Invalidating the ‘Privacy Shield’. A Look into the US Government’s Schrems II White Paper with Aperion Law.

This blog post was created by Aperion Law.

The US Government has released a white paper in response to the Schrems II judgment.

Most people interested in privacy and data protection would have heard about the Schrems II judgment. For those less familiar, the judgment challenges the ability of companies to lawfully transfer data from the EU to to the United States (US) and other countries. The General Data Protection Regulation (GDPR) –An EU law on data protection and privacy in the European Union and European economic area–has strict rules on transferring data from the EU to third world countries and this case deals with the compatibility of these rules with surveillance laws in other countries. (via Lexology)

Ultimately, the European Court of Justice (ECJ) has invalidated ‘Privacy Shield’ which regulated data transfers from the EU to the US. The court also made comments on the Standard Contractual Clauses (SCCs), stating that while they are valid, their use is subject to various preconditions and online obligations.

The paper makes a couple of important points as follows:

  1. Most U.S. companies do not deal in data that is of any interest to U.S. intelligence agencies, and have no grounds to believe they do …
  2. The U.S. government [collects and shares] data disclosed by companies in response to FISA 702 orders, to counter threats such as terrorism, weapons proliferation, and hostile foreign cyber activity […]. white paper p 1

So here in essence, Aperion summarises this as the USG saying:

“first, we’re probably not interested in your data – we only look at data for security and counter-terrorism reasons; and second, when we spy on you we get a warrant – here pursuant to FISA 702”

FISA 702 is a key provision that permits the government to conduct targeted surveillance of foreign persons located outside the United States, with the compelled assistance of electronic communication service providers, to acquire foreign intelligence information.

However, Aperion rules the USG claims to be demonstrably false.

“The mass surveillance programs of the NSA (and – to be clear – pretty much all intelligence agencies) is well documented. These agencies clearly are interested in gathering huge amounts (i.e. exabytes) of data. This quantity is generated by the routine, day to day operations of the internet as a whole, not by the (comparatively) small data footprint of terrorist groups.”

Intelligence agencies use this massive store of data to try and find the proverbial needle in the haystack that is an inchoate terrorist threat. This argument is not entirely meritless, so let’s assume that having that information is useful.

When taking on cases such as this, it’s important to consider the balance between privacy and security. Of course if this is to be achieved, there needs to be oversight of the capabilities. Unfortunately, the likelihood of this actually happening is slim… This brings us on to the second point made in the white paper: “when we spy on you, we get a warrant.”

The court in question is the Foreign Intelligence Surveillance Court (FISC), described in the white paper as a

“federal court staffed by independent, life-tenured judges whom the FISA statute authorizes to approve and oversee foreign intelligence surveillance—supervises whether individuals are properly targeted”
White Paper Page 6

The idea is to have processes and procedures in place that ensures that the surveillance is targeted and restricted. The white paper describes a court that restricts surveillance to ‘a specific person’ and memorialises the ‘targeting rationale.’ It is definitely the case that there are non-trivial legal requirements that must be satisfied in order to get a 702 warrant. However, Aperion remarks that the court described in the white paper seems very different to the one that authorised the collection of millions of records of Verizon users and the NSA’s Special Source Operations.

In any event, the kinds of processes and procedures described by the white paper are profoundly important as a mechanism to routinise or regularise the exercise of these surveillance powers. They are necessary steps.
The problem is that in order for these steps to impact on decision making, there needs to be oversight – someone needs to be watching. As the white paper points out, in addition to the FISC itself, the watchers are:
– Independent intelligence oversight attorneys in the Department of Justice, and
– Office of the Director of National Intelligence.

The conventional wisdom is that due to the inherent need for secrecy, the general public cannot be privy to these decisions. Accordingly, the NSA (and all intelligence agencies) say they

“can’t be transparent about most of these issues and we have to get comfortable with the idea that we’re delegating to somebody the ability to learn the secrets, review what’s being done and determine whether its being done properly”
— Stewart Baker, Former NSA general counsel

So herein lies the problem – fundamentally we need to trust that agencies in question are doing the right thing.

This is why behaviour of government officials that undermines trust is so problematic. The two agencies that the white paper says oversees the surveillance programs have been directly engaged in conduct that directly undermines their claims to impartiality and probity.

The Department of Justice has interfered with the sentencing processes of a close associate or the president, and attempted to drop a prosecution in a matter where the defendant, a former presidential advisor, has pled guilty. More recently, the Director of National Intelligence declassified and released unverified foreign intelligence that was politically advantageous to the president (possibly compromising sources in the process).

If the argument is that we don’t need to worry about FISA 702 because ‘trust us,’ then the ECJ’s scepticism may be warranted – even if the surveillance is too.

Post Summarised from Aperion Law’s Blog Post. Be sure to check out their page for more informative posts like this one!

What’s your take on the issue? Be sure to share your thoughts in the comment section below!

Want to know more about the important Legal issues that might impact your business? Be sure to check out the rest of the Legal and Accounting folder for more!

Leave a Reply

Your email address will not be published.