Ireland and the NSA surveillance scandal

As readers may be aware, several of the world’s major information technology companies have their European headquarters in Ireland. Many of these companies, such as Google, Facebook and Apple have been implicated in the unprecedented mass surveillance of the United States’ National Security Agency, as stunningly revealed by Glenn Greenwald at the Guardian in recent weeks.

Like elsewhere, Ireland’s media have been fixated on the fate of the whistleblower Edward Snowden, who is currently assessing his asylum options from the transit lounge of Moscow’s international airport. This has already engaged the Irish legal system, with a High Court judge refusing a United State’s request for a warrant to extradite Snowden, after ruling that there was insufficient information about the location of the alleged offences. Ireland has been considered for asylum by Snowden, but that cannot be granted without the physical presence of the applicant. In any event, these are somewhat minor issues when compared with the scale and scope of this surveillance and the massive complicity of multinational corporations in it.

The NSA surveillance has involved the mass collection and storage of internet and phone data, hearings before the secret FISA court and “the targeting of any customers of participating firms who live outside the US”. According to an op-ed in the New York Times:

The administration has justified them through abuse of language, intentional evasion of statutory protections, secret, unreviewable investigative procedures and constitutional arguments that make a mockery of the government’s professed concern with protecting Americans’ privacy. It’s time to call the N.S.A.’s mass surveillance programs what they are: criminal.

It is clear that more than Americans’ privacy  is threatened, as the United States has been conducting its surveillance on a world-wide basis. It is not alone in this of course, the United Kingdom and France have been similarly criticised for their intelligence gathering.

The European Convention of Human Rights, to which Ireland is a party, provides that everyone has the rights to “respect for his private and family life, his home and his correspondence” and  to “freedom of expression … without interference by public authorities”. States parties are obliged to fully respect these rights, although they may be limited in certain circumstances. Any interference must “in accordance with the law and … necessary in a democratic society” in pursuit of various interests, including national security. The exceptions are not open-ended, and it is not enough for a State to simply refer to national security as a justification, although experience at the European Court shows much leeway being given to States. Although the treaty is directed at the action of States, there is a growing consensus that private actors, such as companies, also have a responsibility to respect human rights.

Ireland has data protection laws in place, and a Data Protection Commissioner, but German Chancellor Angela Merkel has effectively said that Ireland’s data protection laws are insufficient. The European Commission has been working on new data protection rules, but as one expert put it, there was “a vast stitch-up to kill the reforms. The assassination was comprehensive and meticulously conceived, with the business-friendly Irish and British governments acting as Godfather”. In Europe, Ireland is said to be the “lowest common denominator on privacy”. Hostility to binding regulations from the EU, like Ireland’s position on taxation, is seen as potentially stifling “industry and innovation”. Joe McNamee, of European Digital Rights, told the Irish Times that:

The impression people have in Europe is that Ireland is buying residence of large companies with the promise of deliberately weak regulation of European personal data for which it is responsible.

Here is how the major multinational tech companies with Irish connections that have been implicated in the PRISM surveillance scandal:

GOOGLE: The search engine giant has its European headquarters in Dublin, and the NSA has “direct access” to its systems, although the company claimed it acted in accordance with the law.

FACEBOOK: European headquarters also in Dublin, and similarly the NSA has “direct access” to its systems according to secret documents obtained by the Guardian.

MICROSOFT: Ireland’s “top exporter” worked with the NSA and the FBI to intercept data, and has handed over encrypted messages to the NSA.

APPLE: With its European headquarters in Cork, the company joined the PRISM programme in 2012, although a spokesman claimed he had “never heard” of it.

YAHOO!: Previously headquartered in Dublin, the company continues to have a presence in Ireland and has been involved in PRISM since 2008, but has been strenuously claiming that it was compelled by the US authorities to hand over information.

Legal challenges regarding PRISM have been launched in the United States, by the American Civil Liberties Union and the Electronic Frontier Foundation, and in the United Kingdom, by Privacy International. A complaint has been made against Facebook and Apple in Ireland by an Austrian data protection campaign group led by Max Schrems. The complaint is to the Data Protection Commissioner, rather than through the courts, although the issue may very well end up there if the response proves unsatisfactory. Digital Rights Ireland has just gone the whole way to the European Court of Justice to challenge Ireland’s internet and phone data retention laws.