Europe’s top rights body, the Parliamentary Assembly of the Council of Europe (PACE), has crystalized its censure of mass surveillance as a threat to fundamental human rights and to democracy itself by adopting a draft resolution in which it reiterates deep concerns over the practice of intelligence agencies systematically harvesting untargeted communications data, without adequate legal regulation or technical protection.
“Mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials. Instead, resources that might prevent attacks are diverted to mass surveillance, leaving potentially dangerous persons free to act,” PACE warned yesterday.
“These powerful structures risk escaping democratic control and accountability and they threaten the free and open character of our societies,” it added.
The Council took evidence from NSA whistleblower Edward Snowden href="https://future.techcrunch.com/2014/04/08/snowden-council-of-europe-testimony/">last year as part of its investigation into mass surveillance — going on to publish a lengthy report back in January.
That report also included concerns about intelligence agencies seeking to systematically perforate Internet security — a topical concern, given the U.S. secretary of Homeland Security was only yesterday speaking out against the ‘dangers’ of pervasive encryption. PACE’s adopted resolution includes the same “deep” worries about threats to Internet security from “certain intelligence agencies”.
PACE’s resolution is based on the findings from its earlier report, and contains a series of specific recommendations — including that:
- court orders granted on the basis of reasonable suspicion should be required for without-consent collection and analysis of personal data (including metadata)
- better judicial and parliamentary control of intelligence services
- an “intelligence codex” defining mutual obligations that secret services could opt into
- “credible, effective protection” for whistle-blowers exposing unlawful surveillance
- further development of user-friendly (automatic) data protection techniques capable of countering mass surveillance and any other threats to Internet security
- refrain from exporting advanced surveillance technologies to authoritarian regimes
While the Council of Europe does not legislate, it issues advice and recommendations that can filter down into European legal standards, charters and conventions. It also counts the influential European Court of Human Rights as one of its institutions, whose rulings are binding on national governments.
Yesterday the Assembly said it has called on the Secretary General of the Council of Europe to use powers in the European Convention on Human Rights to ask states how their surveillance activities comply with the Convention’s human rights standards.
It is also encouraging parliaments to carry out inquiries into the “NSA affair” — similar to one set up by the German Bundestag.
Earlier this year the judicial oversight body for the U.K.’s domestic intelligence agencies ruled that sharing activities between the NSA and the equivalent government intelligence agency in the U.K., GCHQ, had been unlawful in the past on the grounds that they breached European human rights law — the first such ruling in its 15 year history.
However the same court, the IPT, still deems U.S.-U.K. dragnet surveillance data-sharing activities to be legal now — and since December 2014 — on the grounds that the disclosure of the data-sharing programs (via Snowden’s whistleblowing) has allowed for what it described as “adequate signposting” of the secret policies governing how data flows between international spy agencies, and “adequate arrangements” to ensure legal compliance. Although the IPT came to that judgement after hearing some evidence about interceptions in private court sessions. Which highlights the Kafka-esque issues at work when it comes to intelligence agency oversight.
PACE’s resolution specifies that the Assembly “unequivocally condemns” what it dubs “the extensive use of secret laws and regulations, applied by secret courts using secret interpretations of the applicable rules” arguing this practice “undermines public confidence in the judicial oversight mechanisms”.
It also calls out the “harsh treatment” of Snowden for whistleblowing NSA mass surveillance programs — saying it “does not contribute to restoring mutual trust and public confidence”.
In addition, the Assembly expresses concern about private businesses collecting “massive amounts of personal data” — saying this practice poses a risk of the data being accessed and used for unlawful purposes “by State or non-State actors”.
“In this connection, it should be underlined that private businesses should respect human rights pursuant to the Resolution 17.4 on human rights and transnational corporations and other business enterprises, adopted by the United Nations in June 2011,” PACE added on the mass personal data collection point.
Update: A spokesman for the Council of Europe told TechCrunch the next steps following the adoption of the mass surveillance resolution are for the Committee of Ministers of the Council of Europe — its executive body — to discuss and reply to the Assembly’s recommendation, something he said is likely to happen within the next few months.
The Assembly has also asked the Committee to draft its suggested codex for intelligence agencies, and draw up guidelines for the 47 European governments the Council represents, although given the Assembly’s status as a consultative body its recommendations can still be overridden by national governments.
Another possibility here is that the Secretary General of the Council of Europe could also decide to trigger a so-called “Article 52” inquiry into mass surveillance, using powers under the European Convention on Human Rights, and as recommended by the Assembly (and, on this specific issue, also the European Parliament).
If the SG does decide to go ahead with that, he would write to each of the 47 European governments bound by the Convention, asking them to say by a set deadline how their mass surveillance practices comply with the Convention. He could also decide to make their replies public — applying more pressure to governments over the issue.
The last time the Article 52 powers were triggered was almost a decade ago over rendition flights and secret CIA prisons in Europe.
We’ve reached out to the SG’s spokesman on the Article 52 inquiry question and will update this article with any response. he said: “The Secretary General will carefully study the resolution and any possible future actions by the Council of Europe.”