The good folks over at the EFF have a detailed overview of a new report from the UN
, which has basically found that mass surveillance, similar to that which is carried out by the NSA and GCHQ can often violate international law. The full report
is just 16 pages, but the EFF version highlights some of the key lines. The biggest is the report's rejection of the whole "collect the haystack" approach to mass surveillance. The UN report makes it clear that this is not a reasonable approach, especially when it is not shown to be "necessary and proportionate."
Where there is a legitimate aim and appropriate safeguards are
in place, a State might be allowed to engage in quite intrusive surveillance; however, the
onus is on the Government to demonstrate that interference is both necessary and
proportionate to the specific risk being addressed. Mass or “bulk” surveillance programmes
may thus be deemed to be arbitrary, even if they serve a legitimate aim and have been
adopted on the basis of an accessible legal regime. In other words, it will not be enough that
the measures are targeted to find certain needles in a haystack; the proper measure is the
impact of the measures on the haystack, relative to the harm threatened; namely, whether
the measure is necessary and proportionate.
It further finds that many countries do not effectively limit who has access to such bulk data collections, which exacerbates the problem:
One factor that must be considered in determining proportionality is what is done
with bulk data and who may have access to them once collected. Many national
frameworks lack “use limitations”, instead allowing the collection of data for one legitimate
aim, but subsequent use for others. The absence of effective use limitations has been
exacerbated since 11 September 2001, with the line between criminal justice and protection
of national security blurring significantly. The resulting sharing of data between law
enforcement agencies, intelligence bodies and other State organs risks violating article 17
of the Covenant, because surveillance measures that may be necessary and proportionate
for one legitimate aim may not be so for the purposes of another
It also finds requirements for data retention to be problematic:
Concerns about whether access to and use of data are tailored to specific legitimate
aims also raise questions about the increasing reliance of Governments on private sector
actors to retain data “just in case” it is needed for government purposes. Mandatory third-party data retention -- a recurring feature of surveillance regimes in many States, where
Governments require telephone companies and Internet service providers to store metadata
about their customers’ communications and location for subsequent law enforcement and
intelligence agency access – appears neither necessary nor proportionate.
The report condemns the pernicious use of "secret interpretations" of the law, something that has become all too common in the US:
Consequently, secret rules and secret interpretations – even secret judicial
interpretations – of law do not have the necessary qualities of “law”. Neither do laws or
rules that give the executive authorities, such as security and intelligence services,
excessive discretion; the scope and manner of exercise of authoritative discretion granted
must be indicated (in the law itself, or in binding, published guidelines) with reasonable
clarity. A law that is accessible, but that does not have foreseeable effects, will not be
adequate. The secret nature of specific surveillance powers brings with it a greater risk of
arbitrary exercise of discretion which, in turn, demands greater precision in the rule
governing the exercise of discretion, and additional oversight.
While reports like this may not directly
impact the US's practices, it adds to the growing understanding and recognition both of what the NSA (and others) does, but also why it's totally unacceptable.