On 8 March the UN Special Rapporteur on the Right to Privacy (SRP), Professor Joseph Cannataci, presented a report on government surveillance activities from both national and international law perspectives to the Human Rights Council. The report draws attention to the characteristic imbalance between global surveillance capabilities and national oversight mandates. The Special Rapporteur emphasised that, in the current technological, political and legal environment, the right to privacy cannot be entirely assured, and made recommendations on how to promote efficient oversight in the essentially opaque framework of intelligence. While technically and politically complicated, intelligence oversight is, according to the SRP, still one of the most efficient avenues for securing a necessary degree of privacy, and therefore he endorses the more recent global initiatives to promote cooperation between intelligence oversight authorities.
As an over-arching theme, the report warns against the use of fear demagogy in justification for surveillance practices such as indiscriminate data retention and signal intelligence operations that cover whole populations or large groups without establishing a link between the subjects and security threats. According to SRP, available evidence of the efficacy and proportionality of such techniques remains unpersuasive. The report refers to recent developments that either represent a way towards greater privacy and security, or are perceived as impediments. The adoption of the Email Privacy Act in the US House of Representatives, the CJEU ruling in Tele2 Sverige and Watson, and the US Second Circuit Appeals judgement in Microsoft Ireland vs United States are all encouraging and serve as evidence of progress. Any practice or legislation that distinguishes between citizens and third country nationals, or is based on merely hypothetical risk-assessment is subject to harsh criticism.
To lay down the foundations for international consensus, the SRP calls on the US to align its laws with the case law of the ECJ and ECtHR and to establish clearly that targeted surveillance is only allowed on the grounds of reasonable suspicion and not of nationality, or any other characteristic (see paras 11 and 44.c). However, the report states unambiguously that any such endeavour for legal harmonisation would fail without a transparent international oversight mechanism. Hence, it is suggested that an international instrument addressing cross-border surveillance for investigative or intelligence purposes would be complete only when it is accompanied by an independent international court responsible for warranting and scrutiny of cross-border search and seizure, and for hearing appeals. The organisation of such a court would follow the lead of the existing specialised international law tribunals, which implies that it would be set up in accordance with an additional protocol and the signatory states would be able to appoint representatives.
As to the SRP’s position concerning the debate over whether state activities in cyberspace (in the present case, surveillance) require a separate treaty or not, he is unmistakably in favour.1 The report describes two scenarios that would improve transparency and accountability of intelligence and law enforcement authorities, facilitate investigative cooperation and give individuals a means of enforcing their rights. The first suggests that the scope of the Cybercrime Convention would need to be considerably extended, and the second foresees a separate international treaty regulating surveillance in cyberspace. The SRP claims that both options have the potential to surpass the current scheme, where nation states continue to draft and implement fragmented legislation in the spirit of mutual mistrust and strict state sovereignty. As a progressive initiative, the Rapporteur mentions the MAPPING project which is exploring options for a legal instrument regulating surveillance in cyberspace and expresses hope that in the near future legislators will not dismiss the option of coming to consensus over a legal instrument which would regulate surveillance and protect privacy in cyberspace as unviable, but rather would declare it a priority.
This publication does not necessarily reflect the policy or the opinion of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre) or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication.