(New York) – Governments around the world should heed the findings of the UN’s human rights commissioner on mass surveillance, Human Rights Watch said today. Governments should rein in mass surveillance and respect the privacy of all Internet users, no matter where they are located.
United Nations High Commissioner for Human Rights Navi Pillay released a far-reaching report on July 16, 2014 warning that, globally, “mass surveillance [is] emerging as a dangerous habit rather than an exceptional measure” and reaffirming that state surveillance may only be conducted if it is necessary and proportionate to a legitimate goal. The report criticizes many common practices and justifications offered by the US, UK, and other governments in support of mass surveillance.
“The High Commissioner’s report is a critical step that puts the right to privacy on firm legal foundation for the digital age,” said Cynthia Wong, senior Internet researcher at Human Rights Watch. “With this report, all governments should immediately start to review their digital surveillance practices and bring them in line with international rights standards.”
The report lays out states’ obligations to safeguard the right to privacy in the digital age and identifies gaps in how that right is being protected with respect to countries’ digital surveillance practices. As an immediate measure, the report called on governments to review their national laws, policies, and practices to ensure full conformity with international human rights law.
Human Rights Watch said that the UN report makes clear that the US and UK in particular need to reform their surveillance laws and practices. The US has taken almost no steps to curtail the scale and scope of data and communications that intelligence agencies can acquire on persons located outside US borders. The UK government had been largely silent on the issue until this week, when it rushed through a law to maintain the UK’s ability to require Internet and telecom companies to retain certain metadata about all users in the UK, regardless of whether they are under suspicion of wrongdoing.
The UN General Assembly requested the report from the High Commissioner in a December 2013 resolution, co-sponsored by 57 member countries, to submit views and recommendations to the General Assembly and UN Human Rights Council on “the right to privacy in the context of domestic and extraterritorial surveillance,” including on a “mass scale.” The resolution was a response to ongoing revelations by the former US National Security Agency contractor Edward Snowden regarding mass surveillance by the US and UK.
In the report, Pillay reaffirmed that government surveillance must respect the right to privacy and clarifies how these obligations apply to current practices. The report made several crucial points:
- Surveillance must be necessary and proportionate: The onus is on governments to demonstrate that their surveillance practices are not arbitrary or unlawful. That means governments must show that surveillance is both proportionate and necessary to a legitimate aim.
- Countries have extraterritorial duties: Governments must respect the rights of individuals, regardless of their nationality or location, given that the Internet’s infrastructure enables far-reaching extraterritorial surveillance. This was a key point of contention because some governments, like the US, did not accept responsibility for the right to privacy of individuals or non-nationals abroad when conducting surveillance.
- Metadata merits stronger protections: Metadata, or data about communications, can reveal highly sensitive information, especially when collected at large scale, and merits stronger safeguards than some national laws currently provide.
- Mere collection impacts privacy: The report states that the mere collection of communications or metadata can interfere with privacy, regardless of whether the information is viewed or used.
- Transparency and accountability: The High Commissioner cited a “disturbing lack of governmental transparency associated with surveillance policies, laws, and practices, which hinders any effort to assess their coherence with international human rights law and to ensure accountability.” The report called for much greater transparency and emphasized that surveillance cannot be justified on secret law or regulations that grant too much discretion to authorities.
- Responsibilities of technology companies: The report stated that in any case, if technology companies comply with government requests for surveillance assistance without adequate safeguards, they risk complicity in any resulting human rights abuses. The report calls on companies to “assess whether and how their terms of service, or their policies for gathering and sharing customer data, may result in an adverse impact on the human rights of their users,” implicitly drawing a connection between company data collection practices and government access to data companies hold.
The High Commissioner is expected to discuss the report’s findings at a panel during the UN Human Rights Council session in September. Conclusions and recommendations from the report are expected to be taken up at the UN General Assembly and Human Rights Council later in 2014.
“The UN has clearly affirmed that mass surveillance harms the right to privacy and that governments and companies have far more to do to safeguard privacy in the digital age,” Wong said. “Just because the surveillance capabilities exist doesn’t mean governments can indiscriminately spy on people without real human rights protections.”
President Obama announced several changes to the US’s approach to intelligence gathering in a policy directive in January 2014 in response to public pressure and outrage. These changes included developing new limitations on how information collected through surveillance may be used or retained. However, the US has taken almost no steps to curtail the scale and scope of data and communications that intelligence agencies can acquire on persons located outside US borders. The High Commissioner’s findings echo many of the recommendations made by the UN Human Rights Committee in March in its concluding observations after reviewing the US human rights record. The committee called on the US to ensure that its surveillance activities complied with its obligations to respect privacy rights, regardless of the nationality or location of individuals being monitored.
“The US has a long way to go to bring its surveillance practices in line with international standards and the first step is recognizing that people abroad have rights too,” Wong said.
The surveillance measures the UK is rushing to adopt diverge dramatically from the High Commissioner’s findings and recommendations, Human Rights Watch said. The High Commissioner specifically criticized data retention mandates, under which governments require mobile or Internet service providers to collect and store data about all customers, as neither necessary nor proportionate. The proposed law also does not address safeguards for the privacy of people abroad, even as it extends the reach of UK interception powers to foreign internet and telecom companies.
The High Commissioner also criticized the practice of collaboration and intelligence swapping among groups of countries that enable any one of them to circumvent its domestic controls on surveillance and obtain forbidden data from another collaborating country’s intelligence services. All of these issues would raise difficult questions for both UK and US surveillance and intelligence sharing practices.
“The UK government’s actions raise serious questions about its commitment to human rights online,” Wong said. “The government should not ignore the High Commissioner’s report.”