(Patrick Semansky/AP)
(Patrick Semansky/AP)

Europe is in a state of furor over wiretapping by the National Security Agency. The French Foreign Minister has summoned the U.S. ambassador to complain about apparent U.S. surveillance of millions of French citizens. Germans are upset that the United States appears to have bugged the cellphone of German Chancellor Angela Merkel. What do you need to know about what’s going on? As it happens, Abraham Newman and I have been writing a book about privacy, security and information in the transatlantic relationship — the below builds on some of the arguments in the book (although I, not Abe, am completely to blame for any misfiring predictions in this post).

Yes, the Europeans are being hypocritical. It doesn’t matter.

Some U.S. commentators (and some European sympathizers), suggest that the Europeans are a bunch of whining hypocrites. They point out that France spies on its allies too — a lot — and that the German intelligence services have frequently benefited from NSA information. All of this is true, but beside the point. Imagine how Americans would react if they read in the newspaper that France had surreptitiously cracked the encryption on President Obama’s Blackberry, and been reading his e-mail and listening to his phone calls for years, as well as tapping the communications of millions of Americans. They’d be outraged, and no amount of earnest French punditizing about how America was hypocritical and spied on France, too, would calm them. Germans and the French feel like those imaginary Americans right now. Whining about European whiners doesn’t actually tell Americans anything very useful.

Timing isn’t everything, but it counts for a lot.

These scandals arrive at a difficult moment for U.S.-E.U. relations. Over the last couple of years, the United States has been trying to persuade Europeans to water down their imminent privacy law, which initially demanded that businesses (a) tell European authorities whenever they hand over personal information on E.U. citizens and (b) inform the citizens themselves. A few months ago, it looked as though Secretary of State John Kerry’s brother Cameron Kerry (who works at State) had succeeded in persuading the Europeans to get rid of this clause. Then, when the [former NSA contractor Edward] Snowden scandals started to erupt this summer, the clause was reinstated by the European Parliament, which voted on the new law on Monday. The United States had hoped to persuade Europe’s member states to demand that the clause be removed in the next stage of lawmaking (when the Parliament negotiates with the member states). The new revelations make this much tougher to pull off.

Cheap talk suggests that Europeans are divided.

It’s going to be hard to get the Europeans to agree to send a costly signal to the United States. Some member states, like Britain, have no great problem with U.S. spying. Others do have a problem, but don’t want to cut off their noses to spite their faces. Over the last couple of days, there was speculation that the Europeans might pull out of trade talks with the United States. This wasn’t ever especially likely, and European heads of government have now made it clear that it won’t happen. Instead, they issued an anodyne statement about the spying allegations. This statement reflects the divisions among European Union member states. Britain is particularly opposed to any threats to break off cooperation with the United States, and has its own little European spying problem – the Snowden documents suggest that Britain’s intelligence service was spying on Belgian telecommunications provider Belgacom.

Merkel has hinted that the European Union might pull out of the SWIFT agreement, under which it shares financial information with the United States’s Terrorist Financing Tracking Program unless the United States changes its ways. However, the European Union is unlikely to deliver on this threat — it would take agreement among a large majority of European Union member states to scuttle the agreement. Furthermore, U.S. diplomatic cables released by WikiLeaks a couple of years ago suggest that Merkel personally values the SWIFT agreement very highly. It’s going to be hard for the Europeans to reach unanimity on any credible threat that might force the United States to back down.

But the United States still faces big problems over the medium term.

The problem for the United States is that the Europeans have a credible threat that doesn’t require unanimity. The new privacy law — and the clause restricting how businesses (including companies like Google and Microsoft) share personal data with U.S. authorities – create a natural threat that is much easier for the European Union to deliver on. The European Parliament and the Council of member states will have to negotiate with each other on the final form of this legislation, in a process somewhat similar to the reconciliation negotiations that take place between the U.S. House of Representatives and the U.S. Senate. The European Parliament has set the agenda in ways that make direct confrontation between the European Union and the United States more likely. The scandals mean that it will be tough for countries like Germany, France and Italy to accept the removal of privacy protections for European citizens. Britain will surely try to assemble a blocking minority, but may have a hard time doing it.

What Britain has done is to push to delay the legislation as long as possible, hoping that the politics will change in the meantime. Originally, the European Parliament and the European Union’s executive body hoped that the final version of the legislation would be negotiated before next May, when there are new elections to the Parliament. Now, the member states are talking about passing the legislation some time in 2015. This is a victory for Britain, the United States, and U.S. firms like Google and Facebook, who hope to bury the more restrictive aspects of the legislation. But it isn’t at all clear that the politics will change in the way that these people hope. It’s clear that there is much more material that has yet to be released from the Snowden files, meaning that the scandal is unlikely to dissipate over the next year. Nor is it at all clear that the composition of Parliament will shift in ways that make Parliamentarians easy to manipulate.

Other places have domestic politics too.

What’s hardest for Americans to understand is that these decisions will in part be driven by the internal politics of the European Union. Even the most sophisticated Americans sometimes have difficulties in understanding that other countries and systems have domestic politics too. They tend to see international relations as revolving around the United States, its internal politics, and its relationships with other countries, not realizing that these other countries have their own internal politics, which can be just as complicated as their American equivalent. Interests in other countries may seize upon international issues to remake coalitions and discomfit their political opponents.

Two internal European factors are particularly important. First, the European Parliament wants to extend its power and influence over European politics. Up until a few months ago, it seemed to have concluded that the best way to do this was through building up new security institutions within Europe, with the cooperation of European and U.S. security officials. Now, however, the Snowden revelations appear to have changed its calculus, so that it thinks that there is more to be gained from opposing the United States than cooperating with it. This means that Parliament is unlikely to back down over ‘European civil rights.’ It also means that it will be very tough to get any new agreements affecting privacy rights through the Parliamentary process.

Second, European privacy officials or so-called ‘data protection commissioners,’ have independent authority within Europe’s member states, which will be greatly strengthened under the proposed legislation. Again, they have an institutional interest in activism. Expect them both to push for the strongest possible privacy protections in E.U.-U.S. relations, and to have strong incentives to go after U.S. Internet services with European customers, so as to expand the outward reach of European privacy law. The new legislation will probably allow these officials to threaten large penalties against businesses which do not comply with European law. The United States has gotten very adept over the last few years at expanding the extraterritorial reach of its regulators. It may be about to get a quite unpleasant-tasting dose of its own medicine.