Blogs

Building the foundations: Surveillance and the right to privacy at the UN in 2014

After remaining in the shadows for decades, the right to privacy is finally having its day in the sun at the United Nations.

And rightfully so, given how seriously the right has been uniquely threatened in the past few years. Technology continues to rapidly evolve in the digital age, Western intelligence agencies are undertaking mass and indiscriminate surveillance of the world's communications, and countries around the world are continually adopting heavy-handed policies that imperil privacy rights.

Today's passage of a resolution on the right to privacy in the digital age in the UN General Assembly is a critical step towards better protection of the right. The resolution recognises that any digital surveillance programme must be compliant with the right to privacy, and that any interference with the right to privacy must not be arbitrary and must be conducted on the basis of a legal framework, which is publicly accessible, clear, precise, comprehensive and non-discriminatory.

The resolution builds on what has been a busy year for privacy at the UN, and sets the stage for 2015. Next year, the United Kingdom's record on privacy and surveillance will be scrutinised by the Human Rights Committee. Other countries where the right to privacy is a concern, including Guinea, Kenya, Sweden, and Turkey, are also set to be reviewed by the Human Rights Council.

The most important moment for privacy in 2015, however, may come when the Human Rights Council meets in March, where it is expected to consider the establishment of a special mandate on the right to privacy, such as a UN Special Rapporteur. Privacy International has campaigned strongly for this special mandate over the past year. If established the mandate will provide a means for more robust and systematic monitoring of states' compliance with their obligations to respect and protect the right to privacy, and of further developing understandings of companies responsibilities as well.

Privacy at the UN in 2014

This past year saw the UN paying more attention to the right to privacy, and how surveillance technologies adopted by states and developed by companies pose a significant threat to the human rights around the world.

By and large, governments and companies have not yet been singled out for criticism by the UN, but the international legal framework applicable to the digital surveillance age has begun to emerge and there are indications (or at least expectations) that the UN human rights mechanisms will increase their capacity to monitor and assess states' compliance with their obligations to respect and protect the right to privacy.

In June, after consultation with stakeholders, including Privacy International, the UN High Commissioner for Human Rights released her report on the right to privacy in the digital age. The High Commissioner’s report lends substantial support to the propositions Privacy International have long advocated: that mass surveillance inherently interferes with human rights, mandatory data retention is neither necessary or proportionate, there is no persuasive difference between communications content and data when it comes to privacy, and States must extend human rights obligations to individuals whose communications pass through their jurisdictions.

The report proved to be a game-changer. It is increasingly seen as the yardstick against which to assess states' compliance with their human rights obligations, and some of its conclusions were reflected in the UN General Assembly resolution adopted today.

Following the publication of the report, Privacy International participated in a UN Human Rights Council panel discussion on the right to privacy in the digital age in September. Government representatives and other participants by and large agreed with the analysis contained in the Commissioner's report and on the need to develop the interpretation of international standards on the right to privacy to address the current challenges and to ensure robust international scrutiny on the practices. As such, the discussion paves the way for further engagement by the Council on this issue in March 2015.

Many states continued to justify mass surveillance as a means to address the perceived threats posed by terrorism. The UN Special Rapporteur on counter-terrorism and human rights report on counter-terrorism and mass digital surveillance released in September begins to address these arguments. Reflecting on the increased capacity of modern communication technologies to interfere with privacy, he notes that “the fact that something is technically feasible, and that it may sometimes yield useful intelligence, does not by itself mean that it either reasonable or lawful”.

The Rapporteur leaves the door open to states to demonstrate that their practices of mass surveillance comply with the principles of legality, necessity and proportionality. While Privacy International believes that mass surveillance is inherently disproportionate and therefore violates the right to privacy, putting the onus on the states to come up with a reasonable justification for such practices may have the positive effect of lifting the veil of secrecy that surrounds the work of many intelligence agencies. Whether states will publicly articulate their policies, publish information on their practices and allow meaningful oversight of their actions will be among the things to watch for in 2015.

At the political level, the right to privacy is also gaining traction, as seen by the passage of today's resolution by the General Assembly. The resolution calls on states to review their procedures, practices and legislation regarding surveillance to ensure that they are in line with their obligations under human rights law; to establish independent and effective oversight mechanisms over state surveillance's practices and to provide effective remedy to those individuals whose right to privacy has been violated by unlawful or arbitrary surveillance.

More limited progress was made in the context of the Universal Periodic Review (UPR.) Government representatives still did not systematically raise concerns regarding the right to privacy even when reviewing countries where serious concerns have emerged on the unlawful intrusion in the privacy of its citizens, including for the purposes of stifling legitimate dissent. The review of Egypt provided a stark example of such failure: despite information provided by Privacy International and other NGOs, the UN Human Rights Council's Universal Period Review (UPR) mechanism failed to address privacy and surveillance issues in any meaningful manner during the official review of Egypt in October 2014.

While the UN human rights mechanisms tend to focus on the responsibility of states, the role of companies has also received increased attention. The Third UN Business and Human Rights Forum in December 2014 reflected upon the state's growing reliance on companies to conduct and facilitate digital surveillance. In its intervention at the plenary session, Privacy International pointed at the responsibility of internet and telecommunication companies to respect human rights, including by resisting demands of states to unlawfully interfere with their customers' privacy and providing greater transparency.

What remained unaddressed, at least in the official agenda of the Forum, was the role and responsibility of the surveillance industry. Their staggering growth and the capacity that these technologies have to infringe the right to privacy and other human rights deserve more international scrutiny. To address this gap, Privacy International organised a well-attended side event during the Forum and plan to keep pushing for the responsibility of the surveillance industry to respect human rights to be addressed in 2015.

Preview of 2015

Privacy International expects that the right to privacy will remain firmly on the agenda of the UN next year.

The Human Rights Committee has already raised serious concerns about the practices of the NSA when it reviewed the report of the USA in March 2014. Next year, it is due to consider the report of the United Kingdom, and it has already requested additional information on the practices of mass surveillance employed by the GCHQ. Similarly Uzbekistan, whose human rights record was among those reviewed in our report on surveillance in central Asia, will also be reviewed by the Committee next year.

Privacy International expects that governments will seize opportunities to raise questions and recommendations on the application of the right to privacy in the forthcoming UPR reviews. Privacy International has submitted briefings on Guinea, Kenya, Sweden and Turkey, which will be reviewed at the 21st UPR session in January 2015, and it is planning to provide information on other countries throughout 2015.

Perhaps the most significant opportunity to consolidate and build upon the work that Privacy International has carried out in the last two years to promote the right to privacy within the UN system will present itself at the UN Human Rights Council session in March 2015. The General Assembly resolution encourages the Council to consider the establishment of a special procedure on the right to privacy. The Council should act upon it – and Privacy International will campaign strongly for it. A special procedure, such as a Special Rapporteur on the right to privacy, is much needed: the mandate will provide the leadership and guidance on developing an understanding of the scope and content on the right to privacy, as well as strengthening the monitoring of states and companies' compliance with their responsibility to respect and protect the right to privacy in their laws, policies and practices.

Investigatory Powers Tribunal rules GCHQ mass surveillance programme TEMPORA is legal in principle

The Investigatory Powers Tribunal (IPT) today followed its previous judgments in finding that UK security services’ may in principle carry out mass surveillance of all fibre optic cables entering or leaving the UK under RIPA, the 2000 law that pre-dates the modern internet.

In summary, the Tribunal in today's decision said the system of mass surveillance disclosed by Edward Snowden could in principle be lawful. But the Tribunal has asked for more submissions about whether receiving bulk intercepted material from foreign intelligence agencies (such as the NSA) has been lawful until up now. This is because until the recent hearings, the rules and procedures governing intelligence sharing have been kept totally secret. The European Convention on Human Rights usually requires that the rules and procedures be public.

The Tribunal has not yet decided whether the bulk surveillance disclosed by Edward Snowden is justified.

Read the ruling in full here.

Privacy International and co-claimant Bytes for All (a Pakistani organisation) will lodge an application to the European Court of Human Rights, challenging the Tribunal’s first finding that mass surveillance under RIPA could in principle comply with Britain’s human rights obligations.

PI and Bytes for All will also challenge the decision of the Tribunal to rely upon the content of secret policies in reaching its decision.

The decision today was in relation to two surveillance programmes, known as 'TEMPORA' and 'PRISM'. Our appeal will also concern these two programmes.

The existence of TEMPORA has been disclosed by Edward Snowden but the British Government has said it will “neither confirm nor deny” its existence. It allows for the bulk interception of internet traffic via fibre optic cables going into and out of the UK.

Given the government’s “neither confirm nor deny” stance the Tribunal could only consider whether the legal framework would hypothetically allow GCHQ to lawfully tap undersea fibre optic cables and conduct mass surveillance of external and internal communications.  The Tribunal found that, based on secret government policies, if such surveillance activities were taking place, they would in principle be lawful. 

The Tribunal has not yet considered the proportionality of GCHQ's actions, examined the Snowden documents, or reviewed underlying documents and material held by GCHQ and the security services. The Tribunal would only do so in a secret “closed hearing”.

The Tribunal also found that the vast intelligence sharing with the NSA and other foreign intelligence and access to the US' PRISM programme do not contravene the right to privacy despite there being no explicit legislation regulating such activities. In so finding, the Tribunal relied upon the content of secret policies, the existence of which the government was forced to disclose as a result of the IPT claim. The policies reveal that the government considers it justifiable to engage in mass surveillance of every Facebook, Twitter, YouTube and Google user in the country, even if there is no suspicion that the user has committed any offence, by secretly redefining Britons’ use of them as “external communications”. Other previously secret "arrangements" revealed during the case showed Britain’s intelligence services can request or receive access to bulk data from foreign agencies like the NSA without a warrant whenever it would “not be technically feasible” for the government to obtain it themselves. 

Given that the Tribunal’s decision rests upon hitherto secret government policies which were only made clear as a result of the IPT claim, Privacy International has sought a declaration from the Tribunal that GCHQ's actions prior to acknowledgment of these policies were unlawful. This application will be decided by the Tribunal in the coming weeks.

In addition, Privacy International and Bytes for All will appeal to the European Court of Human Rights to scrutinise GCHQ’s actions against Britain’s human rights obligations to respect citizens’ rights to privacy and freedom of expression, enshrined in Articles 8 and 10 of the European Convention on Human Rights. The European Court will also be asked to consider whether provisions in RIPA that afford a higher degree of privacy protections to British residents violate Article 14 of the Convention, which outlaws unlawful discrimination. 

Eric King, Deputy Director at Privacy International said:

With GCHQ's mass surveillance of undersea cables reported to have increased by as much as 7000% in the last five years, today's decision by the IPT that this is business as usual is a worrying sign for us all. The idea that previously secret documents, signposting other still secret documents, can justify this scale of intrusion is just not good enough, and not what society should accept from a democracy based on the rule of law."

Carly Nyst, Legal Director at Privacy International said:

The proceedings forced the Government to disclose secret policies governing how foreign intelligence agencies, including the NSA, share information with GCHQ. Privacy International believes that the fact that these secret policies are only now public because we have forced their disclosure in court means that such rules could never make the actions of GCHQ in accordance with the law. The IPT must find that secret law is not law, and should at the very least rule that all UK access to PRISM was unlawful prior to today."

Shahzad Ahmad, Country Director of Bytes for All, Pakistan, said:

As lawyers and activists working in Pakistan, Bytes For All is accustomed to confronting unrestrained State surveillance, but we did not expect that a British court would ever rubber stamp blanket surveillance powers like those contained in RIPA. This decision confirms that not only can the UK intercept communications in and out of the UK on a mass scale, but it can provide those private communications to foreign governments – including Pakistan – with few restrictions. The idea that the UK is not obliged to offer any privacy protections or safeguards to individuals outside of Britain when conducting surveillance is absurd, and puts at risk the privacy and free expression of human rights activists around the world.”

For more information, please contact Mike Rispoli at mike@privacyinternational.org or +44 (0) 7557793878

Subscribe to RSS - blogs