Poland's Surveillance Programs Could Be Worse than the NSA

The United States has many intelligence agencies meant to preemptively or reactively use communication data to fight crime and terrorism. These agencies constantly have their ear to the wire—listening for nefarious utterances. The US is a big country, with roughly 317 million citizens at the time of writing, and it has 11 major intelligence agencies (depending on how you qualify that). Of those 11 big boys, only a few are well-known for major intelligence work: the NSA, the CIA, the FBI and the Department of Homeland Security. Poland, a country of around just 39 million, has nine agencies and several forms of law enforcement that handle intelligence.

Poland’s agencies are without some of the chains that slow down many American bureaus. I spoke with Katarzyna Szymielewicz, co-founder and president of the Panoptykon Foundation. The Panoptykon Foundation was set up in 2009 by a group of lawyers in order to protect Polish people from unjust surveillance and incrimination by way of technology-based interception. They’re a group of lawyers you can actually appreciate.

“Internal Security Agency (ABW), Foreign Intelligence Agency, Central Anti-Corruption Bureau (CBA), Military Counterintelligence Service, Military Intelligence Service, Border Guard, Military, Gendarmerie of the Polish Armed Forces, fiscal control bodies, and the Customs Office,” are the agencies Szymielewicz told me can access telecommunications data for 12 months after its collection without any oversight or safeguards. “Being a Polish citizen, you can quite easily imagine being persecuted by one of these bodies and your telecommunication data [can be] used against you in your case. For example, there was a case where billing data of a journalist was used by the Central Anti-Corruption Bureau to track back his sources.”

The European Union has laws that all members must adhere to. These laws include rules for data retention and privacy, and Szymielewicz argues that Poland has gone quite far beyond what the laws stipulate. Instead of using data to investigate serious crimes and prevent terrorism, the Polish laws allow all of the agencies involved and law enforcement to use data for minor crimes. Don’t text your dealer for weed in Poland.

“Rules stemming from this legal matrix differ for various kinds of personal data but are the most relaxed in the case of telecommunication metadata (billing, location and subscribers data). All intelligence and security agencies can gain access to citizen’s data without any judicial control or other independent oversight, if only they believe that such access is necessary for their operations. The only limitation stems from their internal rules and control mechanisms,” she said.

She claims the collection and utilizing of data is not targeted, but it is instead done on a “just in case” basis. The program is not so different from that of the NSA’s, but it can be used by far more peering eyes. At this point, the number of requests for data in Poland is at an astonishing 2 million per year. In other EU states, that number is only in the hundreds of thousands.

Szymielewicz outlined for me exactly what she thinks needs to be done:
“1. Introducing independent, external oversight (in a perfect scenario it would always be necessary to ask a prosecutor or a judge, depending on the type of data requested and how much it affects privacy, for consent before getting access to personal data of a defined person.

2. Limiting the number of intelligence agencies that are entitled to access our telecommunication data to what really is necessary.

3. Limiting the purposes for which telecommunication data can be requested to what really is necessary (e.g. to serious crimes and crimes committed with the use of electronic services).”

Even though the amount of requests is already at least twice as high as most other EU countries, the numbers are growing. Not to mention, “there are controversies about the methodology used in counting the number of requests, but the trend remains visible.” Szymielewicz says that the numbers are not the most important thing, but it is the lack of transparency and safeguards, which are allowing abuses to occur.

Because of the lack of transparency, and the government’s refusal to provide the information she has specifically requested, there is also no way to know who else is involved in Poland’s program. Szymielewicz won’t go as far to say that the NSA is involved in Poland’s program, but she says, “I believe that there are grounds to believe that other governments - in particular the United States - benefit from the Polish data retention program and vice versa. If you look at PRISM and other mass surveillance programs carried by the US, there are many features that resemble what we call ‘blanket data retention’ in Europe.”

It is easy to only see the smaller scope of the intelligence problem when we focus on the NSA and other such American agencies. The problem with that is the internet is a global machine. Everything you type, on the internet or not, has the possibility of being seen by anyone, anywhere, if they have the proper methods of retrieving it. The Snowden case opened the public’s eyes to what is happening to them within their own country—but surveillance goes on beyond our borders too.