Transatlantic Torpedo against EU privacy

Without much general awareness of the larger public, there are fresh American plans to choke an expected update of EU data protection laws. The plan is using a trade funnel torpedo and the fiction of non-tarrif trade discrimination. Sure, the current policy drift towards privacy/digital rights leads to a stronger position of Europe to defend the privacy of its citizens abroad. The midterm counter-measure proposed by the Americans would be IDEA:

“We suggest that the EU and the U.S. initiate negotiations over an International Digital Economy Accord (IDEA) based on the principle of the free flow of information. … The IDEA should address market access related problems, non-tariff barriers and service regulations. The exact design and content of the IDEA must of course be the subject of negotiations between the countries that have decided to join the “coalition of the willing” negotiating this agreement.

The negotiating agenda should reflect the practical concerns and experiences of firms engaged in the cross-border digital economy. Concerns related to the information, communications.
and technology (ICT) sector are numerous, especially since trade in ICT goods and services support the whole economy.

What is the perceived problem?

The ability of companies to process data and deliver services internationally is under serious threat. Regulators in many countries increasingly require personal data to be maintained on servers in the home jurisdiction. It is sometimes required that offshore services be relocated to the importing country and, in the case of China, data-processing hubs are obliged to be located within the regulated markets. Moreover, users of international digital services are being challenged more and more by national regulations on issues of data management, digital rights, data privacy and the location of commercial data, with growing nationalist pressures everywhere to use local services suppliers in these areas in order to generate local jobs.

And the solution: abolish data sovereignty:

The IDEA would seek to prohibit any requirements to locate information technology (IT) infrastructure (e.g. servers) within the domestic jurisdiction as a condition of permission to process data or to provide digital services. The IDEA would also encourage international harmonization of data privacy requirements, and encourage the adoption of internationally accepted security frameworks and the use of third party auditors to reassure regulators that data is properly protected without the need for cross-border restrictions.

The agreement could take various forms. Ideally it would be an agreement that provides for a negotiating mechanism to continually update its content, since the digital-economy changes quickly.”

I makes you wonder whether they forgot the SWIFT spying scandal where the United States had unauthorised access to highly sensitive European financial transaction data, simply because mirror servers were operating in the United States.

Advertisement

Read Full Post »

Parliament sets SWIFT conditions

Don’t these conditions sound reasonable, conditions for sharing SWIFT financial transaction data with the United States for anti-terrorism purposes:

On the issue of bank data transfers, Parliament argues in a resolution adopted by show of hands, that bulk data transfers infringe EU legislation.  It urges the Council and Commission to “address this issue properly in the negotiations”.  In addition, the new agreement should include “strict implementation and supervision safeguards, monitored by an appropriate EU-appointed authority” on the day-to-day extraction of and use by the US authorities of all such data. The maximum storage period must not exceed five years and the data may not be disclosed to third countries. [MEPs] believe that “the option offering the highest level of guarantees” would be to allow for the extraction of data to take place on EU soil, in EU or joint EU-US facilities. In the medium term, an EU judicial authority should oversee the extraction of data in the EU. Meanwhile, select EU personnel should take part in the oversight of the extraction process in the USA.

Reciprocity would require the Americans to allow EU authorities to obtain and use data stored in servers in the US.

The scandal was that EU member states agreed before on a deal which didn’t meet these simple conditions as I covered on this blog before. Parliament rejected the previous deal. US VP Biden was yesterday in Brussels and addressed the European Parliament.

Read Full Post »

SWIFT vote

The SWIFT interim agreement was rejected by the European Parliament with 378 votes to 196. Standing ovations. That is a strong message and indicates that members understood how outrageous the proposal was.

• BBC News with the full stream of the debate from yesterday
• Deutsche Welle (English)
• Wall Street Journal
• Financial Times Deutschland Kommentar
• Bloomberg

In German TV news Markus Ferber and Martin Schulz strongly criticised the American pressure, and expressed great institutional satisfaction. Martin Schulz criticised the ‘arrogancy’ of the Council ministers of interiour. Alexander Alvaro expressed similar concerns before.

Read Full Post »

European Parliament SWIFT draft report reveals it is about bulk data proliferation

The intergovernmental agreement is about bulk transfer of data, crazy:

On the principle of proportionality: SWIFT cannot, for technical and governance reasons, search the ‘content’ of the messages, and thus cannot search data based on criteria like names, addresses and/or invoice numbers of individuals. Therefore if SWIFT were to receive a (Article 4, FMDA) request to produce data related to e.g. an individual, SWIFT will not be able to produce that specific data because of technical reasons. SWIFT could provide instead ‘data in bulk’. These messages may eventually contain the specific data (e.g. the name or the address of an individual) that the authority needs for counter terrorism purposes. So, by the very nature of SWIFT it is not possible to refer to so-called limited requests.

The above-mentioned implies that SWIFT has to transfer all, or virtually all, of its data to US Treasury. That violates the basic principles of data protection law, i.e. the principles of necessity and proportionality. This cannot be subsequently rectified by mechanisms of oversight and control.

Read Full Post »

Why SWIFT data proliferation is counter-terrorism gone worse

Brusselsblogger makes a very good case why the European Parliament has to reject the SWIFT data proliferation deal this week, despite the aggressive moves from the United States diplomatic corps to keep the interim agreement. The PR machine is running full speed, we are told how indispensable the date results were in the fight against terrorism for our domestic law enforcement purposes. While terrorism alone cannot disrupt our financial markets the SWIFT data proliferation bears the potential to achieve that. Let me add another two aspects to the great Brusselsblogger analysis:

I. The missing larger context argument: Europe currently suffers from an unprecedented post-War financial crisis. It is founded in permissive financial market regulations and US financial stimulus in the aftermath of the very Islamic terrorist attack. The loss of financial market confidence affects European families and the financial stability of European economies such as Greece, Spain and others. Some European nations are close to national bankruptcy, some neighboring countries like Iceland passed that stage

A rejection of the proposed SWIFT financial data proliferation agreement would sent a strong message to citizens that policy makers take a more sensitive approach towards financial regulation. Given that US counter-terrorism context of the current financial crisis it can hardly be understood that a Spanish Presidency takes a permissive approach, and some European decision makers still believe that anti-terrorism uses of the date out-weight the malpractice, irresponsible administration of toxic data.

II. The financial bulk data could be used for US business espionage and cause devastating effects on the financial market and financial market confidence. Furthermore the agreement is lukewarm in its permission to share such data with other nations, which may be more aware of the toxic nature of the data and seek their advantage. By all means European policy makers have to prevent a financial data crisis, that is undermining trust in electronic financial data transactions by opening pandora’s box.

It is not about “privacy” of citizens as the news agencies report, that is really the minor concern. A majority of European policy makers fully agrees in principles to use the data for anti-terrorism requests from law enforcement agencies (which requires careful administration and strongest safeguards).

In a conventional narrative our personal “privacy” interests would be weighted against public “security” interests of our government which seeks to counter terrorism and other serious crimes. Some politicians and media observers think along these lines which are on a lower level. Here the general trust in financial transaction services, our  European financial transaction markets are at stake.

Read Full Post »

Kennard goes Mad Rhino on SWIFT

The new US ambassador to the European Union William Kennard applies a mad rhino strategy, he blackmails members of the European Parliament, the Financial Times Deutschland quoted from a letter his office sent to the group leaders:

“Wenn das Europäische Parlament das Abkommen kippt, bin ich nicht sicher, ob die Washingtoner Behörden wieder entscheiden würden, diese Angelegenheit auf EU-Ebene zu adressieren”

Now AFP has the same quote:

“If the European parliament overturns the agreement, I am unsure whether Washington agencies would again decide to address this issue at EU level”

He indicates the US would negotiate a bilateral agreement instead. Of course it seems legally impossible for member states to enter bilateral agreements and member states would be reluctant to follow that path. Hillary Clinton reportedly phoned Catherine Ashton(?!) and Parliament President Jerzy Buzek. I am sure Buzek and the other members will teach them manners.

And here is a fresh consultation.

Read Full Post »

Further questions on SWIFT-Agreement in LIBE

Quick notes: Today the Spanish minister is grilled over SWIFT in LIBE.

MEP Albrecht for instance stressed an alleged incompatibility of the prolonged agreement with the national constitutional order without getting into details, obviously he has a scrutiny process in mind. Council statement a “nonsequi” another member said and highlighted a contradiction concerning SWIFT adoption, that on the one hand Parliament has to be heard but on the other hand member states argue  parliament intervention may not effect the agreement conclusion.

All of the members seem to be pretty upset about the Council take on SWIFT. My notes on the second minister response:

The Council decided on the substance of Swift.

On the decision substance..

Perview of parliament

Period of change

Extending something which already existst

SWift is under restructuring.

Information from North American can not be given, prior

No itention whatsoever of extracting information.

2 question

30 Nov deadline legal base to maintain of that system, just extentions
under international law impossible to postpone because unilateral decision

this parliament would decide

security and data protection in particular.

in line with charter

time to get information, listen to experts, solid alternative, only intention behind.

NO decision on the substance, No change to status quot, just extention, this parliament will decide.

Highlevel-WG set up between EU and US, soon reports.

Aware of concerns data protection

Has to be debated HERE in the chamber.

Experts telling SWIFT measures very effective in fight against terrorism.

Apparently still no one seems aware of the “business espionage” toxic mix concerning SWIFT data.

A few quick questions that come to my mind:

• members of US-EU HLG?
• legal base of US-EU HLG = really a “HLG” in the Com sense?
• Presidency aware that SWIFT is non-governmental?
• “extention” in what way?

A rapporteur is assigned for SWIFT (MEP Hennis-Plassaert), PNR (MEP in ‘t Veld, ALDE) etc. LIBE will write to the Legal Service in a fast-track procedure on the substance of SWIFT

Read Full Post »

Ergänzung zum Swift Spiegelartikel

Gestern hatte ich schon was geschrieben über die vom Spiegel nur konstruierte Unstimmigkeit. Der Ralf Bendrath ergänzt im Blog von Markus:

“Das am 30.11. beschlossene SWIFT-Abkommen erlaubt keine “systematische anlassunabhängige Recherche”. Insofern trifft die BKA-Aussage treffsicher daneben. “

Genau das hatte ich mir gedacht, war aber auch nicht in der Stimmung die SWIFT-Abkommen-Dokumente zu recherchieren, und daher gab es nur meine Vermutung, dass der Spiegel die Aussage des BKA-Berichtes fehl- und überinterpretiert. Die BKA-Aussage trifft deshalb auch nicht “sicher daneben”, sondern wird vom Spiegel in einen ganz falschen Kontext gestellt.

Das genau könnten sie ja nicht mehr, wenn die Intra-EU-Überweisungen nicht mehr in Virginia gespiegelt werden.

Wenn ein Staat wie die USA extralegal Datenzugriff haben will, dann bekommt er den auch innerhalb der Europäischen Staaten. Sofern es einen offiziellen Weg gibt, bleibt das irgendwie unter Kontrolle und nachvollziehbar. Eine Überprüfung des Abkommens durch das Europaparlament wäre ein Garant für einen guten Kompromiss. Verdächtig ist, dass diese Abkommen nun erst einmal nur für sehr wenige Monate gilt. Die erforderlichen Monate für den Datenklau?

Die Frage nach einer Gegenleistung bleibt übrigens noch unbeantwortet. Zum Teil geht es bei transatlantischen Zugeständnissen um den Ergeiz von Offiziellen auf unserer Seite sich als verlässlicher Ansprechpartner durch Erfüllungspolitik zu etablieren. Es gibt einen gewissen wirkmächtigen Sermon, der diesen Staatsdienern einredet, die Bestimmung Europas sei die Telefonzentrale Europa für die Anfragen des werten alten Herrn Henry Kissinger zu sein.

Übrigens sollen die Daten von SWIFT in die Schweiz migriert werden, wo sie auch vom Zugriff der EU-Europäer abgeschirmt sind. Es ist schier unglaublich, wie dieses Konsortium Brüssel und Straßburg auf der Nase herum tanzt. Wäre Belgien ein handlungsfähiger Staat, hätte man längst bei SWIFT eine Durchsuchung durchführen müssen. Verdunklungsgefahr.

Read Full Post »

SWIFT: Verwaltungschinesisch richtig verstehen

Spiegel-Vorab zitiert aus einem Papier des Bundeskriminalamtes:

Für den Bereich der Bekämpfung der politisch motivierten Kriminalität besteht kein fachlicher Bedarf beziehungsweise kein operatives Interesse an der Nutzung des Swift-Datenbestandes zum Zwecke einer systematischen anlassunabhängigen Recherche.”

Markierung von mir. Die Spiegelautoren scheinen den Text fehlerhaft zu interpretieren. “Systematische anlassunabhängige Recherche” meint eine Art Rasterfandung, ein Data Mining auf dem Datenbestand. Die Brisanz liegt also auf einer ganz anderen Ebene als bei einem behaupteten Widerspruch der beiden Aussagen, wie es Spiegel Online meint.

• Systematisch anlassunabhängig: Alle Daten sollen uns erst einmal zur Verfügung stehen und dann schauen wir mal, ob wir was Nützliches über unseren Nachbarn heraus finden. Z.B. 9/11 Kurznachrichten bei Wikileaks, mit Schlüsselwörtern nach Schweinkram…
• Fallbezogene Recherche: Wir holen uns die “elektronischen Kontoauszüge” von dem Ali ben Ghali aus der SWIFT Datenbank, der sich beinahe neulich auf dem Weihnachtsmarkt in die Luft gesprengt hätte. Z.B. Birthlerbehörde. Da könnte man ja mal anfragen, ob Helmut Kohl ein Stasiagent war. Oder der Genscher…

Bisher geht es darum, dass im Einzelfall jeweils mit Zugriff auf die SWIFT-Datenbank geprüft werden soll. Der Verdacht war, dass es um mehr ginge. Bei Vollzugriff auf die Daten besteht die ungeheure Gefahr, dass Wirtschaftsspionage betrieben wird, in einer Art und Weise, welche das Vertrauen in die Finanzmärkte unterminiert, mit Milliardenschäden.

Warum werden also solche Szenarienbedarfe für einen Totalzugriff bzw. verdachtsunabhängigen Zugriff auf die Bankübertragungsdaten überhaupt diskutiert? Möglicherweise, weil das Abkommen solche Methoden des Datenzugriffs vorsieht. Oder sind das alles Aluhütchenspielereien? In jedem Fall ist der Bereich so sensibel, dass Arglosigkeit bei mir gewisse Besorgnis erweckt.

Read Full Post »

Entschliessung des Bundesrates zu SWIFT Datentransfer

View this document on Scribd

Read Full Post »