US data ‘blanket protection’ defended in High Court
Former US National Security Agency director John Delong gives evidence in Facebook case
Facebook argues the Data Protection Commissioner’s draft decision fails to take into account the 2016 Privacy Shield agreement between the European Commission and US concerning data transfers. Photograph: Cyril Byrne
The “blanket protection” provided by the US in relation to the collection and use of “foreign intelligence” data from people outside the US is “extraordinary” in the “best sense” of that word, a former director of compliance with the US National Security Agency has told the High Court.
In a report provided to the court as an expert witness for Facebook, John Delong said a 2013 letter from the NSA inspector general noted just 12 substantiated instances in 10 years of intentional misuse of the signals intelligence authorities of the director of the NSA.
Disciplinary measures were taken against US governmental personnel for not focusing on foreign intelligence in the conduct of signals intelligence, he said.
One example concerned a government employee who was found in 2011 to have targeted the phone number of her foreign-national boyfriend and other foreign nationals, he said.
Because that was “clearly not foreign intelligence” the employee’s actions were directly investigated and she resigned before disciplinary action was imposed, he said. Her actions were referred to the US department of justice as a possible violation. Signals intelligence serves “a critical role” in protecting the US, its allies and partners around the world, he said.
In signals intelligence, “pertinent” information in signals and information systems is extracted, analysed and provided in “regulated pathways” to senior officials across the US and allied governments to protect military troops, fight terrorism, combat international crime and narcotics, support diplomatic negotiations and advance many other important national objectives, he said.
Limits on the range of permitted company interaction with the US government, plus limits on the scope and pathways through which the US government can compel companies to provide specific information, existing protections from the term “foreign intelligence itself and a framework involving all three branches of the US government in gathering foreign intelligence provides a “blanket protection” that is “extraordinary” in the best sense of the word, he said.
Paul Gallagher SC, for Facebook, cited Mr Delong’s detailed report on Tuesday in his continuing arguments opposing the action by the Data Protection Commissioner. Commissioner Helen Dixon’s case is aimed at having the Court of Justice of the EU decide the validity or otherwise of European Commission decisions approving transatlantic data transfer channels known as standard contractual clauses (SCCs).
She initiated the proceedings after making a draft finding in May 2016 that Austrian lawyer Max Schrems had “well-founded” objections to transfer of his personal data from Facebook Ireland to its parent in the US, Facebook Inc. The draft decision was based on her concerns about the adequacy of remedies in the US for breach of EU citizens’ data privacy rights.
Her proceedings are against Facebook and Mr Schrems but no orders are sought against them and the purpose is to have the Irish court refer the case to the Court of Justice of the EU.
Facebook and Mr Schrems oppose referral for very different reasons. Facebook argues the commissioner’s draft decision is flawed and fails to take into account a range of matters, particularly the 2016 Privacy Shield agreement between the European Commission and US concerning data transfers.
Mr Schrems argues the commissioner has sufficient information to decide his complaint without any referral and she should do so. A referral is unnecessary or at least premature, he contends.
The case continues before Ms Justice Caroline Costello.