The United Nations’ Special Rapporteur on the Right to Privacy notes in a new report (with our comments)
Deeply concerning … the status of the right to privacy in the surveillance area of activity has not improved since the last [UN surveillance] report. [Indeed, it’s getting worse.]
Increasingly, personal data ends up in the same “bucket” of data which can be used and re-used for all kinds of known and unknown purposes. [Numerous high-level NSA whistleblowers say that NSA spying is about crushing dissent and blackmailing opponents … not stopping terrorism.] This poses critical questions in areas such as requirements for gathering data, storing data, analysing data and ultimately erasing data. As a concrete example a recent study carried out by the Georgetown Center on Privacy and Technology in the United States has found that “one in two American adults is in a law enforcement face recognition network.” As the authors of the study put it: “We know very little about these systems. We don’t know how they impact privacy and civil liberties. [We have a pretty good idea.] We don’t know how they address accuracy problems.
While often “traditional” methods, such as the interception of phone calls and communications in general, are subject to judicial authorisation before the measure can be employed, other techniques such as the collection and analysis of metadata referring to protocols of internet browsing history or data originating from the use of smartphones (location, phone calls, usage of applications, etc.) are subject to much weaker safeguards. This is not justified since the latter categories of data are at least as revealing of a person’s individual activity as the actual content of a conversation. [Correct.] Hence, appropriate safeguards must also be in place for these measures.
It is important that government authorities carrying out surveillance, as well as civil society and other stake-holders, have a clear view on what they actually mean when they use these terms relating to surveillance …. [Otherwise, the intelligence agencies will play word games to deceive Congress the public and oversight agencies.] What is necessary is a more comprehensive and harmonized use of terms and their understanding in exchanges between governmental authorities carrying out surveillance. However, also oversight bodies of the judicial and political branch, civil society, security research and corporations should be able to understand and use these terms appropriately.
The Snowden revelations and their aftermath have clearly shown that there is a pressing need for government authorities to explain their work. This may partially be achieved through ex post notification of those individuals who are subject to surveillance. Once this can be done safely, those should be notified and explained the consequences of such operations. They also should be entitled to alter and/or delete irrelevant personal information provided that information is not needed any longer to carry out any current or pending investigation for which the collection and use of that information had been appropriately authorised.
The past eighteen months have seen politicians who wish to be seen to be doing something about security, legislating privacy-intrusive powers into being – or legalise existing practices – without in any way demonstrating that this is either a proportionate or indeed an effective way to tackle terrorism.
The new laws introduced are predicated on the psychology of fear: the disproportionate though understandable fear that electorates may have in the face of the threat of terrorism. The level of the fear prevents the electorate from objectively assessing the effectiveness of the privacy-intrusive measures proposed. [That’s a feature, not a bug.]
There is little or no evidence to persuade the [Special Rapporteur on Privacy] of either the efficacy or the proportionality of some of the extremely privacy-intrusive measures that have been introduced by new surveillance laws in France, Germany, the UK and the USA.
We must ask as to whether it would not be much more proportional, never mind more cost-effective and less privacy-intrusive if more money was spent on the human resources required to carry out targeted surveillance and infiltration and if less effort were expended on electronic surveillance. This, in a time when the vast majority of all terrorist attacks were carried out by suspects already known to the authorities prior to the attacks. [Top security experts agree that mass surveillance makes us MORE vulnerable to terrorists. Indeed, even the NSA admits that it’s collecting too MUCH information to stop terror attacks. Indeed, virtually every recent terror attack – in Boston, Paris, San Bernadino, Orlando, etc. – the suspect was already on a terror watch list, known to authorities, previously interviewed by the FBI, or the like. They were already known to authorities. Instead of focusing on known bad guys and their associates, the government is flooded with surveillance data from spying on everybody. So they can’t do their job to stop terrorists.]
There is also growing evidence that the information held by states, including that collected through bulk acquisition or “mass surveillance” is increasingly vulnerable to being hacked by hostile governments or organised crime. [Indeed.] The risk created by the collection of such data has nowhere been demonstrated to be proportional to the reduction of risk achieved by bulk acquisition.
Once the data sets produced by mass surveillance or bulk acquisition exist and a new unscrupulous administration comes into power anywhere in the world, the potential for abuse of such data is such so as to preclude its very collection in the first place.
Trying to appear tough on security by legitimising largely useless, hugely expensive and totally disproportionate measures which are intrusive on so many people’s privacy – and other rights – is patently not the way governments should go.
The type of activities revealed by Edward Snowden lie outside the scope of the Cybercrime Convention and for these to be regulated satisfactorily the scope of Convention 185 would need to be considerably extended or else we would need to have a separate but complementary treaty that adequately covers surveillance in cyberspace.
Indeed, Western governments’ entire approach to terrorism is counter-productive.
UN Report on Mass Surveillance: “Trying To Appear Tough On Security By Legitimising Largely Useless, Hugely Expensive And Totally Disproportionate Measures Which Are Intrusive On So Many People’s Privacy “ was originally published on Washington's Blog