• Home /
• Observatories /
• 1997-2002: The EU-FBI telecommunications surveillance system /
• EU & FBI launch global telecommunications surveillance system: "not a significant document" - UK Home Secretary

EU & FBI launch global telecommunications surveillance system: "not a significant document" - UK Home Secretary

Statewatch bulletin, January-February 1997, vol 7 no 1

A special report by Statewatch published at the end of February detailed plans for a joint plan drawn up by the Council of the European Union and the US Federal Bureau of Investigations (FBI) to introduce a global system for the surveillance of telecommunications - phone calls, e-mails and faxes. Further investigations have revealed that:

1. The decision to go ahead was never discussed by the Council of Justice and Home Affairs Ministers - it was simply agreed by "written procedure" through an exchange of telexes between the 15 EU governments.
2. The "Requirements" to be placed on network and service providers by the European Union to enable the surveillance of communications adopted on 17 January 1995 - and not made public until November 1996 - is based on the "Requirements" drawn up by the FBI in 1992 (and revised in 1994).

The first attempt by the FBI in the United States to get through a new law to allow for the surveillance of all telecommunications was withdrawn from the Congress in June 1991. In March 1992 a redrafted proposal, the Digital Telephony Bill, was sent to the Congress but after major opposition by civil liberties groups it was quietly withdrawn in the autumn of 1992 just before the Presidential election which saw Clinton returned to the White House.

Part of the FBI's campaign for these new powers included its report, "Law Enforcement REQUIREMENTS for the surveillance of electronic communications" (emphasis in original) put out in June 1992. During 1993 the FBI arranged a meeting in Quantico, USA attended by EU representatives plus Canada, Sweden, Norway, Finland, Hong Kong, Australia, New Zealand and the USA. In March 1994 the FBI released a new draft proposal ironically renamed: "The Digital Telephony and Privacy Improvement Act". An updated version of the "REQUIREMENTS" were issued by the FBI in June 1994. By early August 1994 the FBI proposal, to be renamed again as "The Communications Assistance for Law Enforcement Act", was formally introduced and on 25 October 1994 President Clinton signed it into law - which placed on the statute book identical powers to those adopted by the EU in January 1995.

EU slow to catch up

It was not until June 1993 that the EU Trevi Ministers, meeting for the last time in Copenhagen, addressed the subject seriously. They agreed the text of a "questionnaire on phone tapping" to be sent to each Member State in July 1993 and to the new members (Finland, Sweden and Austria) in September 1993. The issue was also raised at the "Friends of Trevi" meeting in Copenhagen attended by Deputy Attorney General Philip Heymann from the USA. However, this EU report was not completed until November 1995. When the new Council of Justice and Home Affairs Ministers held its first meeting in November 1993 in Brussels the Resolution they adopted on "The Interception of Communications" clearly expressed their concern:

"The Council: 1. calls upon the expert group to compare the requirements of the Member States of the Union with those of the FBI. 2. agrees the requirements of the Member States of the Union will be conveyed to the third countries which attended the FBI meeting at its headquarters in Quantico in order to avoid a discussion based solely on the requirements of the FBI."

On 3 March 1994 the K4 Committee, followed by COREPER (the committee of Permanent Representatives of the 15 EU governments) on 10 March 1994, agreed a draft Recommendation calling for a study "to be made of the different technical PSCS-interception possibilities (PSCS, Personal Satellite Communications Services)". In the event the Council of Justice and Home Affairs Ministers on 23 March 1994 discussed, but did not adopt, the Recommendation (not to be confused with the later "Resolution"). On 14-15 April it was back on the agenda of the K4 Committee and on COREPER's on 27 April 1994 which cleared "the text of a confidential letter to be sent by the President of the JHA Council to the President of the Telecommunications Council." In simple terms this meant, as Greece then held the EU Presidency, one Greek Minister sending a "confidential" letter to another Greek Minister in their respective roles as "Presidents" of two different Councils of Ministers.

What had been clear for some time was now transparent. For more than five years it had been clear to the US government and the EU governments that the combination of new satellite-based telecommunications and, for the Europeans, the privatisation of state-owned telephone companies, combined with the explosion in the use of mobile phones and the impending launch of e-mail via the Internet presented a new challenge for interception by the "law enforcement agencies". The Council of Justice and Home Affairs Ministers did not consider the issue again.

This was despite the decision of the K4 Committee on 19-20 December 1994 that:

"The Committee agreed to suggest to Coreper and the Council that the above draft Resolution ("Draft Council Resolution on the lawful interception of telecommunications") be adopted as an "A" item." [An "A" item is adopted without debate in the Council of Ministers]

The next day, 21 December 1994 a decision was taken, under the German Presidency, not to wait for the next Council meeting in March 1995 but to adopted the "Resolution" setting out the "Requirements" by "written procedure". The "written procedure" process of decision making meant that the draft Resolution was sent out by telex from Brussels to each Member State. On 9 January a further telex attached two statements by Denmark and France for agreement, and a final telex with a statement by the Netherlands was telexed out on 18 January - the day after the official adoption of the measure on 17 January 1995.

No publicity was given to this decision at the time. On 9 July 1996 the K4 Committee's Police Cooperation Working Party proposed that the Resolution should be published in the Official Journal of the European Communities which it was in November 1996. This is the same Working Party which had reported in June 1995 that the new system should be able to:

""tag" each individual subscriber in view of a possibly necessary surveillance activity."

and that a major problem was that:

"initial contacts with various consortia... has met with the most diverse reactions, ranging from great willingness to cooperate on the one hand, to an almost total refusal even to discuss the question... it is very urgent for governments and/or legislative institutions to make the new consortia aware of their duties. The government will also have to create new regulations for international cooperation so that the necessary surveillance will be able to operate." [emphasis added]

By the summer of 1996 the EU was beginning to catch up with the US. The European Telecommunications Standards Institute (ETSI) prepared the first of several drafts of a document entitled, "Requirements for Trusted Third Party Services" at its meeting on 15-16 July 1996. At the November 1996 meeting of the Council of Justice and Home Affairs Ministers a text was agreed to send out to the equivalent international standards bodies with the Resolution detailing the "Requirements", the IEC, ISO and ITU, informing them that EU Member States would be applying "these requirements to network operators and providers of services." If the significance, and global implications, of this new system was in any doubt Version 4 of the "Requirements for Trusted Third Party Services" prepared by ESTI, dated 25 November 1996 dispelled it:

"There is a need to facilitate the growing importance and development of electronic commerce, the European Information Infrastructure (EII) and the Global Information Infrastructure (GII) by the introduction of suitable measures to safeguard the integrity and confidentiality of electronic information."

And on "Lawful Interception":

"Lawful interception of telecommunications traffic is commonly recognized as an important instrument to fight crime and to assure national security. Law Enforcement Agencies (LEAs) have the need to intercept incoming and outgoing telecommunications traffic, which is transported via telecommunications networks, without knowledge of eg: the interception subjects and the foreign country or countries involved".

To complete the strategy and ensure global compliance to the new, "tappable", telecommunications standards the EU led on drawing up a "Memorandum of Understanding" to extend the EU-US system to non-EU countries which were invited to adopt the same "Requirements" for network and service providers. The contact addresses for signatory countries and for further information, which confirms the EU-USA link, should be sent to:

"a) Director Federal Bureau of Investigation,

Attention: Information Resource Division,

10 Pennsylvania Avenue, N.W.,

Washington D.C. 20535

1. b) General Secretary of the Council of the European Union, FAO The President,

Rue de la Loi 175,

B-1048 Brussels,

Belgium."

The number of signatories to the "Memorandum" is open-ended, any country can join providing the existing member states agree. It invites "participants" because "the possibilities for intercepting telecommunications are becoming increasingly threatened" and there is a need to introduce "international interception standards" and "norms for the telecommunications industry for carrying out interception orders" in order to "fight.. organised crime and for the protection of national security."

By October 1996 Australia, Canada and the US had informed the European Council in Brussels of their support for the "Requirements", Norway had signed the "Memorandum of Understanding", and Hong Kong and New Zealand are "considering the means by which they could support the "Requirements"." Ongoing meetings of "experts" from these six countries and the EU are being organised under the "informal title of ILETS (International Law Enforcement Telecommunications Seminar)".

The FBI "Requirements"

A comparison of the "Requirements" and the "Glossary" in the Resolution adopted in January 1995 by the EU and the two reports by the FBI entitled: "Law Enforcement REQUIREMENTS for the surveillance of electronic communications" (June 1992 and June 1994) shows them to be the same in almost every respect. The only difference is that the EU's "Requirements" have a couple of additional provisions to cover the linking of different telecommunications providers (eg: Germany, Austria and Spain). Some of the terminology is quaint. The term "law enforcement agencies", a American term, is used in both but is not defined in the EU version. It can be presumed to cover police, intelligence agencies (MI6 and GCHQ), internal security agencies (MI5), customs, tax, and immigration agencies. The US-FBI use of the term "transparency" has strange ring in European understanding, it is taken to mean ensuring that the subjects of the interception are "unaware of ongoing electronic surveillance".

The nine "Requirements" in the FBI report are directly repeated in the EU's ten "Requirements" with similar or in some cases the same terminology. For example, the EU's "Requirement" no 1 says:

"Law enforcement agencies require access to the entire telecommunications transmitted, or caused to be transmitted, to and from the number or other identifier of the target service used by the interception subject."

The FBI's "Requirement" no 1 says:

"Law enforcement agencies require access to the electronic communications transmitted, or caused to be transmitted, to and from the number, terminal equipment, or other identifier associated with the intercept subject... "

While "Requirement" no 2 for the EU reads:

"Law enforcement agencies require a realtime, fulltime monitoring capability for the interception of telecommunications."

And, the FBI's "Requirement" no 2 reads:

"Law enforcement agencies require a realtime, fulltime monitoring capability for intercepts."

"not a significant document" - the Home Secretary

The Chair of the Select Committee on the European Communities in the House of Lords, Lord Tordoff, took up the "Memorandum" with the Home Secretary, Michael Howard, in an exchange of letters on the Committee_s access to documents for scrutiny. On the subject of the "Memorandum of Understanding on the Legal Interception of Telecommunications" Mr Howard told Lord Tordoff:

"The Memorandum of Understanding is a set of practical guidelines to third countries on the lawful interception of telecommunications. It is not a significant document and does not, therefore, appear to meet the criteria for Parliamentary scrutiny of Title VI documents." (emphasis added)

It is quite clear from this Briefing that the "Memorandum" is not an insignificant document concerning as it does a EU-US plan for global telecommunications surveillance.

After the Guardian newspaper carried a front-page report on Statewatch's research Mr Howard wrote the following letter to the paper:

"You alleged, quite wrongly, that the United Kingdom was clandestinely joining its EU partners to create "an international telecommunications tapping system" (Britain to join FBI phone tap system, February 25).

We have never disguised the fact that interception of communications is an important tool in the fight against organised crime and, clearly, we need to ensure that we can keep up as organised criminals and their means of communication become increasingly sophisticated and international. But that does not justify the alarmist tone of your article, which confused a number of separate issues.

The UK is not party to any agreements concerning our interception of calls outside this country. Nor do we allow calls here to be Intercepted by foreign governments. The International User Requirement, which outlines recommended technical standards for lawful interception, far from being a secret document, was published in the EU Official Journal last year and repeated, in substance, in a document which has been placed In the libraries of both Houses of Parliament. Similarly, there is no secrecy attached to the Government's proposals on encryption which were announced last June and will be set out in a consultation paper which will be published shortly.

It is no secret that discussions are taking place within the EU context about how current interception capability can be maintained as the use of "satellite" phones increases. Any changes to our interception regime to take account of this will almost certainly require domestic primary legislation, giving Parliament and the public full opportunity to discuss these matters." Michael Howard (MP), Home Secretary, Queen Anne's Gate, London SW1H 9AT.

Statewatch's editor replied:

"Your report of our research on the new EU-FBI global telecommunications surveillance system (25 February) is termed "alarmist" by the Home Secretary Mr Howard (1 March).

Faced with a new generation of satellite-based telecommunications for phone calls, e-mails and faxes the EU Council of Ministers have laid down new standards for manufacturers and service providers if they want to get contracts. These "Requirements" will create a system which can monitor everyone and every form of communication and it is one which Mr Howard admits will require "primary legislation" to update the 1985 Interception of Communications Act.

Mr Howard says the new measure was deposited in parliament but this was after it had been agreed. He failed to refer the Resolution setting up this system to the Select Committee on the European Communities for parliamentary scrutiny when it was being discussed in the K4 Committee in April, November and December 1994. Or before it was discussed by the Council of Justice and Home Affairs Ministers in March 1994 and or finally agreed, in an unpublicised decision, by "written procedure" via telexes sent out from the Council in Brussels in January 1995. It was "secret" until it had been adopted without any parliamentary scrutiny. Mr Howard says "The UK is not party to any agreements concerning our interception of calls outside this country. Nor do we allow calls here to be intercepted by foreign governments". Clause 2.3.d of the Police Bill currently before parliament would allow the tapping of phones and communications (and entry into homes and offices) on behalf of any "law enforcement agency" in the world. The UK does not allow interception by "foreign governments" it will do it for them.

He also seems to be unaware of the 1948 UKUSA agreement whereby the UK's GCHQ in Cheltenham and the US National Security Agency (NSA) at Menwith Hill in Yorkshire and Morwenstow in Cornwall routinely intercept telecommunications including e-mails and faxes (through the ECHELON network).

The "Memorandum of Understanding" drawn up by the EU and the FBI extending the system to non-EU states like Canada, Australia, New Zealand, Norway, the USA and Hong Kong, is in Mr Howard's words "not a significant document".

People and parliament might have been "alarmed" if they had been told what was going on." Tony Bunyan, Editor, Statewatch (paras 4, 5 & 6 were not printed)

Mr Howard did not reply.

Conclusion

Whether the EU effectively adopted in 1995 the "Requirements" drafted by the FBI back in 1992 is perhaps not the issue. What is however is that while in the US the taking of new, intrusive, surveillance powers by the "law enforcement agencies" was debated and adopted through their democratic process, in the EU the decision was taken in secret by "written procedure" with no democratic discussion at all in the parliaments of the European Union.

Sources: Publication of Council Resolution of 17 January 1995 on the lawful interception of telecommunications, Report from Police Cooperation Working Party to Steering Group II, 8977/96, Limite, ENFOPOL 121, 11.7.96; Interception of communications, report to COREPER, ENFOPOL 40, 10090/93, Confidential, 16.11.93; Memorandum of Understanding concerning the lawful interception of telecommunications, ENFOPOL 112, 10037/95, Limite, 25.11.95; Legally permitted surveillance of telecommunications systems provided from a point outside the national territory, report from the UK delegation to the Working Group on Police Cooperation, ENFOPOL 1, 4118/95, Restricted, 9.1.95; Electronic Privacy Information Center, Washington, USA; Chapter 4, "Pre-Wiretapping Telephones", by David Banasar in Electronic Privacy Sourcebook (forthcoming, June 1997), John Wiley and Sons, NY. Copies of Statewatch's interim report on "European Union and FBI launch global surveillance system" are available for £2.00 (inc p&p).

CHRONOLOGY

June 1991: first FBI Bill withdrawn from US Congress

June 1992: FBI produced "Law Enforcement REQUIREMENTS for the surveillance of electronic communications"

Autumn 1992: second FBI Bill withdrawn from US Congress

1993: FBI host a seminar in Quantico attended by the EU

29-30 November 1993

The first meeting of the new, post-Maastricht, Council of Justice and Home Affairs Ministers meeting in Brussels adopt a Resolution calling on experts to compare the needs of the EU "with those of the FBI"

March 1994: The Council of Justice and Home Affairs Ministers discuss but do not adopt a draft Recommendation of principle August 1994: third, and successful Bill introduced in US Congress April, November and December 1994: The K4 Committee discusses the draft Resolution on the lawful interception of telecommunications and the "Requirements" to be placed on network and service providers

October 1994: US Bill passed and signed by Clinton

November 1994: The K4 Committee discusses the draft "Memorandum of Understanding with third countries".

17 January 1995: The Resolution on the "Requirements", never discussed by the Council of Ministers is adopted by "written procedure". It is not published in any form until 4 November 1996 when it appears in the Official Journal.

23 November 1995: The Council of Justice and Home Affairs Ministers agree the "Memorandum of Understanding". It is not published in any form

7 May 1996: Michael Howard, the Home Secretary, tells the Chair of the Select Committee on the European Communities in the House of Lords that the "Memorandum of Understanding on the legal interception of communications" is "not a significant document". 28 November 1996: The Council of Justice and Home Affairs Ministers agree the text of a letter to be sent out to other potential "participants" (countries) in the "Memorandum of Understanding".

K4 Committee: Also set up under the Maastricht Treaty to coordinate the work on the "third pillar" - policing, immigration and asylum, and legal cooperation. Is comprised of senior officials from Interior Ministries and prepares report to go to the Council. Under the K4 Committee there are three Steering Groups covering policing and customs, immigration and asylum, and legal cooperation (civil and criminal) to which a series of Working Groups report.

COREPER: the Committee of Permanent Representatives from each EU state based in Brussels.