By Alan Travis, Spencer Ackerman and Paul Lewis in Washington
The European commission’s vice-president, Viviane Reding, has sent a letter with seven detailed questions to the US attorney general, Eric Holder Jr, demanding explanations about Prism and other American data snooping programmes.
Reding warns him that “given the gravity of the situation and the serious concerns expressed in public opinion on this side of the Atlantic” she expects detailed answers before they meet at an EU-US justice ministers’ meeting in Dublin on Friday.
She also warns Holder that people’s trust that the rule of law will be respected – including a high level of privacy protection for both US and EU citizens – is essential to the growth of the digital economy, including transatlantic business and the nature of the US response could affect the whole transatlantic relationship.
In the letter, released to the Guardian, Reding details her serious concerns that the Americans are “accessing and processing, on a large scale, the data of EU citizens using major US online service providers”. She says programmes such as Prism, and the laws that authorise them, could have “grave adverse consequences for the fundamental rights of EU citizens”.
The EU’s action came as the first constitutional challenge in the US to the widespread surveillance of American citizens was laid down. In a lawsuit filed in New York, the American Civil Liberties Union (ACLU) accused the US government of a process that was “akin to snatching every American’s address book”.
The ACLU’s lawsuit claimed the National Security Agency’s acquisition of phone records of millions of Verizon users violated the first and fourth amendments, which guarantee citizens’ right to association, speech and to be free of unreasonable searches and seizures.
EU officials have repeatedly raised with the Americans the scope of legislation such as the Patriot Act which can lead to European companies being required to transfer data to the US in breach of EU and national law. The commission’s vice-president and justice commissioner says the exchange of data for law enforcement purposes must take place to the greatest possible extent through established formal channels.
“Direct access of US law enforcement to the data of EU citizens on servers of US companies should be excluded unless in clearly defined, exceptional and judicially reviewable situations,” writes Reding.
Reding laid out the seven questions she said needed to be answered:
• Are Prism and other similar programmes aimed only at the data of US citizens and residents, or also – even primarily – at non-US nationals, including EU citizens?
• Is access to, collection of or processing of data on the basis of Prism and other programmes … limited to specific and individual cases, and if so what criteria are applied?
• Is the data of individuals accessed, collected or processed in bulk (or on a very wide scale, without justification relating to specific individual cases) either regularly or occasionally?
• Is the scope of these programmes restricted to national security or foreign intelligence or is it broader?
• What avenues, judicial or administrative, are available to companies in the US or the EU to challenge access to, collection of and processing of data under Prism or other programmes?
• What avenues are available to EU citizens to be told if they are affected by Prism or other similar programmes and how do they compare with those available to US citizens?
• What avenues are available to EU citizens or companies to challenge access to, collection of and processing of their personal data under Prism and similar programmes, and how does that compare with the rights of US citizens?
Pressure over the surveillance programmes was also growing in Washington on Tuesday as a group of US senators demanded the Obama administration reveal how it interprets the laws that underpin them.
A bill that was expected to be introduced in the US Senate on Monday night would, if passed, force the government to disclose the opinions of a secretive surveillance court that determines the scope of the eavesdropping on Americans’ phone records and internet communications.
The office of Senator Jeff Merkley said he planned to introduce a bill that would compel the first public airing of the so-called Fisa court’s understandings of section 215 of the Patriot Act, which the government has cited as the basis for collecting the phone records of millions of Americans, and section 702 of the 2008 Fisa Amendments Act, cited as the basis for the NSA internet monitoring programme known as Prism.
“I think that Americans deserve to know how our government is interpreting the Patriot Act and the Fisa Amendments Act,” Jamal Raad, a spokesman for Merkley, told the Guardian on Tuesday.
As the fallout from the revelations by Edward Snowden continued, the defence secretary, Chuck Hagel, said he had ordered a wide-ranging review of NSA contracts. Snowden, 29, had top-security clearance for his work at Booz Allen, an NSA contractor. Booz Allen issued a statement on Tuesday saying that Snowden had been fired for “violations of the firm’s code of ethics”.
The Obama administration has said all its surveillance efforts are subject to rigorous Fisa court review and members of Congress are sufficiently briefed on them, even though most legislators did not receive such briefings.
In a heated debate in the European parliament on Tuesday, MEPs complained that for a decade they had yielded to US demands for access to EU financial and travel data and said it was now time to re-examine the deals and to limit data access.
“We need to step back here and say clearly: mass surveillance is not what we want,” said Jan Philipp Albrecht, a German Green MEP in charge of overhauling the European Union’s outdated data protection laws.
MEPs said the EU privacy overhaul and existing transatlantic data-sharing deals – the Swift agreement on sharing financial transaction data and an agreement on airline passenger name records – were now in jeopardy. “It is time we grasped the nettle here and put our minds to ending the programme,” said Martin Ehrenhauser, an Austrian independent member of the European Parliament, citing the Swift and airline data agreements.