Financial Times Op-ed by ODNI General Counsel Robert Litt: "The ECJ has its facts wrong about Prism"

Financial Times Op-ed by ODNI General Counsel Robert Litt: "The ECJ has its facts wrong about Prism"

Monday, 05 October 2015 14:57

The ECJ has its facts wrong about Prism

October 5, 2015

Robert Litt

Financial Times

The Financial Times published the following op-ed by ODNI General Counsel Robert Litt today in its online edition.

Last month an advocate-general of the European Court of Justice issued an opinion in a case of exceptional significance for commercial relations between the US and the EU. Washington, which is not a party to the proceedings, has no opportunity to make a direct submission to the court. We respect the EU’s legal process. However, the advocate-general’s judgment contains a number of inaccuracies — and before the court makes a final decision we want to set the record straight.

The case concerns the “safe harbour” rules that allow companies with operations in Europe to transfer personal data to servers in the US. This framework, in operation since 2000, is based on a finding by the European Commission that it provides adequate privacy protection under EU law. More than 4,400 companies rely on it to transfer data necessary to support transatlantic trade, the digital economy and jobs in both the EU and the US.

The lawsuit was brought in Ireland. It is based on press reports concerning a US foreign intelligence programme called Prism, which, the complaint says, allows “unrestricted access to mass data stored on servers in the United States”.

The Irish High Court adopted this characterisation, as did the advocate-general, who said: “The evidence now available would admit of no other realistic conclusion.”

Actually, the available evidence demonstrates the contrary.

Since press reports about this programme began surfacing in 2013, President Barack Obama has ordered extensive public disclosures about it. Court documents have been released and two independent bodies have released reports examining US surveillance practices. These sources, which are publicly available, accurately describe the Prism programme, which is another name for foreign intelligence collection subject to judicial supervision under section 702 of the Foreign Intelligence Surveillance Act.

Prism “is not based on the indiscriminate collection of information in bulk”, as a report from the US Privacy and Civil Liberties Oversight Board makes clear.

This body, an independent, bipartisan agency within the executive branch, has stated that the programme “consists entirely of targeting specific persons about whom an individualised determination has been made”. It can be used only to collect communications for an approved foreign intelligence purpose, such as combating terrorism or weapons proliferation, and the court must approve procedures that ensure that targets are appropriately chosen.

The programme does not give the US “unrestricted access” to data. Rather, the US may obtain communications only relating to specific identifiers, such as an email address or telephone number; only if the US believes those identifiers are being used to communicate foreign intelligence information; and only with the legally compelled assistance of communications service providers under the supervision of an independent court.

Even when the US does intercept communications of ordinary people — because, for example, those people are communicating with valid foreign intelligence targets — strict procedures limit how long they can be retained and how they can be disseminated.

Last year there were 90,000 targets of surveillance under Section 702. That may sound a lot. But it is a tiny proportion of the 3.2bn people who use the internet worldwide.

This programme helps protect Americans as well as our partners and allies. But it can be used only when authorised by law, in a manner that protects the privacy of all persons, and with extensive oversight from all three branches of our government.

The US legal framework for intelligence collection includes robust protection for privacy under multiple layers of oversight and a remarkable degree of transparency.

The decisions of judicial bodies should be informed by accurate information. Prism is focused and reasonable. It does not involve “mass” and “unrestricted” collection of data, as the advocate-general says.