Mass Surveillance Threatens Digital Security And Human Rights, Says European Report

A 32-page report into mass surveillance by a top European rights body has warned that digital dragnets set up by U.S. government intelligence agencies, and some of the U.S.’ allies in Europe and elsewhere, are endangering fundamental human rights — such as the right to privacy, to freedom of information and expression, to freedom of religion, and to the right to a fair trial.

NSA whistleblower Edward Snowden gave evidence to the committee last year, including revealing that U.S. government intelligence agencies spied on NGOs and human rights organizations.

The Parliamentary Assembly of the Council of Europe (PACE) report also expresses deep concern about threats to Internet security by what it describes as “the practice of certain intelligence agencies”, as disclosed in the Snowden files, of “seeking out systematically, using and even creating ‘back doors’ and other weaknesses in security standards and implementation, which could easily be exploited also by terrorists and cyber-terrorists or other criminals”.

The PACE report comes just days after the U.K. Prime Minister appeared to call for a ban on strong encryption, arguing that national security agencies should be able to gain access to all digital communications.

And — just today — the U.K.’s House of Lords was debating amendments to a new counter-terrorism bill that sought to (again) revive a so-called Snooper’s Charter by forcing blanket retention of communications metadata on digital companies, despite such comms dragnets being ruled disproportionate and struck down by the European Court of Justice last year.

Following the ECJ strike down, the U.K. government passed “emergency” interception legislation, aka DRIPA, to fill the legislative gap (DRIPA has a sunset clause, hence attempts to inject similar measures in the separate counter-terrorism bill). And was roundly criticized for rushing DRIPA through parliament, without allowing for proper parliamentary scrutiny.

In its report PACE expresses specific concerns about the anti-democratic practices and structures that have developed to enable mass surveillance, noting it is “deeply worried by the extensive use of secret laws, secret courts and secret interpretations of such laws, which are very poorly scrutinized”.

The report adds:

In several countries, a massive “Surveillance-Industrial Complex” has evolved, fostered by the culture of secrecy surrounding surveillance operations, their highly technical character and the fact that both the seriousness of alleged threats and the need for specific counter-measures and their costs and benefits are difficult to assess for political and budgetary decision-makers without relying on input from interested groups themselves. These powerful structures risk escaping democratic control and accountability and threaten the free and open character of our societies.

PACE highlights for censure one such workaround for circumventing national privacy laws whereby certain countries — notably among the so-called Five Eyes (aka: U.S., U.K., Canada, Australia, New Zealand) — share data on each others’ citizens, since foreigners’ privacy rights are not nationally enshrined.

PACE’s report is not anti-surveillance, rather it is arguing for “effective, targeted surveillance” of specific suspects — contrasting that with resource-intensive mass surveillance, which it notes has not been found to have contributed to the prevention of terrorist attacks, according to various independent U.S. reviews, and “contrary to earlier assertions made by senior intelligence officials”.

“Instead, resources that might prevent attacks are diverted to mass surveillance, leaving potentially dangerous persons free to act,” it adds.

A new privacy-protecting legal framework is required, in PACE’s view, to rebuild trust between European States, and between Europe and the U.S., post-Snowden. Building in robust protections for whistleblowers, such as Snowden, who are exposing unlawful surveillance practices is also key here.

In order to rebuild trust among the transatlantic partners, among the member states of the Council of Europe and also between citizens and their own governments, a legal framework must be put in place at the national and international level which ensures the protection of human rights, especially that which secures the right to privacy. An effective tool for the enforcement of such a legal and technical framework, besides enhanced judicial and parliamentary scrutiny, is credible protection extended to whistle-blowers who expose violations.

In its series of non-binding recommendations to European Union Member States PACE also calls for judicial oversight to be baked into national laws that sanction the collection and analysis of personal data (unless individuals have given their consent for their data to be taken). And it suggests court orders should be granted “on the basis of reasonable suspicion of the target being involved in criminal activity”.

So, in other words, that surveillance should always be targeted — never a fishing expedition.

It adds:

…unlawful data collection and treatment should be penalised in the same way as the violation of the traditional mail secret ; the creation of “backdoors” or any other techniques to weaken or circumvent security measures or exploit their existing weaknesses should be strictly prohibited; all institutions and businesses holding personal data should be held to apply the most effective security measures available;

It also calls for a multilateral “Intelligence Codex” for nation states’ intelligence services to lay down rules governing counter-terror and organized crime “cooperation” — to ensure that countries apply the same rules to surveillance of each other’s citizens as their own to avoid the ‘back-channel’ snooping within the Five Eyes.

PACE also follows Snowden’s lead in calling for privacy-protections to be baked into more consumer products.

The report can be read in full here.