U.S. top privacy board takes on extraterritorial surveillance

Wednesday’s public hearing held by the US Privacy and Civil Liberties Oversight Board (PCLOB) showed the government’s deep reluctance towards substantial reform of US surveillance conducted under FISA Section 702. The hearing committed considerable time to questions on the applicability of human rights to surveillance. A number of advocates and academics expressed support for reforms limiting the scope of 702, which currently grants the government broad authority to collect foreign intelligence from non-US persons located outside the US. Despite the opposition to current broad surveillance, members of PCLOB and government lawyers pushed back against the need for change to ensure human rights are protected.

Under Section 702, the government can collect data related to foreign intelligence believed to be from or about a non-US person. NSA General Counsel Raj De noted at the hearing that there are two methods to collect data under 702: PRISM surveillance, which operates with the cooperation of the internet companies storing data and upstream surveillance, which collects data through the cables that transfer data. Both methods use selectors such as email addresses to conduct searches. Selectors can be things such as email addresses or phone numbers and they can be used to either gather information from the target or communications about the target. More specifics about Section 702 programs, however, remain unclear.

In January, PCLOB released a thorough report on PATRIOT Act Section 215, which covered some issues with 702, including the lack of transparency and ineffective oversight from the FISA Court, however, a critique by the oversight agency remains critically important, which we hope will be forthcoming in this summer’s report.

At today’s hearing, government lawyers listed the current legal limitations intended to protect against overbroad collection or abuse. For instance, congressional intelligence agencies provide oversight, the FISA Court annually approves 702 programs, and minimization and targeting procedures ensure extraneous information is either not collected or destroyed. But how effective can Congressional overseers be when they are, themselves, targets of government surveillance? Each branch has reported deception by the intelligence community. The executive branch reported it was unaware of surveillance of foreign leaders. Members of the legislature and judges in the FISA Court were reportedly misled on operation of surveillance. We’ve written about the problems with the FISA Court. In part, it secretly interprets laws with with only the government present. Minimization and targeting procedures, trumpeted as an additional layer of protection, only apply to US persons. Non-US persons are out-of-luck. And, regardless of the procedures, the government can even use backdoors to get around protections for US persons. By the government’s lawyers own admission, agencies only consider privacy protections when the data is collected, which is the point at which the information is determined relevant based on the selectors and added to the government’s database. After that, analysts are free to query with no resistance.

We urge PCLOB to take a stand against the government’s position that the fundamental human right to privacy does not apply to non-US persons who are surveilled outside the US (“extraterritoriality”). Members of the Board showed skepticism towards extraterritoriality, pressing human rights activists on whether a limitation on 702 would mean the US cannot conduct the kind of foreign intelligence gathering practiced by all countries. But the view that human rights don’t apply extraterritorially produces absurd results. If the US government has no human rights obligations outside the US, as some Laura Pitter of Human Rights Watch suggested, it is free to commit atrocities without legal repercussions. The relevant treaty, the International Covenant on Civil and Political Rights (ICCPR), states that it applies to “all individuals within its territory and subject to its jurisdiction,” though the definition of that phrase is disputed. The UN body tasked with interpreting the treaty, numerous countries (excluding the US), and legal scholars agree that states have an obligation to at least respect rights outside borders. In addition to being extraterritorial, human rights are universal—they apply to all people. The revelations of US surveillance operations have shown how far a government can go if it believes human rights don’t apply outside of its borders.

The PCLOB should also consider extraterritorial surveillance beyond the boundaries of Section 702. Just this week the Washington Post reported that US intelligence agencies collect all phone calls from at least one target country. They can then use “retrospective retrieval” to hear calls up to a month in the past. This program, and several others that have been revealed, is operated under Presidential Authority, as spelled out in Executive Order 12333. These programs together raise similar human rights considerations as Section 702 surveillance in that they are overbroad with little transparency, oversight, or due process.

Last year, civil society, industry, and experts created a framework to assess human rights obligations in the context of communications surveillance, the International Principles on the Application of Human Rights to Communications Surveillance. The Principles, drawn from the ICCPR, other sources of international law, and national constitutions (including the US’) address the consensus that surveillance has gone too far. In short, the Principles require that surveillance laws and practices be legal, necessary, adequate, proportionate, transparent, overseen by a competent judicial authority, conducted with due process and public oversight, have a legitimate aim, provide users with notice, maintain the integrity of communications and systems, and maintain safeguards against illegitimate access and for international cooperation.

Recently, in a speech by US Deputy Assistant Secretary of State for Democracy, Human Rights, and Labor at RightsCon, which Access hosted, the US Government announced a human rights framework to guide surveillance activities which closely mirrors several of the Principles. We urge PCLOB to consider these commitments when assessing activities authorized under 702 as well as the statute itself. Indeed, US surveillance programs fail to comply with nearly all of the Principles and aspects of the government’s own framework. The framework, for instance, requires that surveillance be conducted non-arbitrarily. When the harm is the invasion of the privacy for the population of an entire country, with a month of flexibility, then we can be certain that proportionality and non-arbitrariness have been disregarded.

In its report, PCLOB should adopt the widespread view that the US’s human rights obligations apply outside of its borders. Logically, they should also call for greater protections for non-US persons, including a requirement that all collection comply with the Principles and the framework articulated by Assistant Secretary Busby. By promoting the fulfillment of U.S. human rights obligations when conducting surveillance, the US can also return to leading the fight towards an inclusive and open internet.

Access urges PCLOB to use its report on 702, to be released this Spring or Summer, to call for rights-respecting reforms. Any surveillance, under 702 or otherwise, must comply with the fundamental human right to privacy.