GENEVA (16 July 2014) – UN High Commissioner for Human Rights Navi Pillay warned Wednesday that studies by her office and others have revealed a “disturbing” lack of transparency about governmental surveillance policies and practices, “including de facto coercion of private sector companies to provide sweeping access to information and data relating to private individuals without the latter’s knowledge or consent.”
“This,” she said, “is severely hindering efforts to ensure accountability for any resulting human rights violations, or even to make us aware that such violations are taking place, despite a clear international legal framework laying down governments’ obligations to protect our right to privacy, and other related human rights.”
Pillay said her Office has been working for over a year on the complex web of issues relating to the right to privacy in the face of modern digital technology and surveillance measures. It has examined existing national and international legislation, a number of recent court judgments, and compiled information from a broad range of sources, including via a questionnaire sent to States, international and regional organisations, national human rights institutions, non-governmental organisations and private sector businesses.
As part of this ongoing process, Pillay’s office on Wednesday published a report requested by the UN General Assembly in December 2013, which stresses the need for vigilance and procedural safeguards against governmental surveillance programmes.
The report, entitled “The Right to Privacy in the Digital Age” warns that Governmental mass surveillance is “emerging as a dangerous habit rather than an exceptional measure” and that practices in many States reveal “a lack of adequate national legislation and/or enforcement, weak procedural safeguards, and ineffective oversight.”
“The technological platforms upon which global political, economic and social life are increasingly reliant are not only vulnerable to mass surveillance”, the report says, “they may actually facilitate it.”
“The very existence of a mass surveillance programme…creates an interference with privacy. The onus is on the State to demonstrate that such interference is neither arbitrary nor unlawful,” Pillay said, noting that article 17 of the International Covenant on Civil and Political Rights states that “no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation.” The Covenant, a binding treaty ratified by 167 States, also says that “everyone has the right to the protection of the law against such interference or attacks.”
The High Commissioner’s report points out that “Secret rules and secret interpretations – even secret judicial interpretations – of law do not have the necessary qualities of ‘law’. The secret nature of specific surveillance powers brings with it a greater risk of arbitrary exercise of discretion which, in turn, demands greater precision in the rule governing the exercise of discretion, and additional oversight.”
The report states that while judicial involvement can help assess whether such surveillance meets the standards required by international human rights law, “judicial involvement in oversight should not be viewed as a panacea.” It calls for States to establish independent, institutions to monitor such surveillance.
“In several countries, judicial warranting or review of the digital surveillance activities of intelligence and/or law enforcement agencies have amounted effectively to an exercise in rubber-stamping,” it states. “Jurisprudence at the regional level has emphasised the utility of an entirely independent oversight body, particularly to monitor the execution of approved surveillance measures.”
While safeguards may take a variety of forms, the report notes that attention is turning increasingly towards mixed models of administrative, judicial and parliamentary oversight. “The involvement of all branches of government in the oversight of surveillance programmes, as well as of an independent civilian oversight agency, is essential to ensure the effective protection of the law,” it states.
The report emphasizes that when conducted in compliance with the law, including international human rights law, surveillance of electronic communications data can be necessary and effective for legitimate law enforcement or intelligence purposes.
Where there is a legitimate aim and appropriate safeguards are in place, a State might be allowed to engage in surveillance. “However,” the report says, “the onus is on the Government to demonstrate that interference is both necessary and proportionate to the specific risk being addressed.”
The laws governing such surveillance must also be publicly accessible and must contain provisions that ensure that collection of, access to and use of communications data are tailored to specific legitimate aims, as noted by the UN Human Rights Committee. The laws must be sufficiently precise and provide for effective safeguards against abuse.
“Mass or ‘bulk’ surveillance programmes may thus be deemed to be arbitrary, even if they serve a legitimate aim and have been adopted on the basis of an accessible legal regime. In other words, it will not be enough that the measures are targeted to find certain needles in a haystack; the proper measure is the impact of the measures on the haystack, relative to the harm threatened.”
Mandatory third-party data retention, the report states, appears “neither necessary nor proportionate.”
“Any capture of communications data is potentially an interference with privacy and, further, the collection and retention of communications data amounts to an interference with privacy whether or not those data are subsequently consulted or used,” it states.
On the role of the private sector, the report notes strong evidence of a growing reliance by Governments on the private sector to conduct and facilitate digital surveillance. “On every continent,” it says, “Governments have used both formal legal mechanisms and covert methods to gain access to content, as well as to metadata.”
“The enactment of statutory requirements for companies to make their networks ‘wiretap-ready’ is a particular concern, not least because it creates an environment that facilitates sweeping surveillance measures,” it adds.
It warns that a company that supplies data to the State, in response to a request that contravenes human rights law, itself “risks being complicit in or otherwise involved with human rights abuses.”
“Where enterprises are faced with government demands for access to data that do not comply with international human rights standards, they are expected to seek to honour the principles of human rights to the greatest extent possible, and to be able to demonstrate their ongoing efforts to do so,” it states. “This can mean interpreting government demands as narrowly as possible, seeking clarification from a Government with regard to the scope and legal foundation for the demand, requiring a court order before meeting government requests for data, and communicating transparently with users about risks and compliance with government demands. There are positive examples of industry action in this regard, both by individual enterprises and through multi-stakeholder initiatives.”
While the report focused on the right to privacy, it notes that other rights are at risk due to mass surveillance, the interception of digital communications and the collection of personal data. These include the freedom of opinion and expression, the freedom of peaceful assembly and association, the right to a family life and the right to health.
“The constant stream of new revelations shows how disturbingly little we really know about the precise nature of surveillance, and the extent to which our human rights are being violated, and responsibility for those violations is being evaded,” Pillay said. “This report is a useful outline of the international legal framework governing these issues, and points to some alarming gaps in implementation, and some important remedies. As an immediate measure, States should review their own national laws, policies and practices to ensure full conformity with international human rights law.They must also act to eradicate discriminatory approaches, both against their own nationals and in relation to nationals of other countries.”
“The complexity of the challenges to the right to privacy in this rapidly and dramatically evolving digital age is going to require constant scrutiny and dialogue between all key sectors, including Governments, civil society, scientific and technical experts, the business sector, academics and human rights specialists,” Pillay added. “Some incredibly important principles are at stake which go right to the core of each and every individual’s rights.”
The report is due to be presented by the High Commissioner for Human Rights to the Human Rights Council at its next session in September, and to the General Assembly at its 69th session in October.
|< Prec.||Succ. >|