Open Forum - Office of the United Nations High Commissioner for Human Rights & the Council of Europe - "Right to Privacy in the Digital Age"

11 November 2015 - A Open Forum on Other in João Pessoa, Brazil

Also available in:
Full Session Transcript

>> LEE HIBBARD:  Good afternoon, everybody.  I hope you can hear me.  You probably can't hear me.  But maybe you can see me that we're all wearing our headphones.  And it's very important that you wear your headphones for this next session, which is an open Forum organized by the Council of Europe and the High Commissioner for Human Rights on the right to privacy in digital age.  I'm wore you cannot hear me and therefore discussion will be a little bit limited.  So please put your headphones on.  Okay.  Thumbs up?  Thumbs up headphones?  Good?  Okay.  So we're almost there.  So I'm really hoping that you can hear me because I don't hear very much.  And we're going to start this suggestion because we only have one hour together.  We've got some great panelists and great introductory speakers. 

My name is Lee Hibbard.  I work at the Council of Europe have and it is an intergovernmental organisation of 47 countries which sits in Strasbourg in France and we deal among other things word of law and democracy and in that context we have the European convention on Human Rights and the European court of Human Rights which deal with, amongst other things, the right of freedom of expression and the right to private life, private and family life.  And in those Human Rights, there are some limitations, exceptions which relate to national security among other things and that's part of the discussion we will have today, which is about what is the state of play regarding mass surveillance?  What progress has been made by governments, the private sector and civil society?  And what next steps for privacy?

I'd like to pass to my colleagues Hermán Vales to say a few words.

>> HERMÁN VALES:  Thanks.  My name is Hermán Vales.  I work in the Office of the High Commissioner for Human Rights.  It is the main office to promote and protect all Human Rights for all everywhere.

Since ‑‑ let me tell you a little bit about what happened, why we are here and what happened in terms of privacy in the UN in the last two years.  We know this is an open Forum so it's about telling you what our organizations have done and what they plan to do in the future.

So we don't know about the snow ‑‑ we all know about the Snowden revelations in 2013.  In December of 2013, the UN General Assembly adopted asking my office where I work the High Commissioner for Human Rights to prepare a report on the right to privacy in the digital age.

Also the resolution condemned mass surveillance and the impact it had on the rights of privacy.

So this resolution, this GA resolution was quite novel.  It was the first one of its kind.  And as I said, asked for a report which was submitted the following year, like in mid 2014.  Both to the General Assembly and to the Human Rights Council, they are two different bodies of the UN that both deals with Human Rights in one way or the other.

After this report was produced, and by the way there are copies of the report at the end of this table in case you want to take one.

The General Assembly met, adopted another resolution, this time asking the Human Rights Council to consider appointing or a Special Rapporteur.  You know Special Rapporteur are independent experts which the Human Rights Council may appoint to look into certain issues and they have a specific mandate.  I'm sure Joe can talk about that later.

So the Human Rights Council did consider this possibility and in fact in March of this year, it adopted a decision creating the position of the Special Rapporteur on the rights to privacy.  This happened in June 2015.  And in August 2015, Mr. Cannataci, on my left, started.  I'm giving you many dates and resolutions.  But it's difficult to understand how fast the UN moved on this particular issue.  Things normally do not happen this fast.  And at the UN or other international organizations.  So there was obviously a lot of international pressure and interest for these things to move at the pace they did.

So I think now you are here to listen to the speakers, not to me and not to us who are here to moderate.  And I'll start with asking a question to the Special Rapporteur, to Mr. Joe Cannataci.  I don't think he needs an introduction, but he's Special Rapporteur on the rights to privacy appointed by the Human Rights Council as I said.  He is professor at two universities.  So, Joe, my question to you would be mass surveillance continues to be a problem, right?  We see laws like the bill in the UK, the law that was adopted in France that it's still permitting for mass surveillance to take place.  So have we made any progress?  Where are we moving?  And what are your plans for your mandate during the next three years?

>> JOE CANNATACI:  Thank you very much.  To a certain extent you'll recognize there are at least three questions over there, one which is mass surveillance, the other deals with the mandate and how we're going to tackle the mandate and also, then, the third question is have we moved on from where the United Nations moved on?

So I’ve prepared a little presentation to tackle two of these questions.  The mass surveillance ones comes at the end.  And I'll sit and stand.  Ladies and Gentlemen, this is my third or fourth presentation of the day, and my tenth of the week, so if you'll permit me, since it's the last one before you ‑‑ you'll permit me to poke a little fun at myself because otherwise if we take things too seriously, we'll go to sleep.

So basically I thought I'd rather start by telling you not who I am but who I am not, right?  And it's important to understand who I am not, right?  So I'm not this guy.  So I have no pretensions to be superman.  And I did when I was offered this, I did think, so, hey, is this going to be mission impossible?  So to a certain extent, then, I'm not this guy, either.  It's up to you to decide who's the better looking one between the two but, hey, let's not go there.  All I do know is that if you look upon it, it could be mission impossible.  And let me try to tackle it in that way, perhaps.  So put yourself in my views, right, at this moment in time.  We have a right to privacy but we don't have a real consensus on what that means.  What does privacy mean?  Does privacy mean the same thing in France as it means in Brazil or in other countries?  What precisely does it mean?

And more than that, we have no mechanisms to enforce remedies for the global citizenry, whom I am supposed to protect, right?  So what am I going to do.  And this is not the first time you've heard me say this.  And it's not going to be the last time, but in an Internet without borders, what I think we need and what everybody tells me we need, this is the only thing the people can agree upon, to a certain extent, is we need safeguards without borders.  We need remedies across borders.  And this is something which I have taken very much to heart.

So I look at my job as that also of a Pathfinder, to try to help identify a way forward on many fronts and identifying urgent issues which need to be tackled and also reacting to the needs of individuals or of countries who require urgent work in my sector of responsibility.

Yeah, okay, once again this kind of shows you how old I am because in my days, superman was older age and we used to watch these cartoons.  Superman was supposed to be the man with the plan, right?  So to a certain extent Henan was asking me, do you have a plan?  How do you plan to tackle the next three years?

So I have the beginnings of a plan.  And I say the beginnings because as I have said before, I want to spend a lot of time listening to people to tell me what they want.  I want to listen to all the stakeholders.  I want to listen to the man on the street.  I would like to listen to the civil society and NGOs.  I like to listen to the parliamentarians, to police force, to security services, all of these have legitimate interests and their own perspective.  And I think part of my role is also building bridges between those.

So I'd like to tackle this first point here, and I'd like to, before I go to the plan or the beginnings of a plan, and I'm telling you about the plan because I want you to tell me what you think about it, and I want you to tell me what I'm leaving out.  And I want to make it quite clear that these are not listed in the list of priorities, right?  This is not a prioritized list.  This is just a list.  I could have started at number 10.  And perhaps some of you might think I should start on number 10.  And this is what I want to listen to you about.

So the first thing that I think I have to work upon is a more detailed and more universal understanding of what is meant by the right to privacy.  What are the core values?  And also what are those parts of privacy which belong to cultural differences and which are privacy neighboring rights as you would call them?

A second thing which I think I have to do is work on awareness building, especially among citizens, right?  What the rights are, but also what the technology does to those rights and the impact of technology on those rights.

The third thing, which is one of the reasons why I'm here at IGF 2015, is that I'd like to see a more structured, more open, more comprehensive, more effective, most importantly an ongoing permanent dialogue between the different stakeholders.

And why am I saying that, Ladies and Gentlemen?  Because when you look around us, this is supposed to be a multistakeholder assembly.  But in reality, if you went to the session at 12 noon, which dealt with law enforcement, there weren't many people from law enforcement; right?  When you go to ‑‑ and obviously you would tell me if there are people from secret services, they are secret, they're not telling us, right?

But apart from that, we also have to look at the words structured, ongoing.  I don't think meeting once a year is enough, frankly, right?  I think we have to get a much more intensive work going.

As I have said, the fourth thing we need to identify together are clearer and more effective safeguards which prevent infringement of privacy.  And then if you have an infringement, we must move to remedies in those cases where an infringement actually occurs.

A fifth part of what I'm considering my 10‑point plan is developing effective technical safeguards.  Not relying on the law alone but also working on technical safeguards.  Including encryption.  Including overlay software as I tend to call it.  I've just come from a session where we're dealing with the dynamic platform, the Forum on building and safeguards into the technical platform itself.  And various other technical solutions.

The sixth is a more effective dialogue with the corporate world, right?  Where current business models, where -- has been heavily monetized.  I was delighted in the previous session we have actually ‑‑ we were there together with, for example, Google where we started part of the dialogue.  And I should like to tell you, Ladies and Gentlemen, that before I was ever appointed Special Rapporteur on privacy, I had also, especially in things like the mapping project and several other projects, started a very effective dialogue is with some of the larger companies and many of the smaller ones too.  And we now hope to increase that because it's very important that we understand that the corporations are also very important stakeholders there.

The seventh point I'd like to make is also pay close attention to the value of national and regional development in privacy protection mechanisms, right?  So if, for example, I am looking at national laws and then I look in the context of Europe at the Council of Europe's Convention 108 and if I also look at the EU directive for 4695, we have to realise the impact that these regional solutions have had on the development of privacy protection in that part of the world, Europe.  Now, don't get me wrong.  I'm not saying that everything that Europe has done is fine or is adequate or appropriate.  But it's certainly quite a lot.  And I think that there might be some good practices which we can pick up from European developments over the past 40 years, too. 

The eighth part of my plan is, of course, harnessing the energy and influence of civil society.  I think that it's a very important stakeholder. As I said, I include this together with my previous one where, if you, notice I'm talking about three or more structured, more open, more comprehensive are more effective, most importantly an ongoing permanent dialogue.  And what do I mean there?  I mean that especially when I go and speak with the ‑‑ with civil society, especially I find that civil society sometimes is very suspicious of law enforcement and sometimes also of intelligence services.  And sometimes one can understand why.  Civil society is not happy that it is occasionally being spied upon by some forms of security services.

I should have, of course, take this opportunity to make -- especially as I'm going on to my ninth point, cyberspace when we talk about cyberspace, here at IGF cyberspace is our main concern.  Remember one thing: as Special Rapporteur on privacy, I am not only concerned with cyberspace;  I'm concerned with privacy wherever it is, in whatever form, in whatever guise online or offline.  But here we're talking about the online world.  In the online world, when it comes to mass surveillance, I'd like, first of all, to make a clear distinction between law enforcement and national security.  This is one thing that many citizens don't realise, but in actual fact, in most countries, not all but in most countries, the powers of law enforcement agencies, the police as would call them most countries is seriously curtailed.  They do not have the right to carry out mass surveillance.  They do not carry out mass surveillance.  I think that's an important point which we need to keep in mind.

Whereas on the other hand, it's agencies and security agencies which are normally tasked with surveillance for internal security and national security.  And that at this moment in time, it is a minority of countries where mass surveillance -- and the very small minority of countries.  Out of 194 countries, we don't have that many countries.  Some people say 15, some people say 17.  But it's certainly not the 194 countries which make up the United Nations.

My final point, Ladies and Gentlemen, deals with further development of international law, which legal instrument.  I've spoken about this several times over the past two days, so I won't go very deep on this.  I'd just like to say, though, that I am not wed to any particular legal instrument.  In other words, and my friends from the Council of Europe will especially understand this, there are many forms of legal instruments which we can use, and some of them may be more appropriate to the timing of the action than others.  We have recommendations, we have treaties, et cetera.  And we may decide to take some of the problems in one treaty and some in another treaty and some not in a treaty at all but in a recommendation.  And what I would like to do over the next two to three years is kick off a proper discussion about which legal instrument is most appropriate to be used.

My final slide, we have some very thorny problems in international law which we need to deal with:  Jurisdiction.  We've been here at IGF for 10 years now.  We haven't solved problems on jurisdiction.  Although there are some interesting initiatives there.  Territorialality, enforcement, clear international agreement about the mechanism for enforcing principle across boarders.

And of course life is becoming more complex with sovereignty in cyberspace, monkey business in cyberspace as I like to call it.  Cyber wars, cyber espionage. 

I'm stopping here, Ladies and Gentlemen.  You can find me in various places on the Internet.  And I just hope that, during the rest of the session, we'll have more time also for more discussion.  Thank you.  

>> LEE HIBBARD:  Thank you very much, Joe.  A lot of work for the future.  Certainly for OHTHR for agencies.

I'm going to pass the floor to my colleague Guenter Schirmer.  But the Council of Europe has been equally very busy in looking at the field of mass surveillance.  And there's a report of the Parliamentary Assembly which is at the desk of the end of the table with the yellow cover which is very interesting.  If you really are interested in the issues in more detail, please take a copy.

The Council of Europe, I expect, will carry on looking at the question of mass surveillance in the future.  Perhaps you would debate on this in the future perhaps as part of the new Internet strategy for the next few years for the organization.  But now, Guenter, if I could pass this to you.  Could you tell me about the report, the Parliamentary perspective of Peter -- for the Special Rapporteur, please?

>> GUENTER SCHIRMER:  Well, Joe just spoke of mission impossible or mission possible.  Peter, the Parliamentary Assembly's rapporteur who is a Dutch democrat achieved mission impossible by getting a very progressive resolution through an assembly of national parliamentarians from 47 European states, which tend to be very hard to get for Human Rights.  Peter achieved that aim.  The resolution has some, well, almost revolutionary statements which were adopted by a fabulous majority in this representative body representing lawmakers from our 47 countries.  For example the assembly recognized mass surveillance as a danger for fundamental Human Rights, not only rights of privacy, freedom of information, Freedom of Expression, but also rights to fair trial, rights to freedom of religion, even lawyers and ministers, religious ministers can be subject to surveillance, even a threat to the right of free and fair elections when free speech is impeded.  The assembly also now calls for laws, national laws in the very first place which govern the behavior of national authorities, laws allowing for the collection and analysis of personal data, including so‑called metadata, only with the consent of the person concerned, or following a court order granted on the basis of reasonable suspicion of the target being involved in criminal activity.  So that's an analogy to analogous means of communication which has now been stated in a very strong way.  The assembly actually calls for penalising breaches of privacy on the Internet the same way as the violation of traditional confidentiality of correspondence.

And now ‑‑ and this is an idea, the next two ideas, actually are derived from the hearing before a committee with a former head of the German Bundesnachrichtendienst, the German equivalency of the CIA, Professor Geiger, who suggested that there should be a multilateral intelligence codex negotiated between like‑minded countries, not only those of the Council of Europe, but I'm sure Brazil or other countries would be interested in joining such a club, which this codex should include mutual engagement to apply the same rules to the surveillance of each other's citizens as those applied to their own and to exclude the use of surveillance for political, economical or diplomatic purposes between participating states to start with.

The second and almost more revolutionary idea coming from practitioner, recently retired head of a surveillance agency, said that to help enforce any legal framework that Member States are invited to enact, whistleblower protection is the key.  The sort of ‑‑ as professor Geiger said ‑‑ of protected disclosures of wrongdoings is the best deterrent.

So in consequence, the assembly also called for asylum to be granted to whistleblowers who expose unlawful surveillance if they are threatened by retaliation in their home countries.  The assembly has recently adopted a second report also this year on improving whistleblower protection also by Peter where a case study which is part of the report clearly shows that Edward Snowden fulfills the criteria set by the assembly advocated by the assembly for whistleblower protection.

We were very happy to see that only last year the European parliament came to the same conclusion.

Now, the assembly also explicitly opposes backdoors as a matter of Human Rights principle -- no need to explain that -- but also as a matter of common sense.  Experiments by some of the experts that we have relied on show that backdoors can be quite easily identified.  And exploited by cyber criminals.  The next generation of terrorists may well prefer bringing down our banking system an electricity supply with potentially far more disastrous consequences than somebody blowing himself up in a market square.

The second-to-final point is that the assembly insists that parliamentary and judicial oversight of surveillance must be strengthened including, and that's a very important point given that different countries are developing their own oversight bodies, parliamentary or judicial or mix in their own countries for their own services.  But these oversight bodies should cooperate among themselves in the same way as the surveillance agencies cooperate among themselves.  These like‑minded countries, and that should be in this future codex, intelligence codex, like‑minded countries, in order to make such oversight effective, should waive the originator control principle on a mutual basis for purposes of oversight.

Now, the assembly ‑‑ and that is a word creator by Peter ‑‑ the assembly is worried about the growth of the surveillance industrial complex, which is fostered by the culture of secrecy and the highly technical nature of surveillance operations.  Both the seriousness of threats and the costs and benefits of specific counter measures are difficult to assess for laypersons, non‑techies.  Policymakers are therefore obliged to rely on input from the interested groups themselves.  And these powerful structures risk escaping democratic control and accountability.

Now, the recent trend of outsourcing and privatisation of surveillance activities only adds to the wrong incentives where there may actually be financial, monetary incentives for growing surveillance sector where people can earn a lot of money by almost blackmailing decisionmakers, decisionmakers, budgetary decisionmakers into allocating more and more resources to this sector, which is threatening to spiral out of control in certain countries.

Finally, and last but not least, independent reviews, including one commissioned by no less than the U.S. President, have shown that mass surveillance has not contributed to the prevention of terrorist attacks.  It's ineffective, contrary to assertions by intelligence officials.

Instead, these reviews have shown that resources that might otherwise have prevented attacks are diverted to mass surveillance, which leaves potentially dangerous persons free to act.  The famous quote by a former deputy head of the U.S. NSA: "If everything is a target, nothing is a target."

So in a nutshell, the assembly, whilst waiting for the proposal it has made to be implemented, a legal framework to be created that will be properly enforced by strong whistleblower protection and oversight mechanisms that cooperate with one another, whilst waiting for this to happen -- maybe with the help of Joe it will happen more quickly than we are pessimistically waiting at the moment -- whilst waiting, the assembly advocates to promote pervasive encryption, end‑to‑end encryption as a matter of informational self‑defense where encryption will then basically oblige intelligence agencies to concentrate on high value targets.  Because they cannot simply, they do not have the resources necessary to hack everyone and anyone's well protected server.  Pervasive encryption and the decentralization of the Internet by having local servers instead of very small number of very large servers is the answer, the temperature answer that the assembly gives mass encryption as a response to mass surveillance.

Obviously you all know this recommendation by the assembly is at the moment not followed by several of the main, biggest Member States of the Council of Europe, which are adopting or have adopted laws allowing mass surveillance far beyond the recommendations of the assembly and even considering prohibiting or severely limiting encryption and/or mandating rather than forbidding backdoors.  I think that's a start for discussion that we can have with our other colleagues.  Thank you.

>> LEE HIBBARD:  Thank you very much, Guenter.  That was very interesting to see what the Council of Europe Parliamentary Assembly are doing.  I'd like to move to other speakers.  Maybe start with Mr. Alexandre Ghisleni.  Mr. Ghisleni is Director of the Human Rights department in the Ministry of Foreign Affairs.  Mr. Ghisleni, we know Brazil was in the forefront of this movement for privacy and international playing together with Germany and other states.  And now you got what you were looking for.  You have the Special Rapporteur.  So I'll ask you a few questions.  First, what are your expectations for the mandate of the rapporteur?  And also what else now?  What will be Brazil's role from now on?

>> ALEXANDRE GHISLENI:  Well, thank you, Mr. Moderator.  I would like to first of all to thank the Council of Europe and the Office of the High Commissioner for holding this event.  It is a great initiative.  It takes us Human Rights people outside of the Human Rights Council room and makes us enlarge the circle.  Which is great.  And this particularly relevant in many cases. And I’m coming to your questions.

We do not believe that we have got what we were looking for.  What we are looking for is a solid foundation to tackle the right to privacy challenges in their own term.  And the establishment of the Special Rapporteur was a great step forward.  We believe that it might even in the future be considered a leap forward.  But it is not enough.  On a light note, I am glad that I can follow from the intervention made by our special rapporteur because I actually share many of his concerns.  If I can establish a short, quick dialogue with him, I believe that we can work on an agenda.

But our Special Rapporteur is focusing on the empty half of the cup, and maybe we should first of all take a quick look at the full half of the cup which is right to privacy is, as a matter of fact, international law.  It's the law of our world.  Why do I say that?  It's enshrined in the International Covenant on Civil and Political Rights which has been ratified by 168 countries.  And we might ask ourselves what about the remaining countries?  Well, all remaining countries recognize the universal, the collection of Human Rights, which also enshrines the right to privacy.  So we have the norm.  We have a foundation, a basis to work on.

And another achievement that we have made in the past few years is that we will have brought the right to privacy out of its oblivion and into the centre stage of the Human Rights debate and in a consensus basis.  And this is very important.  I'm not saying to have anonymity.  I don't believe in anonymity.  But we do have a large majority of countries -- and I speak for one -- which believes that this is a major issue to be dealt with.

So let me go to the challenges that have been listed by our Special Rapporteur.  The first question that ‑‑ and I'd like to address his provocation on mission impossible.  This mission is going to be possible or impossible based on two criteria.  First of them is in what timeframe.  If we manage to sort out all the problems listed buy a Special Rapporteur in three years, we are all going to run for a Nobel Prize, I'm pretty sure of that.  But time is of the essence, but it's also part of the United Nations work.  We have taken over 20 years to get to the international covenants. The International Declaratoin of Rights of Indigenous People took longer than that.  I'm not saying you're going to take 20 years.  But we have to go through the phases with a steady look at what we are looking for.  And this goal is clear.  It is set.  It is in his mandate. 

So let me get to second challenge, which is to keep the achievements.  To keep the -- the French phase.  In order to do that, consensus or the large majority of supporters is key, is central.  It is fundamental.  And this is something that encompasses not only governments, which of course is a major issue, but encompasses all stakeholders.  What you need to do next is improve the international system -- I'm talking about international Human Rights system -- in order to incorporate all the interlocutors, all the stakeholders into a discussion.  I'm glad that the Special Rapporteur raised this issue as his number 3 concern.

So this is -- We have a number of challenges.  The first of them is to bring all the complexity of this issue to the Human Rights dimension, to the Human Rights Council of the United Nations.  I believe that in this very IGF we can see its complexity as we talk about the right to privacy from Internet Governance perspective.  This is not something that delegates in Geneva have in mind, at least at the Human Rights Council.  And this is something that we should bring to our attention.

So, very shortly, sir, I believe that we can continue our discussion later on.  But I'd just like to share what seems to be an overwhelming challenge is actually something to be welcomed.  We did not have this challenge two years ago.  Now we do.  And this is an improvement in itself.  Thank you.

>> LEE HIBBARD:  Thank you very much, Mr. Ghisleni.  We will now give the floor to the next speaker, this is Miss Carly Nyst.  Carly used to be the legal director of Privacy International but now is independent Human Rights consultant on all things tech and Human Rights, as she says in her Twitter account.

Carly, you were obviously very involved as part of civil society also in the process that led to the appointment of the Special Rapporteur and on privacy just in general.  But the current situation shows that we have a Special Rapporteur but at the same time we have court decisions also that obviously say that mass surveillance is wrong.  But we have state practice which is not really going hand‑in‑hand with those court decisions.

So where do you see consensus emerging?

>> CARLY NYST:  Thanks, I'll speak very quickly because I'm interested to hear what the audience thinks, as well.  But I'm not a diplomat so I'm not going to be diplomatic unlike the previous speakers.  And I will say that from my perspective, things couldn't be any worse, to be honest.  And I think that we really need to recognize the very real challenge that we're facing at the moment, particularly when it comes to mass surveillance, and that is the very calculated, legitimization by mass surveillance by a number of very key, powerful governments.  I very much appreciate the special rapporteur's positive spin on things, but in fact I think the challenge is far greater than he leads us to believe and requires a lot more potentially offensive tactics to really try to establish norms around mass surveillance, because from where I sit -- I live in the UK, although I'm Australian, and I see the UK government trying to legitimize, in very detailed and frank and honest and banal terms, the use of what is by any other name mass surveillance, but which they call bulk interception of communications.

And I think we're at a point now where we're really in the process of crossing the Rubicon.  I think it's one thing for the mass surveillance to take place behind closed doors and everybody deny they're dog it.  But when states start to say they are doing it on the basis of international law and other principles, I think that’s when we get to dangerous territory.  And purely from international law, you know how law becomes customary in international law.  The fact we see states avowing these practices and defending them is a really frightening turn of events.  And I think that I don't see governments are going to be the leaders in this field, and I don't necessarily feel that the public at large has enough of a grasp of the issues and understanding of the real implications to be the key players in this.  I think that it is the international institutions like the ones we have represented here and the courts which are going to be the leaders of this field and they're going to be the ones that draw the line in the sand.  The Shrem's Decision by the Court of Justice of the European Union was a huge step forward and was a recognition that mass surveillance, generalized access to content of communications impairs the essence of the right to privacy.  I think that's an important recognition.  I think the more we see institutions like this one backing that claim and saying mass surveillance can never be proportionate, no matter how severe the terrorist threat is, no matter how many laws you have to safeguad, use of that tactic can never be proportionate. Then, I think, until that happens, we’re still in danger of this come to set us in a very bad trend for the coming years.

>> LEE HIBBARD:  We will now pass to Mr. Gbenga Sesan from the Paradigm Initiative in Nigeria, another part of the world: this is a global dialogue.  Gbenga, what happens, Gbenga, when you don't have a framework, like a data protection framework, in place for a country to give you the safeguards that you need to ensure that private life is respected? That's the case I think in your country.  And in other countries, in this country we're in now.  Thank you.  So please say some words.  Thank you.

>> GBENGA SESAN:  I was beginning to get concerend if we were talking about the same world in terms of surveillance. I’m glad you made that point. Things are really terrible, to say the least.  There are many countries where governments are basically making up the laws as they go. There are no frameworks in place. They just -- many countries claim -- my country, for example, between 2012 and 2013, invested in mass surveillance equipment in the name of terrorism, and projects were implemented, and it was only after the equipment was bought that government began to talk about laws.  That was when the regulator then began to try the backdoor approach of using a regulation, which definitely is not primary legislation, trying to us a regulation to then provide a backdoor for the government to be able to do mass surveillance.  So I think things are really bad, in the sense that many governments do not agree that mass surveillance is something they shouldn't look at.  Many governments believe that this is the way to keep the people safe or at least the excuse of keeping the people safe.  And I think it goes on to the issue specifically -- if I want to talk about issue of data privacy in Nigeria, for example, there are several government agencies that collect biometric data.  And Nigeria does not have data privacy laws.

Earlier today, we were having a conversation.  And of the 54 countries on the African continent, there are less than 10 that have data privacy laws.  And if you're collecting biometric data – so I’ll give a very good example.  In 2016 Nigeria will have a census.  And the census commission is alreadying saying that to be sure we are counting people properly we will also collect biometric information.  So you have all this proliferation of biometricinformation without data privacy laws.  I think the problem we have is many governments are making up the rules as they go and things are not ‑‑ you know, we can try to look at them in a nice way, but things are not nice at all. 

And I think I'll just end with this, to say that while we have these problems, one of the things that we're doing at the moment in Nigeria is to also use the approach of the government. If you're trying to use laws to cause trouble, then maybe we can also use laws to find a solution.  And what we're doing is proposing a positive rights bill basically that protects the rights of citizens and also uses the same process of regulation that government uses to basically codify these rights for citizens.  Things are grim.  Things are tough. And thanks to people who are working across the world to make sure that these issues are brought to the fore.  But unfortunately we have a lot of governments that do not believe that this is an issue that they should look at.  And many that are making up the rules as they go.  And this is really dangerous because they would find excuses -- usually terrorism is one -- and then they will do the things they want to do, anyway.  Thank you.

>> LEE HIBBARD:  Thank you, Gbenga.  That was excellent.  I think that's been a series of really excellent interventions.  We also have a remote moderator.  Emilar Vushe.  I don’t see where she is but she might be in the back. I would like you to give me a thumbs up if there are any remote interventions.  I don't see you, so please signal to me if you have any interventions.  Sorry?  She's in the cabin.  If she’s in the cabin, how can I see?  I don't know.  Okay.  Let's carry on. 

This is a dialogue.  We only have in the region 10 or 12 minutes left because we have only an hour together.  So we're going to terminate about 1835.  I'd like to think about going to the microphones and asking your questions.

As you mentioned, I think one of the interventions was mentioned, these organizations, the organisation like the Council of Europe and OHHR, Joe Cannataci, we are here also take things back to our organizations and to carry on discussing them, ensuring that we feed that dialogue into reflections.  I mean there's a mandate.  And there's mandates for the future to unfold.  And this is a chance for you, I would say, really a chance for you to try to have your voice heard in international discussion on mass surveillance, on the right to privacy.  So I would really ask you to step up to the mics and to say what you think.  Are there any comments?  Does anyone want to come.  You, please.  Come to the mic, please.  Your name -- Shah Kahemi.  Okay.  Your name, please.

>> Can the technical crew please put the slide up of the mic?  Thank you.

>> YOLANDA MLONZI:  Is it working now?  Okay.  So my name is Yolanda Mlonzi from the Association for Progressive Communications and I'm based in South Africa.  So my question just goes from the context of Africa where we have a lot of problems, apart from privacy and surveillance.  So how do we make Africans understand what surveillance is and how it impacts them and their privacy?  I think at this moment it's a conversation and a debate where we have the IGF, but most people are outside of this conversation.  And how can we bring them in to understand these type of issues?  Thank you.

>> ALAA MURABIT:  My name is Alaa Murabit.  I represent the Centre on Governance through Human Rights.  A question to the UN Special Rapporteur.  I was very impressed by all the efforts that you undertake particularly in dialoguing, and I think it's absolutely fundamental, dialoguing with all the different stakeholders. But what wasn't really clear to me what the agenda is you dialogue about, whether it's how these different agents and governments, private companies, whatever, how they want to implement the right to privacy?  What their ideas are?  What is the agenda?  I mean you were honest enough at the beginning to say, well, you don't really have a plan.  It's very difficult to have a plan at these times.  But nevertheless, I'm sure there is sort of a vision ahead.  And maybe you can elaborate a little more about this.  Thank you.

>> JOE CANNATACI:  Okay.  I'm actually interested in giving answers to both questions.  Not complete answers but starting with answers.

Let me start with the question about Africa.  I think that it's -- in fact, two days ago I spent 1‑1/2 hours with people from Africa where we were discussing the subject in a fair amount of detail.  And I think that there are a number of ways, including awareness campaigns, including a whole string of activities which can be taken forward.  So if you wish to speak with me after the session I'll be very happy to tackle that and give you some more details on what we have because I have been working with Africa, too.  And a number of things are of close concern, very close to my heart, too.

To come to the second point, the second lady who spoke and asked the question: so what's the agenda?  I mean, to a certain extent it's where do you start from, right?  Because everybody wants to put their stuff on the agenda.  But let's look at the few examples, right?  Surveillance is on the agenda.  And it's not as if we're coming unprepared to the debate.  So if we're going to talk about surveillance -- and I look at three things, I'm just going to mention three things but I could mention 300.  Let's start with three things.  If I take the Codex alone which has been mentioned, so much work has gone into that already.  And if you can ‑‑ if we can take that work and push it forward as part of a well thought out structure that's already a huge step forward.  If we look at the work that has been carried out in two of the projects I have led in EU‑funded research projects, and here I'm talking about smart, which dealt with smart surveillance, I'm talking about respect, in those projects we actually have produced a draft model law which can be used in various ways. national level.  It can be used at international level.  Either the form of a multilateral convention, in the form of directive if used regionally in the EU.

What am I saying?  That in those two projects alone, we have over 8.4 million Euro worth of research and evidence‑based research which has produced a law specifically to producing safeguards.  That law, that model law was designed to produce safeguards.

The agenda extends further.  I have already started working.  I have been working for 30 years now trying to bring law enforcement and security services together into the debate and identifying what they really need.

The agenda also extends to what Carly was saying.  I wasn't trying to put a positive spin on anything, Carly.  And I don't know why I came across or why you said what you did, but if you look carefully including at the reports that have come out on wired, I'm more than concerned.  I'm very seriously concerned about those countries which are seeking to legitimize current regimes or current attempts.  An what may be an honest -- you used the word honest -- but to my point of view often misguided and unsubstantiated approach to mass surveillance.  In fact, some of the things that said while here at IGF have already considerable media reports over the last 48 hours that show the level of my concern.  I said beyond scary, more than scary in one case.  So I think that it's time limits that we have at this moment in time which force me not to focus on that part, too.  And it's time limits which now make me shut up and give the floor to somebody else.  Thank you. 

>> LEE HIBBARD:  Thank you very much, Joe.  We have with the more speakers.  We have Mr. Fitchen from the German Cyber Foreign Policy.  And, please, Mr. Fitchen, if you could keep it brief.  Thank you.

>> MR. FITCHEN: Yeah, thank you very much.  Although I would still be interested in your answer to the question from our colleague from South Africa because that hasn't been answered.  I just wanted to pick up maybe on your question because Germany was one of the partners of Brazil in this resolution.  Did we get what we wanted?  And my colleague already said it.  What we did get was really the consensus on the text.  We managed to form a text that was not divisive on day one. Because if you start with the debate with irreconcilable positions on day one, we wouldn't have had Joseph Cannataci at this table with a clear mandate to go on.  So in that sense even though I admit that the situation may be less than good, but now we can set the ball rolling.  And it's also important for other stakeholders, for civil society, for us who want to pick up and discuss it, for IGF even, because all of us can now rely on this consensus in the Human Rights assembly.  You can hold your governments accountable to what they have said in those resolution.  So that legitimizes the debate and may be an important feature.  So thank you very much.

>> LEE HIBBARD:  Thank you very much.  Briefly.

>> Yes.  Just some suggestions.  It works?  Answering to the question ‑‑ hello?  Yes?  The real solution to answering this question is media literacy and digital literacy.  And yesterday I don't know if you notice but the president of the European Broadcasting Union on behalf of the World Broadcasting Union said that the broadcasters are ready to make campaign and to make awareness around the world about these kind of topics.  It's simply a question of will, political will that we need to find.

The second thing is that another way that needs to be explored is work, instead of waiting for a treaty for the next 20 years, this scale of time worries me very much.  Probably we need to start with voluntary agreement in the field.  I just mentioned what we are doing within the EBU.  We have a lot of data now using the information coming from the VOD and the access via broadband to our contents.  A lot of data that we have to manage in a certain way.  And we are trying to establish a code of conduct between our members how to treat this data.  Because what is important for us is to better profile the information and to better service, provide better service to the viewers and to the users but not to be more who want to go to Morocco or who want to buy a bottle of wine.

So it's totally different approach.  So if there is a consensus between industry, between various stakeholders, we can go on voluntary basis quite soon.  I think that waiting for a treaty, we will be all dead.

I just remember you the economic value of what we are talking.  In the last two years there has been a shift in the advertising market in Europe.  Twenty percent of the market went to behavior advertising.  And behavioral advertising means one company that has private data of all European citizens.  We have the data but we cannot use because we are binded by the European law and we are happy to be bound by the European law.  Somebody else, not.

>> LEE HIBBARD:  Thank you very much.  We are really going to take the last two questions.  I'm going to queue up Emilar in remote participation booth who has a remote question.  But first you, please.  And then Emilar.  Thank you.

>> Is that working?  I would like to ask, my name is Victor, I'm a researcher from the University of São Paulo.  I would like to ask you, Alexandre, what is the efforts that the government of Brazil has been doing to reduce possible abuses from the Brazilian intelligence agency here in Brazil? And I don't know.  Whether there is something to punish or don’t allow access from our agency?

>> LEE HIBBARD:  Thank you.  Let me have the second question before he responds to that question.  Emilar, can you please give us your remote feed, please?  They're telling it, yeah, please.  She's running.  So I think they know that.  No?

>> JOE CANNATACI:  Lee, while we wait for that, could I just come in very quickly with a clarification?  So very quickly to respond to the last intervention on one point.  It doesn't necessarily take 20 years to bring in a treaty.  The Council of Europe has a record in certain areas.  I was personally involved not only for data protections since 1984/85, on the area of Cybercrime which is the only piece of international law governing cyberspace.  We did that from 1996 to 2000.  Signed 2001.  Ratified by many other countries including the United States, et cetera.

So if my math is still intact the end of a conference day, that's more like four to five years.  Of course it can take 20.  But take heart from that in the sense that my examples would show you that -- on the Council of Europe became hard law within 20 of it being adopted. And I think if we can get decisions, treaties in important cases like climate change which is what we're seeing after 20 years and hopefully in Paris in December we’re going to see more progress, then I am actually quite optimistic that we can also with good will make slow but steady progress in the time frames.  And I think the question of time frames is the right one. But the fact that my mandate is only three or six years doesn't mean that we don't start.  Thank you.

>> LEE HIBBARD:  Joe, Emilar, I don't have any response from Emilar.  We are running out of time.  But I'd really like to go to Mr. Ghisleni first of all to respond to Victor about the point about surveillance in Brazil.

>> ALEXANDRE GHISLENI:  Thank you very much. I'll give you a straightfoward answer.  To my best of my knowledge, there have been accusations against the Brazilian intelligence service that they have been following the work of social movements.  But first of all that did not involve data collection or interception of any kind.  And second of all, those accusations have not been proven.  But -- so in any case, if the -- our colleague Victor asked what has been done to punish the culprits for, that there have been no condemnation so far, as far as I know.

>> LEE HIBBARD:  Thank you.  Emilar?  Thank you.  

>> Hello.  We are not hearing.

>> EMILAR VUSHE:  Okay, so this is a question from Tawanda Mugari from Zimbabwe from the Digital Society of Zimbabwe.  And his question was is it feasible to have mass encryption in mass surveillance countries, especially in developing countries where also surveillance is happening over telephone calls and SMS?  So he wants to know if it's feasible to have something on mass encryption.

>> It is feasible even now, and it would be important to make these mass encryption technologies even more user friendly than what they are now.

I use the opportunity to reply to the question from the colleague from South Africa why this mass surveillance issues are so important also for Africans.  We have another report on targeted killings by drones where simple so‑called metadata is used to target people, put the target on the back of people for rockets on the basis of who they call, how often and when according to a point system which has been commented by senior U.S. officials saying we kill on the basis of metadata.  It's a quote in our report.  And on the report on drones and targeted killings, it is warned against the trend that this may actually be automatic.  That these metadata can be used in an automatic fashion, in a robotised fashion to target individuals without a trial, without even accusation on the basis of who they spoke to on the phone and when and how often.  And that is something we have to ‑‑ it's happening in developing countries.  But those who do it are European countries, the U.S.  And we have to have a global discussion to rein in on such practices which become really totally incompatible with any Human Rights standards subscribed by the vast majority of all countries in the world.

>> GBENGA:  Maybe I can just speak.  I can bring home that conversation about why Africans should be worried.  If you run elections in country, and I'm sure you give an example of South Africa.  I give an example of Nigeria, of Kenya, of Uganda, of countries where political opposition have been targeted and some of them have easily been arrested.  As I speak to you, there are two brothers who have been arrested.  And it's basic that we don't know when they will be released or if they will be released.  We had a case of a guy who was arrested, and for 21 days in Nigeria was exchanged between agencies, between security agencies.  When we as the secuity services, where is this guy; is he with you?  They would say no because they passed him on to the other guy.  We asked the second agency, no we passed on to other guy.  People are dying.  People are lost.  People are not coming home for dinner because somebody is targeting them with surveillance equipment and is not giving them a right to fair hearing in Africa, in countries where elections are held and opposition is seen as the enemy of the state.

>> LEE HIBBARD:  Thank you very much, Gbenga.  We have one intervention by Alex from Privacy International and then I would like just before you come to the mic, I'd like then to maybe bring the session to a close.  But I would really like to invite perhaps Carly and other speakers to give perhaps a very quick reaction ortake away or say a few words before we come to the wrapup.  Please.  So Alex and then panelists.  And then Lorena.

>> Just to reflect on different solutions that have been put forward during this discussion, I think something I already mentioned on Monday in the other session on privacy and mass surveillance was the playing field is not equal.  There's such a lack of transparency as to what governments are doing, policies and their practices.  And it's really been counterproductive to what we're trying to do in terms of advocating for better safeguards, for remedies, for better regulation of surveillance powers.  And so that's probably one of the causes we'd be asking for at the beginning, to have an equal playing field so that the information is out in the open, information that should already be in the public eye because it is in the public interest for that information to be available.  And so, yeah, I think that's a real hinderance to us going forward,  is the lack of transparency of what is actually the state of affairs currently in terms of policies but also practices. 

>> LEE HIBBARD:  Thank you very much.  That's been great discussion.  Great interventions.  If I may, Carly, if that's okay, could we have a quick reaction and then go to the panelists and then conclude?

>> CARLY NYST:  Just one quick thought from my colleague to agencies' comment about the sense of surveillance in Africa.  I don't think it's the case that people in Africa don't understand surveillance.  I think they understand well and truly what surveillance is, and of course Africa is not a country so we must talk about different African countries.  Many countries in Africa have long histories of surveillance. I think the difference is that digital literacy is an issue, but also people feeling that agency to engage with this issue and that they can do something about it.  I think we see in many African countries people just accept that they are under surveillance all the time and it's a non‑issue because they just accept it.  So I think the thing that needs to change there is really giving people the feeling that they have the agency and power to do something about it, that they can advocate vis‑a‑vis their governments and try to change things.

>> LEE HIBBARD:  Mr. Ghisleni, do you want to say one final remark before we conclude?

>> ALEXANDRE GHISLENI:  Sure.  As shortly as I can.  I just hope that this is not the last meeting that we are going to have about this issue.  Thank you.

>> There's a lot of hypocrisy on the part of many countries when we talk about surveillance security and excuses that are given for it.  I think if we're going to have a conversation, let's be honest.  But it has to be the fact that citizens have to be respected in terms of their privacy and their rights.

>> LEE HIBBARD:  Thank you. 


>> GUENTER SCHIRMER:  We have seen that mass surveillance is a threat to Human Rights.  It needs a legal framework to rein in mass surveillance, not laws to legitimize it.  And this legal framework must be enforced by protecting disclosures of abusers by whistleblowers. 

>> LEE HIBBARD:  Thank you very much. 

Joe, one very short?

>> JOE CANNATACI:  Yes.  I'll just simply endorse what all the previous speakers said.  I've spoken more than long enough today.  And I know there are a number of people who are going to keep me speaking here until way past dinner time.  So I'll stop here.  Thank you.

>> LEE HIBBARD:  Okay.  Lorena, this is a hard task.  I've done it before.  In a nutshell, can you give us a quick flash of information in conclusion?

>> LORENA JAUME‑PALASI:  I will try to do so.  It's specially difficult since indeed it is not going to encompass all that has been discussed. But in nutshell there is common agreement on the need for action on different levels.  With regards to governmental actors, there is need at the regulatory level to create, first of all, an international common understanding of privacy on the first side. On the other side, there is need for harmonization of safeguards with regards to privacy regulation.  On the enforcement level, again with regards to governmental actors, there is a need for harmonization with regards to enforcement, real enforcement measures and safeguards oversighting this enforcement.

With regards to civil society, we’ve seen diverse voices demanding awareness campaigns, while at the other side perhaps a need also for a way to formulate the way civil actors are feeling with regards to surveillance since apparently we see that there are two different types of needs.  On the one side being aware, as I said and on the other side having the possibility to, once one is aware, to formulate these fears and these concerns. 

And with regards to stakeholders, what we see is seriously to have a multistakeholder dialogue to sharpen the concepts on privacy on the one side, to understand the need for legitimate security on the other side.  As well as for prosecution, for legitimate prosecution and also to have a common understanding between all stakeholders of what is needed but to have a more democratic institutions with regards to security and the use of only on legitimate rules and grounds.  That was pretty much it.

>> LEE HIBBARD:  That is a nutshell.  Thank you very much, Lorena.  I'd like to conclude, but I'd like to pass the floor to Hermán Vales.  The last word are yours. 

>> HERMÁN VALES:  It's late, so I'll be very quick.  First of all, apologies for this room.  This is the room we got.  But it's very strange.  It's like the silent room when you're not wearing the things.  But that was out of our control.  So we had a very interesting discussion.  And obviously the discussion is to continue because we made a lot of progress.  But it's evident from the questions and from the presentations that were made much more needs to be done.  So we need to keep moving forward.  Thank you.

[End of session.]