The U.S. National Security Agency (NSA) has turned the European Union into a tapping "bazaar" in order to spy on as many EU citizens as possible, NSA leaker Edward Snowden said.
The NSA has been working with national security agencies in EU member states to get access to as much data of EU citizens as possible, Snowden said in a testimony sent to Members of the European Parliament (MEPs) published Friday.
[ Also on InfoWorld: Edward Snowden has stripped us of all illusion about our digital world. | Also: U.S. spy agencies adopt new IT approach. | Learn how to protect your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
The European Parliament had invited Snowden to provide testimony for an inquiry into the electronic mass surveillance of EU citizens. That surveillance, often instigated by the NSA but carried out with help of EU member states, is quite extensive, he wrote.
The NSA has been pressuring EU member states to change their laws to enable mass surveillance, according to Snowden. This is done through NSA's Foreign Affairs Division (FAD), he said, adding that lawyers from the NSA and GCHQ work very hard "to search for loopholes in laws and constitutional protections that they can use to justify indiscriminate, dragnet surveillance operations that were at best unwittingly authorized by lawmakers," he said.
The efforts to "interpret new powers out of vague laws" is an intentional strategy to avoid public opposition and lawmakers' insistence that legal limits be respected, he said.
Recently, the FAD has used such pressuring techniques on Sweden and the Netherlands as well as on New Zealand, according to Snowden. Germany has also been pressured to modify a law on the secrecy of post and telecommunication correspondence to appease the NSA, eroding the rights of German citizens under their constitution in the process, Snowden said.
"Each of these countries received instruction from the NSA, sometimes under the guise of the U.S. Department of Defense and other bodies, on how to degrade the legal protections of their countries' communications," he said. The ultimate result of this NSA guidance is that the right of ordinary citizens to be free from unwarranted interference is degraded, and systems of intrusive mass surveillance are being constructed in secret within otherwise liberal states, he said, adding that this often happens without the full awareness of the public.
Ultimately, each national spy agency is independently hawking domestic access to the NSA and others "without having any awareness of how their individual contribution is enabling the greater patchwork of mass surveillance against ordinary citizens as a whole," according to Snowden.
Once the NSA has dealt with legal restrictions on mass surveillance in partner states, it pressures them to perform operations to gain access to the bulk communications of all major telecommunications providers in their jurisdictions, Snowden said. "Sometimes the NSA provides consultation, technology, or even the physical hardware itself for partners to 'ingest' these massive amounts of data in a manner that allows processing, he added.
"By the time this general process has occurred, it is very difficult for the citizens of a country to protect the privacy of their communications, and it is very easy for the intelligence services of that country to make those communications available to the NSA -- even without having explicitly shared them," Snowden wrote.
The deals between the NSA and foreign partners are set up in such a way as to provide the NSA with a means of monitoring a partner's citizens without informing the partner, and to provide the partner with a means of plausible deniability, he said.
"The result is a European bazaar, where an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn't search it for Danes, and Germany may give the NSA access to another on the condition that it doesn't search for Germans. Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements," Snowden said.
Snowden, who said that he's still seeking asylum in the EU, also provided solutions to solve the mass surveillance problem.
It is easy to make mass surveillance more expensive through changes in technical standards, he said. "Pervasive, end-to-end encryption can quickly make indiscriminate surveillance impossible on a cost effective basis," he said, adding that the result is that governments are likely to fall back to traditional, targeted surveillance founded upon an individualized suspicion.
This traditional method is more effective than mass surveillance, according to Snowden. "I believe that spying serves a vital purpose and must continue," he said.
The European Parliament is set to vote on a draft resolution on Wednesday that seeks to keep data protection out of EU-U.S. trade talks. The MEPs want the EU to suspend two deals with the U.S., one on exchanging banking data and the other on the Safe Harbor privacy principles for U.S. firms holding European data, as, they say, the fight against terrorism can never justify secret and illegal mass surveillance.
The MEPs will also vote on a proposal for stronger safeguards for data transfers to non-EU countries. Wednesday's vote could result in the updating of 19-year-old data-protection laws. Under MEPs' amendments, companies breaking the rules would face fines of up to €100 million (about $139 million), or up to 5 percent of their annual worldwide turnover, whichever is greater, according to the Parliament.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to email@example.com