Pages

6 August 2016

The Snowden Fallout: What Europe Got Wrong About NSA

Michèle Flournoy & Adam I. Klein
August 3, 2016

And Why Terrorism Might Change Its Mind About Spying

Over the last several years, as western Europe has been hit by Islamist terrorist attack after Islamist terrorist attack, Germany has largely avoided the violence. But the refugee crisis and the rise of the Islamic State (or ISIS) seem to have broken Germany’s run of good fortune. In the span of one week in July, a 17-year-old Afghan asylum seeker attacked five train passengers with an ax in the Bavarian city of Würzburg; a Syrian asylum seeker exploded a bomb outside a music festival in another Bavarian city, Ansbach, wounding 15; an 18-year-old German of Iranian descent massacred nine people at a shopping mall in Munich; and a 21-year-old Syrian asylum seeker used a machete to murder a local woman in Reutlingen who had rejected his advances. The last two attacks had no apparent connection to foreign terrorist groups. But the succession of violent incidents, all linked in some way to the Middle East, has created a sense of siege.

The United States has given, and will continue to give, significant support to its European allies as they investigate terrorist attacks and strive to disrupt future plots. Much of that help involves intercepting terrorists’ communications. And the bulk of that work is done by the National Security Agency (NSA).

Yet many Europeans view the NSA as more foe than friend. This is a vestige of the 2013 revelations by the former government contractor Edward Snowden about the extent of the NSA’s surveillance activities, which provoked widespread outrage among European publics. The disclosures also left U.S. technology companies scrambling to reassure foreign customers that their products were not compromised by the NSA. Some European companies, hoping to win business, encouraged the belief that they were.

The mistrust caused by the Snowden leaks continues to harm U.S. interests. Most notably, last October, in a case prompted by the disclosures, the European Court of Justice invalidated the U.S.-EU Safe Harbor agreement, which allowed participating companies to transfer customer data from Europe to the United States. Safe Harbor’s demise has already cost American companies millions in legal fees and other compliance expenses. If the agreement’s replacement falters as well, the borderless business models of the United States’ global Internet companies could be at risk.

The good news is that the political dynamics surrounding surveillance issues in Europe have been quietly changing, something that had begun even before the recent terrorist attacks. The most significant changes are taking place in Germany, Europe’s largest economy and an opinion leader on data-privacy issues. The post-Snowden backlash among Germans was especially severe—not surprising given persistent memories of pervasive surveillance by the East German Stasi and of the Nazi era. As a result, many Germans see data privacy as a fundamental right and are innately suspicious of secret intelligence agencies.

For that reason, perhaps the most shocking of the Snowden disclosures was that the United States had intercepted German Chancellor Angela Merkel’s cell phone communications. Germany’s many committed transatlanticists, who had worked for decades to defend the U.S.-German alliance against domestic criticism, took this as a personal betrayal. Merkel said, “Spying between friends, that’s just not done.“

It turned out, however, that not only is it done but Germany was doing it, too. In reaction to the Snowden revelations, Germany’s parliament, the Bundestag, created an investigative committee to study the NSA’s activities. In an unexpected twist, the committee’s most salient revelations turned out to be about the BND, Germany’s own foreign intelligence agency. For example, the committee found that the BND had eavesdropped on various U.S. government agencies and diplomatic missions, on fellow EU members, on humanitarian nongovernmental organizations, and even on the Vatican’s mission in Berlin.

This moment of self-examination brought an opportunity for a more productive, less adversarial U.S.-German discussion on surveillance policy. In a recent series of meetings in Berlin with German government officials, policy experts, and civil libertarians, we found that fair-minded criticism of U.S. practices was balanced by a refreshing willingness to consider U.S. practices in the context of the BND’s own activities. And we encountered a more realistic attitude toward electronic surveillance and its contested but unavoidable role in modern counterterrorism.

At a minimum, the U.S. intelligence community should offer greater detail about how much and what kind of counterterrorism data the United States shares with its European partners. Meanwhile, public opinion in Belgium, France, and other European countries threatened by jihadist attacks has swung dramatically toward security. Recently, the French National Assembly’s inquiry into France’s counterterrorism capabilities recommended a major overhaul of the intelligence and police services. “Today we don’t measure up to those who are attacking us,” said the inquiry’s chair. The United Kingdom’s House of Commons recently passed the controversial Investigatory Powers Bill, which gives authorities significant new surveillance powers and requires companies to help authorities break encryption in some situations. Germany may now move in a similar direction. In a Europe under regular attack by ISIS, more data collection and more information sharing, not less, appear to be the order of the day.

And herein lies an opportunity. One of the enduring frustrations on the American side of security and surveillance debates is that European privacy advocates have criticized U.S. practices while being unaware of, or ignoring, the fact that their own countries’ intelligence agencies do similar things and yet are subject to fewer legal constraints and less oversight than the NSA. The revelations about the BND’s activities led Germany’s governing coalition to introduce a draft law to regulate the BND’s electronic surveillance activities. By making those powers explicit, the new law would allow Americans and Germans to compare the authorities of their respective intelligence agencies and the oversight regimes that supervise them.

This is a comparison that the United States should welcome. The law would give the BND expansive powers to conduct Internet surveillance and to collect and retain the data of Americans and other non-Europeans. Neither the draft law nor any stated policy reciprocates the protections that U.S. President Barack Obama granted Germans (and other foreigners) under Presidential Policy Directive 28. And Americans are awarded none of the safeguards that Europeans are demanding for their citizens in the new Privacy Shield agreement, which is to replace Safe Harbor.

Yet although the United States has offered (and, in Privacy Shield, is offering) Europeans greater protections from U.S. surveillance than Americans receive from European surveillance, these one-way concessions are not widely known and have generated little goodwill for the United States. The next administration could remedy this problem by offering to hold a political dialogue on norms to govern surveillance among willing allies and partners with similar rule-of-law cultures. In so doing, it should expect other countries to extend to Americans the same commitments Washington makes to their citizens. Such a diplomatic initiative would be a reasonable, modest way to demonstrate good faith while highlighting the substantial reforms undertaken since the Snowden leaks.

A second complaint frequently offered by American national security officials is that even as the privacy officers of European governments publicly blast NSA surveillance, the security agencies of those same governments quietly ask their U.S. counterparts for intelligence on suspected terrorists. This produces a warped understanding of the consequences of U.S. intelligence practices for European publics. Yet with jihadist attacks striking at Europe’s heart, the political dynamics have shifted, to the point where European leaders feel comfortable publicly touting enhanced intelligence sharing with the United States, as Thomas de Maizière, Germany’s interior minister, did earlier this year.

Here again, the United States has a good story to tell, should it choose to do so. For example, after the terrorist attacks in Paris in November 2015, the White House deployed teams of counterterrorism experts to European capitals “to help Western European allies shore up their defenses and borders,” as reported by The New York Times. The Brussels attacks in March and their aftermath only illustrated how badly needed this support was, and remains.

Unfortunately, this assistance was, as The New York Times observed, “little-noticed.” Of course, these activities are the right thing to do and should continue regardless of whether they generate favorable publicity. Yet it is also in the U.S. national interest that European publics become more aware of how intelligence sharing—including of intelligence generated by the NSA—helps protect them from terrorism. Ensuring that these benefits are more widely known can help reduce skepticism about U.S. intelligence activities—skepticism that continues to harm the United States, as the Safe Harbor saga demonstrates.

It should go without saying that a public relations tour trumpeting U.S. counterterrorism assistance would be distasteful and counterproductive. And the United States should be careful not to imply that counterterrorism is the only purpose of U.S. signals-intelligence collection. That is not true, and Washington would lose credibility by implying otherwise. That said, it is certainly an important purpose, and there are ways to strengthen European publics’ awareness of the value of U.S. intelligence for their security without boasting or overstating the case.

No comments:

Post a Comment