The European Union has been urged by Microsoft's former chief privacy adviser to press for changes in US law, because of its PRISM program of unauthorised mass surveillance of EU citizens.
Caspar Bowden, ex-Microsoft and now an independent privacy researcher, was speaking to the European Parliament's ‘LIBE' Committee on Civil Liberties, Justice and Home Affairs, in Brussels on Tuesday, which is looking into the US secret surveillance programs revealed by ex-NSA employee Edward Snowden.
The inquiry had asked Bowden to recommend what should be done to protect the privacy of EU citizens and he told them: “It seems that the only solution which can be trusted to resolve the PRISM affair must involve changes to the law of the US, and this should be a strategic objective of the EU.”
In a commercially sensitive move, Bowden also suggested the EU should invest in a European cloud computing capacity to reduce US control in this market.
His recommendations also directly impact security product and service vendors. He told the inquiry that because it's unclear what encryption products have been rendered insecure by PRISM, all firms selling security systems or products into the EU should be prohibited from accessing personal data in the EU without prior authorisation by a European data protection authority.
The hearing was a bruising affair for the US government. As well as scrutinising mass surveillance, the committee examined the widely reported allegations that the NSA has been tapping in to the SWIFT database of European banks' financial transactions, and passing on personal financial details to the US Treasury Department.
Under the EU-US Terrorist Finance Tracking Programme (TFTP) agreement, SWIFT data can be transferred to America in the fight against terrorism or terrorist financing. But if the NSA has been directly accessing data, this would infringe on the accord.
Home Affairs Commissioner Cecilia Malmström said she had written to the US Treasury Department demanding “clear and unequivocal explanations” after the US had earlier told her “there were no indications that the TFTP had been affected by the NSA programs”.But she told the enquiry she had not yet received satisfactory replies. "We need more information and clarity," she said, adding that the Commission had requested formal consultations with the US under Article 19 of TFTP. Other MEPs raised the possibility of suspending or even terminating the agreement.