"PRISM": Total surveillance made in USA?
The Washington Post reported on an alleged program of the U.S. Government ("Prism") granting authorities broad access to content and traffic data of the most important Internet services. Given the contradictory reactions from the Obama administration, the U.S. Congress and from the companies concerned, it is still impossible to assess the extent to which this report is true.
In the light of these outrageous allegations of the total surveillance of various telecommunications and Internet services, the U.S. administration now has to clear up the situation. First statements from the U.S. side purporting that the surveillance measures would not be directed against U.S. citizens but only against persons residing outside the United States do not sound reassuring at all. Given the numerous German users of Google, Facebook, Apple and Microsoft services, I expect the Federal Government to demand clarification and limitation of the surveillance. In addition, the reports illustrate the importance of strengthening the European data protection law. In my opinion, the hesitating stance of yesterday's Council meeting of the EU ministers of justice and home affairs on the data protection reform package is also a completely wrong signal. "
According to press reports, data such as the telephone number of German citizens being telecommunication partners of a subscriber of a U.S. service provider who is subject to surveillance and – possibly – communication contents would be affected by surveillance. As a rule, the communication process is always considered as a whole.
German and other European citizens using a U.S. service provider whose data processing takes place in the United States must now assume that U.S. security authorities will have access to this data considering the far reaching regulations as there are the Patriot Act and the Foreign Intelligence Surveillance Act - FISA.
German security authorities do not have similar powers as alleged by the PRISM programs. Without any suspicion, a comprehensive collection, storage and analysis of telecommunications data by security authorities is inadmissible under German law. In our country, surveillance of telecommunications data would only be allowed on a case-by-case basis under conditions expressly specified by law.