The top UN expert on privacy in his latest report has recommended the creation of a legal instrument that could grant the equivalent of an international surveillance warrant to tackle the problem of “thousands of requests” for access to data that tech giants like Google, Facebook, Apple and Twitter face from governments across the world.
The report, ironically, was presented by the UN Special Rapporteur on the Right to Privacy (SRP), Joseph A Cannataci, the day after WikiLeaks published the biggest leak from the CIA that detailed how American intelligence agency hacks Apple and Android smartphones, electronic devices including smart TVs and communication apps like the popular WhatsApp and Signal.
The report does not include this latest case of document dumping since it was published after the UN report had already been finalised and submitted to the Office of the High Commissioner for Human Rights but, nonetheless, the UN expert has some strong words for countries like the US, the UK, France and Germany, pulling them up for unwarranted regimes of domestic and international spying.
That, tech giants who operate data centres internationally are constantly worried about states overstepping boundaries, is because there is no international law that regulates such surveillance. The UN expert recommends creating an international body with a pool of judges that will review and authorise states’ requests for data access to multinationals with granting an equivalent of an international surveillance warrant or international data access warrant (IDAW) — on grounds of reasonable suspicion under clear international law — that would be enforceable in cyberspace.
Countries signing up to such a new treaty or additional protocol could be contributing their own specialised independent judges to a pool who would, sitting as a panel, conceivably act as a one-stop shop for relevant judicial warrants enforceable worldwide – naturally in those countries which would become party to the treaty.
The evidence available to the SRP suggests that “some leading democracies” treat the Internet in an opportunistic manner “operating relatively unfettered, intercepting data and hacking millions of devices, (smartphones, tablets and laptops as much as servers) worldwide”.
“In doing so, approximately 15-25 states treat the Internet as their own playground over which they can squabble for spoils, ever seeking to gain the upper hand whether in terms of cyber-war, or espionage or counter-espionage, or industrial espionage."
“The list of motivations goes on while the other 175-odd states look on powerless, unable to do much about it except hope that somehow cyber-peace will prevail”, the privacy expert states in his report.
He reveals that “a tiny minority of states” have actively tried to “informally discourage” the SRP from exploring options for solutions to have internationally enforceable safeguards and remedies on the internet.
The present Cybercrime Convention deals only with the criminal justice sector and, therefore, the types of activities revealed by Edward Snowden lies outside the scope of the Convention.
This legal instrument regulating surveillance in cyberspace would be another step, complementary to other pieces of existing cyberlaw such as the Cybercrime Convention.
Uncharacteristically, the US did not make an intervention during a debate on this report at the UN Human Rights Council (HRC) on 7 and 8 March.
The recent WikiLeaks expose of about 9,000 secret files called Vault 7 has left governments, citizens and rights activists worried over the possibilities of unfounded intrusion into millions of lives, especially given the current backlash against immigrants and foreigners in Europe and the US.
“Surveillance activities, regardless of whether they are directed towards foreigners or citizens, must only be carried out in compliance with fundamental human rights such as privacy,” Cannataci says in his report.
“…especially when it comes to surveillance carried out on the Internet, privacy should not be a right that depends on the passport in your pocket,” the report says.
While “traditional” methods of data interception like phone calls require judicial authorisation in some countries but other techniques such as the collection and analysis of metadata referring to protocols of internet browsing history or data originating from the use of smartphones (location, phone calls, usage of applications, etc) are subject to much weaker safeguards. This is not justified since the latter categories of data are at least as revealing of a person’s individual activity as the actual content of a conversation, Cannataci argues.
“…if the state is capable of potentially interfering with every flow of information, even retroactively through bulk data retention and technologies such as “quick freeze”, the right to privacy will simply not experience a full transition to the digital age,” Cannataci told the HRC.
The Snowden revelations and their aftermath have “clearly shown” that there is a pressing need for government authorities to explain their work to the public which may partially be achieved through ex-post notification of those individuals who are subject to surveillance.
“There is little or no evidence to persuade the SRP [special rapporteur for privacy] of either the efficacy or the proportionality of some of the extremely privacy-intrusive measures that have been introduced by new surveillance laws in France, Germany, the UK and the USA,” says the UN expert.
Once data has been collected through bulk acquisition or “mass surveillance” these are “increasingly vulnerable” to be hacked by hostile governments or organised crime while there is no proof that such mass data acquisition has helped in lessening security risks.
The right to privacy infringed through domestic or international measures is a fiercely debated issue not only in the UN but within national discourses as well. In India, activists have raised privacy concerns of submitting biometric details to the government vis-a-vis the Aadhaar card system — particularly of vulnerable sections such as women rescued from trafficking, young children, the disabled — as well as the possibility of data leakages from the system.
Joseph Cannataci was appointed as the first special rapporteur on the right to privacy by the HRC in July 2015 after a resolution that highlighted the need for an expert who monitors this issue globally.
Updated Date: Mar 14, 2017 15:52 PM