Stay on Top of Enterprise Technology Trends
Get updates impacting your industry from our GigaOm Research Community
Mass surveillance by intelligence agencies is almost certainly illegal under international law, even where it involves collecting but not looking at people’s data, the United Nations human rights chief has advised.
In a damning but cautiously phrased report on Wednesday, U.N. High Commissioner for Human Rights Navi Pillay (pictured) recommended that governments review their national laws, policies and practices to check that they do comply with international human rights law, then fix them if they don’t. The report doesn’t name names, but it’s not very hard to see that much of it applies to the activities of the U.S. and its various intelligence partners.
“The very existence of a mass surveillance programme creates an interference with privacy,” Pillay said in a speech. “The onus is on the State to demonstrate that such interference is neither arbitrary nor unlawful.”
So, where’s the law being broken?
Not playing by agreed rules
The key treaty here is the International Covenant on Civil and Political Rights (ICCPR), the signatories to which include the U.S., the U.K. and most nations of note (China signed but didn’t ratify the treaty; the U.S. signed and ratified, but with reservations). In particular, Article 17 of the ICCPR grants everyone a right to privacy.
Here are some key points from Pillay’s report (and again, any reference to a specific country is my added interpretation and commentary):
- Hey U.K., it seems forcing communications providers to retain customer metadata for intelligence and law enforcement purposes appears neither necessary nor proportionate: “It will not be enough that the measures are targeted to find certain needles in a haystack; the proper measure is the impact of the measures on the haystack, relative to the harm threatened; namely, whether the measure is necessary and proportionate.”
- So much for the it’s-not-surveillance-if-we’re-just-collecting-the-data argument: “[T]he collection and retention of communications data amounts to an interference with privacy whether or not those data are subsequently consulted or used.”
- Just because it’s “lawful” under national law doesn’t mean it’s actually lawful, if it clashes with the ICCPR and the relevant country is a signatory.
- “[S]haring of data between law enforcement agencies, intelligence bodies, and other State organs risks violating article 17 of the Covenant, because surveillance measures that may be necessary and proportionate for one legitimate aim may not be so for the purposes of another.” Cough cough FBI, NSA and CIA.
- “Secret rules and secret interpretations – even secret judicial interpretations – of law do not have the necessary qualities of ‘law’… a law that is accessible, but that does not have foreseeable effects, will not be adequate.”
- Countries can’t give foreigners fewer human rights than they do their own citizens: “To conclude otherwise would not only undermine the universality and essence of the rights protected by international human rights law, but may also create structural incentives for States to outsource intelligence to each other… International human rights law is explicit with regard to the principle of non-discrimination.”
- As for the complex web of intelligence operations that allow global mass surveillance while skirting national laws: “Such practice arguably fails the test of lawfulness because… it makes the operation of the surveillance regime unforeseeable for those affected by it.”
- Again, one for the U.S.: “If a country seeks to assert jurisdiction over the data of private companies as a result of the incorporation of those companies in that country, then human rights protections must be extended to those whose privacy is being interfered with, whether in the country of incorporation or beyond. This holds whether or not such an exercise of jurisdiction is lawful in the first place, or in fact violates another State’s sovereignty.”
- “In several countries, judicial warranting or review of the digital surveillance activities of intelligence and/or law enforcement agencies have amounted effectively to an exercise in rubber-stamping.”
Pillay also noted a few points that don’t directly relate to governments’ own surveillance programs:
- States that don’t “take effective measures to protect individuals within their jurisdiction against illegal surveillance practices by other States or business entities” are “in breach of their own human rights obligations.”
- “Mass surveillance technologies are now entering the global market, raising the risk that digital surveillance will escape governmental controls.”
- Companies that hand over customer data “in response to a request that contravenes the right to privacy under international law”, or that sell mass surveillance technology to countries “without adequate safeguards in place or where the information is otherwise used in violation of human rights,” risk being complicit in human rights abuses. If they’re in this position, they should interpret government demands as narrowly as possible and ask to see court orders.
What’s the effect of this report? For one thing, it gives some backing to those who want to sue over non-compliance with the treaty – not so much in the U.S., though, because that country bars any “private cause of action” over ICCPR compliance in U.S. courts.
Most importantly, though, it will make it a darn sight harder for our governments to maintain that what they’re doing is legal under international law.