Titles may not be my strong suit.
This is going to be a shorter, more focused newsletter than yesterdays, in part because of my own time constraints and part because I think the privacy issue doesn’t get enough attention in this country.
Project 2025, for those of you who do not know, is the blueprint the Heritage Foundation and several Trump advisors and former officials have put together to lay out their plans to remake American government and society. Remake is not too harsh a term — this is a very radical document. So radical, in fact, that Trump is trying to distance himself from it. It is a document outlining a plan to turn the American democracy into something very close to a presidential dictatorship.
Project 2025 has a brief mention of the Privacy Shield and its successors (which did not have so clearly Orwellian names, sad to say), a US-EU initiative that was invalidated in 2020. It was supposed to prevent the US from spying on EU data. But it was struck down by the EU court system for being pretty much useless at its job. The Biden administration negotiated a more stringent agreement and certain data is now allowed to flow from the EU to US data centers. For the moment — it would be remiss of me to point out that this agreement has yet to be challenged fully in EU courts.
Project 2025 hates that EU regulations that protect EU citizens, claiming that “[r]estrictions on data exports have been part of the trade conflict” and lamenting that such restrictions will “throw sand in the gears of important intelligence programs.” I am not a privacy absolutist — sometimes government do need information in order to stop or solve crimes. But the new Trans-Atlantic Data Privacy Framework (see? Boring name. Barely Orwellian at all. I am very disappointed in our nefarious intelligence agencies. More mustache twirling, guys. Makes the whole thing more fun.) doesn’t really have much in the way of teeth. It is largely a collection of “we promise to do betters”, commonsense ideas, and the Data Protection Court. Per the White House:
-
Signals intelligence collection may be undertaken only where necessary to advance legitimate national security objectives, and must not disproportionately impact the protection of individual privacy and civil liberties;
-
EU individuals may seek redress from a new multi-layer redress mechanism that includes an independent Data Protection Review Court that would consist of individuals chosen from outside the U.S. Government who would have full authority to adjudicate claims and direct remedial measures as needed; and
-
U.S. intelligence agencies will adopt procedures to ensure effective oversight of new privacy and civil liberties standards.
And, of course, the US companies only have to self-certify that they comply. Gee, I wonder how many have failed their self-certification?
Not a whole lot there, and what is there is pretty anodyne and unobjectionable. Why the heck would you surveil anyone that wasn’t connected to “legitimate national security objectives” and who can object to a system that does not “disproportionately impact the protection of individual privacy and civil liberties;”. No one who actually cares about the balance between privacy and security. I suspect that no one on the Trump Project 2025 teams can be described in that manner.
There is the Data Protection Review Court, but it does not have a lot of teeth and it operates largely in secret. Some of that is probably good — you don’t want to discourage people from coming forward by blasting their private data publicly. On the other hand, courts that act in secret tend to lack accountability. No one, for example, knows if it has even taken up a case. So, while it can make binding changes to US intelligence programs if they are found to violate privacy rights, there is no view into when, why, or who it has done so or will do so in the future.
Even that little bit of possible constraint is enough to send Trump’s Project 2025 into a tizzy, demanding that Trump “… suspend any provisions that unduly burden intelligence collection. At the same time, in negotiations with the Europeans, the United States should make clear that the continued sharing of intelligence with EU member states depends on successful resolution of this issue within the first two years of a President’s term.”
Nice collective safety you have there. Be a shame if anything happened to it. I should point out that they claim that EU intelligence agencies are not subject to these rules, and while they are not subject to these specific rules in all cases, that is because EU citizens have legal recourse against their governments and intelligence agencies abuse. They had no such recourse if the US violated their rights.
So why should Americans care — they aren’t EU citizens?
First, the conflict has a direct impact on American businesses and American privacy. The EU rules have a tendency to be reflected in business practices — unless there is a serious financial incentive to do otherwise, adhering to a common practice is general easier and cheaper than bespoke regional solutions. And EU regulations tend to be used as a model elsewhere -- look at the impact GDPR has had upon American regulations. We live in an interconnected world — when EU sneezes privacy, the US catches a privacy cold.
Just as importantly, it is an indicator of how deep a surveillance state the incoming Trump Project 2025 people want to build. Even this tiny level of privacy protections is an affront to their worldview. There is little discussion about surveillance of US persons, outside an obsession with the false claim that there was no evidence of Russian assistance to the Trump campaign. However, it does speak about using “irregular warfare” to act against state and non-state actors. It defines irregular warfare inconsistently, but does say, at one point, that it should be “A whole-of-government approach and willingness to employ cyber, information, economic, and counterterrorist irregular warfare capabilities should be utilized to protect the homeland.” Discussion of information almost always means gathering that information and “cyber” often includes digital mass surveillance.
Combined with the fact that the project wishes to entirely gut the independent civil service and place control of the intelligence agencies and military directly in the hands of the President with no effective oversight, the implications of such a rabid response to minimal privacy protections are concerning. One doesn’t have to read too deeply to understand that Trump Project 2025 boosters aren’t fond of oversight, privacy, or protecting American citizens from being spied upon by their own government.
Longer than I expected, but privacy is fundamental to being human. You cannot be your true, best self if you live under a constant surveillance, every action monitored and judged with no recourse or oversight.