DOCSLIB.ORG

Guide to International Law and Surveillance 2.0

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Guide to International Law and Surveillance 2.0 Guide to International Law and Surveillance 2.0 February 2019 Version 2.0 28 February 2019 Guide to International Law and Surveillance The 21st century has brought with it rapid development in the technological capacities of Governments and corporate entities to intercept, extract, filter, store, analyse, and disseminate the communications of whole populations. The costs of retaining data have decreased drastically, and continue to do so every year, and the means of analysing the information have improved exponentially due to developments in automated machine learning and algorithmic designs. These technological advancements pose a direct threat to the safeguards protecting the right to privacy. Revelations about the scope and nature of mass surveillance and bulk interception programs have led to a surge in legal discourse surrounding the role that international law, and in particular international human rights law, can and should play in responding to this evolving reality. International and regional courts, international human rights treaty bodies and other human rights experts, such as U.N. special rapporteurs, have all published authoritative statements on the law strengthening the right to privacy in the sphere of surveillance in the 21st century. The “Guide to International Law and Surveillance” is an attempt to collate relevant excerpts from these judgments and reports into a single principled guide that will be regularly updated. This is the second edition of the Guide, updating it to reflect the most relevant legal developments in 2018. Despite its name, the guide isn’t just aimed at lawyers. It is really a handy reference tool for anyone engaging in campaigning, advocacy, and scholarly research, on these issues. The guide is quite long but it is not meant to be read it cover to cover. We suggest that you either use the hyperlinked table of contents or search for key words to find the most relevant quotes for you. The guide is thus meant to be used in a light touch way, providing you with the most hard-hitting results that reinforce and strengthen the core principles and standards of international law on surveillance. The guide covers array of relevant topics such as the illegality of mass surveillance operations, the law surrounding data retention, the extraterritorial application of human rights law and digital surveillance, the international law on hacking for surveillance purposes, crypto-wars and the “going dark” debate, and the responsibility of multinational corporations in protecting the right to privacy. The first section of the guide offers an abridged version, a compressed list of the most substantive articulations of law surrounding of the sub-issues covered, as they are reflected under both U.N. law and regional human rights law. If you cite nothing else, these are the quotes that you want to reference. The second section of the guide offers additional quotes for each of the sub-issues, beyond the primary ones introduced in the first section. Also please note that only final judgments of the European Court of Human Rights are reflected. The guide is a living and breathing document and we will be adding new content as more statements and resolutions emerge. Please reach out to us via Twitter (@Privacyint) or email ([email protected]) if you have any other quotes you want us to add or topics you want us to cover. Version 2.0 28 February 2019 Table of Contents I. Selected Quotes ............................................................................................................................ 3 Chapter 2A: Principles Surrounding Surveillance and the Right to Privacy........................... 6 a. The Principle of Legality ....................................................................................................... 6 i. Accessibility Requirement ................................................................................................. 8 ii. Foreseeability Requirement ............................................................................................... 8 b. The Principle of Necessity .................................................................................................. 10 c. The Principle of Proportionality .......................................................................................... 11 d. The Principle of Adequate Safeguards ................................................................................ 12 i. Reasonable Suspicion ...................................................................................................... 13 ii. Effective Oversight .......................................................................................................... 16 iii. Data Retention ................................................................................................................. 18 iv. Transparency Requirements ............................................................................................ 21 v. Safeguards in Intelligence Sharing and Data Transfers ................................................... 22 vi. Distinctions in Safeguards Between Metadata and Content ............................................ 25 vii. Distinctions in Safeguards Between Law Enforcement and Intelligence Agencies .... 26 viii. Professional Confidentiality and Privileged Communications .................................... 26 ix. Safety of journalists ......................................................................................................... 29 e. The Principle of Access to Remedy: Victimhood, Standing, and Notification ................... 29 Chapter 3A: Surveillance and Other Human Rights Provisions ............................................. 32 a. Surveillance and the Jurisdictional Clause (Extraterritorial Application) ........................... 32 b. Surveillance and the Principle of Non-Discrimination ....................................................... 33 Chapter 4A: Mass Surveillance Programs ................................................................................. 34 Chapter 5A: Debates Surrounding Surveillance-Related Capabilities ................................... 37 a. The Debate over Encryption and “Going Dark” ................................................................. 37 b. The Debate over Hacking and Vulnerability Exploitation .................................................. 39 Chapter 6A: Right to Privacy and the Roles and Responsibilities of Multinational Companies ........................................................................................................................................................ 41 II. Additional quotes .................................................................................................................... 43 Chapter 2B: Principles Surrounding Surveillance and the Right to Privacy ......................... 43 a. The Principle of Legality (extended)................................................................................... 43 i. Accessibility Requirement (extended) ............................................................................. 52 ii. Foreseeability Requirement (extended) ........................................................................... 55 b. The Principle of Necessity (extended) ................................................................................ 63 c. The Principle of Proportionality (extended)........................................................................ 70 d. The Principle of Adequate Safeguards (extended) .............................................................. 72 i. Reasonable Suspicion (extended) .................................................................................... 77 ii. Effective Oversight (extended) ........................................................................................ 79 iii. Data Retention (extended) ............................................................................................... 94 iv. Transparency Requirements (extended) ........................................................................ 104 v. Safeguards in Intelligence Sharing and Data Transfers (extended) ............................... 106 vi. Distinctions in Safeguards Between Metadata and Content (extended) ........................ 110 vii. Distinctions in Safeguards Between Law Enforcement and Intelligence Agencies (extended).............................................................................................................................. 113 1 Version 2.0 28 February 2019 viii. Professional Confidentiality and Privileged Communications (extended) ................. 114 ix. Safety of journalists (extended) ..................................................................................... 115 e. The Principle of Access to Remedy: Victimhood, Standing, and Notification (extended) 116 Chapter 3B: Surveillance and Other Human Rights Provisions ........................................... 131 a. Surveillance and the Jurisdictional Clause (Extraterritorial Application) (extended) ...... 131 b. Surveillance and the Principle of Non-Discrimination (extended) ................................... 132 Chapter 4B: Mass Surveillance Programs ............................................................................... 134 Chapter 5B: Debates Surrounding Surveillance-Related Capabilities ................................. 138 a. The Debate over Encryption and “Going Dark” (extended) ............................................. 138 b. The Debate
Load more

Recommended publications
  • Anonymity and Encryption in Digital Communications, February 2015
    Submission to the UN Special Rapporteur on freedom of expression – anonymity and encryption in digital communications, February 201 1! Introduction Privacy International submits this information for the Special Rapporteur's report on the use of encryption and anonymity in digital communications. Anonymity and the use of encryption in digital communications engage both the right to freedom of expression and right to privacy very closely: anonymity and encryption protects privacy, and ithout effective protection of the right to privacy, the right of individuals to communicate anonymously and ithout fear of their communications being unla fully detected cannot be guaranteed. As noted by the previous mandate holder, !rank #aRue, $the right to privacy is essential for individuals to express themselves freely. Indeed, throughout history, people%s illingness to engage in debate on controversial sub&ects in the public sphere has al ays been linked to possibilities for doing so anonymously.'( Individuals' right to privacy extends to their digital communications.) As much as they offer ne opportunities to freely communicate, the proliferation of digital communications have signi*cantly increased the capacity of states, companies and other non+state actors to interfere ith individual's privacy and free expression. Such interference ranges from mass surveillance of communications by state intelligence agencies, to systematic collection and storage of private information by internet and telecommunication companies, to cybercrime. Anonymity and encryption are essential tools available to individuals to mitigate or avert interferences ith their rights to privacy and free expression. In this ay, they are means of individuals exercising to the fullest degree their rights hen engaging in digital communications.
    [Show full text]
  • Anonymity in a Time of Surveillance
    LESSONS LEARNED TOO WELL: ANONYMITY IN A TIME OF SURVEILLANCE A. Michael Froomkin* It is no longer reasonable to assume that electronic communications can be kept private from governments or private-sector actors. In theory, encryption can protect the content of such communications, and anonymity can protect the communicator’s identity. But online anonymity—one of the two most important tools that protect online communicative freedom—is under practical and legal attack all over the world. Choke-point regulation, online identification requirements, and data-retention regulations combine to make anonymity very difficult as a practical matter and, in many countries, illegal. Moreover, key internet intermediaries further stifle anonymity by requiring users to disclose their real names. This Article traces the global development of technologies and regulations hostile to online anonymity, beginning with the early days of the Internet. Offering normative and pragmatic arguments for why communicative anonymity is important, this Article argues that anonymity is the bedrock of online freedom, and it must be preserved. U.S. anti-anonymity policies not only enable repressive policies abroad but also place at risk the safety of anonymous communications that Americans may someday need. This Article, in addition to providing suggestions on how to save electronic anonymity, calls for proponents of anti- anonymity policies to provide stronger justifications for such policies and to consider alternatives less likely to destroy individual liberties. In
    [Show full text]
  • No. 16-3588 in the UNITED STATES COURT of APPEALS for THE
    Case: 16-3588 Document: 003112605572 Page: 1 Date Filed: 04/26/2017 No. 16-3588 IN THE UNITED STATES COURT OF APPEALS FOR THE THIRD CIRCUIT ______________________ UNITED STATES OF AMERICA, Appellee v. GABRIEL WERDENE, Appellant ______________________ On Appeal from the United States District Court for the Eastern District of Pennsylvania ______________________ BRIEF OF AMICUS CURIAE PRIVACY INTERNATIONAL IN SUPPORT OF APPELLANT AND IN SUPPORT OF REVERSAL OF THE DECISION BELOW ______________________ Of counsel: Caroline Wilson Palow* Lisa A. Mathewson Scarlet Kim* The Law Offices of PRIVACY INTERNATIONAL Lisa A. Mathewson, LLC 62 Britton Street 123 South Broad Street, Suite 810 London EC1M 5UY Philadelphia, PA 19109 Phone: +44 (0) 20 3422 4321 Phone: (215) 399-9592 [email protected] [email protected] Counsel for Amicus Curiae, *Counsel not admitted to Third Circuit Bar Privacy International Case: 16-3588 Document: 003112605572 Page: 2 Date Filed: 04/26/2017 CORPORATE DISCLOSURE STATEMENT Pursuant to Federal Rule of Appellate Procedure 26.1 and Local Appellate Rule 26.1.1, amicus curiae Privacy International certifies that it does not have a parent corporation and that no publicly held corporation owns 10% or more of its stock. i Case: 16-3588 Document: 003112605572 Page: 3 Date Filed: 04/26/2017 TABLE OF CONTENTS TABLE OF AUTHORITIES ................................................................................... iii STATEMENT OF INTEREST .................................................................................
    [Show full text]
  • Aiding Surveillance an Exploration of How Development and Humanitarian Aid Initiatives Are Enabling Surveillance in Developing Countries
    Privacy International Aiding Surveillance An exploration of how development and humanitarian aid initiatives are enabling surveillance in developing countries Gus Hosein and Carly Nyst 01 October 2013 www.privacyinternational.org Aiding Surveillance — Privacy International Contents Executive Summary 04 Section 1 Introduction 05 Section 2 Methodology 15 Section 3 Management Information Systems 17 and electronic transfers Section 4 Digital identity registration and biometrics 28 Section 5 Mobile phones and data 42 Section 6 Border surveillance and security 50 Section 7 Development at the expense of human rights? 56 The case for caution Endnotes 59 03/80 Aiding Surveillance — Privacy International Executive Summary Information technology transfer is increasingly a crucial element of development and humanitarian aid initiatives. Social protection programmes are incorporating digitised Management Information Systems and electronic transfers, registration and electoral systems are deploying biometric technologies, the proliferation of mobile phones is facilitating access to increased amounts of data, and technologies are being transferred to support security and rule of law efforts. Many of these programmes and technologies involve the surveillance of individuals, groups, and entire populations. The collection and use of personal information in these development and aid initiatives is without precedent, and subject to few legal safeguards. In this report we show that as development and humanitarian donors and agencies rush to adopt new technologies that facilitate surveillance, they may be creating and supporting systems that pose serious threats to individuals’ human rights, particularly their right to privacy. 04/80 Section 1 Aiding Surveillance — Privacy International Introduction 1.0 It is hard to imagine a current public policy arena that does not incorporate new technologies in some way, whether in the planning, development, deployment, or evaluation phases.
    [Show full text]
  • A Call from the Panopticon to the Judicial Chamber “Expect Privacy!”
    Journal of International Commercial Law and Technology Vol.1, Issue 2 (2006) A Call From the Panopticon to the Judicial Chamber “Expect Privacy!” Julia Alpert Gladstone Bryant University Smithfield, RI,USA Abstract Privacy is necessary in order for one to develop physically, mentally and affectively. Autonomy and self definition have been recognized by the United States Supreme Court as being values of privacy. In our technologically advanced, and fear driven society, however, our right to privacy has been severely eroded. Due to encroachment by government and business we have a diminished expectation of privacy. This article examines the detriments to self and society which result from a reduced sphere of privacy, as well as offering a modest suggestion for a method to reintroduce an improved conception of privacy into citizens’ lives. Keywords: Privacy, Technology, Judiciary, Autonomy, Statute INTRODUCTION Citizens often pay scant attention to their privacy rights until a consciousness raising event, such as the late 2005 exposure of the unauthorized wiretapping performed by the United States Executive Branch, heightens their interest and concern to protect previously dormant privacy rights. The scholarly literature on privacy is plentiful which broadly explains privacy as a liberty or property right, or a condition of inner awareness, and explanations of invasions of privacy are also relevant. This article seeks to explain why privacy remains under prioritized in most people’s lives, and yet, privacy is held as a critical, if not, fundamental right. Privacy is defined according to social constructs that evolve with time, but it is valued, differently. It is valued as a means to control one’s life.
    [Show full text]
  • The Right to Privacy in the Digital Age
    The Right to Privacy in the Digital Age April 9, 2018 Dr. Keith Goldstein, Dr. Ohad Shem Tov, and Mr. Dan Prazeres Presented on behalf of Pirate Parties International Headquarters, a UN ECOSOC Consultative Member, for the Report of the High Commissioner for Human Rights Our Dystopian Present Living in modern society, we are profiled. We accept the necessity to hand over intimate details about ourselves to proper authorities and presume they will keep this information secure- only to be used under the most egregious cases with legal justifications. Parents provide governments with information about their children to obtain necessary services, such as health care. We reciprocate the forfeiture of our intimate details by accepting the fine print on every form we sign- or button we press. In doing so, we enable second-hand trading of our personal information, exponentially increasing the likelihood that our data will be utilized for illegitimate purposes. Often without our awareness or consent, detection devices track our movements, our preferences, and any information they are capable of mining from our digital existence. This data is used to manipulate us, rob from us, and engage in prejudice against us- at times legally. We are stalked by algorithms that profile all of us. This is not a dystopian outlook on the future or paranoia. This is present day reality, whereby we live in a data-driven society with ubiquitous corruption that enables a small number of individuals to transgress a destitute mass of phone and internet media users. In this paper we present a few examples from around the world of both violations of privacy and accomplishments to protect privacy in online environments.
    [Show full text]
  • 13 Principles for a Human Rights Respecting State Surveillance Framework
    13 Principles for a Human Rights Respecting State Surveillance Framework Reporters Without Borders (RWB) joins the Association for Progressive Communications and more than 215 other organizations in calling for the adoption of the “International Principles on the Application of Human Rights to Communications Surveillance,” which were developed by Access, Electronic Frontier Foundation and Privacy International in consultation with a group of international experts. Privacy is a fundamental human right, and is central to the maintenance of democratic societies. It is essential to human dignity, reinforces other rights, such as freedom of expression, information and association, and is recognised under national, regional and international human rights instruments. This Council recognized with A/HRC/RES/20/8 “the same rights that people have offline must also be protected online.” However, in recent years, many States have developed national legal frameworks and practices that exploit the capacities of new technologies to engage in mass surveillance. Those frameworks reflect a shift from surveillance of communications based on the rule of law (in particular legally authorised targeted surveillance based on clear criteria) to mass surveillance through untargeted collection of communications data of ordinary citizens where no lawful grounds for surveillance exists. These national legal frameworks often contain outmoded definitions of communications that purport to distinguish between the content of communication, versus data about the communication. Typically, the content of communications is strongly protected whereas non-content transactional data, traffic data, or “meta-data” is typically given much less protection, even though it can be just as revealing and have serious privacy implications. Activities that restrict the right to privacy, including communications surveillance, can only be justified when prescribed by law, are necessary to achieve a legitimate aim, and are proportionate to the aim pursued.
    [Show full text]
  • Privacy International, Human and Digital Rights Organizations, and International Legal Scholars As Amici Curiae in Support of Respondent
    No. 17-2 IN THE Supreme Court of the United States IN THE MdATTER OF A WARRANT TO SEARCH A CERTAIN EMAIL ACCOUNT CONTROLLED AND MAINTAINED BY MICROSOFT CORPORATION UNITED STATES OF AMERICA, Petitioner, —v.— MICROSOFT CORPORATION, Respondent. ON WRIT OF CERTIORARI TO THE UNITED STATES COURT OF APPEALS FOR THE SECOND CIRCUIT BRIEF OF PRIVACY INTERNATIONAL, HUMAN AND DIGITAL RIGHTS ORGANIZATIONS, AND INTERNATIONAL LEGAL SCHOLARS AS AMICI CURIAE IN SUPPORT OF RESPONDENT LAUREN GALLO WHITE BRIAN M. WILLEN RYAN T. O’HOLLAREN Counsel of Record WILSON, SONSINI, GOODRICH BASTIAAN G. SUURMOND & ROSATI, P.C. WILSON, SONSINI, GOODRICH One Market Plaza Spear Tower, & ROSATI, P.C. Suite 3300 1301 Avenue of the Americas, San Francisco, California 94105 40th Floor (415) 947-2000 New York, New York 10019 [email protected] (212) 999-5800 [email protected] [email protected] [email protected] Attorneys for Amici Curiae (Counsel continued on inside cover) CAROLINE WILSON PALOW SCARLET KIM PRIVACY INTERNATIONAL 62 Britton Street London, EC1M 5UY United Kingdom [email protected] [email protected] i QUESTION PRESENTED Whether construing the Stored Communications Act (“SCA”) to authorize the seizure of data stored outside the United States would conflict with foreign data-protection laws, including those of Ireland and the European Union, and whether these conflicts should be avoided by applying established canons of construction, including presumptions against extra- territoriality and in favor of international comity, which direct U.S. courts to construe statutes as applying only domestically and consistently with foreign laws, absent clear Congressional intent. ii TABLE OF CONTENTS PAGE QUESTION PRESENTED ..........................
    [Show full text]
  • Gender Perspectives on Privacy’
    September 2018 Privacy International’s submission on the consultation ‘Gender perspectives on privacy’ In response to the consultation on ‘Gender perspectives on Privacy’ by the UN Special Rapporteur on the right to privacy, Privacy International submit the following observations. The organisation is publishing in October 2018 a report on the topic, which it will share with the Rapporteur as soon as it is released. 1. What gender issues arise in the digital era in the Thematic Action Streams (Privacy and Personality; Security and Surveillance; Big Data and Open Data; Health Data, and the Use of Personal Data by Corporations)? What challenges need to be addressed and what positives can be promoted more widely? As a necessary condition to define boundaries, protect human dignity and enable autonomy, the right to privacy can be particularly important for women and queer persons, influencing most aspect of their lives, preventing them from being victims of discrimination, unwanted exposure, unlawful surveillance, and harassment, among other harms. A gender perspective is also necessary to address power imbalances in the exercise of the right to privacy, making sure that it does not become an excuse from providing proper redress when this right is affected. Within that context, we would like to draw your attention to particular issues and challenges that we believe should be addressed. Previous research on the topic, as well as our on-going research, document a reality in which traditional systems of oppression that are based on gender discrimination can find new manifestations in the information age. Of particular concern to us is the issue of online gender-based violence.
    [Show full text]
  • The Role of International Human Rights Law in the Protection of Online Privacy in the Age of Surveillance
    2017 9th International Conference on Cyber Conflict Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profit or non-commercial Defending the Core purposes is granted providing that copies bear this notice and a full citation on the H. Rõigas, R. Jakschis, L. Lindström, T. Minárik (Eds.) first page. Any other reproduction or transmission requires prior written permission by NATO CCD COE. 2017 © NATO CCD COE Publications, Tallinn The Role of International Human Rights Law in the Protection of Online Privacy in the Age of Surveillance Eliza Watt Westminster Law School University of Westminster London, UK [email protected] Abstract: Whilst the political dust on mass surveillance is slowly settling down, what has become apparent is the uncertainty regarding the interpretation and application of the right to privacy norms under Article 17 of the International Covenant on Civil and Political Rights 1966 in the context of cyberspace. Despite the world-wide condemnation of these practices by, inter alia, the United Nations and international human rights organisations, little consensus has been reached on how to bring them in line with international human rights law. This paper proposes that the most pragmatic solution is updating Article 17 by replacing General Comment No.16. There are many issues that require attention. The paper focuses on two fundamental aspects of this process, namely the development of more detailed understanding of what is meant by the right to privacy in the 21st century, and the challenge posed by foreign cyber surveillance to the principle of extraterritorial application of human rights treaties.
    [Show full text]
  • 2017.10.20 PI Amicus Brief
    Case: 17-30117, 10/20/2017, ID: 10624905, DktEntry: 9, Page 1 of 35 No. 17-30117 IN THE UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT UNITED STATES OF AMERICA, Plaintiff-Appellee, v. DAVID TIPPENS, Defendant-Appellant. On Appeal from the United States District Court for the Western District of Washington at Tacoma District Court BRIEF OF AMICUS CURIAE PRIVACY INTERNATIONAL IN SUPPORT OF DEFENDANT-APPELLANT AND REVERSAL Scarlet Kim Counsel for Amicus Curiae Privacy International 62 Britton Street London EC1M 5UY United Kingdom +44 (0) 20 3422 4321 Case: 17-30117, 10/20/2017, ID: 10624905, DktEntry: 9, Page 2 of 35 CORPORATE DISCLOSURE STATEMENT Pursuant to Federal Rules of Appellate Procedure 26.1 and 29(a)(4)(A), amicus curiae Privacy International certifies that it does not have a parent corporation and that no publicly held corporation owns 10% or more of its stock. i Case: 17-30117, 10/20/2017, ID: 10624905, DktEntry: 9, Page 3 of 35 TABLE OF CONTENTS TABLE OF AUTHORITIES .................................................................................. iii STATEMENT OF INTEREST ................................................................................. 1 INTRODUCTION .................................................................................................... 2 FACTUAL BACKGROUND ................................................................................... 4 I. The “Network Investigative Technique.” ......................................................... 4 A. The NIT uses an “exploit” and a “payload.” .................................................
    [Show full text]
  • Consumers Online: Your Rights to Privacy in Cyberspace Nancy Lazar
    Loyola Consumer Law Review Volume 10 | Issue 2 Article 3 1998 Consumers Online: Your Rights to Privacy in Cyberspace Nancy Lazar Follow this and additional works at: http://lawecommons.luc.edu/lclr Part of the Consumer Protection Law Commons Recommended Citation Nancy Lazar Consumers Online: Your Rights to Privacy in Cyberspace, 10 Loy. Consumer L. Rev. 117 (1998). Available at: http://lawecommons.luc.edu/lclr/vol10/iss2/3 This Recent Legislative Activity is brought to you for free and open access by LAW eCommons. It has been accepted for inclusion in Loyola Consumer Law Review by an authorized administrator of LAW eCommons. For more information, please contact [email protected]. RECENT LEGISLATIVE by Nancy Lazar ACTIVITY Consumers Online: Your Right to Privacy in Cyberspace "According to some predictions, applied federal laws safeguarding consumer nearly one billion people will be privacy to commercial transactions in online in the next 10 years. If people cyberspace, the protection of consumer privacy are uncomfortable sending personal online is limited. For instance, although information over the Internet, the Congress amended the Electronic largest potential consumer market Communications Privacy Act of 1986, 18 will be closed to nearly every U.S.C. § 2510 - 2710 (1982 Supp. IV 1986) company in the world," according to ("Act"), to prevent Internet service providers Joseph L. Dionne, chairman and from releasing personal information of their CEO of The McGraw-Hill members to a government agency absent a legal Companies, a leading information request, the Act does not explicitly prohibit services provider. Internet service providers from distributing the members' private information to any individual A Business Week/Louis Harris & Associates or entity outside of government.
    [Show full text]