In the nearly 18 months since the first Snowden revelations, policymakers around the world have spent countless hours discussing the proper scope and reach of surveillance authorities. The United States has been at the center of these discussions, and for good cause. Many of the revelations have focused on U.S. activities and the U.S. maintains the largest budget for surveillance in the world many times over. However, frighteningly little has been said in these discussions about surveillance of people outside of America.
The U.S. government believes that those who are not in the U.S. or who are not U.S. citizens or permanent residents — “non-U.S. persons” in official parlance — have few to no privacy rights to protect them from U.S. surveillance. This means essentially any non-U.S. person may be subject to invasive monitoring. The U.S. government has narrowly interpreted its international human rights obligations, failing to extend protections beyond its borders.
U.S. extraterritorial surveillance knows few limits. In the past, the U.S. has conducted surveillance on Nelson Mandela, Princess Diana, and German Chancellor Angela Merkel, as well as a large percentage of the global population. For the most part these non-U.S. persons, much like those inside the U.S., pose no security threat. However, by virtue of their location and their nationality they are subject to having their most personal information collected and sorted — their conversations, pictures, and desires.
These practices constitute discrimination against the global population, pure and simple, and it is time that the U.S. put a stop to them. While respecting the privacy of non-U.S. persons doesn’t capture the attention of U.S. policymakers, the effects of ignoring their privacy rights should alarm them. Take, for example, the effect on business: international trust in U.S. tech firms is slipping. And as a result of government surveillance practices, U.S. companies will lose an estimated $35 billion by 2016.
In the long term, addressing this issue will likely require major statutory reforms, resolutions, and potentially even the passage of international treaties. But there are several things that can be done right now to quickly increase the rights afforded to non-U.S. persons, and to demonstrate the U.S. government’s willingness to engage in a dialogue on these important issues.
Here are four policy recommendations that would start the U.S. on a course towards respecting the human rights of all people.
1. Extend the Privacy Act
The Privacy Act of 1974 protects U.S. citizens and permanent residents by limiting the collection, sharing, and disclosure of data held by federal agencies. The act grants individuals the right to inspect and correct records held by government. On June 25, Attorney General Eric Holder announced support for legislation extending the Privacy Act to European Union citizens. Access applauded the announcement, explaining that it would allow Europeans to gain access to U.S. courts for certain privacy offences for the first time. However, EU citizens are not the only ones who value their privacy. The U.S. should expand the protections of the Privacy Act to all persons, regardless of where they happen to live.
The Privacy Act is, admittedly, limited in application. Its protections don’t extend to information collected for national security purposes, and many of the most invasive government programs are exempt from its provisions. In order to allow both those in the U.S. as well as non-U.S. persons the ability to recognize their full spectrum of rights under the Privacy Act, it will be necessary to reform its provisions and uses. Nonetheless, extending the Privacy Act to all people will provide some recourse when private information is mismanaged and show that the U.S. takes the privacy of all people seriously.
2. Implement and extend the U.S. human rights framework
The U.S. Department of State has quietly articulated a human rights framework, which, if implemented and extended to non-U.S. persons, would end the particularly egregious practice of bulk collection.
At Access’ 2014 RightsCon conference in Silicon Valley, Assistant Secretary of State for Democracy, Human Rights, and Labor Scott Busby announced several principles to serve as the basis for U.S. surveillance: rule of law, legitimate purpose, non-arbitrariness, competent authority, oversight, and transparency and democratic accountability.
The problem is that the U.S. is not properly implementing its own framework. We have previously articulated where we think the U.S. has failed to live up to these principles. Each of the principles has a clearly defined meaning under international law, and the U.S. should recognize these accepted definitions. Further, the U.S. should endorse the International Principles on the Application of Human Rights to Communications Surveillance in their entirety. The International Principles are intended to be read together as a whole. The U.S. Principles, for instance, are lacking the Due Process provisions of the International Principles. By picking and choosing, the U.S. has shortchanged individual human rights.
3. Increase funding for Mutual Legal Assistance Treaties
Mutual Legal Assistance Treaties, or MLATs, create the formal process for exchanging evidence for criminal investigations between countries. MLATs have the capacity to require protection of human rights in cross-border transfers of user information, and their use increases transparency of these activities. However, the current MLAT system fails to properly protect user information and privacy and operates slowly, which pushes law enforcement to use channels that respect the rights of individuals even less. Partly in order to address these problems the U.S. Department of Justice has asked for an additional $24.1 million dollars for MLAT reform. This funding should be appropriated without delay.
4. Release a real report on the extent of extraterritorial surveillance
The Privacy and Civil Liberties Oversight Board, the Office of the Director of National Intelligence, and the NSA Civil Liberties and Privacy Office have each reported on U.S. surveillance practices (here, here, and here respectively.) But each report has offered little to no detail on the surveillance of non-U.S. persons. We need a public report that results from a study of the scope and extent of U.S. surveillance on non-U.S. persons in order to provide a basis for reform discussions and to grant a modicum of transparency into these programs.
The Privacy and Civil Liberties Oversight Board (PCLOB), an independent agency tasked with considering the privacy impact of national security efforts, is ideally suited to release a report on the full extent of global surveillance efforts. The report should indicate the particular authorities used to conduct surveillance and the total number of people whose information has been collected and queried. While the PCLOB has announced an intent to report on some aspects of Executive Order 12333, the primary authority for U.S. surveillance outside of the U.S., it is unclear when that report will be released (some have noted it could take more than a year.) Further, since the PCLOB has already punted on the issue of non-U.S. persons once, there is concern that it could avoid the issue yet again. Accordingly, PCLOB should specifically announce its intention to report on non-U.S. persons and should make it a top priority to do so.
Widespread surveillance has drastic consequences for human rights, the future of the internet, and the very foundation of international relations. A number of countries have responded by expanding their own surveillance authorities. Others have passed localization laws, which would also increase surveillance capabilities. These responses are driving up costs and constraining global cooperation over internet governance. Recognizing the legitimacy of everyone’s privacy is a win-win for U.S. policymakers.
Most people around the world will never pose a threat to the U.S. or its interests. The U.S. should take immediate steps to extend privacy protections for all people and engage in a dialogue about how to properly respect human rights over the long term. Doing so will mean leading by example and fostering a world in which privacy is protected.