sign in sign up
<<
Home , Mass surveillance, MI5

Transcript

Mass , Counterterrorism and : The Way Forward

Ben Emmerson QC

UN Special Rapporteur on Counterterrorism and Human

Rt Hon Sir Malcolm Rifkind MP

Chairman, Intelligence and Security Committee

Chair: Dr Patricia Lewis

Research Director, International Security, Chatham House

28 October 2014

The views expressed in this document are the sole responsibility of the speaker(s) and participants do not necessarily reflect the view of Chatham House, its staff, associates or Council. Chatham House is independent and owes no allegiance to any government or to any political body. It does not take institutional positions on policy issues. This document is issued on the understanding that if any extract is used, the author(s)/ speaker(s) and Chatham House should be credited, preferably with the date of the publication or details of the event. Where this document refers to or reports statements made by speakers at an event every effort has been made to provide a fair representation of their views and opinions. The published text of speeches and presentations may differ from delivery. 10 St James’s Square, SW1Y 4LE T +44 (0)20 7957 5700 F +44 (0)20 7957 5710 www.chathamhouse.org Patron: Her Majesty The Queen Chairman: Stuart Popham QC Director: Dr Robin Niblett Charity Registration Number: 208223

2 , Counterterrorism and Privacy: The Way Forward

Patricia Lewis

Hello, everybody. Welcome to Chatham House. My name is Patricia Lewis. I’m the research director here for International Security. ’re here tonight to look at the issue of mass surveillance, counterterrorism and privacy and thinking very much about how we move on from where we were after the Snowden revelations. We’re very fortunate to have with us today Ben Emmerson QC, who is the UN special rapporteur on counterterrorism and and Sir Malcolm Rifkind, who is the chairman of the Intelligence and Security Committee in parliament.

Before I get on to the substance of this meeting, I’d like to remind you of a few things. First of all, this event is being held on the record. We do encourage you to tweet, however if you are using your mobile phones and even if you’re not, can you right now make sure they’re turned to silent? I can assure you that they will ring at the most inopportune moment, particularly if you ask to speak in a Q&A session. They seem to know that you’re about to do that.

First of all, Ben is going to speak for about 10 minutes about the rapport that he made to the United Nations last week I think it was and then Malcolm will speak for about 10 minutes and let us know about the work in his committee and his response to what’s going on in the UN. Malcolm has to leave, unfortunately, at 13:45 in order to be able to vote in parliament, so we will unfortunately lose him. What I’ll do in the questions is I’ll ask people who have questions specifically to Malcolm to address them to him early on in the proceedings.

It’s my great pleasure first of all to introduce to you Ben Emmerson QC, who is currently the British judge on the Residual Mechanism of the International Criminal Tribune of Rwanda and the International Criminal Tribune for the Former Yugoslavia. He’s previously acted as special adviser to the prosecutor of the International Criminal Court and special adviser to the international judges of the UN backed Khmer Rouge Tribunal in Cambodia. In 2011 he was elected by the Human Rights Council as the UN special rapporteur on counterterrorism and human rights. In this capacity he reports annually to the UN General Assembly, the Human Rights Council and relevant entities established by the UN Security Council. He conducts country visits and reports and provides technical and other advice to states.

Last week he made his report to the UN on the issue of surveillance privacy and counterterrorism. At least, that was part of it. Ben, perhaps you could tell us a few things about the report, how you made it, what took you there and what the conclusions were.

Ben Emmerson

Sure. First of all, just a few introductory points, particularly bearing in mind that we may be at Chatham House, but we’re not under Chatham House Rules. The approach that I take to this issue and in which the report takes is not necessarily an international approach. It’s not focused on the ’s domestic legislation or the , although of course, as a result of the Snowden revelations, more is known publicly about the covert surveillance programmes run by the US in the UK than those that are known to be run by, for example, , a with very significant penetration, 3 Mass Surveillance, Counterterrorism and Privacy: The Way Forward

Russia, France, Israel and other partners of the United States and the United Kingdom. Although... Malcolm, of course, knows much more about the detail of the operation of those programmes than the rest of us do, we are to some extent looking at these issues through the prison – if you’ll forget the pun - of the disclosures by .

The second point I wanted to make by way of introduction is that I look at this because of my mandate solely from the point of view of international human rights law and the compatibility of current mass surveillance programmes with, in particular, the under article 17 of the International Covenant, roughly equivalent to article 8 of the European Convention on Human Rights.

What I’ve tried to do in the report is to subject mass surveillance programmes in their general operation to the process of analysis that is mandated under international human rights instruments, which of course, involves going through various steps to determine whether a particular measure is proportionate to a legitimate and important public interest.

The debate that followed Snowden was I think a great deal more lively in the United States than in the United Kingdom. Many of those who were involved in promoting debate in the United Kingdom were disappointed that the public took rather less interest in it than they had expected. Certainly, at the international level, what we had seen is that there was a very different reaction depending on the state that the person concerned comes from.

Those who have come and emerged from totalitarian rule, for example, or have parts of their state, like Germany, that have emerged from totalitarian rule, are acutely sensitive to the privacy implications of surveillance on the internet, in a way that those who have lived under liberal democracies are sometimes less so.

Overall, the issue has been propelled high on the United Nation’s agenda, both on the Human Rights Council level and significantly the level of the General Assembly. In December of last year the General Assembly adopted resolution 68/167, which was co- sponsored by 67 member states and adopted without a vote. It’s a resolution which affirms – and this is an important affirmation – that the right of privacy exists online and must be protected online and calls on all states to review their procedures, practices and legislation in relation to surveillance, interception and the collection of , emphasizing the need to ensure full implementation of their obligations under article 17.

The resolution also mandated the high commissioner of human rights to produce reports both to the Human Rights Council and to the General Assembly and that report was initially produced on 30 June. The work that I’m doing is therefore not in isolation. It’s part of a much broader framework of interest within the UN. There has been recently, a couple of months ago a substantial panel discussion at the Human Rights Council, which is a significant process under which states have an opportunity to debate and contribute to the discussion. There was an interactive dialogue between states during the presentation of my report last week. 4 Mass Surveillance, Counterterrorism and Privacy: The Way Forward

Interestingly, it’s the first and only time that the United States has not participated in an interactive dialogue, following a report that I’ve presented. Normally, even where the reports are critical of the US’s position, they will take part in the debate, indicate which parts they accept and which they reject and generally contribute constructively. It was a surprise frankly that the US chose to remain silent and I’ve thought about it quite a lot since as to why that might have been.

The UK, its closest ally, joined the discussion and did so in an extremely constructive way, effectively endorsing the principles that are set out in the report and affirming the United Kingdom’s commitment to those principles. I’ve kind of come to the conclusion that the US must have taken a deliberate policy decision not to engage. If you want to make sure that the debate is at a minimal level, the best way is not to say anything, because anything that the administration says in that forum is likely to promote yet greater discussion and debate on what is the topic of real contention and interest in the US.

Bringing it right to date, the Brazilian and German missions to the UN are now co- sponsoring a further resolution, which is based on this report and the high commissioner’s report and will call for the creation of a new special procedure mandate. What I do, as special rapporteur on counterterrorism and human rights, is one of the special procedures mandates and there is currently none which directly focuses on the right to privacy and in particular . It falls to some extent within my mandate in so far as the justification for access or mass surveillance and, depending on your point of view, the paradigm justification is often said to be counterterrorism.

It falls to some extent within the mandate of the special rapporteur on freedom of expression in the sense that the right to freedom of expression carries with it a corresponding obligation of privacy and there are implications for other human rights, as well, but there is no special procedures mandate which focuses specifically on what is a very complicated and important and challenging topic.

The basic conclusion of my report is not very earth-shattering and I’m not sure it would come as a surprise to anybody who had looked at these issues. The basic conclusion of the report is that the current technology available for mass surveillance of the internet poses a direct challenge to an established norm of international law. We have an understanding currently of the right to privacy under article 17, which cannot comfortably accommodate mass surveillance programmes. Something is going to have to give in the equation. There may well be justifications on a counterterrorism basis.

There’s no doubt that the pursuit of effective counterterrorism strategies is not only legitimate, it’s an obligation that rests on states and to my mind it’s a human rights obligation that rests on states. I’ve always made it clear during the course of my mandate that the rights of victims of and the duty of states to protect them are right at the heart of any debate on the legitimacy and proportionality of counterterrorism techniques, but one is driven to the conclusion here that our current understanding of our right to privacy doesn’t sufficiently accommodate the operations that are currently taking place.

It comes really to this: the conceptual framework for analysing the right to privacy requires that you start by identifying the legitimate aim for interfering with people’s 5 Mass Surveillance, Counterterrorism and Privacy: The Way Forward

privacy rights. No doubt at all that counterterrorism is not just a legitimate aim, but it’s really at the apex in terms of public importance. To that extent, we know that we are in the territory of a balancing exercise that needs to take place, proportionality [indiscernible]. That balancing exercise, under established principles governing the right to privacy, must take place on an individualized basis. In other words on a case by case basis a judgment must be made, whether the interference with an individual’s privacy is proportionate to the aim which it pursues, so in our paradigm, whether it’s proportionate to the countering of terrorism.

It must be the least intrusive method available to achieve that objective and it must carry with it safeguards, which include in the context of intrusive surveillance, legislation that prescribes limits on the categories of persons whose communication can be surveyed, limits on the duration of the surveillance and appropriate methods for independent review.

When one looks – Malcolm will correct me on this because I think we look at the technology from a slightly different perspective – when one has an operation, the capacity to place taps on fibre optic cables through which the majority of communication traffic runs in order to establish or determine what communication data there is, to subject, retain data, to automating algorithms which link individuals, the IP addresses, the location information, what is called communication data, through which very detailed and accurate profiles on people’s lives can be built up, the fact of the matter is that we have done away with the core of the right of privacy as it arises on the internet.

Again, I come back to the proposition that there is now international consensus at UN level that the right to privacy applies on the internet. There are those who have argued that if you use the internet, it’s rather like sending a postcard. If you send an email, encrypted or un-crypted, you may as well assume that your can be read. That view has been decisively and authoritatively rejected by the General Assembly in an unanimous resolution. When one looks at the capacities that exist effectively unlimited amount of communications data, which of course includes a vast amount of data for people who are of no interest to the authorities whatsoever.

The proportionality balance has to move, so instead of looking at the proportionality of an individual interference, you need to look at the proportionality of a programme as a whole and that’s a very different kind of proportionality analysis. What it requires and I don’t for a minute dispute that there may be a legitimate argument that counterterrorism objectives could justify the complete abrogation of the right to privacy on the internet, but that’s a big debate. It’s a huge debate to have.

Are we prepared as a society to do away altogether with the right to privacy of communications, which are now the only way globally the only way by which people exchange information and ideas? The basic thrust of the report is this: if we are to do that, as societies, as governments, as parliaments, we need to be absolutely transparent about what we are doing and when I say transparent, assume that there are limits on the operational and technical data that can be put into the public domain, but we do need to be much more transparent with the public about the justification that is being advised. 6 Mass Surveillance, Counterterrorism and Privacy: The Way Forward

With great respect to those who gave evidence to the ISC, from services, their evidence was of an extraordinarily generic kind and I think those associated with the services do privately acknowledge that there is an obligation now to put much, much more detail into the public domain, to make the case and if the case is to be made, then again, under article 17 there is an obligation to have detailed laws which precisely justify the techniques that are being used.

Last word: the great advantage of a parliamentary process of enacting specific legislation, which make specific provision and explains to the public exactly what is being done in their name is not only that it satisfies the lawfulness requirement, the requirement of the international law, that this type of thing needs to be regulated by law, but just as importantly, on what is after all a very important issue, it enables the Governments of the day to persuade the public that there is a justification for what they are doing.

In the end, in order to justify these programmes as proportionate on that macro level, because there is after all no individual specific proportionality analysis to be conducted, where you’re drag netting vast amounts of data from an unidentified number of people, the only way to really justify this proportionate is if states are in a position to persuade their electorates that the total abrogation of the right to privacy is justified on counterterrorism grounds, so as to make it proportionate to have the capacity to survey, read, monitor the communications of a potentially infinite number of innocent people anywhere in the world.

Patricia Lewis

Thank you, Ben. Sir Malcolm is member of parliament for Kensington and Chelsea, chairman of the British Intelligence and Security Committee. Sir Malcolm has been an elected member of parliament since 1974, defence secretary from 1992-1995, foreign secretary from 1995-1997, he is one of only four ministers who have served through the whole prime ministerships of both and John Major and he is currently on the top level group of UK Parliamentarians for Nuclear Disarmament and Arm Proliferation and is a member of the European Leadership Network executive board. Malcolm, it’s great to have you back. Transparency, oversight, proportionality, right to privacy, it’s all your normal daily.

Sir Malcolm Rifkind

Thank you very much. Can I begin by just making two general points? First of all, I actually agree with a great deal of what Ben has said both in his report and what he has said this evening. Secondly, the Intelligence and Security Committee, which I chair is currently carrying out an inquiry into privacy and security, the very issues that we are discussing this evening. As we have not yet come to any conclusions, you will hear my personal views. They are not the views of the committee, because the committee has not yet come to that stage.

I think in order to make this as interesting as possible, let me concentrate on what I disagree with the report and what has been said this evening. First of all, the case starts from the use of the phrase ‘mass surveillance’. It’s quite important to know what we’re talking about when that phrase is used. It has slightly tones to it. It implies that 7 Mass Surveillance, Counterterrorism and Privacy: The Way Forward

every single person in this room is likely to be having their emails and their telephone communications listened to by someone in DSHQ or in one of the other intelligence agencies. I’m not saying that’s what’s alleged, but that’s the implication of the term ‘mass surveillance’.

There’s a very great difference between democratic societies, such as Britain, most of Western Europe, United States and authoritarian countries, like and China. Their surveillance systems are used to try and identify political opposition, to try and identify those who might wish to change the government and they are quite open about that. Not that they admit it, but they certainly take much effort to conceal it and the very way in which the Chinese take effort to control the internet to prevent access by their population just has no parallel in Western society. Let’s be quite clear: our intelligence agencies – I don’t think I’m saying anything controversial – have not the remotest interest in the emails or the telephone communications or the political opinions of the vast majority of the British public or indeed elsewhere in the world.

They have no interest in it. They don’t have the resources to involve themselves in mass surveillance if it implied the whole population, nor do they have the time to do it, nor would they be keeping the law if they tried to do it. They would be breaking the law and would be subject to criminal sanction.

What we’re actually talking about is certainly a capability that has developed in recent years, to have access to quite large numbers of emails or voice communications if that’s what you want to do and if you get a lawful authority to do it for a specific purpose. The purpose is primarily counterterrorism at this point in time, but it also includes serious or paedophilia or other matters of very serious public interest.

What Ben in his report says and what many of the critics say is we have no objection to targeted intrusion if there’s a particular individual who’s believed to be a possible terrorist or an actual terrorist and you want to look at his emails, even then you have a lawful authority. You have to get a warrant from the secretary of state to read anyone’s email in the UK, British citizen or non-British citizen if they’re in this island. That’s fine. That’s not too controversial. What happens? How do the intelligence agencies and the security forces go about preventing terrorism or capturing terrorists if they are limited to only looking at those that they already know or suspect to be serious terrorists?

The reality is there are a substantial number of people in this country or in other countries who mean harm to others, who either aren’t known to the intelligence agencies or don’t become known until they’ve already committed a terrorist act? What we’re talking about is not targeted intrusion or mass surveillance.

What we’re actually talking about is two kinds of targeted intrusion. The simple kind, when you already know who you’re looking for and you get authority to look at the person’s email or listen to their voice communications, but equally irrelevant and it’s a form of targeting is how do you identify from a much larger group of people who might be the bad guys who are meaning to carry out let us say terrorist acts. When it is said that the intelligence agencies in Western countries have a capability to look at very large numbers of emails, that’s true, but what do we mean by ‘look at’? 8 Mass Surveillance, Counterterrorism and Privacy: The Way Forward

I think it’s important to point out that what actually happens when you have what is called bulk interception is that incredibly sophisticated computers are processed to look for certain selectors and that selector might be an email address or it might be a reference to jihadi terrorism or it might be some other phrase or sentence or word that has connotations of being a bad guy. The computers, without any single person being involved, reject the 99.9999 per cent of the limited number they are looking at.

They reject them all, they are never seen again. No human eye has ever looked at the content, has read the emails of those concerned. It picks out what is usually a tiny fraction where these selectors that I mentioned do give a prima facie indication that something bad might be happening, that this might be an email from a terrorist in Yemen to a radicalized youngster in Birmingham who wants ideas or organizational plans or whatever.

When the agencies get the indication of the tiny number that the computer, not a person, has identified through these selectors, then if GCHQ or MI6 or MI5 want to read the content of that email or listen to the conversation, they then have to get a warrant from the secretary of state. A warrant from the secretary of state doesn’t mean just picking out the phone and saying, ‘Can I please have permission?’ ‘Yes, by all means go ahead.’

We’ve inspected these warrants. We’ve seen many examples of them. They’re five or six pages long. They’re full of questions like exactly the points that Ben has raised, proportionality, is the intrusion of this person’s privacy justified by what you think you might obtain, why are you interested in this email in the first place, what is it about what you’ve already learned that makes you suspicious?

One of the things I personally believe is that we should be publishing examples of what these warrants look like, because they’d give a lot of reassurance to the public, as they have to me personally. This isn’t some... well, indeed, when I was foreign secretary I actually had to approve some of these warrants. That was part of my job as foreign secretary. The does the same for MI5 and a lot of effort goes into each individual one, so I think we ought to ask ourselves that when you hear references to bulk interception or mass surveillance, it does not imply an indiscriminate access to respectable people’s emails or telephone communications. By access we mean not that the computer’s programmed to look for selectors, but that they’re actually being read.

Ben quite rightly emphasized whatever you do, it has to have a legal basis and it’s always remembering that our intelligence agencies are subject and they subject themselves not just to compliance with the intelligence services act and with [indiscernible], which is the main legislation, but also what people perhaps are less aware, the Human Rights Act. I know for a fact that our intelligence agencies are stuffed with lawyers nowadays. 30 years ago they didn’t have any.

Now you hardly can run around the building without bumping into one. What these lawyers are looking for is not just are they observing the legal requirements as laid down in the main acts of parliament, but whether they are complying with the European Convention on Human Rights or our Human Rights Act. 9 Mass Surveillance, Counterterrorism and Privacy: The Way Forward

These are judgments that have to be made. I’m not saying they always get it right, of course. That’s what courts are for. Occasionally, the courts might disagree if they ever came before the court, but I am absolutely convinced that our intelligence agencies and the people who run them strive to operate under the law. There is additional question: is that law itself satisfactory? Does it need to be modernized? Has it kept up with technological change? That’s what the committee I chair is looking at and other people are looking at and there’s a separate question whether we should have more transparency, so that many things can be shared with the public, but of course you can’t share them with the British public without sharing with the rest of the world, including the bad guys.

So you actually have to be able to identify and there is a lot of examples of things that could be made public without any risk to , but don’t expect that to be other than a modest proportion of what our intelligence agencies do, because at the end of the day they are secret intelligence agencies and you cannot reveal secrets to the British public without revealing them to the rest of the world. So we have a healthy debate. We’re a lucky country.

Ben mentioned how British public opinion is slightly more supportive of the intelligence agencies. It’s because of . It’s not just . It’s because the single greatest intelligence triumph of any country was Bletchley Park in the Second World War, when we got the German Naval Codes. Remember, this is very relevant to Snowden, what was crucial about Bletchley Park was not just that through the enigma, they broke these Naval Codes and knew what the German Navy in Berlin, the messages that were being sent to [indiscernible] in the Atlantic.

It’s not only that they broke these codes. It’s that for three years the Germans didn’t know they’d broken the codes. If they had known them, of course they would’ve changed the system over night and that’s a sort of damaged Snowden. Many of his allegations are rubbish. Some of the things he said may be true, but don’t assume because they’re true, it was right to make some of them public and that is, I think, the dilemma we’re all dealing with. Thank you.