Time to get serious about Europe’s sabotage of US terror intelligence programs

lead

The intelligence tools that protect us from terrorism are under attack, and from an unlikely quarter. Europe, which depends on America’s intelligence reach to fend off terrorists, has embarked on a path that will sabotage some of our most important intelligence capabilities. This crisis has been a long time brewing, and up to now, the US has responded with a patchwork of stopgap half-solutions.

That’s not likely to work this time. We need a new strategy.  And most of all, we need to get serious about defending U.S. interests.

It’s no surprise that the US fight against terrorism depends crucially on the so-called 702 program, which allows the government to serve orders on social media, webmail, and electronic service providers who store their global customers’ data in the United States.

The intelligence we gather in this way protects Europe as much as the United States. Within days of the Paris attacks, the US agreed to give France direct access to much raw intelligence. Even more recently, the German government credited US (and French) intelligence with helping it thwart planned suicide bombings in Munich over the New Year holiday. The British communications intelligence agency, GCHQ, has a deeply integrated intelligence sharing arrangement with NSA. None of these countries, let alone the smaller members of the European Union, can hope to match the American intelligence resources that are now marshaled in their defense.

So it might seem odd that the European Union poses a threat to these capabilities. Odd but true.  The problem has deep roots in Europe’s dysfunctional governance structure and in the mix of dependence and resentment that shape its relationship to the United States.  In the name of protecting privacy, the EU has long insisted that personal data may not be exported to other countries unless those countries provide “adequate” legal guarantees for privacy, and it has frequently threatened to cut off data flows to the United States because of differences in US and EU data protection law.

The threats were grounded partly in economic interest – keeping data processing jobs and companies in Europe – and partly in a European enthusiasm for expressing its moral superiority to the United States.  The EU and US have always been able to negotiate a solution as these crises have been created, but the dynamic changed this fall when the European Court of Justice (ECJ) was asked to rule on the adequacy of US privacy law.  Relying in part on irresponsible and inaccurate statements by the European Commission, the ECJ declared that the Commission had not justified a conclusion that United States surveillance oversight is “adequate.” It overturned the “Safe Harbor” that had allowed US companies to send customer data across the Atlantic.  Just as important, it  authorized individual data protection agencies in each member state to adjudicate the lawfulness of data transfers to the United States. While the decisions of those agencies can be appealed, the EU has reached agreement on penalties for data protection violations that are a percentage of companies’ global revenue – billions of dollars in the case of big tech companies like Google and Microsoft.  With those penalties hanging over their head, few companies will want to gamble that they’ll be vindicated on appeal.  The data protection agencies, meanwhile, are delighted to have the US and its tech companies in their sights; they’ve said that enforcement actions are likely to begin at the end of January.

Read more