Can Sweden save the European Union from the NSA spooks?

facebook goes arctic

Even as the media continues to debate leaks revealing the secret surveillance program of the U.S. National Security Agency, code-named ‘PRISM,’ one of the chief private-sector actors in the PRISM scandal opened its first non-U.S. site on Wednesday, giving one European nation a key jurisdictional hook to regulate future data privacy.USflagEuropean_UnionSweden

According to news reports from The Guardian, Facebook, has been cooperating voluntarily with the NSA’s PRISM program since summer 2009, thereby exposing the private data of both U.S. and non-U.S. citizens alike to the purview of the NSA under the authority of the U.S. PATRIOT Act passed in the aftermath of the 2001 al Qaeda terrorist attacks on New York and Washington.

But Facebook also opened a new facility to host its servers in far northern Sweden on Wednesday (in part to use the chilly Arctic weather to more efficiently cool its European servers).  Despite the awkward timing, it is Facebook’s first server hall outside of the United States, and its opening comes when European Union leaders are pushing for answers on the extent to which NSA has been permitted access to private, personal data by Facebook, Google, YouTube, Apple, AOL and other service providers and while the European Parliament is considering a new data protection directive that would enhance protection of the personal data of EU citizens.  Assuming that the European Union cannot stop U.S. government agencies, it means that European regulators could target U.S. technology companies in greater measure — after all, the EU already places restrictions on Google’s StreetView program and has already banned the European use of Facebook’s face recognition software.

So does that give Sweden a unique opportunity to ensure that the private data of EU citizens is not caught up in the NSA snare?

After all, Sweden is virtually synonymous with good government, right?

According to Transparency International, it’s among the least corrupt countries is the world.  In the middle of the 18th century, Sweden essentially invented the concept of freedom of information with the Freedom of the Press Act of 1766, and its leaders over the past two decades championed a EU-wide freedom of information regime.

But a reputation for transparency doesn’t necessarily connote a reputation for protecting privacy.  Wikileaks founder Julian Assange was so worried that Swedish authorities would extradite him to the United States that he chose to hunker down in Ecuador’s London embassy instead of allowing British authorities to transfer him to Sweden for a trial on a sexual harassment charge.  Swedes have also raised concerns with EU policymakers that the push for more robust data protection could actually harm government transparency by limiting the Swedish government’s ability to provide open access to documents.

Moreover, the current center-right coalition headed by prime minister Fredrik Reinfeldt of the Moderata samlingspartiet (Moderate Party) has introduced greater levels of Swedish surveillance.  In 2009, it narrowly passed legislation that would allow the government’s Försvarets radioanstalt (the National Defence Radio Establishment) to wiretap and access all international telephone and internet traffic, even if all  ultimate parties in the traffic are Swedish.  Though the legislation, know as the ‘FRA law’ passed only narrowly by Sweden’s parliament, the law had its genesis in the prior center-left government of the Sveriges socialdemokratiska arbetareparti (Swedish Social Democratic Workers Party).  It essentially codified into Swedish national law much of what PRISM has been purported to do within the United States.

The law caused some amount of concern, especially in neighboring Finland because all of its Internet and phone traffic at the time routed through Sweden.

Sweden’s foreign minister Karl Bildt earlier this week protested that Swedish activities under the FRA law are not similar to what’s been reported PRISM, in part on the basis that the FRA law was debated publicly and enacted by a duly elected parliament.  In that regard, Bildt’s right — it was clear just what was at stake when the Swedish parliament adopted the FRA law; in contrast, Facebook wasn’t even developed until three years after the U.S. PATRIOT Act.  In addition, Bildt expressed a healthy hint of suspicion about other ‘certain states,’ presumably including the United States:

 

Continue reading Can Sweden save the European Union from the NSA spooks?

Reframing the issue of Edward Snowden’s whistle-blowing: public vs. private

Edward_Snowden

Eleven years ago, in the wake of the Enron debacle, Congress passed protection for whistleblowers as part of a wide-ranging set of public company reforms within the Sarbanes-Oxley Act.USflag

Now consider that, instead of a former National Security Agency Central Intelligence Agency employee and, until very recently, a Booz Allen Hamilton employee, Edward Snowden (pictured above) were instead a disgruntled Facebook or Google employee, he knew about the voluntary cooperation with PRISM, and he honestly believed that Facebook and/or Google were enabling the NSA’s illegal activity.

If he (1) reasonably believed that his employer was breaking the law by cooperating with the NSA and (2) engaged in whistle-blowing activity as defined by Sarbanes-Oxley, would he have a claim under Sarbanes-Oxley for adverse employment action if Facebook or Google had fired him instead of Booz Allen?

Though the definition of whistle-blowing is relatively circumspect under Sarbanes-Oxley, let’s assume that for purposes of our example, Snowden ’caused information to be provided’ to a ‘government body conducting inquiries’ related to a ‘rule or regulation of the Securities and Exchange Commission.’  It’s a stretch, but certainly the participation of Facebook or Google in PRISM and the PRISM activities are material information to any potential investor and certainly affect shareholder value.

Would he have a Sarbanes-Oxley case against his employer for retaliating against him?*

More importantly, would John Boehner or Eric Holder or the American public generally be more sympathetic to him if the whistle-blowing came from within Facebook or Google and not from within the public sector?  Would the 1984 tropes be replaced by Atlas Shrugged tropes?

For the record, I think Snowden neither hero nor traitor, but I do immediately suspect the agenda of anyone who is certain of either.

I also think that the answer tells us much about how incredibly different U.S. politics is from world politics — that this is a relevant question is only possible in a highly individualistic culture like that of the United States, where distrust of government runs so high that one political party’s essential worldview for three decades has been ‘government is the problem.’

I don’t think re-framing the issue in these terms would make much difference in France or Brazil, let alone China, but I think it does in the United States.

* Theoretically, because Booz Allen is publicly traded, he might still have a case for retaliation, but I wanted my example here to be from the ‘private sector’ and not from the ‘public sector,’ though it’s obviously clear how blurred the line has become, even in a place like the United States, which we don’t think of the government as a large Venezuela-style actor in the private sector, and we like to talk about the ‘private sector’ and the ‘government’ as if there are bright lines between the two. (UPDATE: A commenter notes that when Snowden was revealed to have leaked the PRISM documents, the U.S. government would have revoked his clearance, which may have made him simply unable to carry out his duties under Booz Allen’s contract with the NSA, casting more doubt on why Snowden’s Sarbanes-Oxley case as a Booz Allen employee would be more farfetched.)