EU super spies to get right to snoop on your emails, website visits, medical data and police records
A European super-spying agency is to be granted draconian powers to access a vast range of our personal information, including medical data, criminal records, emails and website visits.
The controversial move, demanded by Brussels in an EU directive, will sweep aside British privacy laws that protect UK citizens from intrusion into their personal lives.
Last night MPs, academics and privacy-rights groups warned that the new powers represented a great threat to individual security.
Under current UK law, requests for electronic data have to be made through the Regulation of Investigatory Powers Act 2000 on a case-by-case basis by a recognised authority.
But the Brussels plan to create a new ‘Interpol’ to fight cyber crime will give agencies across Europe ‘all necessary powers’ to order the disclosure of almost any online information.
Last night former shadow Home Secretary David Davis warned: ‘This is yet another unwelcome and surreptitious intrusion into the privacy of innocent citizens.’
Nick Pickles, director of privacy and civil liberties campaign group Big Brother Watch, said: ‘This represents a dangerous escalation in the way that cyber security is being justified as a reason to monitor us all.’
A spokesman for Britain’s Information Commissioner said: ‘Any measures to improve cyber security should not be at the unnecessary expense of people’s privacy.
The controversial move comes as Britain’s own ‘snooper’s charter’ for surveillance of UK citizens, the Communications Data Bill, has ground to a halt in the face of fierce opposition.
But the new Brussels proposal could force internet companies and public bodies to disclose even more personal data.
At the heart of the plan is the little-known European Network and Information Security Agency (ENISA). It will co-ordinate a network of specially created security agencies in each EU member state who will have unprecedented powers to demand data from public bodies and internet companies.
In the UK these will include NHS trusts, police forces, councils, Google and Facebook. This information could then be shared with other European agencies but without the safeguards that protect British citizens.
The plans, published on Thursday and backed by Labour’s Baroness Cathie Ashton, the EU Representative for Foreign Affairs and Security Policy, make clear that the powers are being demanded in the name of cyber security.
Under the proposals, agents working for the new cyber-crime agencies will be able to force disclosure of personal data where they suspect a company or public authority has been the victim of or is unable to prevent online hacking or any other cyber crime. Privacy groups say that such a broad definition will cover almost every company or public authority in the UK.
They also argue that the powers will allow police to use cyber crime as a justification to ask the super-spying agencies to make data orders to force companies or public bodies to disclose an individual’s private emails, social-network activity or even medical records.
Ross Anderson, professor of security engineering at Cambridge University and former adviser to the Government on cyber security, said: ‘The draft directive grants draconian powers to ENISA and to member states, which would greatly exceed those granted under [existing EU law] and which now have been challenged successfully in the constitutional courts of several member states.
‘ENISA and the national agencies will have access to “sufficient information” from almost everyone online. That is completely unacceptable as it would violate the constitutions of many member states.’