6 Aug 2013 | Digital Freedom, France, Germany, Guest Post, News and features, Politics and Society, Russia, United Kingdom, United States
(Photo illustration: Shutterstock)
Around the world, there is confusion and alarm over the impact of the U.S. National Security Agency’s (NSA) surveillance program on human rights. In the U.S., the debate is focusing on the gross violations of privacy rights of Americans. Barely a word is being spoken about the human rights of people outside the country whose personal communications are being targeted, and whose communications content is collected, stored, analyzed and used with little legal protection.
A growing group of international civil society groups and individuals wants that to change and is coming together to present the newly empowered U.S. Privacy and Civil Liberties Board (PCLOB) with a joint letter, asking the Board to make “recommendations and findings designed to protect the human rights not only of U.S. persons, but also of non-U.S. persons.” Before PCLOB’s mid-September deadline for public comments, I encourage global civil society to add their name to this powerful statement.
As the letter makes clear, there is great concern from the global community that the recently revealed surveillance program conducted under Section 702 of the Foreign Intelligence Surveillance Act (FISA) poses a severe threat to human rights. It rightly notes that the surveillance “ strikes at the heart of global digital communications and severely threatens human rights in the digital age.” “The use of unnecessary, disproportionate, and unaccountable extra-territorial surveillance not only violates rights to privacy and human dignity, but also threatens the fundamental rights to freedom of thought, opinion and expression, and association that are at the center of any democratic practice. Such surveillance must be scrutinized through ample, deep, and transparent debate. Interference with the human rights of citizens by any government, their own or foreign, is unacceptable.”
Why then is all the attention in the U.S. focused on just the rights of Americans? The U.S. draws its obligations to protect rights in conducting surveillance from the U.S. Constitution, specifically the Fourth Amendment, which protects “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” The “people” generally means all people located within the United States regardless of citizenship, and then only when they have a “ reasonable expectation of privacy.”
Except in the most extraordinary circumstances, and for U.S. citizens and lawful residents when they are travelling abroad, people outside the U.S. have no privacy protections under the Fourth Amendment. This is a feature in the U.S. Constitution and it animates every part of U.S. surveillance law and practice. That is why Section 702 of FISA requires targeting and minimization guidelines that are aimed (albeit inadequately) at ensuring that the communications being targeted are those of people reasonably believed to be outside the U.S. It’s also why they provide some level of protection for ordinary Americans whose communications are ensnared in foreign intelligence activities and take no notice of the rights of ordinary people all over the world whose personal communications now reside in NSA databases.
It may be hard to fathom now, but Congress created the FISA Court to rein in surveillance after revelations about illegal political spying on Americans surfaced in the 1970’s. The Court had a narrow charge: to ensure that electronic surveillance conducted in the United States for intelligence purposes is conducted pursuant to a warrant. The warrant protection did not apply to surveillance conducted outside the U.S., so it did not protect the rights of foreigners outside the U.S. However, in those days, communications surveillance within the U.S. was a limited and highly targeted activity aimed at hostile foreign powers and their agents. The phone conversations of ordinary people were of no interest. International phone calls between a person in the U.S. and person abroad were quite expensive and relatively rare.
Today, the assumptions that informed the enactment of FISA have been worn thin by a radical shift in threats – from states to diffuse non-state actors – and an even more radical shift in technology. The advent of the internet, the data storage revolution and big data analytics, fueled by fears about terrorism, have, in the post-PATRIOT Act world, fueled a growing government appetite for data. Today, the NSA isn’t just trying to listen in on the embassy abroad of a Cold War rival; instead, it doesn’t know whom to listen in on because it does not know who might pose a threat. In the process, individualized targeting based on specific indicia of threat has given way to bulk programmatic targeting of foreign communications without any consideration of human rights of people beyond our borders.
This position is simply untenable in today’s much smaller world, where the Cold War line between “us” and “them” has blurred.
When FISA was enacted, there was no global internet and the cost of international calls was prohibitive. Large parts of the world were unreachable for political or technical reasons. Now, we are a nation of more immigrants, global businesses and frequent travelers. We live online and carry our cell phones everywhere. The cost of an international call has plummeted by more than 90% and the number of U.S. billed international calls and the use of VOIP has skyrocketed. Skype calls worldwide alone grew 44% to 167 billion minutes in 2012.
Everyday, Americans are calling, emailing, texting and “friending” family, friends, colleagues and customers around the world, engaging in so-called “foreign communications.” For those on the other side of our emails and calls, there is no protection for free expression or privacy rights. In fact, their communications may be collected, examined and used by the government for any legal purpose.
The U.S. is certainly not alone in the breadth of its surveillance activities. Britain’s spy agency monitors the cables that carry the world’s phone calls and internet traffic in close cooperation with the NSA. Indeed, according to leaked documents, Britain’s GCHQ collects more metadata than the NSA with fewer limitations. Germany’s foreign intelligence agency, the BND, is monitoring communications at a Frankfurt communications hub that handles international traffic to, from and through Germany, and the BND is seeking to significantly extend its capabilities. Le Monde reports that France runs a vast electronic spying operation using NSA-style methods, but with even fewer legal controls. And Russia’s notorious SORM system is reportedly even more advanced than the American system.
The U.S. is also not alone in focusing most of the protections of its surveillance laws internally. Such focus is also a feature of the surveillance laws and practices in democratic countries around the world, most of which take a highly territorial view of their human rights obligations and are unlikely to willingly give them extraterritorial application.
There is an urgent conversation to be had in the U.S and beyond about the implications of cross-border surveillance. Given the globalization of information society services, we now must assume that the data pertaining to the citizens of one country will flow through the infrastructure of another and be subject to collection and use for national security purposes. Surveillance standards must be strengthened everywhere to ensure that robust judicial oversight and that principles of specificity, necessity, proportionality, data minimization, use limitation and redress for misuse are the norm. In a globally networked world, legal standards must also recognize the human rights implications of cross-border surveillance and set out a way forward to protect the rights of people beyond state borders. There is ambiguity about whether our largely territorial human rights paradigm is adequate to meet the challenge.
That is why the call to PCLOB to speak to the rights of non-Americans is so important. PCLOB has a simple mission: to make sure privacy and civil liberties are at the table as new security measures to protect the nation are considered. It has boldly taken on the NSA surveillance program as its first task, but it is too soon to know whether it has the muscle or the will power to push meaningful reforms. It has an opportunity to show global leadership by heeding the call to make concrete recommendations about the rights of non-U.S. persons that can frame the global discussion about surveillance and human rights going forward. Add your name to the letter and tell PCLOB to seize the opportunity.
29 Jul 2013 | Comment, Digital Freedom, News and features, United Kingdom, United States
(Illustration: Shutterstock)
In the 1970s, mass surveillance was seen as especially a Cold War thing – what the Soviet bloc did to its own citizens, while also spying on the West. The West ‘only’ targeted a few Soviet spies and perhaps some left-wingers too — but mainly focusing on the Soviet Union and its satellites. From phone taps to opening letters, to directly observing someone, mass population surveillance was certainly undertaken by the Stasi and others, with their armies of informers. But mass snooping was not seen as a domestic concern or risk at home in the West.
Today and every day, we leave our digital footprints all over the place. Our digital trail is collected by telcos, web hosts, social media and others. And as the Snowden/NSA revelations have shown, our data is especially hoovered up from all these sources and more by the US, UK and other governments – covering millions of people around the world.
Prism, Tempora and other programmes indicate a major intelligence dragnet that surely constitutes mass surveillance, with little legal justification, and one that invades and undermines our right to privacy and our freedom of speech – since if everything we write, say and do is recorded and collected then how we behave as individuals and social animals surely changes.
Not so say some. Mass data retention isn’t snooping and surveillance until you analyse it and use it – and then there are various laws that allow targeting of suspicious individuals or groups. After all, if companies like Google, Facebook and Yahoo accumulate masses of our data, and analyse it for advertising purposes, then why should we worry that governments hoover up our data too?
This is a slippery argument and worth unpacking. If a government and its intelligence services want to spy on their own or another population, there is very little transparency and accountability as to how they do that, or what the legal justification, if any, is – and as the underwater cable taps by GCHQ indicate, often with very little need to approach the web hosts or anyone else to ask permission to intercept data.
Mass surveillance needs various elements to work for those carrying it out. You need to collect the data, analyse it according to your interests and needs, and then act on it in some way. For sure the Stasi, like authoritarian regimes and actors today, also understood well that even the act of collection could be, and was intended to be, chilling and fear-inducing.
But what of the US or British or French governments today? Is their collecting of data on all of us – around the world not just their own populations – just big data, to be used for targeted analysis? Or is it an inevitably chilling act, on the basis of which fishing expeditions are carried out, groups and individuals are identified on a large scale as potentially suspicious through the data analysis, and further monitoring and arrests, through to extraordinary rendition or drone attacks, may be the follow up.
The huge quantities of data collected on us in one programme – such as Tempora – can be analysed to build a multi-dimensional picture of our individual personal lives. And with little or no transparency as to who can access the data, or how the analysts are themselves monitored and regulated.
Mass data collection on all our digital communications challenges our rights to freedom of speech and privacy, and more broadly puts at risk our democracy – how can governments be held accountable, if journalists’ sources are no longer anonymous or campaign groups are fully monitored?
The huge overreach by the US and UK governments in deliberately collecting up our data around the world has set up the framework and data for mass surveillance. It’s a core part of monitoring us all. If we are to stop it, then we have to stop the reckless hoovering up of our data (to an extent that puts companies in the shade) and return to a more proportionate and targeted approach.
Mass data retention is a central element in mass surveillance. It needs to stop.
22 Jul 2013 | Comment, Digital Freedom, Europe and Central Asia, News and features, United Kingdom, United States
There have been some sharply contrasting political reactions to the US and UK’s mass surveillance programmes in European countries in recent days. Could the US perhaps play divide and rule in managing the fallout from Snowden’s revelations in Europe? Or is there enough common ground between German, UK or even Russian politicians to push for real changes in US (and UK and French) snooping?
(Photo: Gonçalo Silva / Demotix)
At first glance, it seems the issue is being damped down in the UK in contrast to angry and sustained political debate in Germany, and a more nationalist and opportunistic response by Russian politicians.
Last week British MPs on parliament’s intelligence and security committee confirmed that GCHQ, the UK’s signals intelligence HQ, had indeed obtained intelligence from the US Prism programme. But they concluded, remarkably quickly (no long investigation here), that allegations of law-breaking were “unfounded”. Whether the MPs are right or not, their report in fact only concerns part of Prism – the ‘content’ data GCHQ accessed and not the reams of metadata which can be equally or more revealing about individuals’ activities; and it doesn’t touch at all on the so-called Tempora programme by which, according to Snowden, the UK has been accessing massive amounts of data, by tapping into underwater cables, on a scale that goes beyond even US activities.
Meanwhile in Berlin last week, German politicians on the Bundestag’s control committee – were demanding answers on the NSA revelations from interior minister Hans-Peter Friedrich, who admitted he was still trying to get enough information out of the US on the reach of American surveillance. The following day, German journalists grilled Chancellor Angela Merkel’s spokesman for an hour and half about what the German government and security services already knew about US snooping, and how they will stop it.
Merkel has called on Obama to respect German laws though adding, rather curiously, “on German territory” – snooping on Germans on servers in the US or as their communications pass through underwater cables are side-lined by this emphasis. Merkel is also pushing for action at EU level, promising she will demand much tougher EU data protection laws – due to be agreed in the coming months. Germany’s political response seems in a much higher gear than in the UK.
Over in Moscow, some Russian MPs too are emphasising safeguards to protect personal data from US snooping. But with demands for big companies like Google and Facebook to respect Russian laws and pass on user data when requested (just as they have been in the US), this is not a sudden shift to political support for digital freedom in Russia. It is simple political opportunism taking full advantage of the NSA’s activities and revelations to reinforce Russia’s determined attempts domestically and internationally to control, monitor and impede a free and open internet.
But German, British or EU criticism of Russia’s attacks on digital freedom will be ignored and labelled hypocritical unless there is a much stronger condemnation of mass surveillance from European leaders and action to limit future abuses. Nor is this simply about whether intelligence services are operating within the law (and whose laws) important though that is. It is about ensuring laws do not allow the sort of mass surveillance domestically and internationally that the NSA, GCHQ – and it would seem France too – have been carrying out.
Here the report from the MPs on the British intelligence and security committee potentially opens up a vital debate. Incautious language, the MPs say that existing legislation is “expressed in general terms” and that GCHQ itself was right to put more detailed practices into place to ensure compliance with UK human rights law. Crucially, though a studied understatement, they say that the “complex interaction” between UK human rights laws and security laws needs further consideration – and commit the security committee to investigate further.
So more digging will happen in the UK, in Germany – and too at EU level thanks to the efforts of the European Parliament.
But the UK is clearly as complicit as the US in mass surveillance. And there is growing and sharper questioning in Germany of how much the government and the security services previously knew about US and UK snooping.
So where new revelations and investigations will take European countries in the coming weeks is an open question. And whether we will see a united defence of digital freedom in Europe and an end to mass surveillance is at best unclear for now and, more probably, highly unlikely.
Kirsty Hughes is the CEO of Index on Censorship. She tweets @Kirsty_Index
1 Jul 2013 | Campaigns, Digital Freedom, Europe and Central Asia
The revelations that the United States allegedly spied on European Union diplomats marks a low in what should be a special relationship of trust between major democracies. The EU needs to remind the US that surveillance is unacceptable in the digital age.
The row was prompted by revelations published by German magazine Der Spiegel on its website this past Saturday. Relying on documents allegedly leaked by the former NSA-contractor Edward Snowden, the magazine said the NSA had surveilled EU, French, German and Italian diplomatic offices in Washington and at the UN.
Instead of reminding US authorities of the EU belief in an open and free internet, Catherine Ashton, the high representative of the EU for foreign affairs and security policy, focused on the specific press reports, calling them a “matter for concern”. The European Union needs to reiterate its well-established position that “global connectivity should not be accompanied by censorship or mass surveillance.”
But French president Francois Hollande demanded the US stop its activities “immediately.” Later, the BBC reported that Hollande threatened to derail US-EU trade pact negotiations over the bugging scandal.
Germany’s government summoned the US ambassador to explain his country’s actions. Steffen Seibert, spokeperson for Chancellor Merkel, said that Germany wants “trust restored. We will clearly say that bugging friends is unacceptable.”
French foreign minister Laurent Fabius demanded an explanation “as soon as possible” after labelling the alleged spying unacceptable.
Martin Schulz, president of the EU Parliament warned that the allegations, if true, would have a “severe impact on the relations between the EU and the US. He demanded a fuller account of the Der Spiegel reports.
Thomas Drake, a former NSA employee turned whistleblower, who was prosecuted under the US espionage act tweeted today that the alleged spying had “little to do with classic eavesdropping. Instead, it’s closer to a complete structural acquisition of data”.
Index CEO Kirsty Hughes said:
“As disagreement grows between the EU and the US over surveillance, Index on Censorship calls for the EU to take a lead in condemning mass surveillance – which the EU’s cyberstrategy already warns against. We are also calling on the US government to acknowledge that the mass surveillance of citizens’ private communications is unacceptable and a threat to both privacy and freedom of expression.”
