We are appalled to learn of the unprecedented surveillance of Internet users worldwide through PRISM and similar programmes. Blanket surveillance capabilities such as these, especially when implemented without citizens' scrutiny, seriously threaten the human rights to free speech and privacy and with them the foundations of our democracies.
We applaud whisteblower Edward Snowden for his actions. When a government is truly by the people and for the people, it cannot be a crime to leak information on the course and extent of actions by the government, in the name of its citizens, for the claimed purpose of protecting them. A representative government in a democracy relies on the consent of its people. However, such consent cannot exist when the citizens are not fully informed.
We note with alarm the complete lack of regard the US government is showing for the rights of European citizens and, more generally, anyone who uses US-based communication services and infrastructure. We also note the negative effect on its allies, the sovereignty of the affected countries and the competitiveness of their businesses.
Europe must respond to these revelations with due resolve. In light of this situation, it is important that the European Union, rather than remaining complicit with this abuse of powers that comes at an untenable cost to society, becomes a worldwide beacon for digital rights and privacy protection, government transparency and whistleblower protection.
We call for:
The US government has demonstrated – in the cases of Bradley Manning and others – that its treatment of whistleblowers is a cause for grave concern. The public labeling of Edward Snowden as a “traitor” by various US officials and media has created a climate in which he cannot be assured to receive a fair trial. He might be subject to persecution for his political belief in government transparency, and would certainly be in danger of facing inhumane or degrading treatment or punishment, including the threat of the death penalty.
We call on all governments of Europe to treat sympathetically any applications for political asylum or subsidiary protection status by Mr Edward Snowden and other whistleblowers and to speedily expedite any such applications.
It is unacceptable that secret surveillance capabilities and practices circumvent democratic processes and prevent the critical, rational engagement necessary in a democracy to determine due and undue courses of action.
We call on the European Parliament to form a committee of inquiry according to Article 185 of its rules of procedure. The facts to establish and publish are:
We extend this call to all national parliaments – to investigate whether national constitutions, data protection laws and espionage laws have been violated.
The General Data Protection Regulation currently under consideration must be strengthened to ensure a broad and far-reaching protection of private and business data. The lobbying efforts to the contrary must be resisted.
Specifically, European citizens' data must not knowingly be surrendered to US intelligence agencies. Article 42 from the first leaked draft proposal, which addressed extra-territorial actions by third countries such as the USA Patriot Act and the USA Foreign Intelligence Surveillance Act and imposed barriers for foreign judicial authorities to access European data, must be reintroduced. Metadata and pseudonymous data must also be protected.
According to the International Safe Harbor Privacy Principles, US companies must inform users when granting access to their data to third parties. It appears that companies participating in the PRISM programme violated these provisions. In response, the EU must revoke the agreement to these Principles (Commission Decision 2000/520/EC) so that the affected companies are subject to European courts should they not cease these practices immediately. Safe Harbor must then be renegotiated with more effective safeguards and recourse mechanisms in place, or replaced by a new international agreement on data protection, e. g. based on the principles of the General Data Protection Regulation.
To ensure that the Internet remains an empowering and democratising force rather than continuing to be used as a tool to limit and curtail democracy and individual liberty, the EU should spearhead an international Treaty on the Freedom of the Internet. Such a treaty should strongly protect confidentiality of communications, freedom of expression and access to information (specifically as they pertain to the Internet) as well as net neutrality.
As an additional line of privacy defence, consumers must have the option of using software and services that strongly protect their privacy. Such software may offer anonymity, strong end-to-end encryption, peer-to-peer architectures, federation or the ability to self-host user data, user-auditable open source code and other privacy protection features.
We applaud the fact that the current proposal for the Horizon 2020 framework programme includes the goal to "ensure privacy and freedom in the Internet". We call on the European Union to ensure that a significantly larger percentage of the research funds is spent on advancing software and service choice in this way than is spent on projects with the opposite goal, i. e. surveillance and data-mining technology research, and that projects whose explicit aim is indiscriminate and suspicionless surveillance are rejected outright.
We propose legislative measures to strengthen the defence against similar agency overreach in Europe.
Direct taps by governmental agencies into backbone Internet communication channels, such as the ones reportedly installed by the NSA as part of the BLARNEY programme, must be explicitly outlawed. Such taps allow storing and data-mining of all Internet communications, bypassing all other controls and procedures and compromising all confidential data and everyone's privacy. Breaching the integrity of the network infrastructure in this unacceptable way undermines the confidence in the entire Internet and threatens all its benefits.
We also renew our calls for the repeal of the Data Retention Directive. The Czech and Romanian constitutional courts explicitly concluded that broad and suspicionless data retention is a fundamental breach of basic human rights. By establishing the indiscriminate collection of large amounts of data without court approval, data retention programmes enable the kind of executive overreach that continues on platforms such as PRISM, threatening the separation of powers between the executive and the judiciary which is at the basis of our democracies.