Europe’s top rights body, the Parliamentary Assembly of the Council
of Europe (PACE), has crystalized its censure of mass surveillance as a
threat to fundamental human rights and to democracy itself by adopting a
draft resolution in
which it reiterates deep concerns over the practice of intelligence
agencies systematically harvesting untargeted communications data,
without adequate legal regulation or technical protection.“Mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials. Instead, resources that might prevent attacks are diverted to mass surveillance, leaving potentially dangerous persons free to act,” PACE warned yesterday.
“These powerful structures risk escaping democratic control and accountability and they threaten the free and open character of our societies,” it added.
The Council took evidence from NSA whistleblower Edward Snowden last year as part of its investigation into mass surveillance — going on to publish a lengthy report back in January.
That report also included concerns about intelligence agencies seeking to systematically perforate Internet security — a topical concern, given the U.S. secretary of Homeland Security was only yesterday speaking out against the ‘dangers’ of pervasive encryption. PACE’s draft resolution includes the same “deep” worries about threats to Internet security from “certain intelligence agencies”.
PACE’s new draft resolution is based on the findings from its earlier report, and contains a series of specific recommendations — including that:
- court orders granted on the basis of reasonable suspicion should be required for without-consent collection and analysis of personal data (including metadata)
- better judicial and parliamentary control of intelligence services
- an “intelligence codex” defining mutual obligations that secret services could opt into
- “credible, effective protection” for whistle-blowers exposing unlawful surveillance
- further development of user-friendly (automatic) data protection techniques capable of countering mass surveillance and any other threats to Internet security
- refrain from exporting advanced surveillance technologies to authoritarian regimes
Yesterday the Assembly said it has called on the Secretary General of the Council of Europe to use powers in the European Convention on Human Rights to ask states how their surveillance activities comply with the Convention’s human rights standards.
Earlier this year the judicial oversight body for the U.K.’s domestic intelligence agencies ruled that sharing activities between the NSA and the equivalent government intelligence agency in the U.K., GCHQ, had been unlawful in the past on the grounds that they breached European human rights law — the first such ruling in its 15 year history.
However the same court, the IPT, still deems U.S.-U.K. dragnet surveillance data-sharing activities to be legal now — and since December 2014 — on the grounds that the disclosure of the data-sharing programs (via Snowden’s whistleblowing) has allowed for what it described as “adequate signposting” of the secret policies governing how data flows between international spy agencies, and “adequate arrangements” to ensure legal compliance. Although the IPT came to that judgement after hearing some evidence about interceptions in private court sessions. Which highlights the Kafka-esque issues at work when it comes to intelligence agency oversight.
PACE’s draft resolution specifies that the Assembly “unequivocally condemns” what it dubs “the extensive use of secret laws and regulations, applied by secret courts using secret interpretations of the applicable rules” arguing this practice “undermines public confidence in the judicial oversight mechanisms”.
It also calls out the “harsh treatment” of Snowden for whistleblowing NSA mass surveillance programs — saying it “does not contribute to restoring mutual trust and public confidence”.
In addition, the Assembly expresses concern about private businesses collecting “massive amounts of personal data” — saying this practice poses a risk of the data being accessed and used for unlawful purposes “by State or non-State actors”.
“In this connection, it should be underlined that private businesses should respect human rights pursuant to the Resolution 17.4 on human rights and transnational corporations and other business enterprises, adopted by the United Nations in June 2011,” PACE added on the mass personal data collection point.