Guide to International Law and Surveillance 2.0 February 2019 Version 2.0 28 February 2019 Guide to International Law and Surveillance The 21st century has brought with it rapid development in the technological capacities of Governments and corporate entities to intercept, extract, filter, store, analyse, and disseminate the communications of whole populations. The costs of retaining data have decreased drastically, and continue to do so every year, and the means of analysing the information have improved exponentially due to developments in automated machine learning and algorithmic designs. These technological advancements pose a direct threat to the safeguards protecting the right to privacy. Revelations about the scope and nature of mass surveillance and bulk interception programs have led to a surge in legal discourse surrounding the role that international law, and in particular international human rights law, can and should play in responding to this evolving reality. International and regional courts, international human rights treaty bodies and other human rights experts, such as U.N. special rapporteurs, have all published authoritative statements on the law strengthening the right to privacy in the sphere of surveillance in the 21st century. The “Guide to International Law and Surveillance” is an attempt to collate relevant excerpts from these judgments and reports into a single principled guide that will be regularly updated. This is the second edition of the Guide, updating it to reflect the most relevant legal developments in 2018. Despite its name, the guide isn’t just aimed at lawyers. It is really a handy reference tool for anyone engaging in campaigning, advocacy, and scholarly research, on these issues. The guide is quite long but it is not meant to be read it cover to cover. We suggest that you either use the hyperlinked table of contents or search for key words to find the most relevant quotes for you. The guide is thus meant to be used in a light touch way, providing you with the most hard-hitting results that reinforce and strengthen the core principles and standards of international law on surveillance. The guide covers array of relevant topics such as the illegality of mass surveillance operations, the law surrounding data retention, the extraterritorial application of human rights law and digital surveillance, the international law on hacking for surveillance purposes, crypto-wars and the “going dark” debate, and the responsibility of multinational corporations in protecting the right to privacy. The first section of the guide offers an abridged version, a compressed list of the most substantive articulations of law surrounding of the sub-issues covered, as they are reflected under both U.N. law and regional human rights law. If you cite nothing else, these are the quotes that you want to reference. The second section of the guide offers additional quotes for each of the sub-issues, beyond the primary ones introduced in the first section. Also please note that only final judgments of the European Court of Human Rights are reflected. The guide is a living and breathing document and we will be adding new content as more statements and resolutions emerge. Please reach out to us via Twitter (@Privacyint) or email ([email protected]) if you have any other quotes you want us to add or topics you want us to cover. Version 2.0 28 February 2019 Table of Contents I. Selected Quotes ............................................................................................................................ 3 Chapter 2A: Principles Surrounding Surveillance and the Right to Privacy........................... 6 a. The Principle of Legality ....................................................................................................... 6 i. Accessibility Requirement ................................................................................................. 8 ii. Foreseeability Requirement ............................................................................................... 8 b. The Principle of Necessity .................................................................................................. 10 c. The Principle of Proportionality .......................................................................................... 11 d. The Principle of Adequate Safeguards ................................................................................ 12 i. Reasonable Suspicion ...................................................................................................... 13 ii. Effective Oversight .......................................................................................................... 16 iii. Data Retention ................................................................................................................. 18 iv. Transparency Requirements ............................................................................................ 21 v. Safeguards in Intelligence Sharing and Data Transfers ................................................... 22 vi. Distinctions in Safeguards Between Metadata and Content ............................................ 25 vii. Distinctions in Safeguards Between Law Enforcement and Intelligence Agencies .... 26 viii. Professional Confidentiality and Privileged Communications .................................... 26 ix. Safety of journalists ......................................................................................................... 29 e. The Principle of Access to Remedy: Victimhood, Standing, and Notification ................... 29 Chapter 3A: Surveillance and Other Human Rights Provisions ............................................. 32 a. Surveillance and the Jurisdictional Clause (Extraterritorial Application) ........................... 32 b. Surveillance and the Principle of Non-Discrimination ....................................................... 33 Chapter 4A: Mass Surveillance Programs ................................................................................. 34 Chapter 5A: Debates Surrounding Surveillance-Related Capabilities ................................... 37 a. The Debate over Encryption and “Going Dark” ................................................................. 37 b. The Debate over Hacking and Vulnerability Exploitation .................................................. 39 Chapter 6A: Right to Privacy and the Roles and Responsibilities of Multinational Companies ........................................................................................................................................................ 41 II. Additional quotes .................................................................................................................... 43 Chapter 2B: Principles Surrounding Surveillance and the Right to Privacy ......................... 43 a. The Principle of Legality (extended)................................................................................... 43 i. Accessibility Requirement (extended) ............................................................................. 52 ii. Foreseeability Requirement (extended) ........................................................................... 55 b. The Principle of Necessity (extended) ................................................................................ 63 c. The Principle of Proportionality (extended)........................................................................ 70 d. The Principle of Adequate Safeguards (extended) .............................................................. 72 i. Reasonable Suspicion (extended) .................................................................................... 77 ii. Effective Oversight (extended) ........................................................................................ 79 iii. Data Retention (extended) ............................................................................................... 94 iv. Transparency Requirements (extended) ........................................................................ 104 v. Safeguards in Intelligence Sharing and Data Transfers (extended) ............................... 106 vi. Distinctions in Safeguards Between Metadata and Content (extended) ........................ 110 vii. Distinctions in Safeguards Between Law Enforcement and Intelligence Agencies (extended).............................................................................................................................. 113 1 Version 2.0 28 February 2019 viii. Professional Confidentiality and Privileged Communications (extended) ................. 114 ix. Safety of journalists (extended) ..................................................................................... 115 e. The Principle of Access to Remedy: Victimhood, Standing, and Notification (extended) 116 Chapter 3B: Surveillance and Other Human Rights Provisions ........................................... 131 a. Surveillance and the Jurisdictional Clause (Extraterritorial Application) (extended) ...... 131 b. Surveillance and the Principle of Non-Discrimination (extended) ................................... 132 Chapter 4B: Mass Surveillance Programs ............................................................................... 134 Chapter 5B: Debates Surrounding Surveillance-Related Capabilities ................................. 138 a. The Debate over Encryption and “Going Dark” (extended) ............................................. 138 b. The Debate