a joint statement, Google CEO Larry Page and David Drummond, chief legal officer, said they had not heard of a programme called PRISM either, although it is unlikely the NSA would have divulged the name of the project anyway.

“We provide user data to governments only in accordance with the law,” they said. “Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period.”

Backing up what Zuckerberg said, Google argued for greater transparency from governments. They all said they only handed over information when they had reviewed requests and determined they followed the correct processes.

As for the UK, a document seen by the Guardian suggested GCHQ was able to access intelligence from the US PRISM operation since June 2010 at the latest. The intelligence body generated 197 intelligence reports from PRISM intelligence last year.

Former foreign secretary Sir Malcolm Rifkind suggested GCHQ could have broken the law if it had acquired data on citizens without asking for ministerial approval.

Foreign secretary William Hague said claims GCHQ was circumventing the law to get at data were “nonsense”. He is due to make a statement later today on PRISM and the UK’s use of it.

The individual behind the leaks has been revealed as Edward Snowden, 29-year-old former technical assistant for the CIA. He works for defence contractor Booz Allen Hamilton – and is currently holed up in a Hong Kong hotel.

Are you a pedant on privacy? Try our quiz!