U.S. Attorney General Loretta Lynch criticized European privacy laws and urged better cooperation and data sharing with the U.S. in order to prevent future terrorist attacks. In comments made in London on Wednesday, the top U.S. law enforcement official said European privacy laws are making it harder to track extremism and disrupt plots.
Lynch shared the stage with British Home Secretary Theresa May and made it clear that she was referring to continental Europe and not Britain, as the two nations share a "special relationship." She also said that the Obama administration is seeking deeper ties with the rest of Europe in the fight against terrorism.
The strong ties between the U.S. and the U.K. when it comes to sharing intelligence have been well documented, particularly following the information leaked by Edward Snowden detailing how the National Security Agency (NSA) and the Government Communications Headquarters (GCHQ) -- Britain's national intelligence organization -- have worked together and shared huge amounts of information.
In her speech on Wednesday at Chatham House, an international affairs think tank, Lynch referenced the close bond between the two countries, dating all the way back to America's founding. "The United Kingdom and the United States have long been close partners and staunch allies and the connection between us -- which Winston Churchill referred to as our “special relationship” -- is one with deep roots and a rich history."
However, Lynch was not so complimentary when talking about teh European Union as a whole. She singled out the striking down of the Safe Harbor Agreement in October, a 15-year-old agreement that allowed U.S.-based companies like Google or Microsoft to easily transfer European customer data to servers on the other side of the Atlantic. The ending of that provision also made it harder for U.S. law enforcement to obtain records for terror investigations.
"It is particularly disappointing that the European Court of Justice -- in a case based on inaccurate and outdated media reports -- recently struck down the Safe Harbor Agreement in the Schrems decision," Lynch said. The reports Lynch refers to are the on-going series of articles being produced based on leaks of documents former National Security Agency contractor Edward Snowden stole from his former employer before fleeing the U.S. in June 2013.
Lynch clearly believes that the programs and tools being described in those documents is not longer a true reflection of what is happening on the ground and that basing a judgment solely on these facts would be erroneous. In the two-and-a-half years since the first leaks by Snowden, the Obama Administration has made the "protection of civil liberties and privacy a priority in the fight against terrorism" and has created "unprecedented transparency" in the way that it collects information.
That, however, is not everyone's view. Last month, the Cybersecurity Information Sharing Act (CISA) passed the Senate and is just one step away from becoming law, despite strong opposition from privacy advocates and tech companies like Apple over concerns that it will allow for the widespread and indiscriminate collection of personal data. "[CISA] further erodes what little data privacy protections E.U. citizens could expect in the U.S.," Mike Weston, CEO of the data science consultancy Profusion, told International Business Times.
— U.S. Embassy Press (@USAinUKpress) December 9, 2015
Weston went on to call Lynch's assertion that the Safe Harbor ruling was based on inaccurate and outdated media reports' "wishful thinking." He added that "although the striking down of Safe Harbor is inconvenient to U.S. tech companies and unsettling for the global tech community, I think it is laughable to say that the judgment was based on faulty information."
But such data collection may be vital to the counter the growing threat from terrorist organizations, particularly the Islamic State group, which carried out a sophisticated and coordinated series of attacks in the heart of Paris last month, killing 130 people and injuring hundreds more.
Rapid Response Force
A number of years ago, the U.S. began working with a group of countries, including the U.K. and France, to create what it calls "the 24/7 cyber network," a rapid reaction system that now links approximately 70 countries. It was this system that allowed French investigators to work instantly with the U.S. Department of Justice and internet service providers (ISPs) to preserve data from social media accounts and webpages connected to the Paris terror attacks and to seek emergency disclosures to protect lives. "It is this kind of innovative thinking about international information sharing that we need to increase," Lynch said on Wednesday, but she fears that in Europe, proposed laws could severely restrict the ability to share data.
However, the system is not working well enough. It was revealed that German police stopped a car traveling to Paris a week before the deadly November attacks. They found concealed weapons like the ones used in the atrocities in the French capital. That information was never passed on to the French authorities.
Lynch believes that any further limitations put on sharing information could make the situation even worse. "It is highly concerning to us that data privacy legislation advancing in the European Parliament might further restrict transatlantic information sharing -- a step that not only ignores the critical need for that information sharing to fight terrorism and transnational crime, but also overlooks the enormous steps forward that the Obama administration and Congress have taken to protect privacy," she said.
This legislation is called the General Data Protection Regulation (GDPR) and could be finalized in the first half of 2016, The U.S. is not the only country opposing the new regulations. The U.K. has voiced it's opposition to the new laws, stating that rather than being implemented wholesale across Europe, the reforms should take the form of a directive, allowing each country to implement them as they see fit.
The reforms will replace legislation dating back to 1995 and aim to modernize data protection rules for the digital age by giving back more control of data to citizens. The change was first proposed almost four years ago in January 2012 and was given the backing of the European Parliament in March 2014.
Through Lynch, the Obama Administration is sending a clear message that it believes the collection and sharing of more information is critical to its fighting against the spread of terrorism globally -- while simultaneously attempting to appease those concerned about privacy. "It is important that all of us -- on both sides of the Atlantic -- work to set the record straight regarding our commitment to protect not only the safety of our citizens, but also their civil liberties and privacy," Lynch said.