The Day We Fight Back: Poland Fights Back Against Unchecked Surveillance

Katitza Rodriguez
Electronic Frontier Foundation

In 2013, we learned digital surveillance by the world’s governments knows no bounds. The NSA and other investigative agencies are capturing our phone calls, tracking our location, peering into our address books, and collecting our emails. They do this in secret, without adequate public oversight, and in violation of our human rights. We won’t stand for this anymore. On Tuesday February 11, the world is fighting back.

In anticipation of the first united, worldwide action against mass spying, we asked Katarzyna Szymielewicz, Executive Director of the digital rights organization, Panoptykon Foundation, a signatory to the 13 Principles against mass surveillance, to let the world know how her team is fighting back.

When it comes to surveillance, what’s the biggest problem in Poland right now?

Katarzyna Szymielewicz: The Polish mandatory data retention law. When implementing the European law on data retention, which compels telecom service to retain metadata for certain period of time, Poland not only opted for the most privacy-intrusive solutions but in some respects went further than what is permitted by the European directive. The Europe-wide retention regime was introduced in order to increase availability of telecommunication data for the purposes of investigating and prosecuting serious crimes. Polish law goes further and allows for the use of data retention by law enforcement and nine (!) intelligence agencies in the performance of their “statutory duties”, which covers the prosecution of minor crimes as well as crime prevention.

As a result both law enforcement and the nine intelligence agencies can use telecommunication metadata almost without limitations and with no independent oversight.

Because of this flawed legal framework, the official number of requests for telecommunication data in Poland is staggering: almost 2 million per year (versus hundreds of thousands in other EU member states). Worse, the research carried out by Panoptykon Foundation showed that even these official statistics cannot be relied on.

Which are the pending battles that Panoptykon Foundation is fighting back?

The Panoptykon Foundation has been criticizing the Polish data retention law and calling for its revision since 2009. In 2011, the Polish Ombudsman brought a few cases to the Constitutional Tribunal, claiming that existing legal provisions are unconstitutional, particularly in their inadequate safeguards for citizens. Similar arguments and recommendations were made by the Supreme Audit Office in 2013. As a result the government has been required to revise the existing law and increase its checks and balances.

How bad Is the culture of secret surveillance in Poland?

Katarzyna Szymielewicz: Polish law does not provide for any reliable mechanism for verifying how many times and for what purposes public entities (law enforcement or any of the nine intelligence agencies) ask for citizens’ personal data. This problem affects all types of data and all types of requests: metadata and content; telecommunication, electronic services, banking, and social security data. Public entities have no legal obligation to register their requests nor publish their numbers or other details. Only telecommunication operators are required to collect statistics showing how many times they were asked for their clients’ personal information. However, our research showed that even these statistics cannot be relied on. It turned out that there is a significant discrepancy between the data collected by the operators and the statistics the Panoptykon Foundation obtained directly from police and intelligence agencies via Freedom of Information Act requests. Almost every entity applies different methods of collecting and interpreting data.

As far as the companies that offer Internet services are concerned (like Google, Facebook and their Polish counterparts), there is no legal obligation to collect or publish any data on requests made by public entities. As a result we have no way to verify the scale of state surveillance (be that Polish or US) in the domain of Internet services.

In 2013 Panoptykon Foundation published a report pointing to the lack of transparency of public requests for private data and demanding legal changes.

States should establish independent oversight mechanisms to ensure transparency and accountability of communications surveillance. Which is the current situation in Poland?

Polish law does not provide for any independent oversight over intelligence agencies. Only internal control mechanisms are in place, which cannot be treated as independent. As a result there is no way to verify whether Polish intelligence services observe any existing legal safeguards (including cooperation and data exchange with foreign counterparts) other than through journalistic investigation or whistleblowing.

What do we know about the cooperation between Polish and the United States’ secret services?

Not much, for now. Together with the Helsinki Foundation for Human Rights and Amnesty International Poland, the Panoptykon Foundation filed FOIA requests concerning Polish involvement in US mass surveillance programs and international cooperation between security services.

The three organisations wanted to know, among other things: whether Polish intelligence agencies cooperated with their US counterparts; whether any transfers of personal data were executed; and whether Polish agencies had access to PRISM or other surveillance programmes. Intelligence agencies and Polish government refused to answer these questions.

As a result, we are now going to take our demand for information to the Polish courts. It’s the next step in our “100 Questions” campaign, and one we’re taking on the Day We Fight Back.