Surveillance under Scrutiny: Finally, the world is talking about human rights online

As more revelations regarding PRISM and Verizon's metadata emerge, one key question arises: Can something bad be actually good? Can the revelations on surveillance practices that have galvanized global civil society lead to a broad discussion on what privacy means, what the limits to surveillance should be, and how human rights (and the proportionality requirement) limit state action? 

Or, as the Economist puts it (in an excellent summary here), "Will scrutiny spur change"?

It is ironic, but in Obama's second term, change is indeed necessary. Change in the way that Internet surveillance is conducted - in secret and without broad public scrutiny. Of course, fighting terrorism is a key responsibility of governments, but in that fight, human rights need to be respected - online and offline. 

What we have learned about PRISM and Verizon suggests that human rights considerations did not play to important a role in the formulation and implementation of surveillance policies. 

A lot of good can come from this assessment. While two thirds of US citizens, in a poll reported by the Economist, agreed that surveillance of their telephone metadata did not bother them, and still half felt the same regarding traffic data on their email communications, a number of global civil society organizations with a keen interest in Internet policy energetically formulated new demands and provided options for the way forward.

Best Bits, a coalition of global civil society groups and individuals active in Internet policy, has published a letter to the US Congress on Internet and telecommunications surveillance. CDT, which signed the letter, argued that it "highlights how the NSA’s surveillance activities not only threaten Americans’ constitutional rights but also the human rights of everyone."

Indeed, as the letter points out: 

"The introduction of surveillance mechanisms at the heart of global digital communications severely threatens human rights in the digital age."

While it is not easy to pinpoint violations of US laws and particular human rights breached by PRISM, the letter correctly identifies the troubling contradiction between US commitments to Internet freedom and the surveillance practices. 

"The contradiction between the persistent affirmation of human rights online by the US government and the recent allegations of what appears to be mass surveillance of US and non-US citizens by that same government is very disturbing and carries negative repercussions on the global stage. A blatant and systematic disregard for the human rights articulated in Articles 17 and 19 of the International Covenant on Civil and Political Rights (ICCPR), to which the United States is signatory, as well as Articles 12 and 19 of the Universal Declaration of Human Rights is suggested."

The law is very complex and international law may not offer definitive answers but the surveillance activities, at the very least, question whether consumer trust in US companies is well placed.

The Coalition calls upon the Obama administration and US Congress

• "to take immediate action to dismantle existing, and prevent the creation of future, global Internet and telecommunications based surveillance systems."
• "to allow involved or affected companies to publish statistics of past and future Foreign Intelligence Surveillance Act (FISA) requests they have received or may receive."
• "to establish protections for government whistleblowers in order to better ensure that the public is adequately informed about abuses of power that violate the fundamental human rights of the citizens of all countries, US and other."
• "[to create] an independent panel with subpoena power and all necessary security clearances to examine current practices and to make recommendations to ensure appropriate protections for the rights to privacy, free expression, and association. The results of this panel should be broadly published."

The letter to Congress is the second sent by Best Bits. The first went to the Human Right Council urging the UN body to 

"act swiftly to prevent the creation of a global Internet based surveillance system by:

1. convening a special session to examine this case
2. supporting a multistakeholder process to implement the recommendation of Mr La Rue that the Human Rights Committee develop a new General Comment 16 on the right to privacy in light of technological advancements, and,
3. requesting the High Commissioner to prepare a report that:

• formally asks states to report on practices and laws in place on surveillance and what corrective steps will they will take to meet human rights standards, and
• examines the implications of this case in in the light of the Human Rights Council endorsed United Nations Guiding Principles on Business and Human Rights, the “Protect, Respect and Remedy” Framework of A/HRC/RES/17/4.

Both policy approaches, a US-centred one and a global approach, are important and well placed. They are based on the same commitment ot human rights online as the 11 June 2013 Declaration of the Committee of Ministers on Risks to Fundamental Rights stemming from Digital Tracking and other Surveillance Technologies. 

The Council of Europe recalls that Council of Europe member states have undertaken 

"to secure to everyone within their jurisdiction the right to respect of private and family life, home and correspondence. Restrictions to this right can only be justified when it is necessary in a democratic society, in accordance with the law and for one of the limited purposes set out in Article 8, paragraph 2, of the Convention. ... [Member] States have negative obligations, that is, to refrain from interference with fundamental rights, and positive obligations, that is, to actively protect these rights. This includes the protection of individuals from action by non-state actors."

The NSA was no non-state actor, of course, but the companies holding data for European customers are. Again, legal questions are tricky, especially regarding the extraterritorial application of European data protection and privacy rights.

The Council of Europe finally identified the key challenge of weighing between

"the risks of digital tracking and other surveillance technologies for human rights, democracy and the rule of law and [...] the need to guarantee their legitimate use which benefits individuals, the economy, society at large, and the needs of law enforcement"

The revelations of  NSA's surveillance serve to put the role of human rights online squarely in the focus of the international community.  Thus it's truly an exciting time as I head towards Lisbon for the EuroDIG where I will join as speaker  a workshop on human rights on the Internet organized by IRP Coalition on Thursday and organize a flash panel on Internet surveillance on Friday. Stop by if you have time or attend remotely.

NSA is committed to the value of "protect[ing] national security interests by adhering to the highest standards of behavior". This is commenable. And true, since only by adhering to human rights (as the yardstick against which state behavior can be measured) can the NSA (or any other agency or state actor) ensure security, ideally human security.