Washington, DC (HRW) – This week Human Rights Watch filed interventions in what may prove to be landmark cases on the security of the Internet and mobile communications. At stake in both is whether anyone, anywhere, can have any legal right to expect their digital information to be protected from government intrusion.
The first intervention shines floodlights on the lack of regulation of data-sharing between intelligence agencies. What if your own government wants to collect your data, but domestic laws protecting your privacy stand in the way? It might ask another friendly government for the data, especially if its friend is practicing mass surveillance of foreigners. That’s the swapping game in play now with intelligence partners of the United States. The National Security Agency (NSA) has little constraint on what it collects on foreigners. If there are any rules on what intelligence partners like the United Kingdom may take from the NSA’s digital hoard, chances are the rules are secret and haven’t been subject to legislative or judicial evaluation/scrutiny. Data-sharing is vital to global security, but left unregulated and without oversight, it can subvert rights people have under their own national laws.
The case in question is Big Brother Watch and Others v. the United Kingdom, filed by civil liberties groups shortly after Edward Snowden’s 2013 revelations. Human Rights Watch’sintervention to the European Court of Human Rights, filed March 1, 2016, highlights how information the NSA gathers gets shared with its many foreign partner governments. UK law doesn’t do enough to protect the rights of UK residents—but even if it did, that law doesn’t apply to information collected by the NSA. Whatever informal guidelines the UK follows when it searches the vast NSA databanks, you can bet they are not accessible to the public, nor validated by a democratically accountable body such as Parliament. That means the invasion of privacy isn’t “lawful” under international standards.
In the second case we raise an alarm about the global threat to online security and privacy if technology companies are forced to undo the protective features of their products. Yes, this is the FBI’s case against Apple. Here the FBI, frustrated that the White House has not pushed for legislating backdoors in secure technology, is hoping to open a wedge on this issue through the courts by using the horrifying San Bernadino massacre, where clues to terrorist connections possibly lurk on the shooter’s iPhone.
To do that, the FBI wants the court to buy its interpretation of the All Writs Act of 1789 as requiring companies to do anything conceivable to comply with an order to make whatever they produce searchable whenever police want to search, even if it means forcing Apple’s engineers to rewrite software and help the government hack into their company’s products. That’s a big disincentive for any company to build in strong security protection. And the FBI vision of the All Writs Act supporting this type of untrammeled police power is hardly supported by Congress or the US Constitution, much less by international human rights law.
The brief we filed March 3 with Privacy International asks the court to consider how this precedent might look to Russia or China’s security services as they hunt for dissidents as well as terrorists. No one can seriously contend this is just about one iPhone. The Department of Justice has already filed at least 13 similar demands in more ordinary cases, and no doubt thousands more will follow if the order is upheld. How will companies resist demands from any government, no matter how abusive, if the US goes down this path?
The executive branch of government has a critical role in protecting national security, and it needs intelligence to do so. But to protect rights, you can’t let the executive make the rules in secret or leave it to fashion its own self-interested interpretations. Courts need to pronounce that “trust us” is not the rule of law.
This report prepared by Dinah PoKempner for Human Rights Watch.