Peru surveillance bill threatens due process

Peru recently introduced a draconian bill that accelerates information requests related to criminal investigations, in a way that violates the due process rights of Peruvians. This bill follows other countries that are introducing bills that dangerously expand surveillance mandates.

This latest proposal comes in response to a series of organized crimes that have put pressure on the Peruvian justice system, but does not adequately address how the process will work nor how human rights will be respected. Creating a “Crisis Committee,” the proposal allows for due process guarantees to be bypassed and grants a selected group of law enforcement, agents, and telcos to have a hand in reviewing requests for user data.

This “Crisis Committee” – comprised of a prosecutor, a member of the national police, a judge, and representatives of the telecommunications industry – is highly problematic because a judge should not share the judiciary responsibility with any third parties, nor be subject to any pressure or influence that will impact the judges’ ruling.

As stipulated by the Peruvian Constitution’s Article 139, this role is exclusive to the Judicial Branch and must be executed by an independent and impartial judge. In fact, the Peruvian Constitution clearly prohibits the creation of commissions that duplicate the judicial role. These are the basic principles of due process that are guaranteed by all the legal documents that bind the Peruvian government.

While Access feels there are several issues with the bill, we have highlighted four that are especially problematic:

1. How the process works: The bill goes into detail about how inefficient the current process is for evidence review, but fails to outline the proposed process itself, including how decisions will be made and by whom.

2. Failure to clearly mention the Committee’s composition: It is unclear which members of the telecommunications industry (number and the names of companies) will be a part of this Committee and how any of the Committee members will be selected.

3. Absence of human rights defenders: No members of the Public Defenders Office nor the Office of the Ombudsman are part of this Committee, nor is there any mention of the role of civil society members. As a result, there is little to no assurance that there will be a voice defending the human rights of those who will be potentially surveilled.

4. Lack of an adequate judicial process: A judge is involved in the process but does not have a vote, virtually disposing the Committee of any judicial guarantees of impartial and independent oversight.

History of proposals eroding rights

This proposal joins a list of potentially harmful bills that Peru’s legislature has considered in the past year.

A cybercrime bill introduced last summer would have overridden the constitutional right to secret communications and put the average internet user at risk of imprisonment for violating a site’s terms of service, or even just receiving data “without authorization,” an undefined phrase that doesn’t seem to require criminal intent. Ultimately, the proposal was shelved after the public caught wind of the bill and pressured lawmakers to drop it.

Then in November, the Peruvian government made public its intention to hold Internet Service Providers (ISPs) responsible for copyright infringement by their users, and to draft the law after public consultations. Unfortunately, though, civil society has been excluded from this process as well, and instead is drafting an open letter to be signed by national and international organizations presenting an alternative bill. After being dubbed the Peruvian SOPA, citizens again rallied to cause lawmakers to drop the bill, though it could come back again.

These kinds of restrictive internet policies aren’t just being proposed in Peru, though. Both Iraq and the Philippines have mulled cybercrime laws in the past year under the pretense of curbing cybercrime. Indeed, many countries must update their laws to accommodate new technology. But the cybercrime bills written thus far have heavily curtailed privacy rights and constitutional guarantees, failing to protect rights online as they are offline, an obligation that was affirmed recently in a UN Human Rights Council Resolution, which Peru signed onto.

Telcos invited to Crisis Committee

Under the new proposal, telcos would be invited to join the Crisis Committee. It remains unclear, though, how telcos got a seat at the table while human rights defenders were excluded.

With the drafting of this law, Peru has repeated their history of giving more access to telcos and private companies than civil society and public interest defenders. Indeed, the bill neglects to mention any basis for how or why the Committee’s representatives were chosen.

One of the two main providers who operate in Peru, Telefonica Moviles and America Movil (with Nextel a distant third) will then be heavily involved in the process. These providers reach just about every citizen in Peru, where mobile-cell penetration is over 110%, with at least 32 million mobile subscriptions. Under the new proposal, it is not clear what the telcos role will be, beyond the technical implementation of the Committee’s decision.

The Peruvian bill is unclear at best, and derogates rights at worst. It could open the floodgates for future bills that erode the due process rights of Peruvians in the name of prosecutorial effectiveness. We urge the Peruvian Congress to reconsider this bill and ensure that judicial guarantees protect all Peruvians through their Constitution and various international human rights treaties that bind the Peruvian State.