What William Hague and Theresa May need to tell us

It seems obvious that our security services will have received information from these trawling and retention systems, and equally it would be a little surprising if they had broken international law. The government must answer these questions, especially to tell us what they knew, but Sir Malcolm Rifkind insisting that ministerial warrants would be required seems tiresome and a way of avoiding the real point.

The government cannot simply insist that US-based surveillance, wich is both secret and pervasive, is just a US problem. PRISM in particular seems to be targeted at non-US citizens, for very broad ‘foreign policy’ considerations. Additionally, the legal position in the US is that there are no constitutional protections for non-US citizens. Caspar Bowden outlined these points in detail (PDF) at ORGCon on Saturday.

Our UK government must have known about US FISAA powers, and most likely the kind of programmes that the new law was creating.

When Parliament thought about a similar problem in preparation for the UK census, they were alarmed and took action. The Patriot Act allows data to be ‘seized’ secretly under National Security Letters. Parliament asked that the US contractor, Lockheed Martin, be prevented from handling census data, to avoid the possibility that data might be seized and copied under the Patriot Act. Parliament won that battle.

What William Hague and Theresa May should have been doing was making sure that our businesses and citizens knew to shelter from FISAAA powers. They should have been attempting to strengthen our data protection arrangements, or ensuring through procurement that all personal data the government keeps is kept out of the USA, until more reasonable laws are in place.

Instead, their reaction seems to have been to push ahead with our own UK version, in the Snooper’s Charter. Frightening and unaccountable US powers seem merely to have inspired in Theresa May the desire to replicate them here.

Laws are meant to guarantee reasonable behaviour. Once secrecy around their interpretation, implementation and use is complete, it should be no surprise that powers get out of control. A lot of this secrecy exists in the UK at present: we do not know which companies retain data, nor whose data is accessed. There is no individual notification; nor court supervision of access. During the Snooper’s Charter debate, the Home Office was extraordinarily reluctant to discuss the problems they believed they had, citing national security instead. For FISAAA, the government did nothing to encourage sensible analysis of what this should mean for UK citizens’, journalists’ and businesses’ confidentiality.

The ability of government institutions to turn a blind eye and ignore such serious problems, to the point that our trust in them is dealt a terrible blow, is a failure of leadership. Now our politicians must live up to their duty, and turn their attention to ways to protect British and European citizens from US-based warrantless surveillance.

UK politicians should demand:

1. That US law recognises the human rights of foreign citizens, in particular their right to privacy
2. That EU Data Protection requires EU standards of privacy from US companies; or warns when this cannot be guaranteed
3. That UK and EU procurement be designed to protect personal data from warrantless US surveillance