Third Annual Heroes & Villains of Human Rights and Communications Surveillance

Access Now is pleased to announce the individuals and groups that are most working for — or against —  the 13 internationally recognized principles for human rights in communications surveillance.

The International Principles on the Application of Human Rights to Communications Surveillance (or “the Principles”) provide a framework for assessing whether government surveillance practices comply with international human rights obligations. They have been endorsed by more than 400 civil society groups worldwide.

Today marks the third anniversary of the Principles, which were publicly released on September 22, 2013. On each anniversary, we honor the heroes who are working to put these principles into practice, and we name those who are undermining them.

As always, there were many heroes that we wish we could recognize for their hard work over the past year. The names below represent only a small sample of those on the front lines working to protect and promote human rights.

For the first time this year, there has been a flip-flop in those we are recognizing – two heroes from 2015 (David Davis and Tom Watson) have been re-cast here in the opposite position. The switch demonstrates the way that the work in this space continues to evolve and raise new challenges. We welcome new allies in the human rights fight and will continue to offer ourselves as resources for those who ask.


For work that impacts all 13 Principles

Heroes: Gerard Adriaan “Ard” van der Steur (Dutch minister of security and justice) and Henricus Gregorius Jozeph “Henk” Kamp (Dutch minister of economic affairs)

In a year fraught with frequent attempts by government officials to undermine the ability to develop and use encryption, Mr. van der Steur and Mr. Kamp issued an official statement that placed the Netherlands in a leadership role in support of digital security. Though we caution that Mr. Van der Steur has also sent several privacy-threatening proposals to Parliament, in this statement he contributed significantly to increasing digital security. Their statement clearly explained the business and personal benefits of encryption, including its connection to human rights, and stated unequivocally, “The government endorses the importance of strong encryption for internet security, for supporting the protection of citizens’ privacy, for confidential communication by the government and companies, and for the Dutch economy.”

Villain: Prime Minister Theresa May

Theresa May became the Prime Minister of the United Kingdom in 2016, ascending from her position as Home Secretary, which she held since 2010. As Home Secretary, Theresa May introduced and championed the Investigatory Powers Bill, an exceptionally broad piece of surveillance legislation which, among other things, will codify mass surveillance, government hacking and bulk government hacking, and will allow the Home Secretary to order companies to build backdoors into their otherwise encrypted products and services. The bill guts human rights protections, both for users in the UK and around the world. She has continued to promote the bill in her current capacity as Prime Minister, and it is expected to pass this year having been approved in the House of Commons and currently resting in the House of Lords.


1. Legality

Any limitation on the right to privacy must be prescribed by law.
Hero: Dr. Chukwuemeka Ujam (Member of the Nigerian House of Representatives)

For his sponsorship and heralding of the landmark Nigerian Digital Rights and Freedom Bill, first discussed in 2014, through an expedited first and second reading and toward public hearings.

Villain: Éric Ciotti (French National Assembly)

For leading the French conservative party – les Republicains – in support of a six-month extension to the State of Emergency as well as an expansion to allow warrantless searches of devices.


2. Legitimate Aim

Laws should only permit communications surveillance by specified State authorities to achieve a legitimate aim that corresponds to a predominantly important legal interest that is necessary in a democratic society.

Hero: Katarzyna Szymielewicz (Panoptykon Foundation)

For her diligent work opposing the Polish Anti-Terrorism Law, which limits the right to assembly and disproportionately targeted foreigners without sufficient justification.

Villain: Former President Nicolas Sarkozy

For vowing to electronically tag and track the 11,500 individuals on France’s terrorist watch list.


3. Necessity

Laws permitting communications surveillance by the State must limit surveillance to that which is strictly and demonstrably necessary to achieve a Legitimate Aim

Hero: Coalizão Direitos na Rede

For working to fight against laws proposed by Brazilian authorities to broadly undermine legal protections in the Marco Civil.

Villains: Victor Borda and Leonardo Loza (Members of Bolivia’s Legislative Assembly)

For proposing the creation of a social networks directorate to monitor social networks and introducing a bill for banning anonymity online to curb public criticism of the president.


4. Adequacy

Any instance of communications surveillance authorized by law must be appropriate to fulfill the specific Legitimate Aim identified and effective in doing so.

Heroes: Citizen Lab, Open Net Korea, and Cure53

For research into Smart Sheriff, a parental monitoring app funded by the South Korean government, that revealed security and privacy risks that forced the app to be shut down. In 2015 the South Korean Communications Commission had mandated that either Smart Sheriff or an equivalent application be installed on all smartphones sold to minors.

Villain: Minister Sandor Pinter

For his sponsorship of the Hungarian counter-terrorism legislative package including the obligation on service providers offering encrypted information-exchange applications to provide access for authorized intelligence agencies without judicial oversight to the content of encrypted information generated by their clients.


5. Proportionality

Decisions about communications surveillance must consider the sensitivity of the information accessed and the severity of the infringement on human rights and other competing interests.

Heroes: Éric Bouquillon (Orange Guinée); Themba Khumalo (MTN Guinée); Avishai Marziano (Cellcom Guinée)

For jointly objecting to demands from the Autorité de Régulation des Postes et Télécommunications (ARPT) to hand over all call detail records and subscriber records for an entire month without justification.

Villain: Secretary David Davis

For switching positions against the invasive Investigatory Powers bill and voting to advance it, afterward  removing his name from the pending legal case challenging provisions in the bill alongside accepting a political appointment as Secretary of State from Theresa May, who has been championing the Bill, after she was named Prime Minister.

Honorable Mention: Tom Watson, MP, who also led the challenge against the Investigatory Powers Bill but also voted to advance it.


6. Competent Judicial Authority

Determinations related to communications surveillance must be made by a competent judicial authority that is impartial and independent.

Hero: Marc Zwillinger (Zwillgen)

For his work as a special advocate for the Foreign Intelligence Surveillance Court, defending against the government’s ability to obtain “post-cut through” dialing digits under pen register authority. These numbers, widely considered “content” of a conversation, include digits dialed after a phone call has been connected, like calling card numbers and directory information.

Villain: Valery Zorkin (Head of the Constitutional Court of Russia)

For supporting a Russian law that gives the Constitutional Court discretion to ignore judgments from the European Court of Human Rights.


7. Due Process

States must respect and guarantee individuals’ human rights by ensuring that lawful procedures that govern any interference with human rights are properly enumerated in law, consistently practiced, and available to the general public.

Hero: Minister Federica Guidi

For her leadership in determining to revoke Hacking Team’s global export license prior to her resignation as Italy’s Minister of Economic Development.

Villain: President Ali Bongo Ondimba

For ordering companies to shut down access to the internet after a narrow re-election spurred protests. The shutdown lasted for four days, the second-longest on the record, and was followed by a block on social media and recurring 12-hour internet “curfews”.


8. User Notification

Individuals should be notified of a decision authorizing Communications Surveillance with enough time and information to enable them to challenge the decision to seek other remedies and should have access to the materials presented in support of the application for authorization.

Hero: Brad Smith (Microsoft)

For leading Microsoft to challenge the constitutionality of gag orders that require the non-disclosure of government requests for user data.

Villains: Sunil Bharti Mittal (Bharti Airtel); Ma Huateng (Tencent); Eissa Mohamed Ghanem Al Suwaidi (Etisalat); Carlos Slim Domit (América Móvil)

As the Chief Executive Officers of their respective companies, for representing some of the lowest-ranking companies on human rights by the Ranking Digital Rights project and for failing to respond to follow up inquiries.


9. Transparency

States should be transparent about the use and scope of Communications Surveillance laws, regulations, activities, powers, or authorities and should do nothing to hinder reporting of service providers.

Heroes: Bob Collymore (Safaricom CEO) and Stephen Chege (Safaricom Corporate Affairs Director)

In their capacity at Safaricom, for pushing back against demands by Kenya’s Revenue Authority for access to subscriber data and mobile money accounts.

Villains: Minister of Defense Raul Jungmann and Minister of Justice Alexandre de Moraes (Brazil)

For administering pervasive, non-transparent security measures at the Rio Olympics that are likely to stay in place indefinitely, including high powered balloon-mounted security cameras.


10. Public Oversight

States should establish independent oversight mechanisms to ensure transparency and accountability of Communications Surveillance.

Hero: Rebecca MacKinnon (Ranking Digital Rights)

For her work launching the 2015 Corporate Accountability Index, which evaluated corporate commitments and disclosed policies affecting users’ freedom of expression and privacy, and encouraging companies to help inform public discussions and improve their digital rights policies and practices.

Villain: U.S. Judge Henry Coke Morgan, Jr

In U.S. v. Matish, for holding that a user had no reasonable expectation of privacy in his personal computer, which could permit law enforcement to hack internet users without a warrant or other due process.


11. Integrity of Communication Systems

States should not compel service providers, or hardware or software vendors to build surveillance or monitoring capabilities into their systems, or to collect or retain particular information purely for State Communications Surveillance purposes.

Hero: Katie Moussouris (Luta Security)

For her continuing work as a champion for bug bounty programs and efforts to encourage their implementation by governments and corporations.

Villains: Omri Lavie and Shalev Hulio (NSO Group Co-Founders)

For contracting with repressive nations and deploying the Pegasus spyware solution, which utilizes a chain of zero-day vulnerabilities known as the “Trident” to target Ahmed Mansoor, an internationally recognized human rights defender.


12. Safeguards for International Cooperation

Mutual Legal Assistance Treaties (MLATs) entered into by States should ensure that, where the laws of more than one State could apply to Communications Surveillance, the available standard with the higher level of protection for individuals should apply.

Hero: Shazia Marri and Farhatullah Babar (Members of the Pakistan Parliament)

For opposing the Prevention of Electronic Crimes Act (PECB), which grants Pakistani authorities powers to investigate and prosecute online expression, including outside Pakistan.

Villain: Cyberspace Administration of China Head Xu Lin

For overseeing regulations that undermine cooperation on mutual legal assistance by requiring that online content be stored locally within China.


13. Safeguards Against Illegitimate Access and Right to Effective Remedy

States should enact legislation criminalizing illegal Communications Surveillance by public and private actors and provide for sufficient avenues of redress.

Hero: Gisela Perez de Acha (Derechos Digitales)

For her report on the use of Hacking Team tools in Latin America, demonstrating how types of malware were used outside the rule of law.

Villain: Supreme Court of Japan

For refusing to address potential constitutional remedies in upholding the government’s blanket surveillance of the country’s Muslim community despite recognizing that the practice violated the plaintiff’s right to privacy.