Nils Muiznieks, Commissioner for Human Rights, 24/10/13
The fear of terrorism, technology that is developing at the speed of light, private companies and state security agencies compiling personal information – this topical mix has become a severe threat to the right to privacy. Despite the intentions, secret surveillance to counter terrorism can destroy democracy, rather than defend it.
Recent revelations, many of them based on files from the whistle-blower Edward Snowden, have showed the stunning scale and sophistication of the surveillance to which we can all be subjected. The US intelligence agency, the NSA, and its British counterpart, GCHQ, target encryption techniques that are used by Internet services such as Google, Facebook and Yahoo, making them vulnerable to surveillance. There is extensive co-operation between different security agencies – but also between such agencies and private companies. All this leaves us open to abuse of our fundamental human right to privacy.
In an Op-ed published in the Guardian in late June I mentioned Google CEO Eric Schmidt, who sees no risk for people sharing information with Google and argues that if you’ve nothing to hide, you shouldn’t worry.
At this point it has become obvious that this is not advice to live by.
Co-operation between the NSA and European countries
Surveillance is not an unknown phenomenon in the UK; security cameras are mounted on virtually every street corner. But the extent of the co-operation between GCHQ and the NSA came as a shock. After the Guardian published a large number of revealing articles, the matter took yet another unexpected turn when the newspaper, after strong pressure from GCHQ, destroyed hard drives containing Edward Snowden´s leaked NSA files. The decision was, according to the Guardian’s editors, taken following the threat of legal action by the government that could have stopped further reporting on these matters.
The documents from Edward Snowden also show that the NSA has been spying on the EU in New York and that GCHQ was behind a cyber attack against Belgacom, a Belgian telecom company whose major customers include institutions like the European Commission, the European Council and the European Parliament.
In Germany, the documents revealed that “the intelligence service, BND, sends massive amounts of intercepted data to the NSA”. And investigative journalist Duncan Campbell said while testifying before an EU parliamentary committee charged with investigating electronic surveillance, that the Swedish National Defence Radio Establishment, FRA, has shared access to communication cables in the Baltic Sea with the NSA. This has allowed both agencies to circumvent legislation banning domestic surveillance – despite the fact that European states are obliged to protect individuals from unlawful surveillance carried out by any other state and should not actively support, participate or collude in such surveillance.
In France the authorities’ reaction to the Snowden files was quite different to those in Britain or Sweden. First, the chief of staff of the Prime Minister’s private office sent a letter to government ministers warning them that they and their staff should only use approved smartphones to discuss sensitive matters and dedicated secured means to convey classified information. Then, following new revelations published by Le Monde reporting extensive electronic surveillance carried out by the NSA and massive collection of data concerning not only suspected terrorists but also stakeholders of economic and political circles as well as civil servants, the French president called these practices totally unacceptable and spoke with his American counterpart to obtain explanations.
Effective guarantees against abuse needed
The European Convention on Human Rights, by which all 47 member states of the Council of Europe are bound, spells out the right to respect for private life, and access to an effective remedy to challenge intrusions into our private lives.
States, of course, have a duty to ensure security within their borders and in doing so they can undertake secret surveillance of individuals who can pose a threat. But adequate and effective guarantees against abuse are needed. This can be achieved through legislation that strictly abides by the case-law of the European Court of Human Rights.
The Court has delivered many rulings concerning the protection of privacy and personal data. In order for surveillance to be in line with the Convention, as a minimum, three main safeguards should be provided.
First of all, the law must be precise and clear as to the offences, activities and people subjected to surveillance, and must set out strict limits on its duration, as well as rules on the disclosure and destruction of surveillance data.
Secondly, rigorous procedures should be in place to order the examination, use and storage of the data obtained, and those subjected to surveillance should be given a chance to exercise their right to an effective remedy.
Thirdly, the bodies supervising the use of surveillance should be independent, and appointed by and accountable to parliament, rather than the executive.
Indiscriminate mining of data must stop
Private companies and states alike must be more cautious in using data relating to our private life and must avoid any abuses that could arise from indiscriminate mining. For this they must develop surveillance and data collection policies that respect human rights. Necessary & Proportionate is the name of a set of international principles, put together by a large number of civil society groups, industry and international experts, which can be helpful in this regard. Also, the Global Network Initiative, GNI, has set out practical steps to protect human rights online in the report Digital Freedoms in International Law. In this regard, the adoption, on 21 October, by the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament, of a text strictly regulating the transfer of personal data from Europe to third countries and providing very heavy financial penalties for companies that do not comply with the rules is an encouraging signal.
As the Strasbourg Court has clearly stated, secret surveillance activities cannot be allowed to undermine democracy under the cloak of defending it. Privacy is a fundamental human right and is essential if we wish to live in dignity and security.
Nils Muiznieks, Commissioner for Human Rights, 24/10/13