Brief substantive summary of the workshop and presentation of the main issues that were raised during the discussions
This workshop explored what principles transnational surveillance practices should follow in order to respect human rights. The various speakers addressed issues including: the value of the Necessary and Proportionate Principles, their experience working on surveillance in their own national context, how challenging existing surveillance practices work in regards to jurisdiction, and what private companies can do to protect the privacy of their customers.
To open the session, Katitza Rodriguez, EFF International Rights Director, noted questions this workshop aimed to answer:
• Should intelligence services of one state be allowed to spy on residents of another state without restraint?
• Can any country freely deny the rights of foreigners by claiming they fall outside their jurisdiction?
• Are existing laws compatible with the right to non-discrimination under International law?
• Above all, how will our fundamental freedoms be preserved in the digital age when so many of our everyday actions, political activities, and communications now emit a continuous stream of revealing information, with few legal or technological constraints on monitoring, gathering, analysis, and use against us by the government?
These questions and ongoing concerns arising from surveillance techniques were the jumping off point for the drafting of the International Principles on the Application of Human Rights to Communication Surveillance that explain how international human rights law applies in the context of communication surveillance.
During the workshop, Katitza Rodriguez presented the Electronic Frontier Foundation and ARTICLE 19 legal analysis and background materials of the Necessary and Proportionate Principles. The paper addresses questions relating to the Principles’ scope of application, introduces key definitions and concepts, namely the concept of “protected information” in contrast with traditional categorical approaches to data protection and privacy and a definition of “communications surveillance.” Finally, part three explains the legal and conceptual basis of each Principle. It begins by setting out the basic human rights framework underpinning the rights to privacy, freedom of expression, and freedom of association. It then elaborates on the legal underpinning for each of the Principles with reference to the case law and views of a range of international human rights bodies and experts, such as UN special rapporteurs.
The first speaker, Amalia Toledo Hernandez, lawyer from Colombian NGO Fundacion Karisma highlighted the importance of the Principles: that over 400 organisations and 300,000 individual experts throughout the world have signed them and they have played a central guiding role in the number of debates for the surveillance capacities. She noted that the idea that any interference with our human rights should be necessary and proportionate is well established in human rights law. For Ms Toledo Hernandez, as an activist in Colombia, the principles are a tool to call for surveillance reform, to ensure that the national surveillance laws and practices comply with the human rights standards and to ensure cross-border privacy are in place and effective in force.
Then Gabrielle Guilermin, Legal Officer ARTICLE 19 expanded on the substantive content of the 13 Principles. She specifically focused on two of the principles - legality and judicial authorization.
1. To be lawful under international law, a law must be transparent, clear and accessible. It also must contain a number of safeguards - the ECHR has been clear on what these are but in practice far from getting there.
2. At present the decision to authorise surveillance is often made by politicians/ intelligence agencies. Judicial authorisation is important because politicians/agencies do not sufficiently take account of the privacy of individual - they have different priorities.
Eric Metcalfe discussed the case taken by a number of human rights organisations to the IPT against GCHQ. He noted that a key question they are grappling with is one of jurisdiction - if a government conducts surveillance outside of its own territory or if you are outside the territory, what right do you have to bring a challenge? He drew attention to a number of ECHR decisions where it was recognized that people can bring cases from outside the borders.
Luis Fernando Garcia said that, under the Inter-American system of Human Rights, several cases have established that when the United States is conducting mass surveillance on foreign citizens inside or outside the country, it is unlawful. He commented that other governments, e.g Mexico, have limited themselves to making statements that lack credibility because they don’t follow them up with action. Inside Mexico it was revealed that the NSA has access to the data that is mandated to be retained by the law in Mexico on the service of the telecommunication companies-lawyers and activists need to push for more accountability for those who facilitate this.
Ken Carter highlighted 5 best practices that corporate actors should be doing in this space to respect customer’s privacy. 1. Aspire to exceed any threshold on privacy-better privacy protections is a selling point and differentiating feature. 2. Disclose and adhere - tell your customers what your practices are and stick to them. Notify customers of government request. 3. Be constructively difficult - maintain a rigorous and unwavering commitment to process, procedure, and the due process of law. 3. Don’t be afraid to say no if something does not adhere to due process of law. 5. Educate your constituents, customers, employees and the government officials who bring you requests.
As the data protection commissioner from Serbia, Nevena Ruzic said that intelligence services or state security services must be as transparent as possible. She referenced a case brought to the ECHR by a Serbian NGO which requested a government agency reveal the number of requested and approved requests for phone tapping. It was a standard setting decision saying that this should be transparent - the number of access or requests for communication interception should be known to the public.
Conclusions drawn from the workshop and possible follow up actions
• Continue to pursue advocacy at international level, to Human Rights Committee and other UN bodies.
• In the light of the success of cases such as Digital Rights (ECJ) and Liberty v. UK (ECHR) in breaking new ground for protecting privacy in surveillance activities, it is important to persist in bringing cases to European and Inter-American courts.
• At national level, it is crucial to increase awareness amongst activists and lawyers of the legal safeguards surveillance practices must adhere to, so that those who facilitate surveillance can be held accountable.
• Private companies should be encouraged to follow best practices.
• Maintain efforts to increase the profile of the Necessary and Proportionate Principles, encouraging governments, organisations and individuals to commit.