Author: Didier Bigo
In the wake of disclosures by Edward Snowden surrounding PRISM and other US surveillance programmes (Upstream, Xkeyscore), it is important to assess large-scale surveillance practices in other parts of the world and especially those in Europe. Some EU member states have been regularly quoted : the UK, Sweden, France, Germany and the Netherlands.
Media reports have been keen to immediately oppose the US versus the EU, either to blame only the US, or to consider that if every state was carrying out this form of surveillance, then it was just a technological extension of traditional espionage and we just had to adjust to this new parameter without complaining. This paper contends that it is a false alternative. Studies on the « national programmes for mass surveillance of personal data in EU member states and their compatibility with EU Law » and the previous one on « The US surveillance programmes and their impact on EU citizens’ fundamental rights » show that at the heart of this surveillance there is a specific transnational network of intelligence services hybridised with private contractors and major Internet and telecommunications firms. 
The key components include the NSA, but not directly the FBI or CIA ; GCHQ, but not directly the Metropolitan Police Service Counter Terrorism Command, known within the Met as SO15. Private companies have collaborated or have been forced to collaborate with them. The National Security Agency (NSA) has intercepted electronic communications through warrantless wiretapping of cable-bound internet traffic (UPSTREAM) and via direct access to personal data stored in the servers of US-based private companies such as Microsoft, Google, Yahoo, Facebook, Paltalk, Youtube, Skype, AOL, Apple (PRISM). This has allowed the US authorities to access stored communications and to perform realtime collection on targeted users, through cross-database search programmes such as X-KEYSCORE. GCHQ has routinely intercepted data through undersea cables and 200 of the UK-based fibre-optic cables that transmit data in and out of the British Isles. The technique of directly tapping fibre-optic cables entering and exiting the UK (known as Special Source Exploitation) appears to have given GCHQ access to unprecedented quantities of information. In terms of scale, leaked official documents claim that by 2012 GCHQ was able to process data from at least 46 fibre-optic cables at any one time, giving the agency the capacity to intercept, in principle, more than 21 petabytes of data a day. It has been alleged that the data intercepted and processed consists both of ‘content’, referring to recordings of phone calls, content of email messages, entries on Facebook, history of an internet user’s access to websites etc, as well as ‘metacontent’: data recording the means of creation of transmitted data, the time and date of its creation, its creator, location where created.  Seven companies (BT, Vodafone Cable, Verizon Business, Global Crossing, Level 3, Viatel and Interroute), are referred in leaked documents as ‘intercept partners’ which together operate a large proportion of the undersea fibre-optic internet cables. 
The NSA and GCHQ operate together and have an exchange of services that may allow them to bypass the specific restrictions imposed by their domestic legal frameworks concerning surveillance and foreign intelligence gathering. They are at the core of a collaboration with other countries via the old « five eyes » network that includes the interception services of Canada, Australia and New Zealand, which was well known through research on Echelon. If we are to believe Duncan Campbell, this network has been extended to the FRA of Sweden because of Sweden’s strategic positioning near cables going through the Baltic states and Russia.  NSA and GCHQ are also in other transnational networks and seem multipositioned, unlike other intelligence services that have only one or two multinational channels of cooperation. They had or still have partnerships with the French DGSE services under the name of Alliance Base or its successor that comprises the « five eyes » -except New Zealand- and the DGSE as well as the German BND. Through this network a database has been put in place allowing each nation to get access to all the information gathered.  But it does not seem that either the DCRI or other French services nor German BKA are participating. They are considered as « clients » of this metadata bank (which in France is named mutualisation infrastructure). In addition the level of cooperation seems more limited, and may be centred around sharing of knowledge on the Middle East and Africa.
It is therefore interesting to note that transnational cooperation is restricted to some intelligence services intercepting and collecting data, and not to other services more specialised in counter-terrorism policing, even if the latter is the ostensible first justification of the data collection and extraction. These police services have in different countries expressed their surprise at the scale of the collection and have even declared that what they were receiving was not very useful, for their investigations rely more on Human Intelligence and network-based approaches. It may be a strategy of distantiation from the crisis, but it shows that the transnational nature of segmented networks is a central phenomenon. We have previously referred to this network as ‘a guild of professionals of the management of unease’, acting in a transnational field of power, whose centre of operation is transatlantic and which challenges the national field of the professional of politics.  This hypothesis merits more development concerning at least three groups of programmes: the ones concerning the movement of information and correspondence through internet and its interception, collection and extraction, the movement of persons and border control, and the movement of capital and freezing of assets.
The first one concerns of course the movement of information through electronic communications that the Snowden revelations have disclosed. The second one the emergence of « smart » borders that electronically collect information on passengers and try to trace the movement of persons, to categorise these travellers between the « trusted » ones and the « others », to establish « no fly » lists and « terrorist watch lists ». PNR-API- CAPPS-US Visit- or Schengen VIS and SIS, ESTA, Entry (and Exit) systems both in the US and in the EU are now familiar terminologies for all those who travel, even if only the specialists have the capacity to understand the subtle differences between the US and EU systems, their different functional logic, and their different justifications. The third one concerns the movement and traceability of « dirty » money with the idea of freezing assets linked to organised crime and terrorist activities. In this case too, a long list of organisations including banks, have decided to collect information on private individuals in order to detect suspect transactions. Newspapers have for a couple of years rendered their readers familiar with the role of the SWIFT company, the TFTP, the UN terrorist blacklist and the freezing of their assets.
In my view we still lack a complete picture. It looks more like we only have fragmented pieces of disconnected information. One possibility is to leave it for historians to eventually settle the picture. Another option is to play with the actual puzzle, even if some pieces are lacking, as if we were « pre-historians ». We need to understand from the different fragments what the relations are, if any, between these programmes or group of programmes. Is one of them « exceptional » and different from the others by its scale and encroachement of data protection, privacy and presumption of innocence, or are they all forms of routine security practices? Are the forms of surveillance of travelling, financial and internet activities embodied into these programmes justified by the struggle against terrorism and crime, by national and economic security, by cyberdefense and hegemonic positions? Are they the answer to an exceptional threat? Or might they be constructing this threat by delineating its boundaries? Could we believe what the authorities say concerning their practices?
Given the large-scale nature of the surveillance practices at stake in these programmes, which represent a reconfiguration of traditional intelligence gathering, it is important to analyse these transnational guilds operating large scale surveillance programmes on the cyber subjects of the world. This is specially important when they are carried out without warrant and self-certification of their own objectives. The question cannot be reduced to a so-called « security first » argument or even to a balance between data protection versus national security, it has to be framed in terms of the relations between counter terrorism and (counter)spying activities’ impact on privacy, collective freedoms and democracy.
 E. MacAskill et al. (2013) ‘GCHQ taps fibre-optic cables for secret access to world’s communications’, The Guardian, 21 June 2013. http://www.theguardian.com/uk/2013/jun/21/gchqcables-secret-world-communications-nsa.
 J. Ball, L. Harding and J. Garside (2013), BT and Vodafone among telecoms companies passing details to GCHQ, The Guardian, 2 August 2013.
 Statement by Duncan Campbell at the European Parliament’s LIBE Committee Inquiry on Inquiry on Electronic Mass Surveillance of EU Citizens, 1st Hearing, 5 September 2013; N. Hopkins, J.Borger and L. Harding (2013)
 Hearing of Érard Corbin de Mangoux, Director-General of the DGSE, on 20 February 2013, before the French National Assembly’s Committee on National Defence and Armed Forces. See Assemblée Nationale (2013), Commission de la défense nationale et des forces armées, Compte-rendu n° 56, available on www.assemblee-nationale.fr/14/cr-cdef/12-13/c1213056.asp.
 Bigo, D.,(2013), The Transnational Field of Computerised Exchange of Information in Police Matters and Its European Guilds, in Transnational Power Elites: The New Professionals of Governance, Law and SecurityNiilo Kauppi, Mikael Madsen. p. 155.
UPDATE 8th November 2013
Didier Bigo has recently co-authored an EU report on ‘Mass Surveillance of Personal Data by EU Member States and its Compatibility with EU Law’. More details and press coverage below:
EU Observer: http://euobserver.com/justice/122030