Over 100 global civil society groups release human rights principles to govern surveillance

Recent revelations of sweeping government surveillance demonstrate the urgent need to update the outdated privacy laws to reflect modern surveillance technologies and techniques in a way that is consistent with international human rights. To move toward that goal, Access, along with a number of civil society groups from around the world, is excited to announce the release of the International Principles on the Application of Human Rights to Communications Surveillance (“The Principles”).

Drawing on international law and jurisprudence, the Principles (summarized below), serve to inform the public debate by providing a tool to evaluate and reform governments’ surveillance practices. The Principles articulate the obligations of governments under international human rights law in the digital age. They speak to a growing global consensus that government communications surveillance has gone too far and needs to be restrained.

The Principles are the product of a collaborative effort of privacy experts, human rights lawyers, and civil society members coordinated by Access, Privacy International, and the Electronic Frontier Foundation. They have already been endorsed by over 100 civil society organizations from around the world.

Organizations wishing to sign on to the Principles and join this growing chorus of voices calling for the application of human rights to communications surveillances should email [email protected] or [email protected] or visit https://www.necessaryandproportionate.org/about

Principles in Context
While nearly all national and international legal frameworks include rights to privacy, freedom of expression, and due process, these laws — and governments’ interpretations of them — have failed to keep up with how surveillance is conducted today. One need only look at the NSA’s bulk metadata collection program under Section 215 of the Patriot Act — through which a suspect’s landlord’s cousin’s coworker’s metadata is potentially fair game for analysis — to see how urgently these Principles are needed. And that’s not to mention the PRISM and XKeyscore programs which grant the NSA access to huge swaths of global internet users’ data.

The Principles advance the important idea of “protected information,” that protections for user data should not be based on formalistic or artificial categories like “content” versus “non-content,” stored data or in transit data, data held in the home or in the possession of a third party service provider, but rather that “all information that includes, reflects, arises from or is about a person’s communications and that is not readily available and easily accessible to the general public, should be considered to be ‘protected information,’ and should accordingly be given the highest protection in law.”

The release of the Principles comes on the heels of a landmark report by UN Special Rapporteur for Freedom of Expression, which highlights the growing issue of rights-abusing government surveillance programs, arguing that without a proper legal framework, privacy rights are arbitrarily violated. In the report, he noted “national laws regulating what would constitute the necessary, legitimate and proportional State involvement in communications surveillance are often inadequate or non-existent.”

The Principles, summarised below, can be found in full at necessaryandproportionate.org. Moving forward, groups around the world will be using them to advocate for changes in how present laws are interpreted and how new laws are crafted.

We urge privacy advocates, rights organisations, scholars from legal and academic communities, and other members of civil society to support the principles by adding their signature. To sign, please email [email protected] or [email protected] or visit https://www.necessaryandproportionate.org/about

Summary of the 13 principles

    1. Legality: Any limitation on the right to privacy must be prescribed by law.


    1. Legitimate Aim: Laws should only permit communications surveillance by specified State authorities to achieve a legitimate aim that corresponds to a predominantly important legal interest that is necessary in a democratic society.


    1. Necessity: Laws permitting communications surveillance by the State must limit surveillance to that which is strictly and demonstrably necessary to achieve a legitimate aim.


    1. Adequacy: Any instance of communications surveillance authorised by law must be appropriate to fulfill the specific legitimate aim identified.


    1. Proportionality: Decisions about communications surveillance must be made by weighing the benefit sought to be achieved against the harm that would be caused to users’ rights and to other competing interests.


    1. Competent judicial authority: Determinations related to communications surveillance must be made by a competent judicial authority that is impartial and independent.


    1. Due process: States must respect and guarantee individuals’ human rights by ensuring that lawful procedures that govern any interference with human rights are properly enumerated in law, consistently practiced, and available to the general public.


    1. User notification: Individuals should be notified of a decision authorising communications surveillance with enough time and information to enable them to appeal the decision, and should have access to the materials presented in support of the application for authorisation.


    1. Transparency: States should be transparent about the use and scope of communications surveillance techniques and powers.


    1. Public oversight: States should establish independent oversight mechanisms to ensure transparency and accountability of communications surveillance.


    1. Integrity of communications and systems: States should not compel service providers, or hardware or software vendors to build surveillance or monitoring capabilities into their systems, or to collect or retain information.


    1. Safeguards for international cooperation: Mutual Legal Assistance Treaties (MLATs) entered into by States should ensure that, where the laws of more than one State could apply to communications surveillance, the available standard with the higher level of protection for users should apply.


    1. Safeguards against illegitimate access: States should enact legislation criminalising illegal communications surveillance by public and private actors.