Even as the media continues to debate leaks revealing the secret surveillance program of the U.S. National Security Agency, code-named ‘PRISM,’ one of the chief private-sector actors in the PRISM scandal opened its first non-U.S. site on Wednesday, giving one European nation a key jurisdictional hook to regulate future data privacy.
According to news reports from The Guardian, Facebook, has been cooperating voluntarily with the NSA’s PRISM program since summer 2009, thereby exposing the private data of both U.S. and non-U.S. citizens alike to the purview of the NSA under the authority of the U.S. PATRIOT Act passed in the aftermath of the 2001 al Qaeda terrorist attacks on New York and Washington.
But Facebook also opened a new facility to host its servers in far northern Sweden on Wednesday (in part to use the chilly Arctic weather to more efficiently cool its European servers). Despite the awkward timing, it is Facebook’s first server hall outside of the United States, and its opening comes when European Union leaders are pushing for answers on the extent to which NSA has been permitted access to private, personal data by Facebook, Google, YouTube, Apple, AOL and other service providers and while the European Parliament is considering a new data protection directive that would enhance protection of the personal data of EU citizens. Assuming that the European Union cannot stop U.S. government agencies, it means that European regulators could target U.S. technology companies in greater measure — after all, the EU already places restrictions on Google’s StreetView program and has already banned the European use of Facebook’s face recognition software.
So does that give Sweden a unique opportunity to ensure that the private data of EU citizens is not caught up in the NSA snare?
After all, Sweden is virtually synonymous with good government, right?
According to Transparency International, it’s among the least corrupt countries is the world. In the middle of the 18th century, Sweden essentially invented the concept of freedom of information with the Freedom of the Press Act of 1766, and its leaders over the past two decades championed a EU-wide freedom of information regime.
But a reputation for transparency doesn’t necessarily connote a reputation for protecting privacy. Wikileaks founder Julian Assange was so worried that Swedish authorities would extradite him to the United States that he chose to hunker down in Ecuador’s London embassy instead of allowing British authorities to transfer him to Sweden for a trial on a sexual harassment charge. Swedes have also raised concerns with EU policymakers that the push for more robust data protection could actually harm government transparency by limiting the Swedish government’s ability to provide open access to documents.
Moreover, the current center-right coalition headed by prime minister Fredrik Reinfeldt of the Moderata samlingspartiet (Moderate Party) has introduced greater levels of Swedish surveillance. In 2009, it narrowly passed legislation that would allow the government’s Försvarets radioanstalt (the National Defence Radio Establishment) to wiretap and access all international telephone and internet traffic, even if all ultimate parties in the traffic are Swedish. Though the legislation, know as the ‘FRA law’ passed only narrowly by Sweden’s parliament, the law had its genesis in the prior center-left government of the Sveriges socialdemokratiska arbetareparti (Swedish Social Democratic Workers Party). It essentially codified into Swedish national law much of what PRISM has been purported to do within the United States.
The law caused some amount of concern, especially in neighboring Finland because all of its Internet and phone traffic at the time routed through Sweden.
Sweden’s foreign minister Karl Bildt earlier this week protested that Swedish activities under the FRA law are not similar to what’s been reported PRISM, in part on the basis that the FRA law was debated publicly and enacted by a duly elected parliament. In that regard, Bildt’s right — it was clear just what was at stake when the Swedish parliament adopted the FRA law; in contrast, Facebook wasn’t even developed until three years after the U.S. PATRIOT Act. In addition, Bildt expressed a healthy hint of suspicion about other ‘certain states,’ presumably including the United States:
“People must feel confident that the system is not open to abuse,” he added, underlining that most people accepted a certain reach of surveillance agencies, within limits. “There must be as much transparency as possible, it must be legally regulated, but the rule of law must apply online as well,” he said. Bildt underscored there was no way to know what national surveillance programmes looked like worldwide. “I wouldn’t even want to enter into the discussion with certain states that I will leave unnamed,” he said. “Because they will lie.”
Last week, a spokesman for the Swedish agency responsible for surveillance even took the opportunity to warn Swedish citizens that their Internet usage was not entirely safe from U.S. purview:
Fredrik Wallin, spokesman for the Swedish National Defence Radio Establishment, has described the revelations as a wake-up call for users to be aware that their internet traffic passes through several jurisdictions. “It is thus possible to listen in if there is legislation which allows it. This is something to be aware of and is naturally a problem for internet security,” Wallin said.
Their protests have the ring of Captain Renault of Casablanca fame.
But if more stringent restrictions come on Facebook and other tech providers to keep European personal data private from the U.S. government, it seems far more likely that those regulations will come from the European Union and not from Sweden’s national government.
Photo credit to Andreas Nillson.