Last Thursday, the U.N. Human Rights Committee released a report criticizing NSA surveillance, for among things, failing to protect rights of non-U.S. persons. The Committee’s report comes in the context of its overall review of civil and political rights in the U.S. in accordance with its treaty obligations under the International Covenant on Civil and Political Rights (ICCPR).
The Committee captured many of the issues Access addressed in our joint shadow report to the Committee, which we submitted with our partners at the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC) and Privacy International. In addition to urging the U.S. to expand the geographic scope of their human rights protections, the Committee called on the NSA to comply with human rights principles and provide proper remedies for victims of human rights abuses.
While the U.S. has received a large amount of criticism from users, governments, companies, and privacy experts, the Committee, an expert body, offers an official interpretation of fundamental human rights obligations. The ICCPR is a foundational human rights treaty, which includes the rights to privacy and free expression. Those rights have been further articulated in the context of rapidly changing surveillance practices and policies in the International Principles on the Application of Human Rights to Communications Surveillance. The Principles provide a framework to assess whether surveillance is in compliance with human rights obligations. The Committee addressed some of the Principles: legality, proportionality, necessity, legality, and legitimate aim.
The Committee has said that states “must respect and ensure the rights [in the ICCPR] to anyone within the power or effective control of that State Party, even if not situated within the territory of the State Party.” In spite of an authoritative legal opinion by the Committee and internal disagreement, the U.S. government continues to officially interpret ICCPR obligations to only apply within the boundaries of the U.S. Effectively this means that the U.S. believes that there are no legal limits to check its surveillance of non-U.S. persons who are located abroad. The Committee, rightly, used the ICCPR review to pressure the U.S. to recognize rights for non-U.S. persons.
While the Committee’s report was a strong rebuttal of the U.S.’s surveillance policy, it did fail to mention one of the government’s most expansive human rights authorities: Executive Order 12333. As we reported last week, EO 12333 has been used to justify the MYSTIC program to collect all telephone content from a target country for up to a month.
The Committee did raise concerns, however, over bulk collection under Section 215 of the Patriot Act and PRISM and upstream collection authorized under Section 702 of the FISA Amendments Act. The Committee also addressed the issue of the secrecy of the FISA Court, which oversees U.S. surveillance. It expressed concern about secret FISC opinions, which limit public understanding of the law.
Access urges the U.S. to adhere to the recommendations of the Committee. The Obama Administration has already begun taking some steps by calling for an end to bulk collection of telephone metadata — but not bulk collection of other types of information — and has promised to expand protections for non-U.S. persons. While important first steps, the U.S. will have to go much farther to bring surveillance practice in-line with the fundamental human rights expressed in the ICCPR.
Below are the Committee’s recommendations relating to communications surveillance and extraterritorial human rights obligations:
4. (a) The party should . . . Interpret the Covenant in good faith, in accordance with the ordinary meaning to be given to its terms in their context, including subsequent practice, and in the light of its object and purpose and review its legal position so as to acknowledge the extraterritorial application of the Covenant under certain circumstances, as outlined inter alia in the Committee’s general comment No. 31 (2004) on the nature of the general legal obligation imposed on States parties to the Covenant.
22. The State party should:
(a) take all necessary measures to ensure that its surveillance activities, both within and outside the United States, conform to its obligations under the Covenant, including article 17; in particular, measures should be taken to ensure that any interference with the right to privacy complies with the principles of legality, proportionality and necessity regardless of the nationality or location of individuals whose communications are under direct surveillance;
(b) ensure that any interference with the right to privacy, family, home or correspondence be authorized by laws that (i) are publicly accessible; (ii) contain provisions that ensure that collection of, access to and use of communications data are tailored to specific legitimate aims; (iii) are sufficiently precise specifying in detail the precise circumstances in which any such interference may be permitted; the procedures for authorizing; the categories of persons who may be placed under surveillance; limits on the duration of surveillance; procedures for the use and storage of the data collected; and (iv) provide for effective safeguards against abuse;
(c) reform the current system of oversight over surveillance activities to ensure its effectiveness, including by providing for judicial involvement in authorization or monitoring of surveillance measures, and considering to establish strong and independent oversight mandates with a view to prevent abuses;
(d) refrain from imposing mandatory retention of data by third parties;
(e) ensure that affected persons have access to effective remedies in cases of abuse.
The UN Human Rights Committee’s ICCPR reviews provide an important opportunity to authoritatively establish when and how States are violating human rights. This is especially important in the context of state surveillance, where there is limited international jurisprudence and law. We urge users, civil society organizations, and others affected by surveillance to submit comments to future reviews. For starters, United Kingdom and Canada, two members of the 5 Eyes, will appear before the Committee next few year.