Even as the media continues to debate leaks revealing the secret surveillance program of the U.S. National Security Agency, code-named ‘PRISM,’ one of the chief private-sector actors in the PRISM scandal opened its first non-U.S. site on Wednesday, giving one European nation a key jurisdictional hook to regulate future data privacy.
According to news reports from The Guardian, Facebook, has been cooperating voluntarily with the NSA’s PRISM program since summer 2009, thereby exposing the private data of both U.S. and non-U.S. citizens alike to the purview of the NSA under the authority of the U.S. PATRIOT Act passed in the aftermath of the 2001 al Qaeda terrorist attacks on New York and Washington.
But Facebook also opened a new facility to host its servers in far northern Sweden on Wednesday (in part to use the chilly Arctic weather to more efficiently cool its European servers). Despite the awkward timing, it is Facebook’s first server hall outside of the United States, and its opening comes when European Union leaders are pushing for answers on the extent to which NSA has been permitted access to private, personal data by Facebook, Google, YouTube, Apple, AOL and other service providers and while the European Parliament is considering a new data protection directive that would enhance protection of the personal data of EU citizens. Assuming that the European Union cannot stop U.S. government agencies, it means that European regulators could target U.S. technology companies in greater measure — after all, the EU already places restrictions on Google’s StreetView program and has already banned the European use of Facebook’s face recognition software.
So does that give Sweden a unique opportunity to ensure that the private data of EU citizens is not caught up in the NSA snare?
After all, Sweden is virtually synonymous with good government, right?
According to Transparency International, it’s among the least corrupt countries is the world. In the middle of the 18th century, Sweden essentially invented the concept of freedom of information with the Freedom of the Press Act of 1766, and its leaders over the past two decades championed a EU-wide freedom of information regime.
But a reputation for transparency doesn’t necessarily connote a reputation for protecting privacy. Wikileaks founder Julian Assange was so worried that Swedish authorities would extradite him to the United States that he chose to hunker down in Ecuador’s London embassy instead of allowing British authorities to transfer him to Sweden for a trial on a sexual harassment charge. Swedes have also raised concerns with EU policymakers that the push for more robust data protection could actually harm government transparency by limiting the Swedish government’s ability to provide open access to documents.
Moreover, the current center-right coalition headed by prime minister Fredrik Reinfeldt of the Moderata samlingspartiet (Moderate Party) has introduced greater levels of Swedish surveillance. In 2009, it narrowly passed legislation that would allow the government’s Försvarets radioanstalt (the National Defence Radio Establishment) to wiretap and access all international telephone and internet traffic, even if all ultimate parties in the traffic are Swedish. Though the legislation, know as the ‘FRA law’ passed only narrowly by Sweden’s parliament, the law had its genesis in the prior center-left government of the Sveriges socialdemokratiska arbetareparti (Swedish Social Democratic Workers Party). It essentially codified into Swedish national law much of what PRISM has been purported to do within the United States.
The law caused some amount of concern, especially in neighboring Finland because all of its Internet and phone traffic at the time routed through Sweden.
Sweden’s foreign minister Karl Bildt earlier this week protested that Swedish activities under the FRA law are not similar to what’s been reported PRISM, in part on the basis that the FRA law was debated publicly and enacted by a duly elected parliament. In that regard, Bildt’s right — it was clear just what was at stake when the Swedish parliament adopted the FRA law; in contrast, Facebook wasn’t even developed until three years after the U.S. PATRIOT Act. In addition, Bildt expressed a healthy hint of suspicion about other ‘certain states,’ presumably including the United States: