Despite vocal and active campaigns by internet users in Mexico and around the world, the Mexican Congress approved a dangerous telecoms bill that increases surveillance and data retention while sanctioning mobile network shutdowns.
Access and our partners advocated against many provisions in the “Ley Telecom,” a massive reform bill which passed the Senate Friday, July 4 – in the midst of the World Cup – and the Chamber of Deputies on Wednesday, July 9. While the bill limits the power of telecom monopolies, it also includes harsh surveillance mandates, and will likely be signed into law.
However, the public pressure that delayed the bill’s passage also resulted in several key victories. In April, protests forced President Enrique Peña Nieto to back down and remove a clause allowing authorities to block internet content, services, or apps (article 145).
Wins on Net Neutrality amendments
After the Access community flooded lawmakers with 16,000 emails, last minute changes eliminated a provision allowing ISPs to create paid “fast lanes,” charging more for faster content delivery, which would violate the principles of net neutrality. The bill also passed with an anti-discrimination provision, which bans ISPs from “obstructing, interfering, inspecting, filtering, or discriminating against content, services, or applications.”
The bill now instructs ISPs to maintain the capacity, speed, and quality of service users contract for, without consideration of the content, origin, destination, or application used (Art. 146).
Article 146 also guarantees transparency on traffic management and service speeds; the privacy of internet users; and the security of the web. It mandates Mexico’s telecom regulator to increase investment in internet infrastructure.
Overall, with strong regulations to implement it, the amended section could deliver a big boost to net neutrality in Mexico.
Despite elements of the bill that strengthen net neutrality, the bill expands Mexico’s online surveillance and it fails to comport with international laws and norms on surveillance, privacy, and freedom of expression.
The bill imposes 24-month data retention requirements on telcos, requiring them to keep many types of user data beyond what is necessary for business purposes. Forced data retention turns all users into suspects, leaves data vulnerable to breach and unlawful transfer, and creates a chilling effect against expression online. Access believes data retention should never be mandated by law.
The bill fails to protect Mexican users from government surveillance as well: no judicial warrant is needed for mobile phone location tracking; it expands the agencies authorized to access retained data and use location tracking without a warrant; and it does not include sufficient safeguards such as independent supervision, notification, or transparency (arts. 189, 190, 191).
Worryingly, the bill allows Mexican authorities to shut down telecommunications when and where they deem it necessary “to stop crimes,” an immense new power granted under vague terms, ripe for abuse. This provision likely violates international law and norms, namely the International Principles on the Application of Human Rights to Communications Surveillance, and treaties including the International Covenant on Civil and Political Rights (ICCPR) to which Mexico is a signatory. Specifically, the ICCPR holds Mexican authorities to higher standards of due process than provided in this bill, especially for such broad invasions of citizens’ privacy and free expression.
Access will continue to work with our local partners to limit the reach and implementation of the harmful parts of this legislation. With President Peña Nieto expected to sign the bill, it is now turns to the newly empowered Mexican regulator IFETEL, the Federal Telecommunications Institute, to draft implementation guidance. IFETEL should open its work to comments from all stakeholders, so Mexican users have opportunity to voice their demands and ensure that rights are protected online, in compliance with international law and norms.