Access to surveillance data in the USA is being extended!

US is also expanding surveillance in Europe.

In parallel with the completion of the new data protection agreement "Privacy Shield" between Europe and the USA on Monday, the access rights of the secret services to intercepted data will be enormously extended. An exclusive report from The New York Times indicates that the NSA will also allow other US intelligence agencies and the FBI access to tapped raw data. How this scheme looks, is not yet known, the transfer of raw data is in any case an absolute novelty.

The top priority of "Privacy Shield", however, is precisely the restriction of intelligence access to data of European citizens in the US for EU negotiators. This data protection regulation, which was received with skepticism in Europe, by no means ends the US mass surveillance, because "there were no new restrictions on the data tapping," said the legalist Walter Hötzendorfer to There would be only mentioned restrictions that existed before that. (See below)

Currently in
The text of the agreement for "Privacy Shield" met with great skepticism in Europe at its presentation on Monday, Data protectors described the deal as a "joke"

Restrictions that are not.

These access restrictions, which primarily affect US citizens, are contained in two older Presidential Decrees called PPD-28 (Presidential Policy Directive 28) and Executive Order 12333. PPD-28 was adopted in response to President Barack Obama's NSA scandal at the beginning of 2014 and provides for expanded internal control and oversight rules. This is also evidenced by a letter from Robert Litt, the chief intelligence officer in charge of the entire Intelligence Complex, published by the Commission together with the "Privacy Shield" draft on Monday.


This passage comes from a letter from the highest intelligence advocate Robert Litt and was also published by the European Commission.

Presidential Decree PPD 28 by 2014

PPD-28 concerns "Signal Intelligence en Gros", that is, the tapping of complete data streams, and lists the permitted fields of application. The spectrum ranges from "monitoring certain activities of foreign powers" to counter-terrorism and "cybersecurity" to the discovery of potential threats to the US or one of its allies in general. The FBI can also access this data legally for investigations into "transnational crimes", but only in filtered form after the NSA has released them.

Planned access maximization

The Presidential Decree "12333 Executive Order 1981", as well as the 13470 Update 2008.

That will change soon, because the presidential decree "Executive Order 12333", also mentioned by the EU in terms of data minimization, is currently undergoing an update. While PPD-28 comes from President Barack Obama, 12333 1981 was already put into force by then-President Ronald Reagan and subsequently amended several times, including during the last few months under President George W. Bush in the year 2008 with the decree 13470. Officially, this update was identified as strengthening the role of the Supreme Intelligence Officer, who was also mandated to create a framework for distributing data to each agency.


This passage in the EO 13470 decree, which is now being hammered, has received little attention for seven years. 2008 has already been announced to distribute raw data in the future.

In fact, 13470's most important point is direct accessibility to CIA, FBI, and other intelligence agencies' agencies on raw data intercepted by the NSA. "Intelligence" should be distributed by the NSA not only in "final", ie evaluated form, but also in the "form as collected", it says in decree 13470. The chief secret service officer is instructed to create an appropriate set of rules that will allow access to NSA raw data by other intelligence organizations.

Authenticity confirmed, text does not exist

The compilation of documents of the European Commission to "Privacy Shield". The agreement itself is called draft adequacy decision), the letter of Robert Litt can be found in Annex 6 (The documents were meanwhile all removed from public access !!)

After more than seven years, this set of rules is now obviously ready in its basics, which also confirmed Advocate General Robert S. Litt to the "New York Times". Not much is known about the content of the 21-only design, but the ability to access raw data intercepted only by NSA is a paradigm shift. As soon as the corresponding decree is completed, the number of intelligence analysts will increase multiply, which can be determined independently in the massive data sets of the NSA. How many other agencies can get to this data, is currently unclear. In any case, for "Privacy Shield" and the entire European data protection it does not bode well if the access possibilities to raw data are multiplied in such a way and evaluated on the entire intelligence complex.

orf3 Institution / CC BY-NC-ND 2.0

CC BY-NC-ND 2: Advocate General Robert S. Litt

No legal protection against tapping attacks

"Privacy Shield" should already have been available at the end of January, theMain disputes were apparently clarified only in the last two weeks

Legal protection for Europeans is not offered by the "Privacy Shield" agreement, said Walter Hötzendorfer, a law and business information specialist at the University of Vienna. Even the legal framework for "Privacy Shield" is dubious, because it is highly questionable what causes a mere publication of the relevant documents in the "Federal Register" of the United States in terms of legal quality. "Here is skepticism appropriate," Hötzendorfer continued, because the data collected by the NSA itself would not be minimized, extremely limited are rather the possibilities of European citizens or companies to take legal action against this intelligence processing of their data.

Walter Hötzendorferorf4

The "Foreign Intelligence Surveillance Act" (FISA), which regulates the taping of fiber optic cables on American soil, for example, offers legal possibilities to act against proven misuse of data, as Hötzendorfer says from paragraph 96 of "Privacy Shield". "Against the monitoring itself, which is however already a fundamental rights intervention, there is no complaint possibility under FISA". Also in the paragraphs 96 f. The US statute listed in the agreement limits the scope for Europeans to such an extent that "this is not an effective way for those affected" to "act against the fundamental rights intervention of the surveillance."

The transatlantic difference

"In the EU, data are considered to be used when they are recorded, but in the US diction only after their evaluation by means of selectors," Hötzendorfer continued. The fact that most of it is not read by humans, but only what is selected or parts of it, is clear anyway for reasons of capacity, but does not change the fact that it is about undifferentiated mass monitoring of all running over the respective channel communication operations.


Also this passage from the text of "Privacy Shield" confirms that the tap of data "en Gros" was by no means limited, only their use is limited by internal service regulations of the secret services.

Walter Hötzendorfer teaches and researches in the working group Legal Informatics the Department of International Law and International Relations at the University of Vienna

"This is a prerequisite for being able to select and is already a fundamental rights intervention in accordance with the European understanding of law." The "Privacy Shield" provided ombudsperson, although accepting individual complaints, said Hötzendorfer. Of course, it only checks that "whether US law was complied with - whether the fundamental rights of the person affected were intervened in accordance with European understanding, but not". Thus, even if this complaint mechanism proves to be useful, the material problem remains that surveillance, as recognized by the ECJ as incompatible with EU fundamental rights, persists and opposes, as it is lawful under US law can not resist. "

Published first on:

Created on:03/02/2016

Leave a Comment