Tag Archives: Open Democracy

Our fragmenting Europe and DiEM's response - Open Democracy 20160319

Our fragmenting Europe and DiEM's response - Open Democracy 20160319

A video edit from the 1st Session of the Democracy in Europe Movement 2025 (DiEM25) launch in Berlin, kick starting the conversation that DiEM25 is facilitating to put the demos back into Europe’s democracy. ( 27 mins.)

A video edit from the 1st Session of DiEM25's launch in Berlin to kick start the conversation on putting the demos back into Europe’s democracy, how to address the various crises currently tearing Europe apart, and how to organise our political interventions in our localities, regions, countries and, of course, at the European level.

Session / OUR FRAGMENTING EUROPE & DiEM’s RESPONSE Re-conceptualising the centrifugal forces and multiplying divisions tearing the EU apart: refugees, borders & fences (Schengen), Fortress Europe (Frontex), inequality-poverty, chauvinism, nationalism, insecurity.

Introduction & Moderation: Srećko Horvat (DiEM, Croatia)
1. Baier, Walter (Transform! Network – Austria)
2. Buden, Boris (public intellectual / activist, Germany/Croatia)
3. Büllesbach, Daphne (European Alternatives / Germany)
4. Demh, Dieter (MP, Germany)
5. Fassin, Eric (Academic, France)
6. Guerot, Ulrike (European Democracy Lab, Germany)
7. Krempaska, Alena (Human Rights Institute, Slovakia)
8. Martin, Luis (Journalist, Spain)
9. Meddeb, Hind (Filmmaker/Journalist, France)
10.Morel Darleux, Corrine (Activist, Deputy for Rhône-Alpes, France)
11.Mezzadra, Sandro (Public Intellectual-Activist, Italy)
12.Negri, Toni (Public Intellectual-Activist, Italy)
13.Papastergiadis, Nikos (Academic, Australia-Greece)
14.Pisarello, Gerardo (First Deputy Mayor, City of Barcelona, Cataluña)
15.Richter, Angela (Theatre Director, Germany)
16.Sierakowski, Slavek (Krytyka Polityczna, Poland)
17.Tsomou, Margarita (Author-Journalist, Germany/Greece)
and Jacob Appelbaum, independent journalist, computer security researcher and core member of the Tor project.
(Video: Hind Meddeb)

Why your government doesn’t want you on a strict privacy diet, and what you can do about it - Open Democracy 20140806

Why your government doesn’t want you on a strict privacy diet, and what you can do about it - Open Democracy 20140806

As Snowden’s revelations have had little impact on our online habits, expecting national governments or the EU to stand up against electronic surveillance misses the point.

Flickr/Frédéric Poirot. Some rights reserved.

Individual responsibility is a dead-end

While the Snowden revelations have sent an unprecedented shockwave across the world, most of us have gone back to our old habits, checking our Gmail account with the morning coffee, making phone calls from our smartphones and occasionally browsing through Facebook looking for the odd or funny status update. Even though we know Google, Apple, Facebook and several other companies will hand that data directly to the NSA, and that the NSA is very likely to trade it in bulk with several European intelligence agencies. We now know for sure that our lives are tracked, and that every single one of our online clicks and keystrokes slowly builds a more detailed profile of us in the databases of intelligence agencies and advertising corporations in the US and in every member state of the European Union. Yet we do not really care and go on with our lives like nothing happened.

At the individual level, we already have several answers as to why this might be the case. Low digital literacy, the complexity of encryption, the habit of using easy to use commercial software as opposed to privacy-oriented yet more difficult one (compare Max OSX to Linux or TAILS, Internet Explorer to the TOR Browser) certainly matter. But more importantly, the problem of mass digital surveillance appears to have slipped in our subconscious.

Like a famous study in social psychology, we are behaving similarly to the inhabitants living near a nuclear plant. Although we are the most aware of the potential dangers of a radiological leak or a nuclear explosion that would severely hurt us and our families, we lead our lives convinced that nothing wrong can happen. In fact, the more we are made aware of the danger, the more confident we have become in the government’s reassurances that everything is under control, and that our privacy is not in danger. Comparisons with the dark days of East Germany’s secret police, the Stasi or Romania’s Securitate do not really work. There are no direct consequences of mass surveillance on our daily lives, so why should we really bother?

What should be done then? The main message that appears to emerge from Snowden’s interviews and Glenn Greenwald’s media interventions is the moralistic insistence on the individual responsibility of every one of us to ensure that we protect our data adequately. While we fully agree with these prescriptions, this bears the risk of ending in the long list of New Year’s resolutions, alongside with the promises to eat healthier foods, drink less and exercise more often. We might however also ask ourselves why it is that there is not more public outrage and mobilization around this issue. Where are the marches, demonstrations, the flash-mobs against mass surveillance? Why are there no more institutionalized and government-backed initiatives to put us on a stricter privacy diet, along with our five vegetables a day?

The EU is the master of its own problems

These questions are particularly salient in Europe. Publicly, François Hollande, Angela Merkel and several other European leaders were “shocked” and “appalled” by the revelations. In the meantime, we are now very aware of the fact that European intelligence services actively collaborated with the NSA and GCHQ, collecting themselves as much data as possible in order to gain bargaining power in the transatlantic intelligence-sharing cooperation game. This has been shown by some of us in a study for the European Parliament, and confirmed by the Moraes Report from the same institution. If not national governments, then whom should we expect to take measures?

The European Union has raised some hopes, through the activity of some key MEPs within the Committee on Civil Liberties of the European Parliament. The LIBE Committee conducted an enquiry on mass surveillance, asking critical questions to the European Commission and the representatives of the Union’s member states. The European Parliament, in turn, has been one of the few institutions to organise a hearing with Edward Snowden. These expectations are raised by the role that some within the European Union (EU) institutions have played in the past regarding previous occurrences of mass electronic interceptions, chiefly in the disclosure of the ECHELON programme. Yet this picture is misleading.

Thinking of the European Union as separate from national governments does not make much sense indeed. European states are member states. As such, their representatives participate on a daily basis in how the EU formulates its policies, and in turn EU policies are part of what national governments in member states do on a daily basis: Berlin, London, Paris or Rome are in Brussels as much as Brussels is present in national capitals. As we have argued elsewhere, the EU in this view is the master of its own problems.

The practice of mass surveillance underscores the limits of the existing and forthcoming EU data protection legislation, in particular with regard to data processing for law-enforcement and national security purposes, data processing by third countries, and cooperation in data processing between security and intelligence services and private service providers. National security, incidentally, is the only area of the founding Treaties establishing the Union where EU competence is explicitly ruled off.

Objectionable EU policies have also been formulated with regard to electronic surveillance. In April of this year the European Court of Justice (ECJ), prompted by the Irish High Court and the Austrian Constitutional Court, found the EU data retention directive adopted in 2006 to be invalid. The directive harmonised member state legislations on the retention by telecommunications operators of traffic and location data and their access by ‘competent national authorities’. It was found by the Court to constitute a particularly serious interference with the rights to privacy and data protection. The decision of the ECJ, incidentally, led the UK government to pass the emergency ‘DRIP’ legislation that extends rather than curtails the scope of data retention powers for UK authorities.

Some reactions from top EU policymakers after the Snowden revelations are telling in this respect. Viviane Reding, now former vice-president of the Commission and EU justice commissioner, argued in November 2013 for theestablishment of an EU intelligence service by 2020 “so we can level the playing field with our US partners”.

National security is a misnomer

Expecting the EU to counter national governments then, or national governments to stand up against electronic surveillance is missing the point. What the NSA revelations show is that state surveillance and national security are to some extent misnomers. Surveillance is not exercised exclusively by “the state”, national security is not ensured exclusively at the national level.

So how does the picture look like from this perspective? On the one hand, we should think of the surveillance apparatus as a loose coalition of institutions, bureaucracies and corporations that function as a network both within and across national borders. More often than not, professionals working within these networks have more interests in common than they do with other civil servants from their own state. In other words, the French external intelligence agency (DGSE), which does much of the bulk data collection work in France, has more interests in common with the GCHQ or even the NSA than it does with the French data protection authority CNIL.

These networks work together and reinforce each other: the GCHQ, for example, is known to have actively trained DGSE officials to lobby the French government in order to get more institutional and legal powers. These alliances are sometimes institutionalized and public, as in the UKUSA Agreement (also known as the “Five Eyes”, which include the UK, the US, Canada, Australia, New Zealand), sometimes less known (such as Alliance Base, which includes the UK, the US, Canada, France, Germany and Australia since 2001).

Who is on the other side, and who has the potential to keep these networks in check? The courts are certainly one possibility, but it should not be overstated. As noted by some, the abovementioned decision of the ECJ on the data retention directive does not rule out mass surveillance and in fact sets out “unusually detailed guidelines for the legislature” to adopt a data retention instrument compatible with fundamental rights. Parliamentary supervision and oversight by independent bodies (such as the CTIVD in the Netherlands, or the Intelligence and Security Committee of Parliament in the UK) do exist, but have proved to be limited if not supportive of surveillance measures (the case of the UK DRIP law comes again to mind). The search for support points within the EU institutions, in any case, is limited.

In addition to these institutional options, three factors might contribute to a change in practices of mass surveillance: a gradual change in public opinion, an evolution in technology, and a challenge to the current business model (this means both the rise of free software and an increased offer of paid services relying on a subscription rather than free services financed by advertising - Google’s current model). As such, change in the direction of more privacy might come from a loose coalition of actors with divergent agendas but a common interest in privacy: privacy-minded political movements; the free software, open source, hacktivist community and private entrepreneurs. If the environmentalist movement can serve as an example, it is possible to imagine the diffusion of a demand for privacy from a small core of political activists to the broader society, in particular through open-source or easy-to-use paid software.

The development of recent initiatives and the renewed popularity of old initiatives aimed at guaranteeing more privacy, such as the Mozilla Foundation(Firefox browser, Thunderbird mail client), the DuckDuckGo search engine, or the new services from the Dark Mail Technical Alliance (founded by the owners of Silent Circle and the defunct Lavabit), and ProtonMail (an encrypted mail initiative launched by MIT and CERN scientists) supports this hypothesis. While these activists and entrepreneurs were largely ignored until not long ago, the Snowden revelations have contributed to diffuse their concerns and to popularize their combination of technological and political commitment. These changes might, in the long run, alter Europe’s national and supranational institutions more than anything else.

A clear-eyed look at mass surveillance - Open Democracy 20140725

A clear-eyed look at mass surveillance - Open Democracy 20140725

The Snowden revelations on mass surveillance practices, especially by the US and UK, have triggered a global struggle over the right to privacy—and a report by the outgoing UN human-rights commissioner has set the terrain for the next phase.

What have the US and UK done in the past year to rein in mass surveillance? For the millions of global internet users, the answer is: not much. Despite worldwide outrage and debate, US talk of safeguards and reform has brought half-measures at best. The UK government has refused to answer the most basic questions about its intelligence gathering practices—and, in an astounding act of hubris, rushed through a law last week which extends surveillance powers.

The actions of the US and UK stand in stark contrast to a groundbreaking and forceful report released last week by the UN high commissioner for human rights, Navi Pillay, about privacy in the digital age. Many of her findings directly challenge US and UK arguments defending secret, mass surveillance.

Pillay found that mass surveillance was “emerging as a dangerous habit rather than an exceptional measure”. She said unchecked snooping could harm a range of human rights, including freedom of expression and association. The onus was on governments, she said, to demonstrate that their practices were necessary and proportionate. In other words, spying on everyone because you can doesn’t mean you should.

Pillay’s report followed sustained action from privacy advocates and a group of countries, led by Germany and Brazil, to press the US and UK to stop mass surveillance and safeguard the privacy of people around the world. Germany and Brazil, along with Austria, Liechtenstein, Mexico, Norway, and Switzerland, had led the drafting of the December 2013 UN General Assembly resolution calling for the high commissioner’s report—a resolution which the US and UK pushed, somewhat successfully, to water down.

Germany and Brazil’s continued leadership is crucial for keeping digital privacy on the UN human-rights agenda and driving real reform at the national level. The report will only strengthen their hand if they pursue a UN resolution on privacy later in 2014. Privacy advocates also need to scrutinise the practices of individual governments for conformity with the high commissioner’s recommendations. This is vital, not only in the face of US and UK inaction but also because many other countries are expanding their own electronic-surveillance capabilities. Unless mass surveillance becomes a global outlier, rather than the norm, privacy will disappear in the digital age.

A human-rights scorecard

Pillay’s report provides the clearest and most authoritative account to date of what the right to privacy requires—and an implicit rebuke of the US and UK’s deeply flawed defences. Privacy advocates and governments should use it as a scorecard for assessing protection of the right to privacy in all countries, starting with the US and UK.

Surveillance must be proportionate and necessary for a legitimate aim

The report applies the basic standards of international human rights law, which apply to interference with the right to privacy as with other rights: any intrusion must be necessary and proportionate to a legitimate aim, such as protecting national security or a similarly compelling state interest.

The revelations of the past year raise serious, unanswered questions about the necessity and proportionality of the US and UK surveillance practices. According to documents released by the former US National Security Agency contractor Edward Snowden, the US and UK have been intercepting the information of potentially millions of people, the vast majority of whom have no connection to terrorism or wrongdoing, as data flow along transatlantic fibre-optic cables.

In a recent analysis of a sample of intercepted communications, the Washington Post found that 90% of accounts swept up in NSA surveillance were not intended targets. Notably, US law allows the collection without a warrant of foreign communications which merely “relate to the foreign affairs of the US”—an extremely broad category. A recent opinion by the former internet-freedom director in the State Department, John Napier Tye, points out that US surveillance occurring outside its territory is subject to even fewer restrictions on the scale of collection, supporting concerns that US practices are excessively broad.

The US and UK governments contend that to find a needle in a haystack security agencies must collect the haystack. This approach seems in direct conflict with the principle of proportionality articulated by the high commissioner.

The US has taken almost no steps to curtail the scale and scope of information which the NSA can acquire about non-US persons outside the country. In January, in response to global outrage, the president, Barack Obama, announced new limitations on retention and use of information gathered through surveillance but did little to limit what could be gathered to begin with. The UK has refused to answer questions about the scale of its data-collection practices but what has been disclosed confirms what many had feared: not only is snooping happening on a mass scale but existing laws do little to protect privacy rights.

The onus is on governments to show their surveillance practices are not disproportionate—and so far the US and UK have failed.

Governments must respect everyone’s right to privacy

The high commissioner made clear that countries should respect the right to privacy, regardless of the nationality or location of those affected.

The US however denies it has any human-rights obligations to internet users beyond its borders, despite calls as recently as March from the UN Human Rights Committee to respect the privacy rights of all, at home and abroad. While it has adopted some safeguards for non-US persons as a matter of policy, these don’t go far enough to limit the scale of information collected abroad.

The UK Regulation of Investigatory Powers Act 2000 (RIPA) allows for government surveillance on broad grounds, with no independent scrutiny, and provides scant safeguards for people outside the country. In the new law hastily passed last week the UK actually extended the reach of its interception powers under RIPA to foreign internet and telecommunications companies which service UK customers. The changes meanwhile do nothing to address the lack of safeguards for people outside the UK.

Shifts in digital communications have made it especially easy for the US and UK to conduct broad, systematic surveillance of people beyond their borders. One internet company can hold the data of hundreds of millions of people worldwide and its home government may attempt to assert legal control over those data. The internet’s infrastructure often results in email being routed through several, unrelated countries—particularly the US—before it reaches the recipient.

If all governments followed the US and UK approach, they would have limited ability to protect the privacy of their own citizens against extraterritorial snooping by other countries. There would be nothing left of the right to privacy online.

Mere collection has impacts on privacy

US and UK intelligence officials contend there is no harm to privacy if personal information is gathered but not examined. The high commissioner made clear, however, that merely collecting information could interfere with privacy, regardless of whether it was ever viewed or used. Even the possibility that information in communications would be captured interfered with privacy because of the “potential chilling effect on rights”, including those of freedom of expression and association.

The report went further to recognise that metadata—data about communications—can reveal highly sensitive information, especially when digitised on a large scale. Because metadata enjoy less protection than the content of communications under many countries’ laws, including those of the US and UK, stronger safeguards are needed.

Mandatory data retention is neither necessary nor proportionate

The high commissioner confirmed that mandatory data-retention requirements for technology companies are neither necessary nor proportionate.

The European Court of Justice ruled in April that the EU’s blanket data-retention mandate breached the right to privacy, making the UK’s implementing regulations unenforceable. Such mandates require internet and mobile service providers to retain all customers’ communications data for a set period. The court said the EU mandate flouted proportionality by invading everyone’s privacy, regardless of whether they were suspected of any wrongdoing.

Yet the UK’s new emergency regulations preserve the government’s ability to compel telecommunications firms to retain personal data about all users in the country, ignoring the European court’s concerns.

Transparency, oversight and remedy

The high commissioner cited a “disturbing lack of governmental transparency” around surveillance laws, policies and practices, hindering accountability for unlawful snooping. She called for much greater transparency and emphasised that surveillance could not be justified by secret laws or policies which granted authorities too much discretion. The report also called for greater oversight by all branches of government, including the judiciary, as a check against abuse.

Intelligence officials in the US cite multiple layers of oversight in the executive, legislative, and judicial branches to protect against privacy violations. Yet its secretive foreign-intelligence court, by design, plays a very limited role in safeguarding the rights of people outside the US who may be swept up in NSA surveillance. Members of congressional committees set up to oversee national-security surveillance have also admitted to being surprised by some aspects of the programmes Snowden revealed.

The US and UK governments contend that to find a needle in a haystack security agencies must collect the haystack.
In 2008, Human Rights Watch joined Amnesty International and other human-rights and labour organisations to challenge the constitutionality of one NSA programme. HRW was denied standing because it could not prove that it was under surveillance, effectively shielding US national-security surveillance policies from judicial review. The Snowden revelations may now prompt the court to reconsider its conclusion.

In the UK, oversight and accountability mechanisms have also proved inadequate to prevent abuse of surveillance powers. A person who believes one of the intelligence agencies has breached their right to privacy can file a complaint before the Investigatory Powers Tribunal, a judicial body. But if the tribunal does not uphold the claim it does not reveal whether the person’s communications were intercepted—and its decisions cannot be appealed.

The UK’s new surveillance law provides for an independent review of this entire area by May 2015, including issues of oversight, transparency and privacy. But parts of the independent reviewer’s report which the prime minister considered “contrary to the public interest or prejudicial to national security” might be excluded from the version presented to Parliament. While this review may be helpful, it should have been completed before the UK passed the new law—not afterwards.

Responsibilities of technology companies

The high commissioner said that technology companies which complied with government requests for surveillance assistance without adequate safeguards risked complicity in any resulting human-rights abuses. She said internet and telecommunications companies should assess whether their own data-collection and privacy practices could bring human-rights harm to their users, implicitly drawing a connection between company data-collection practices and government access to data which companies hold.

In response to the Snowden revelations, technology companies have begun to reveal information about how governments are asking them to assist with surveillance. But much more scrutiny is needed to ensure that companies minimise the amount of data they collect from users in the first place, as a critical safeguard against government access to personal data.

Next steps

The high commissioner is expected to discuss the report’s findings during the UN Human Rights Council session in September and to formally present the report at the coming session of the General Assembly.

The report has armed Brazil, Germany and privacy activists worldwide with the ammunition to counter the flawed US and UK defences of mass surveillance. Brazil, Germany and their allies should ensure that any UN resolution they pursue directly incorporates the report’s recommendations and findings in the strongest language possible. They should resist any efforts to weaken the standards the report so soundly articulates and should reinforce the high commissioner’s call to countries to review immediately their national law and practice to ensure full conformity with international human-rights law.

Another resolution, however is just a first step.

The Snowden revelations focused on the surveillance practices of only a handful of countries. While many governments expressed outrage about snooping by the NSA and its British counterpart, GCHQ, many also may have privately responded with envy. Though few can match the resources of the NSA or the GCHQ, governments worldwide are expanding their own digital-surveillance capabilities.

In just one example, Human Rights Watch documented how the Ethiopian government had acquired mass-surveillance equipment, enjoying thereby nearly unfettered access to intercepted mobile calls. The government has used surveillance, under the pretense of anti-terrorism efforts, to silence political dissent and harass critics.

Digital surveillance is also going to get cheaper and more efficient. Protecting the right to privacy online requires sustained scrutiny of government surveillance practices worldwide.

International human-rights bodies have paid insufficient attention to the impact of surveillance on human rights. The Human Rights Council should create a dedicated special procedure—an independent expert for the right to privacy—to take the report’s recommendations forward. The expert should examine national surveillance programmes, identify best practices to protect privacy and make recommendations for meaningful national reforms.

What does mass surveillance do to Human Rights? - Open Democracy 20140512

What does mass surveillance do to Human Rights? - Open Democracy 20140512

Where such mass, weakly targeted surveillance techniques have been used in Europe, the Human Rights Court has found them inconsistent with the right to respect for privacy. Mass surveillance is by definition arbitrary.

There is on-going interest and surprise at the extent of mass surveillance which various governments, the US in the form of the NSA, the UK in the form of GCHQ and others, have been carrying out.

The confirmations by both the US and UK governments that everything has been carried out in accordance with their national law has only resulted in profound questions regarding the nature of the laws which permit these activities and whether they actually conform to internationally recognised standards of certainty and accountability which any government act must have in order to qualify as a law.

The Snowden revelations regarding mass surveillance have not only had very substantial political repercussions over 2013 and into 2014, but have also raised profound legal questions as a result. So many of these are issues and questions of great importance for democracies. A former member of the European Parliament commented at a conference in Brussels on April 3, 2014 that every candidate in the May 2014 European Parliament elections is conscious of the chilling effect that mass surveillance has had on them personally.

The fact that every email they have sent, every photo they have forwarded by email, is available to the intelligence service of a foreign country has a chilling effect on freedom of expression. Who can be sure that something which they casually put into a personal email could not be used to contradict one of their election promises, or some photo that they sent could not be used to compromise their probity as representatives? We cannot afford to underestimate the impact of mass surveillance on the correct operation of democracy.

Two interconnected but separate human rights issues arise as regards mass surveillance. The first, which is the most fundamental but the most frequently ignored, is the right of every person to respect for his or her private and family life. The second, which is generally the subject of more substantial political and media noise is the duty of states to protect personal data. Those political actors who have an interest in promoting the legality of mass surveillance usually put forward two arguments. The first is that national and international security is always an exception to both the duty of every state to respect people’s privacy and the duty to protect personal data. This is the most trenchantly defended of arguments as when this one falls away, those actors seeking to justify mass surveillance find themselves on very weak legal ground indeed. The second is that states’ obligations to protect personal data are subject to very different rules and requirements according to the political preferences of different states. Thus as there is no harmonization of the specific rules as to what is acceptable data protection internationally, states which are exercising their national and international security prerogatives only need to fulfil their own national data protection rules.

Before engaging directly with the arguments and examining how political actors dissatisfied with them have responded, let us very briefly clarify the relationship of the right to respect for privacy with that of data protection. The right to respect for a person’s privacy is an overarching international human right. It is found in Article 12 of the UN’s Universal Declaration of Human Rights (1948) and its legal form is found in the UN’s International Covenant on Civil and Political Rights (1966). Any interference with the privacy of a person must first and foremost be subject to the consent of that person. The right to consent or refuse use of personal data belongs to the individual not the state.

Where the state seeks to interfere with that right and to collect and use personal data which constitutes an intrusion into the privacy of the person concerned, such an interference must be justified by the state authorities. First it must be permitted by law and that law must be sufficient clear and public that everyone can know what it is and how to adjust their behaviour accordingly. Any exception permitted by law to a human right must be interpreted narrowly. It must have a legitimate objective and be necessary to achieve that objective only. There must be no alternative, which would be less intrusive into the life of the person which could instead be used. There must be judicial oversight of any state interference and a person affected by an interference must have access to justice to challenge that interference.

Mass surveillance by its very nature is not targeted at any person specifically, thus the possibility to justify the interference with the privacy of any person individually is an exceedingly difficult task. Where such mass, weakly targeted surveillance techniques have been used in Europe, the Human Rights Court has found them inconsistent with the right to respect for privacy. Mass surveillance is by definition arbitrary.

States’ duty to protect data arises from the person’s right to respect for his or her privacy. Where states interfere with people’s privacy, they must fulfil strict rules to justify that interference. This gives rise to the obligation of data protection. The duty to protect personal data arises when personal data is being used by state or private actors and is designed to ensure that the use is consistent with the individual’s right to respect for his or her privacy. It is for this reason that there are many different types of regime of data protection depending on the country one examines. How states go about protecting data is for them to determine: the key is that personal data must be protected because the individual has a right to respect for his or her privacy. The content of the human right to respect for privacy of the person is not variable.

The political struggle

Moving then from the state of human rights to the political struggle regarding mass surveillance, clearly the US authorities are faced with a dilemma in international human rights law, an area of which they have always been rather wary. The 1950s approach to international human rights law was to claim that the instruments do no more than set out 'principles' and are not ‘real’ law in any significant way and are certainly not available for people to rely upon. This political position has been undermined by the development of very precise international obligations, the establishment of Treaty Bodies with jurisdiction to receive and adjudicate on complaints by individuals regarding alleged breaches of their international human rights and the embrace of international human rights law by national courts. The 'principles' approach to international human rights law is no longer tenable. It is a figleaf deployed occasionally by states seeking to act arbitrarily.

As the Snowden revelations rose up the scale of international issues, a number of states, primarily led by the Brazilian and German authorities began to address the issue of how to deal with US mass surveillance and the interception of communciations. There was much discussion about bilateral negotiations and unilateral action (for instance, building new cables which avoid US territory) etc. However, it rapidly became evident that bilateral and unilateral approaches were not going to be satisfactory. In Europe, the fact that the UK authorities were carrying out mass surveillance for their US counterparts and others (the so-called Five Eyes) yet were not only members of the Council of Europe but also of the European Union, was only one example of the problem of unilateral or bilateral approaches. Clearly, only multilateral efforts were likely to bring results, where the weight of the USA and some of its collaborators could be counterbalanced by a loose alliance of other states. As soon as the issue is defined in this way, the obvious venue to commence a response is at the UN General Assembly and the territory on which to prepare the response is international human rights obligations – the prohibition of arbitrary interference with people's privacy.

This is the road which the Brazilian and German authorities have followed. By August 2013, moves were afoot for a resolution of the General Assembly. Five non-governmental organizations were closely linked with the efforts, Access, Amnesty International, Electronic Frontier Foundation, Human Rights Watch and Privacy International also applied pressure for a strongly worded resolution. The Brazilian and German authorities were by no means alone in their efforts to achieve agreement over a UN General Assembly Resolution. Many smaller states, most notably Austria, Hungary, Liechtenstein, Norway and Switzerland but also others, very strongly supported the work from the beginning, even seconding staff to assist with the workload. The matter was assigned to the General Assembly’s Third Committee and it is there that the tense negotiations on the wording of the Resolution took place. A text was adopted on 26 November in the Third Committee and on 18 December 2013 it was adopted without a vote in the General Assembly of the UN.

The Resolution is based on the right to respect for privacy in the Universal Declaration and the ICCPR with specific reference to the prohibition on arbitrary interference. It ties the right to privacy to the right to freedom of expression – if people are subject to mass surveillance they are no longer able to express themselves freely. The preamble to the Resolution insists on the negative impact that surveillance and the interception of communications, including extraterritorial surveillance and interception, on a mass scale, has on the exercise and enjoyment of human rights. The Resolution calls upon states to respect the right to privacy and prevent violations; to review their procedures, practices and legislation regarding the surveillance of communications, their interception and collection of personal data, including mass surveillance, interception and collection with a view to upholding the right to privacy and ensuring the full and effective implementation of all their obligations under international human rights law and to establish or maintain independent, effective domestic oversight mechanisms capable of ensuring the transparency and accountability of a state’s actions.

United Nations High Commissioner for Human Right, Navanethem Pillay.
United Nations High Commissioner for Human Right, Navanethem Pillay.

Most importantly, the Resolution directs the UN High Commissioner for Human Rights to present a report on the protection and promotion of the right to privacy in the context of domestic and extraterritorial surveillance and/or interception of digital communications and collection of personal data, including on a mass scale and to report to the Human Rights Council in its twenty-seventh Session, in September 2014. The current High Commissioner, Navi Pillay, a South African jurist with a very impressive human rights career, was appointed to the post in 2008. She is no stranger to the problem of the right to privacy and mass surveillance, having already spoken on the subject at the Council in September.

The UN Human Rights Council (composed of 47 states elected by the General Assembly) has also already engaged with the issue. The matter was on the agenda of the twenty-fourth Session of the Council held in September 2013. The High Commissioner noted, at that meeting, that the threat which mass surveillance poses to human rights is among the most pressing global human rights situations today. Many state representatives present at that session had regard to the report of UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue on freedom of expression in the internet age (16 May 2011) which had already outlined many dangers of state surveillance and its impact on free speech.

What is perhaps surprising is that the September 2013 meeting of the Human Rights Council received so little press coverage. The meeting was well attended by state representatives and the discussions were incendiary in the condemnation of mass surveillance and interception of communications. Many state representatives attended the meeting with statements of condemnation of mass surveillance and interception of communications already prepared and agreed with neighbouring states on whose behalf they were mandated to speak.

While one might well expect the German representative to present a text on behalf of Austria, Hungary, Liechtenstein, Norway, and Switzerland, it is perhaps less obvious that Pakistan, speaking on behalf of Cuba, Venezuela, Zimbabwe, Uganda, Ecuador, Russia, Indonesia, Bolivia, Iran, and China, would also present an agreed text condemning the practices. While the counter move particularly in respect of this second set of countries is usually to attack them on the basis of their internal practices of surveillance and suggest, if not accuse, them of hypocrisy, the fact of the intervention nonetheless must be noted and the possibility that a group of states with serious disagreements among themselves would choose common ground on this subject.

The next step will be for the High Commissioner for Human Rights to prepare and present her report to the Human Rights Council in September 2014. Undoubtedly, her team will be presented with substantial amounts of information, evidence and legal argument to assist in the writing of the report.

In the meantime, our data continues to be hoovered up in industrial quantities. Private sector actors tell us that it is now cheaper to store data than to delete it – a potentially game-changing factor in the economics of mass surveillance. The compatibility of mass surveillance with human rights is already a matter of urgent concern. It is in all our interests that the UN continues its review of the compatibility of these practices with internationally agreed human rights standards.

This paper is based on a contribution to the article, 'After Snowden, rethinking the impact of surveillance' as part of a feature on Mass Surveillance co-authored with Zygmunt Bauman, Didier Bigo, R J B Walker, Vivienne Jabri and Paolo Esteves, to appear in the forthcoming issue of International Political Sociology, 2 (2014).

What will it take to end mass surveillance in the EU? - Open Democracy 20140723

What will it take to end mass surveillance in the EU? - Open Democracy 20140723

As European governments refuse to act on the issue of mass surveillance, it becomes clear that the fight against organised snooping on our private lives must take place at the EU rather than national level.

MEPs support asylum for Snowden. Flickr/greensefa. Some rights reserved.
MEPs support asylum for Snowden.

When the media reports containing startling revelations about the scale and scope of electronic surveillance conducted by the US National Security Agency (NSA) appeared in June 2013, Europe’s response was mixed. It quickly became clear that while European officials and Members of the European Parliament took the revelations and their impact on fundamental rights very seriously, no such response was forthcoming from national governments.

Many European politicians were justifiably outraged over the continuing flood of revelations about the US’ pervasive electronic surveillance programmes since June 2013. It rapidly became clear that the NSA programmes had swept up the communications of countless innocent European and other citizens without recourse against violations of privacy and freedom of expression rights.

Given the importance of the privacy rights established in the Charter of Fundamental Rights of the EU, which include an explicit right to the protection of personal data, the EU institutions’ actions were appropriate. The treaties that underpin the EU’s authority further emphasise that the Union’s international relations must be “guided by” basic democratic principles and respect for human-rights laws.

However, the same treaties that mandate that the EU consider human rights when conducting its foreign affairs also tie the Union’s hands when it comes to the regulation of national-security matters. The Treaty on European Union provides that “national security remains the sole responsibility of each Member State,” meaning that the Union cannot legislate in this area. Furthermore, the treaties explicitly deprive the Court of Justice of the EU (CJEU) of jurisdiction over cases involving a Member State’s efforts to safeguard its internal security. This means that even if the Union were to attempt to adopt measures restricting secret surveillance, those measures would very likely not be enforceable (as secret surveillance is assumed to be conducted for reasons of national security).

The European Commission responded immediately to the Snowden revelations and demanded clarification about the surveillance activities from US authorities. An EU-US dialogue was rapidly set up, but EU Member States were quick to curtail the EU-US discussions to exclude intelligence and national security matters – the sole responsibility of national governments.

Meanwhile, the European Parliament acted quickly and set up an inquiry into the electronic surveillance allegations, to be conducted by the Civil Liberties Committee (LIBE). CDT was the first civil society organization to give evidence to the inquiry, in September 2013. In our testimony to the inquiry we called for a trans-Atlantic process to develop a comprehensive understanding of the criteria that states should apply to government surveillance, especially where national security surveillance is concerned. We said that countries must bring greater transparency, proportionality and oversight to their electronic surveillance practices. Human rights principles, laid down in the European Convention on Human Rights and the International Covenant on Civil and Political Rights must be better respected in both jurisdictions, and an agreement on privacy between the two sides should be reached. This agreement should clearly define what constitutes adequate government access to data.

While the surveillance revelations exposed significant details about US surveillance programmes, they also revealed that many European states are employing similar tactics, even if on a smaller scale. Many recall that French President Hollande vocally called for an immediate stop to US spying on Europeans, but quickly muted his tone when the bulk collection programme of French intelligence was revealed. Similarly in Germany, NSA spying was a campaign issue during the September 2013 elections, and some politicians argued that EU-US trade talks should be suspended because of NSA practices. However, the revelations also demonstrated that German intelligence programmes were as technically advanced and invasive as those of the NSA, and that the two countries run electronic surveillance in close cooperation. In the UK, the government was not particularly shy about its massive surveillance capabilities, but insisted that there is proper oversight that fully respects citizens' privacy.

The European Parliament inquiry resulted in a resolution adopted in March 2014. The resolution is non-binding, but not irrelevant. It is an important political statement and it included several sensible recommendations. Notably, it demands an end to the bulk collection of data – echoing demands made by both private companies and civil society groups. Further, it calls on a number of Member States to bring their intelligence surveillance laws and practices into line with European and international human rights norms. It also proposed setting up a high-level group at European level to monitor progress. The parliamentary inquiry clearly demonstrated that the privacy problems associated with the surveillance practices could not be reduced to a simple ‘US agencies are spying on European citizens’ narrative. Expanding government access to citizens’ data, opaque and obscure laws, and insufficient judicial and democratic oversight are international problems, requiring international solutions

However, European governments have neither responded to the Parliament’s recommendations, nor to demands put forward by European civil society groups. In fact, several countries such as France and the UK have taken stepsto strengthen surveillance capabilities through legislative or administrative means.

There have been repeated calls by civil society groups and others for enhanced transparency about the ways by which European governments access personal data. These efforts were discussed at a recent ‘Transparency Summit’ co-hosted by CDT. European communications companies are increasingly publishing information about the mechanisms through which government agencies obtain access to their infrastructure.

Civil society groups should continue to file requests for information, and companies should redouble their efforts to inform their customers and users about government access to their data, and insist that the Member States comply promptly and meaningfully with data access requests.

However, at present, the information published about surveillance practices remains insufficient to create the necessary political pressure, and no government in Europe is being challenged seriously by its opposition on surveillance issues. In Germany, the public and political reactions to the surveillance revelations have been stronger than in other European countries. But even there, the larger issue—indiscriminate surveillance of ordinary citizens—did not generate the strongest response. Instead, it was the allegations of US spying on the German government and state institutions that generated most embarrassment and controversy.

Notwithstanding all of these challenges, attempts are being made to fight over-intrusive intelligence surveillance through litigation. Some civil society organizations have brought challenges against secret surveillance practices before their national courts; one example is a case that British, American and Pakistani NGOs have just argued before the UK’s Investigatory Powers Tribunal, claiming that GCHQ is not legally empowered to engage in mass communications surveillance. Litigants in the national courts, however, often face constraints that severely hinder their ability to present their cases, including (among other problems) an inability to view classified documents or a prohibition on pleading the case in open court.

Therefore, the real power to bring the intelligence agencies to account lies in cases brought at European level. The European Court of Human Rights (ECtHR) not only has by far the best-developed case-law of any international court where secret surveillance is concerned, it also does not face the competence restrictions that the CJEU does—it’s free to consider the compliance of national security-related matters with human rights (and frequently does so). In the post-Snowden era, litigants in the UK, Hungary, and Estonia have already brought cases before the ECtHR that challenge various aspects of secret surveillance; the UK case, Big Brother Watch and Others v. the United Kingdom, is especially significant since it arose directly from the Snowden revelations.

The CJEU, too, may have a role to play in this respect, notwithstanding the treaty-based restrictions on its jurisdiction over national security matters (see above). For example, the pending case of Schrems v. Data Protection Commissioner, which the Irish High Court recently referred to the Court, essentially raises the issue of whether national Data Protection Authorities in Europe have the power to examine if US-based internet service providers such as Facebook have the ability—in light of the NSA’s widespread and large-scale activities—to protect users’ privacy rights.

It is too early to tell if the different legal challenges will be successful. But clearly, the status quo is untenable. There are currently no European standards for electronic surveillance for national security: on oversight, judicial review, storage, data minimization, sharing etc. Citizens have no way to know if their communications are intercepted by an intelligence agency, or if it has been shared with another. Companies that provide communications and internet-based services across Europe and globally will continue to face conflicting legal mandates from different countries, and encounter difficulties in regaining users’ trust in the services they provide.

Here is an ironic situation. After all the ire and outrage expressed by European Union officials and MEPs about US spying on European citizens, we may face a situation where we know more about US surveillance than we do about European programmes. It may be that the judicial oversight and legal safeguards that apply to the NSA–insufficient as they may be–are better than those governing European intelligence agencies. This is an unusual state of affairs indeed.

Europe has a very active and relatively powerful human rights court that has set reasonably clear and firm standards for secret surveillance. And yet, EU Member States remain as intransigent as ever, and the prospect of meaningful public debate and reform of electronic surveillance schemes remains distant. One would think that the current state of affairs might be so embarrassing for European politicians who like to boast about Europe leading the world in protection of personal data, that they would take action.

In reality however, it is more likely that it will take a court judgment that is so clear and unambiguous that it leaves governments no alternative but to rein in electronic surveillance.

Challenging the era of mass surveillance - Open Democracy 20140806

Challenging the era of mass surveillance - Open Democracy 20140806

Protecting our fundamental rights against the destructive effect of mass surveillance is an essential task that should engage us all.

Disaffected NSA field station in Teufelsberg, Germany. Flickr/Koen Colpaert. Some rights reserved.
Disaffected NSA field station in Teufelsberg, Germany. Flickr/Koen Colpaert.

In just one month in 2013 the US National Security Agency (NSA) collected 97 billion pieces of intelligence from computer networks worldwide. It has snooped on 500 million German data connections–to the outrage of German nationals. The UK undertakes similar work, as Edward Snowden revealed. Our GCHQTempora programme neatly sidestepped national legislation to intercept transatlantic fibre-optic data cables on a mammoth scale.

Liberty's Shami Chakrabarti has pointed out that states tend to have a broader license to snoop abroad than at home, so we are seeing a subcontracting out of their dirty work to others, who can then claim to be protecting their own citizens. So where do universal human rights come into play?

The right to privacy and the right to protection by law against such interference are contained in Article 12 of the UN Declaration of Human Rights and are further elaborated in the UN Covenant of Civil and Political Rights. Article 8 of the European Convention on Human Rights concerns the right to private and family life–all EU Member States are parties to the Convention and the EU is negotiating its own participation. It is also included and expanded in the EU's Charter of Fundamental Rights:

Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. Compliance with these rules shall be subject to control by an independent authority. (Article 8)

Since the Lisbon Treaty’s entry into force in 2009, the Charter forms a legal basis for EU law. If EU citizens are to benefit from these fundamental rights, protection is necessary.

Can the EU strengthen and better protect these rights?

As reactions to the Snowden revelations show, the EU has an important role to play. It may be the most effective level at which to protect the privacy and data protection of European citizens. Recent EU-level events offer some positive signs.

The European Parliament’s (EP) own Committee of Enquiry on the US NSA Surveillance programme, adopted in March 2014, is a comprehensive response to the NSA scandal. There are two strong strands that link to current debates.

Firstly, the long-standing concern the EP has had about the comparative weakness of the USA’s Data Protection system compared to that of the EU. The EP has repeatedly challenged the Commission (at times in the European Court of Justice) about the adequacy of agreements reached, on Passenger Name Records (PNR) for example. The EP has also called for the suspension of the Terrorist Finance Tracking Programme (TFTP) as a response to the NSA scandal and a lack of clarity about whether the NSA gained access to SWIFT financial messages. It’s a clear statement that if governments really want to co-operate on anti-terrorism measures, they need to respect the data privacy of citizens.

The EP report also makes the point that concerns about USA Data protection standards could threaten the Trans-Atlantic Trade and Investment Partnership (TTIP). As part of the TTIP negotiations the US has proposed an e-commerce chapter to increase levels of EU-US online trade of services and products. This inevitably means greater and freer data flows - and the collection and use of EU citizens' data by US companies primarily used to complying with US law. Greens think this is one of the many reasons to oppose TTIP, but for the EP as a whole to take this warning position is remarkable.

The EU is currently aiming to update and strengthen its own legislation via the Data Protection Regulation, which will regulate how companies handle the personal data of EU citizens. Rapporteur Jan Albrecht MEP's draft legislation received very strong Parliamentary approval in March 2014. Key provisions include the need for these companies to receive explicit permission before processing personal data or transferring it outside the EU, and non-compliance fines of up to EUR 100 million or 5% of global turnover (whichever is greater). The Regulation still needs to be agreed by Member States before becoming EU law. Pressure needs to be brought to bear in every capital.

The second strong strand of the EP’s USA-NSA report concerns mass surveillance per se. The EP

[s]ees the surveillance programmes as yet another step towards the establishment of a fully-fledged preventative state, changing the paradigm of criminal law in democratic societies...often not in line with democratic checks and balances and fundamental rights. (Para 12)

A key question is how the EP and national governments will react to the striking down of the EU Data Retention Directive in April 2014 by the European Court of Justice. The legislation required telecoms companies to store phone or online communication records for at least six months and up to two years.

Greens in the European Parliament had always been opposed to the Directive and voted against it, as did the Liberal Democrats at the time, precisely because of its privacy and civil liberties impacts. The UK Labour Government pressed hard for the legislation to be adopted, using its EU Presidency to that end. Before the ECJ made its ruling on the case brought by Digital Rights Ireland, the Advocate General delivered his opinion. He was clear that the Directive was incompatible with the EU Charter of Fundamental Rights, specifically 'the fundamental right of citizens to privacy'.

This is a clear case of the EU bringing in bad legislation–but also of EU instruments being used effectively to overturn the legislation. It shows that the EU has the potential to protect our privacy and data protection rights, but only if those rights-based instruments are strong and mechanisms are robust. It’s also worth noting that the original Directive only needed the approval of national governments–now the EP would also be fully involved. It remains to be seen whether the UK's legislative response to the strike-down (‘emergency legislation in peace-time’ as one MEP described it) will be compatible with EU protections.

Other areas of concern voiced in the USA-NSA report concern oversight mechanisms. If data is increasingly being transferred across borders, are national oversight systems alone going to be effective, not only for commercial purposes but in terms of the continuing tension between human rights and security claims? It is increasingly clear that too many countries have deferential systems, unwilling or unable to challenge national security structures. The EP thinks we need greater co-operation at least. It is planning a major conference on the issue next year.

Challenging mass surveillance in the post-Snowden landscape

The Snowden revelations have changed the landscape. Snowden is a divisive figure, for whom US prosecution looms large. The Green Group in the European Parliament called for him to be given international protection in the EU and nominated him for the Sakharov Prize, the EU's annual award for 'freedom of thought'–but there was no majority. But whatever individuals may feel about him, there needs to be a response to the issues raised. The European Parliament has a responsibility to carry on the work it has started, but it cannot do it alone.

Many of the important cases are being raised by civil society and concerned journalists, who need space to do this. Big issues are being decided about the way in which we will live our lives, while our relationship to the state will increasingly be shaped by the technologies we use. Protecting our fundamental rights is an essential task and one that should engage us all.

Skinner, Q and Marshall, R - Liberty, Liberalism and Surveillance: a historic overview - Open Democracy 20130726

Skinner, Q and Marshall, R - Liberty, Liberalism and Surveillance: a historic overview - Open Democracy 20130726

One of Britain's most distinguished political theorists on republicanism, freedom, Machiavelli, Hobbes, the Reformation, Shakespeare, Milton and much more. Has modern society lost touch with Roman conceptions of freedom, and at what cost?

Martin Grüner Larsen

One of England's most distinguished scholars, Quentin Skinner is a leading historian of political thought and an outstanding advocate of a contemporary republican viewpoint. This interview with Richard Marshall of 3:AM sets out an accessible overview of a lifetime of work. We are grateful to 3:AM for letting us republish it as part of OurKingdom's Democractic Wealth. We have added at the end two additional openDemocracy/OurKingdom questions about corporate power, surveillance and freedom. Skinner's answer with respect to surveillance is a strong, clear statement of how it is a threat to liberty. This is especially relevant to current affairs given the superficiality of official and in particular British media responses to the Snowden revelations published by the Guardian's Glenn Greenwald about the programmes of total surveillance being attempted by US and UK secret services.

3:AM: You are known as a leading historian of political history and in particular the formation of ideas around human liberty. One of the key ideas you’ve written about is what you label ‘neo-Roman’ liberty.‘ This began back in Ancient Rome didn’t it, where freedom was contrasted with slavery, wasn’t it? Can you tell us what its distinctive traits are?

Quentin Skinner: The vision of personal freedom that interests me is articulated most clearly in the Digest of Roman Law, which is why I have wanted to describe its later manifestations as examples of ‘neo-Roman’ liberty. The fundamental distinction drawn at the outset of the Digest is between theliber homo, the free person, and the servus or slave. The law needed to begin with this contrast because law applies only to free persons, not to slaves. So one crucial question was: what makes a slave? The answer given in the legal texts is that a slave is someone who is in potestate, in the power of a master. The contrast is with someone who is sui iuris, able to act in their own right. Long before these argument were summarised in the legal texts, they had been elaborated by a number of Roman moralists and historians, above all Sallust, Livy and Tacitus. These writers were interested in the broader question of what it means to say of individuals – or even of whole bodies of people – that they have been made to live in the manner of slaves. The answer they give is that, if you are subject to the arbitrary will of anyone else, such that you are dependent on their mere goodwill, then you may be said to be living in servitude, however elevated may be your position in society. So, for example, Tacitus speaks of the servitude of the entire senatorial class under the Emperor Tiberius, so wholly subject were they to his lethal caprice.

It developed into a formidable political idea during the Italian Renaissance, didn’t it? Was Machiavelli influenced by it, either negatively or positively?

Yes, this vision of freedom is the one that underlies Renaissance Italian discussions about the vivere libero, that is, the sort of constitution that is needed to uphold a free way of life. Machiavelli was undoubtedly deeply influenced by these ideas. You ask if this influence was positive. If by that you mean to ask if he agreed with the neo-Roman analysis, I would say that he emphatically endorsed it.

Machiavelli’s main engagement with the neo-Roman view of freedom can be found in his Discorsi, completed around 1520. These ‘discourses’ take the form of a commentary on the opening ten books of Livy’s history of Rome.In his opening two book Livy had contrasted the lack of freedom suffered by Rome under her early kings with the civitas libera, the free state, that the people were able to set up with elected consuls in place of hereditary kings after the expulsion of the Tarquins. Machiavelli fully endorses Livy’s assumption that the fundamental question to ask, when thinking about political liberty, is about the distinction between freedom and servitude, and he further agrees that the arbitrary power wielded by the early kings of Rome left the citizen body living as slaves. The term servitù is always the one he uses when speaking of how an individual or a whole people living subject to the discretionary power of someone else will suffer loss of liberty, whether the power be internal to the polity (in the form of a prince or ruling oligarchy wielding arbitrary control) or external (in the form of a colonising power).

Was it influential in the development out of Lutheran and Calvinist and other religious groups of that time of the right to protest, resist and revolt?

The right of resistance developed in the course of Reformation struggles was chiefly based on classical ideas, but mainly on the Roman law maxim that vim vi licet repellere, that it is always lawful to resist unjust force with force. The contrast between freedom and servitude is certainly important to the leading Reformation thinkers, including both Luther and Calvin. But this is mainly because they were predestinarians, and rejected the very idea of human freedom in the name of the claim that we are all slaves to sin, and are freed only by divine grace.

How was it developed in Britain? Was it the sort idea of Rome Shakespeare would have known about and presented?

Shakespeare has much to say in his Roman plays, and especially in Julius Caesar, about the allegation that, if a polity falls under the will of a single person it becomes enslaved, just as individuals becomes enslaved if they become subject to a master. When Brutus addresses the plebeians in Act III, his justification for assassinating Caesar is that his death was necessary to keep Rome free and prevent her citizens from becoming slaves.

It became prominent during the English civil war of the 1640s, didn’t it? Didn’t Milton develop his ideas around the ideas of a politics against slavery?

Yes, John Milton offers a purely neo-Roman view of freedom and free states in both the major political tracts he published after the execution of Charles I. In his Tenure of Kings and Magistrates (1649) he argues that, unless the people are able to govern themselves, then they will live as slaves, since they will be living under the will of someone else. On the eve of the Restoration he published The Ready and Easy Way to Establish a Free Commonwealth(1660), in which he presents monarchy as an enslaving form of government. His argument is that kings always enjoy prerogative powers, and that such powers are by definition discretionary. But to live subject to the mere discretion of another person is what it means to live as a slave. So he exhorts the people, in both these texts, to retain political power in their own hands as the only means to uphold their political liberty.

Hobbes opposed the Roman republicanism view of liberty, didn’t he? What different view of liberty did he present? Was he drawing a different tradition or was he developing his ideas through his polemics, kind of making it up from whatever argument carried the day?

  Hobbes changes his mind about the nature of political liberty. When he circulated his first political treatise, The Elements of Law, in 1640, he still accepted the classical view that individuals are unfree if they are dependent on the will of someone else. He argued, however, that in order to assure peace and prevent a return to the state of nature – which he equates with a state of war – it is essential to set up an absolute form of sovereign authority to which we submit ourselves. But he agreed that, if you submit yourself to the will of such a sovereign, you thereby forfeit your liberty, which consists in the absence of any such submission and dependence. His answer at this stage is that, if what you want is peace, then you will have to give up liberty. By the time he published his next political work, his De cive of 1642, he had changed his mind. He now argues that, in establishing sovereign power, we do not have to give up our freedom, and he makes this point by way of arguing that everyone has misunderstood the true character of personal liberty. Personal freedom, he now insists, consists not in being independent of the will of others, but merely in not being obstructed from acting as we will. Freedom is not absence of dependence; it is simply absence of external impediments to motion. This view is grounded in Hobbes’s basic belief that there is nothing real in the world except matter in motion. Given this ontology, he is committed to the view that the only sense we can make of the idea of human liberty is to think of it as the freedom of an object to move. On this account, you are unfree if your movements are impeded by external impediments, but free if you are able to move without being obstructed.

So Hobbes thought that even under the most coercive force of law left people free. How does he make this argument as it doesn’t seem on the face of it very convincing?

QS: Hobbes’s argument about law and liberty, which he develops most fully in chapter 21 of Leviathan – which is entitled ‘Of the liberty of subjects’ – depends on his view about how laws operate. He maintains – and this is surely plausible – that the main reason why people obey the law is that they are more frightened of the consequences of disobedience. But as he now argues, fear does not take away freedom. Freedom, according to Hobbes’s new definition, is taken away only by external and physical impediments to motion. But fear is not an external impediment. On the contrary, fear is a motivating force, and one that generally drives us to obey. So he insists that, when we obey the law, we always do so freely, and we are always free to disobey. I agree that at first sight the argument does not look convincing, but if you recall how Hobbes defines human freedom then you can see that it is at least wholly consistent.

Why was Hobbes so against the Roman idea? Was it that he wanted peace at any price, or didn’t he like the parliamentarians personally?

One can only speculate, but I have the impression that Hobbes was worried about the extent of the demands that might be made in the name of liberty if the neo-Roman theory were left unchallenged. It is an obvious and crucial implication of the neo-Roman theory that you can be unfree even in the absence of any coercive threat. This is because, if you are living in dependence on the goodwill of someone else, you will be sure to self-censor in the hope of keeping out of trouble. But this will have the effect of limiting your own liberty. This limitation, however, will arise merely from your standing in relation to another person, not necessarily from any act of coercion on their part. To secure your liberty, then, what needs to be secured is your freedom from any such dependence. But that is to ask a lot of the state, and Hobbes seems to have felt that the demand was an excessive one. A further and connected reason for Hobbes’ hostility was I think his strong desire to vindicate, against the republicans of his age, the validity of absolute monarchy. As we’ve seen, in the hands of a writer like Milton monarchy is stigmatized as an inevitable source of enslavement. Hobbes wants to defend monarchy as a lawful form of government, so he needs to reject the view that he had previously espoused, namely that dependence in itself takes away freedom.

So after this period, what happened to the two species of liberty? Lockepresumably was more Hobbesian and Rousseau more Roman?

Hobbes’s view was not immediately taken up in Anglophone political discourse. On the contrary, there was something of a reaction against it. Locke continues to insist that arbitrary power takes away freedom. This claim is indeed the main argument out of which he develops his views about the right to resist tyranny. Hobbes’ rival claim that freedom consists not in absence of dependence, but merely in absence of impediments, only became orthodox in English political theory with the rise of classical utilitarianism in the eighteenth century. Hume in several of his essays ridicules the notion that dependence in itself takes away liberty, and with Bentham and Paley at the end of the century you find a clear articulation of the view that we are free provided that no one is interfering with the exercise of our powers. By contrast, Rousseau is indeed, as you say, the leading writer who continues to insist on a Roman view of liberty. For Rousseau you can never claim to be free if you are subject to the will of anyone else. Rousseau is obsessed with the importance of maintaining one’s independence and evading the servility which he saw all around him.

And would Marx have been aware of this distinction? Would he, or did he, side with Hobbes or the Roman idea?

That is a question which would bear a great deal more investigation than it has received. I am very stuck by the extent to which Marx deploys, in his own way, a neo-Roman political vocabulary. He talks about wage slaves, and he talks about the dictatorship of the proletariat. He insists that, if you are free only to sell your labour, then you are not free at all. He stigmatises capitalism as a form of servitude. These are all recognizably neo-Roman moral commitments.

This distinction seems a crucial one and might explain why republicanism can seem to accommodate such a wide range of political views, from extreme authoritarianism in the name of liberty to collectivism? Is our historical blindness an impediment to our ability to understand many of the cross currents of our contemporary situation? I guess the issue here is the role of history and having an historical perspective.

 I do not myself associate neo-Roman theories with what you call authoritarianism in the name of liberty. Such authoritarianism generally springs, it seems to me, from the assumption that there are certain true ends for mankind, and that liberty consists in following them. An example would be the Aristotelian belief that our freedom is best realised in serving the community. Another example would be the rival Christian belief that we attain true liberty (‘Christian freedom’) only in serving God. These paradoxical arguments – in which freedom is connected with service – differ from the core neo-Roman ideal that freedom consists in independence from the arbitrary will of others. The desire to be free of such discretionary power does not have to be held in virtue of the belief that we ought then to proceed to use our independence to act in specific ways. The neo-Roman theory is not interested in telling you how you should make use of your liberty; it merely wants you to espouse a particular view of how liberty should be understood. I strongly agree with you when you speak about our current historical blindness. I think that we have closed ourselves off from understanding a lot of our history by failing to see that, until relatively recently, the concept of liberty was generally understood in a way that we now find unfamiliar and even hard to grasp. We tend to think of freedom essentially as a predicate of actions. But the earlier tradition took freedom essentially to be the name of a status, that of a free person by contrast with a slave. Let me end by following out your last train of thought. I believe that there is certainly a sense in which we fail to understand some features of our contemporary situation through not having a grasp on the neo-Roman way of thinking about liberty. For a neo-Roman thinker, many of the situations that in a market society are regarded as free – even as paradigmatically free – would appear as examples of servitude. The predicament of de-unionised labour, of those who live in conditions of economic dependence, of those in particular who live in dependence on violent partners, and of entire citizen-bodies whose representative assemblies have lost power to executives – all these would appear to a neo-Roman theorist to be examples of being made to live like slaves.

openDemocracy / 3:AM: You list economic dependence of non-unionised labour, the role of tryannical violence in the family and the way parliaments are suborned by non-elected executive power, but you don’t list the rise of corporate power as a threat to liberty. Do you see the free market as essential to liberty in the full sense you advocate?

The power of corporations seems to me capable of posing a serious threat to liberty, in particular through their capacity to put pressure on states, especially developing states. Suppose a corporation wants to invest in a country but finds that its environmental laws, or its labour regulations, are inconveniently demanding. It can easily put pressure on the relevant government, especially in the case of developing states, to give it a break from these obligations. There need be no threat to refuse investment unless these special privileges are granted. It may be enough that the government is aware that the investment could be lost unless special privileges are granted for it to agree to grant those privileges. The government is placed, in other words, under an obligation to behave in a servile way that may also be undemocratic in that various laws that have been agreed by the people’s representatives may have to be set aside. Nor is this only a problem with respect to the power of multi-national corporations in their dealings with developing states. Think of the tax breaks that multi-nationals are given in this country, and the recent revelation that some are allowed to get away with paying virtually no corporate tax at all.

Recent revelations make it clear that the state intelligence services, linked up with specialist corporations, either have or are certainly attempting to ‘Master the internet’ and map and record all our metadata, tracing every electronic relationship, web search, Skype conversation and text message that we make. The general response across the British media, from the BBC to the Telegraph and the Murdoch papers, is ‘What did you expect? Everyone does it? What have you got to hide?’. How do your arguments impact on the issue of surveillance?

The idea that there is no problem with surveillance as long as you have nothing to hide simply points to the complacency of the liberal view of freedom by contrast with the republican one. The liberal thinks that you are free so long as you are not coerced. The republican agrees, of course, that if you are coerced then you are not free. But freedom for the republican consists not in being free from coercion in respect of some action, but rather in being free from the possibility of coercion in respect of it.

When William Hague told the House of Commons that no one has anything to fear so long as they have done nothing wrong he was missing an absolutely crucial point about freedom. To be free we not only need to have no fear of interference but no fear that there could be interference. But that latter assurance is precisely what cannot be given if our actions are under surveillance. So long as surveillance is going on, we always could have our freedom of action limited if someone chose to limit it. The fact that they may not make that choice does not make us any less free, because we are not free from surveillance and the possible uses that can be made of it. Only when we are free from such possible invasions of our rights are we free; and this freedom can be guaranteed only where there is no surveillance.

I think it very important that the mere fact of there being surveillance takes away liberty. The response of those who are worried about surveillance has so far been too much couched, it seems to me, in terms of the violation of the right to privacy. Of course it’s true that my privacy has been violated if someone is reading my emails without my knowledge. But my point is that my liberty is also being violated, and not merely by the fact that someone is reading my emails but also by the fact that someone has the power to do so should they choose. We have to insist that this in itself takes away liberty because it leaves us at the mercy of arbitrary power. It’s no use those who have possession of this power promising that they won’t necessarily use it, or will use it only for the common good. What is offensive to liberty is the very existence of such arbitrary power.

The situation is made much worse once you come to know — as all of us now know — that we are in fact subject to surveillance. For now there is a danger that we may start to self-censor in the face of the known fact that we may be being scrutinised by powerful and potentially hostile forces. The problem is not that we know that something will happen to us if we say certain things. It’s that we don’t know what may happen to us. Perhaps nothing will happen. But we don’t know, and are therefore all too likely to keep quiet, or to self-censor. But these are infringements of liberty even according to the liberal account. Surely the liberal and the republican can agree that, if the structures of power are such that I feel obliged to limit my own freedom of expression, then my liberty has to that degree been undermined.

It may of course be objected that liberty is only one value, and that liberty may sometimes have to be compromised in the name of other and supposedly higher values, such as security. One answer is that we are perhaps too willing at the moment to allow questions about security to outweigh questions about liberty. But even if this is not so, the current situation seems to me untenable in a democratic society. Let us agree that it is one of the undoubted obligations of the state to maintain security. Let us also concede that this may require some level of surveillance. But if the resulting powers are to be democratically exercised, then several constraints not currently in place will have to be imposed. People must know in advance exactly what activities are subject to surveillance, and why, and what penalties will potentially be incurred. And the use of surveillance will have to be undertaken by bodies that have to respond to Parliament, not merely to the Executive, which we often have no good reason to trust.

Diagonal mass surveillance: Gulliver versus the Lilliputians - Open Democracy 20140305

Diagonal mass surveillance: Gulliver versus the Lilliputians - Open Democracy 20140305

Mass surveillance does not follow the vertical logic of pure state surveillance as imagined by Orwell. Rather, it is diagonal – building on the information we voluntarily disclose to engage in our own "surveillance" of friends. This makes it much more perverse.

A protester wearing a Guy Fawkes mask with placard during a demonstration to mark the global
Filipino protesters join global protest against mass surveillance, February 2014.

In the wake of disclosures by Edward Snowden about the NSA practices concerning PRISM and other US surveillance programmes like Xkeyscore, Upstream, Quantuminsert, Bullrun, Dishfire, and the close involvement in these activities of services like the GCHQ (Tempora program), there is an urgent need for a systematic assessment of the scale, reach and character of contemporary surveillance practices, as well as of the justifications they attract and the controversies they provoke.

The public needs to know whether these practices mark a significant reconfiguration of, say, relations between intelligence gathering and surveillance of the Internet and other systems of telecommunications, or mark sustained challenges to fundamental rights in the digital sphere.

There is also a need to pay close attention to the longer-term implications of practices that have already raised serious questions about the widespread transgression of legal principles and democratic norms. And finally, to how transnational surveillance resonates with contemporary shifts in the locus and character of sovereign authority and political legitimacy.

Revelations about practices of large scale surveillance that branch out into the surveillance of everyday activities and bulk intelligence gathering on big groups of people has rightly generated considerable controversy. Yet, there is a danger that both the popular and scholarly debates will be reduced to familiar narratives about technological developments reshaping relations between the watcher and the watched, or the fulfilment of predictions by Georges Orwell or Philip K. Dick, or the transformation of representative democracies into totalitarian regimes in the name of protection.

No – what we see here is not a horizontal system of surveillance (a rhizome), where surveillance is pervasive but not centralised, and in which we participate because we individually want to take advantage of surveillance (for example by seeing what our friends do on Facebook), or that we enact through voluntary disclosure of information to online friends. Nor does this system follow the vertical logic of pure state surveillance imagined by Orwell in his novel 1984 (a total surveillance).

The diagonal of the bishop: surveillance and intelligence in a transnational world

The current situation could be best conceptualised as a tri-dimensional chess bishop, a "diagonalised" form of surveillance and intelligence. The meaning of the acronym PRISM is revealing in this regard: Planning Tool for Resource Integration, Synchronisation and Management. This long range, diagonalised form transforms the horizontal network of everyday surveillance (e.g. our individual and voluntary use of social media) into the vertical emergence of relevant information.

This selection from bulk of what information is relevant and needs to be investigated is an automated process, regulated by complex algorithms and the use of specific keywords. There is thus a double movement, from the inside out and the outside in, where personal information is voluntarily shared but then secretly recaptured by intelligence agencies. The watched, therefore, participate in their own surveillance.

The fact that these practices ignore national borders and treat information in bulk raises a series of questions. Of these, two are central. The first one concerns the conceptual disconnect between the idea of an interstate world in which each state has a clear vision of its own national security and the practices brought forward by global surveillance. Current surveillance practices involve a network of different intelligence services (the so-called Five Eyes plus) sharing some information in the name of global antiterrorism while also acting against their partners in the pursuit of their own national security interests, thereby destabilising traditional understandings of alliances and state behaviour.

The second consequence concerns the strategies deployed by multiple actors to resist surveillance practices, through diplomatic or legal means, as well as adjustments in everyday online behaviour by Internet users. A crucial question is thereby posed: will these users continue to participate in their own surveillance through self-exposure, or will they develop new forms of subjectivity that give more thought to the consequences of their own actions?

Intelligence work begins as analysts use the data collected through large scale surveillance with the goal of identifying unknown persons related to a targeted individual or group, within three degrees of separation ("hops"). For example, if a suspected individual has 100 Facebook friends, the person in charge of the surveillance at the NSA or one of its private subcontractors can without warrant follow the communications of friends of friends of friends, for up to three hops – about 2,669,556 people.

Faced by the magnitude of data accumulated, the strategy used by the analysts is not to read all the content of these communications, but to visualise the graph of interpersonal relations ("meta-data") hoping to disconnect specific connection nodes. This is far from a full reading of everything the data contains, but also equally far from a scientific method that would give a required level of certainty and any semblance of truth to the results.

This method is essentially suspicion elevated to the rank of art. It depends on the analyst's intuition and interpretation, and the results may be contradictory from one analyst to the other. The fear of an omniscient big brother is mostly irrelevant in this scenario, as the claim of any truth coming from this visualisation must be a false one, based as it is upon the pretence that predictions can be elaborated regarding specific human actions at some point in the future, when even general forecasts about trends are difficult. Technology is used as if it could provide scientific certainty about the future, but this belief in the power of 'big data' has more to do with blind faith than with any kind of certainty.

Political painter Kaya Mar with his new painting of US President Barack Obama eavesdropping on a blindfolded nation.Artist Kaya Mar portrays Barack Obama spying on a blindfolded USA, July 2013/Demotix/Pete Riches/All rights reserved.

National security and the digitisation of the raison d'etat

These ways to gather and share information have paradoxical effects on national security requirements. Namely, national security is not national any more: different national security imperatives may clash between allies and trust is eroded. The digitisation of national security creates big data gathered at a transnational scale, blurring the lines of what is national as well as the boundaries between law enforcement and intelligence.

These methods encourage a move from the judicial framework of criminal police to preventive, pre-emptive, predictive approaches, and from a high degree of certainty about a small amount of data to a high degree of uncertainty about a large amount of data. The hybridisation of public agencies and private contractors destabilises the process of socialisation via national state interests and thus secrecy, opening up the potential for major leaks by persons holding incompatible values (as in Snowden's case).

To say this more theoretically, the change and uncertainty surrounding the categories of “foreign” and “domestic” is dispersing them through the webs of multiple interconnections. This transforms the line that clearly separated the foreign and the domestic into a Möbius strip. By projecting national security inside out, via a transnational, public-private alliance of national security and sensitive data professionals, an unexpected outside comes into effect whereby every Internet user is targeted. These “data subjects” must react in turn, if they do not accept a situation where nearly all internet users are treated as potential suspects and on principle, not innocent.

Multiple sites of resistance

In this regard, the Snowden revelations set off a snowball effect of distrust among the actors who initially thought that they were gaining from exchanging data with the NSA. The recent partners of the Five Eyes plus (Sweden, Germany, France) felt betrayed when the NSA and GCHQ publicly defended their actions by asking something along the lines of, "You knew that we were spying on you all and your heads of state. Were you so naïve as not to have imagined what we were doing ?".

The same argument has been used to confront the broader public and internet actors, some of whom (such as Google, Yahoo or Facebook) denied all knowledge of the extent of these surveillance practices. The NSA and GCHQ argued that their practices were not the problem, but rather our collective naivety in trusting them, when obviously we did not have to.

This trick may save them from juridical claims by forcing courts to consider that internet users did not have a reasonable expectation of privacy when they sent their emails. Yet, by indirectly acknowledging that they are not to be trusted, they have destabilised their own system of legitimisation. For example, the Snowden revelations have pushed private telecom providers such as the French company Orange into inspecting their technical infrastructures (notably the submarine cables that link Europe to North Africa or Asia), in order to discover that the NSA had abused their initial, more legitimately motivated collaboration (fighting against terrorism and organised crime) by secretly installing backdoors to intercept communications going through the main nodes in France, Germany, Sweden, the Netherlands and possibly Brazil.

The politicians of the Five Eyes plus countries are now caught between their official support for fighting terrorism by all means, Americanophilia, the arguments for a common alliance, and the aggressive behaviour of the Five Eyes network. If most of them consider that they have succeeded in silencing resentment from within the state apparatus (investigative magistrates or prosecutors for example, who are theoretically the 'end users' of gathered intelligence), they have not so far managed to do the same with the private providers and even less with civil society.

Hundreds of judicial claims coming from very different groups – internet actors, telecom providers, NGOs, political parties and citizen movements - have been launched with very different motives in each case, and it will be impossible to accommodate them without engaging in profound reform. The NSA - a Gulliver who wanted to know everything about everyone - has just managed to mobilise all the Lilliputians and might soon be paralysed by their minuscule but solid nets.

This short intervention is part of a longer collective article co-written by Zygmunt Bauman, Didier Bigo, Paulo Esteves, Elspeth Guild, Vivienne Jabri, David Lyon, Rob Walker.


[1] Barack Obama, following one of the 45 recommendations of the review group on intelligence and communication technology delivered on 12 Dec 2013, seems ready to restrict the search without warrant to two "hops" (i.e. 16,340 people), while keeping the principle alive.

Saving privacy in the age of mass surveillance: do judges hold the key? - Open Democracy 20140714

Saving privacy in the age of mass surveillance: do judges hold the key? - Open Democracy 20140714

European courts have interpreted privacy in a holistic manner, addressing not only the challenges of mass surveillance to data protection and the right to a private life, but also defending privacy as vital to the relationship of trust between the individual and the state in any democracy.

Flickr/svenwerk. Some rights reserved.Flickr/svenwerk. Some rights reserved.

The reconfiguration of the security landscape in recent years has resulted in the transformation of the relationship between the individual and the state. A catalyst in this transformation has been the growing link between securitisation and pre-emptive surveillance, and the new focus of security governance on the assessment of risk.

Central in this context is a focus on the future in which the aim of pre-emptive surveillance is to identify and predict risk and danger. The pre-emptive turn in surveillance has been based largely upon the collection, processing and exchange of personal data, which has in turn been marked by three key features. The first feature involves the purpose of data collection and processing. This is no longer focused solely on data related to the commission of specific, identified criminal offences, but concentrates instead on the use of personal data to predict risk and pre-empt future activity.

The second feature concerns the nature of the data in question. On the one hand, pre-emptive surveillance focuses increasingly on the collection of personal data generated by ordinary, everyday life activities. This includes records of financial transactions, of airline travel (PNR) reservations and of mobile phone telecommunications. The focus on monitoring everyday life results in mass surveillance, marked by the collection and storage of personal data in bulk.

The third feature of pre-emptive surveillance concerns the actors of surveillance. A key element in this context, linked with the focus on the monitoring of everyday life, is the privatisation of surveillance: banks and other financial and non-financial institutions, airlines and mobile phone companies are legally obliged to collect, store and reactively or proactively transfer personal data to state authorities. This privatisation of surveillance has been accompanied by the expansion of state actors of surveillance, with maximum access to databases having been allowed to security agencies, regardless of the initial purpose of the transfer of personal data or of the database involved.

The combination of these three features of pre-emptive surveillance extends considerably the reach of the state and poses grave challenges to fundamental rights. Surveillance is occurring on a generalised, massive scale, via the proliferation of channels of data collection, processing and exchange and the generalisation and deepening of data collection. Everyday and sensitive personal data is now being collected en masse. This has led to what has been called ‘the ‘disappearance of disappearance’- a process whereby it is increasingly difficult for individuals to maintain their anonymity, or to escape the monitoring of social institutions. [1]

State authorities thereby have access to a wealth of personal data enabling practices such as profiling and data mining. This impact of state intervention on the individual is intensified when one considers the potential of combining personal data from different databases collected for different purposes in order to create a profile of risk or threat.

In addition to the substantive privacy challenges these developments pose, risk assessment in these terms also challenges the place of the citizen in a democratic society. The use of personal data in these terms leads to a process whereby individuals embarking on perfectly legitimate everyday activities are constantly being assessed and viewed as potentially dangerous without having many possibilities of knowing about or contesting any such assessment. And as has been noted, predictive determinations about one’s future behaviour are much more difficult to contest than investigative determinations about one’s past behaviour. [2]

Legal responses to the challenges posed by pre-emptive surveillance have largely focused on the introduction of a series of data protection safeguards in the various legislative instruments allowing for mass surveillance. However, the reach of these safeguards has been limited and the effectiveness of data protection monitoring mechanisms introduced (such as the scrutiny provided by Europol or by an EU official based in the US in the context of the EU-US TFTP Agreement) have been of questionable efficiency. [3]

More broadly, there are two main limitations to the effectiveness of data protection in addressing the challenges posed by pre-emptive surveillance single-handed. The first limitation stems from the limited capacity of data protection to question the political choice to maximise and generalise the collection and processing of personal data as such. As has been noted, data protection differs from privacy as it does not aim to create zones of non-interference by the state, but rather operates on a presumption that public authorities can process personal data. [4] Data protection thus rarely questions the legality and legitimacy of the very collection and transfer of personal data.

The second limitation of data protection in relation to privacy is the specificity of data protection, which is linked in turn to the changing focus of protection: while data protection is centres on the various categories of personal data, with the specific information collected and processed being its reference point, privacy focuses on the person in terms of identity and the Self, aiming to provide a far more holistic framework for assessing the impact of surveillance on the relationship between the individual and the state.

Meanwhile, the value of privacy in addressing the challenges posed by pre-emptive surveillance has been highlighted in a number of recent judicial decisions, with the judiciary emerging as the leading institutional actor in reconfiguring the field. Courts have now had to deal with pre-emptive surveillance measures embracing both the collection of data by the state and the collection of data by the private sector. In the case of Marper [5] the European Court of Human Rights examined the compatibility with the European Convention on Human Rights (ECHR) of the systemic and indefinite retention of DNA profiles and cellular samples of persons who have been acquitted, or in respect of whom criminal proceedings have been discontinued in the UK.

The Court found that such blanket and indiscriminate retention of data is disproportionate and thus non-compliant with Article 8 of the Convention. The ruling is important in rejecting the retention of DNA data by the state per se: according to the Court, the mere retention and storing of personal data by public authorities, however obtained, is to be regarded as having a direct impact on the private-life interest of the individual concerned, irrespective of whether subsequent use is made of the data. [6]

A number of constitutional courts in Europe have declared the unconstitutionality of domestic data retention legislation implementing the EU data retention Directive. A common thread which can be discerned in the reasoning of constitutional courts is the emphasis on the adverse impact of breaches of privacy on the relationship between the individual and the state more broadly. The Romanian Constitutional Court has noted that data retention addresses all legal subjects, regardless of whether they have committed criminal offences or whether they are the subject of a criminal investigation, which is likely to overturn the presumption of innocence and to transform all users of electronic communication services or public communication networks a priori into people susceptible of commiting terrorist crimes or other serious crimes. According to the Romanian Court, continuous data retention is sufficient to generate in the mind of the persons involved legitimate suspicions regarding respect for their privacy and the perpetration of abuses by the state. [7]

Following up on these rulings by national constitutional courts on data retention, the Court of Justice, in its landmark ruling in the case of Digital Rights Ireland, [8] has annulled the EU data retention Directive on the grounds that the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter.

The Court stressed the impact of mass surveillance on privacy by noting that data retention entails interference with the fundamental rights of practically the entire European population as it affects, in a comprehensive manner, all persons using electronic communications services, but without the knowledge of persons whose data are being retained, even indirectly, in a situation which is liable to give rise to criminal prosecutions. [9] The Court’s powerful ruling puts an end to unlimited mass surveillance and raises questions on the constitutionality of other EU laws allowing for such surveillance in the context of transatlantic counter-terrorism cooperation, including the EU-US PNR and TFTP Agreements.

It is thus the judiciary, and not the legislator, who has developed a meaningful protection of privacy in the face of growing practices of mass surveillance globally. The highest courts in Europe (national constitutional courts, the European Court of Human Rights and the Court of Justice of the European Union) have all interpreted privacy in a holistic manner, addressing not only the specific challenges of mass surveillance to data protection and the right to private life, but also viewing privacy as part of what strengthens citizenship and upholds democracy, by preserving the relationship of trust between the individual and the state and avoiding the so-called ‘chilling effect’ of mass surveillance. [10]

This judicial approach to privacy is key to the development of a new global consensus in the field. The UN General Assembly has called for further work to be done on the protection and promotion of the right to privacy in the context of domestic and extraterritorial surveillance and/or the interception of digital communications and the collection of personal data, including on a mass scale.[11] European courts have led the way in developing principles underpinning any future policy and legislative developments in the field. The hope for improved legal standards in the future does not obviate the need for the continuous influence of the judiciary in questioning mass surveillance and upholding privacy and free speech in a democratic society.

 

[1] K.D. Haggerty and R.V. Ericson, ‘The Surveillant Assemblage’ in British Journal of Sociology 2000, 619.

[2] D.J. Solove, ‘Data Mining and the Security-Liberty Debate’ in University of Chicago Law Review 2008, 359.

[3] V. Mitsilegas ‘Transatlantic Counter-terrorism Cooperation and European Values. The Elusive Quest for Coherence’ in D. Curtin and E. Fahey (eds), A Transatlantic Community of Law, Cambridge University Press, 2014, pp.289-315.

[4] P. de Hert and S. Gutwirth, ‘Privacy, Data Protection and Law Enforcement. Opacity of the Individual and Transparency of Power’, in E. Claes, A. Duff and S. Gutwirth (eds.), Privacy and the Criminal Law, Intersentia 2006, 77-78.

[5] Case of S. And Marper v. The UK, Application nos. 30562/04 and 30566/04.

[6] Paragraph 121.

[7] Decision no. 1258 from 8 October 2009.

[8] C-293/12, Digital Rights Ireland.

[9] Paragraphs 56, 58.

[10] Privacy and Civil Liberties Oversight Board, Report on the Telephone Records Program Conducted Under Section 215 of the USA Patriot Act and on the Operations of the Foreign Intelligence Surveillance Court, January 23, 2014, 13.

[11] Resolution 68/167, The Right to Privacy in a Digital Age, adopted on 18.12.2013, A/RES/68/167.

Developing a global privacy regime in the age of mass surveillance: four key principles - Open Democracy 20160208

Developing a global privacy regime in the age of mass surveillance: four key principles - Open Democracy 20160208

Europe leads in the field of the protection of privacy, with legislators, particularly courts, addressing head-on the fundamental human rights challenges posed by executive action authorising mass surveillance.


Towers, European Court of Justice at Luxembourg.

The proliferation of mass surveillance practices in recent years has posed a number of tough challenges for the protection of human rights in democratic societies, most notably for the right to privacy.

These challenges have been exacerbated by the considerable diversity in the legal and constitutional protection of privacy across the globe, with states engaging in far-reaching surveillance activity (such as the United States as demonstrated by the Snowden revelations) providing a fragmented and limited constitutional framework for the protection of privacy, especially regarding non-citizens.

At the same time, privacy protection framed strictly from a national/territorial perspective is increasingly inadequate to address the globalisation of surveillance, as evidenced by the proliferation of extraterritorial surveillance practices by states. In view of these challenges and gaps in human rights protection, I want to argue here that the development of a global privacy regime should now be an urgent priority for the global community.

There are four key principles to underpin such a global privacy regime. These principles are inspired by the current state of the protection of privacy in the European Union, and in the Council of Europe as developed by the Court of Justice of the European Union and by the European Court of Human Rights.

Europe is currently the leading actor in the field of the protection of privacy, with legislators — and in particular courts — addressing head-on the fundamental human rights challenges posed by executive action authorising mass surveillance.

Four key principles

- Firstly, the right to privacy should apply to everyone, to all individuals irrespective of their nationality.

The extension of privacy protection to everyone will serve to place meaningful limits to foreign surveillance and address the challenge of addressing global and extraterritorial systems of surveillance with territorial laws.

- Secondly, the right to privacy should cover not only the processing of personal data, but should target and limit the very collection of such data and its storage and transfer.

This is particularly important as regards the collection of every day personal data stemming from legitimate transactions such as booking a flight, arranging a bank transfer or making a phone call. A broad conceptualisation and articulation of the right to privacy, which would encompass but not be limited to the right to data protection, is key in this context.

- Thirdly, a global privacy regime must ensure effective remedies and meaningful avenues for redress for individuals claiming to be affected by surveillance activities.

The Court of Justice of the European Union in Schrems and the European Court of Human Rights in Zakharov have both espoused approaches whichenable standing and grant a remedy to individuals who cannot necessarily demonstrate that they have been affected individually by surveillance but who raise the prospect of a risk of a breach of their privacy rights due to surveillance. This approach can form the basis of a minimum standard approach on standing at the global level.

- Fourthly, the establishment of national independent privacy supervisors should be rolled out across the globe.

The European Union model is worthy of emulating here.The European Union model is worthy of emulating here as independent supervision provides with a rigorous avenue of scrutiny of compliance by the executive and the legislature with key privacy provisions, as well as strengthens the right to an effective remedy by providing an avenue for affected individuals to bring privacy complaints before independent supervisory authorities with independent investigative and decision-making powers.

Formal and informal avenues of cross-border and international cooperation between independent authorities can also be explored in order to address challenges of cross-border, extraterritorial and increasingly globalised surveillance. These four principles, which will be developed further below, will form the framework for the development of more detailed rules at global level, but adherence to them has the potential to establish a global privacy regime ensuring both a high level of privacy protection and a high level of legal certainty in an increasingly global level-playing field.

Principle 1: Everyone must enjoy the right to privacy

Compared with countries such as the United States, European Union law and ECHR law provide a higher level of protection ratione personae, ie in answering the question of who has privacy rights.

The two key human rights instruments which form the backbone of EU constitutional law in the field — the European Convention on Human Rights and the European Union Charter of Fundamental Rights — extend the right to privacy (and, in the case of the Charter, the right to data protection), toeveryone, without limiting protection to citizens of the European Union Member States (Article 8 ECHR; Articles 7 and 8 of the Charter of Fundamental Rights.)

This approach to privacy is important as it creates equality and a level-playing field in the protection of privacy between citizens and aliens, and helps to address gaps in protection arising in particular from extraterritorial surveillance practices that states may employ.

Principle 2: The right to privacy must be broadly defined

The second area where European Union law provides a higher level of privacy protection than countries such as the United States involves the substanceand content of the right to privacy.

The ruling of the Court of Justice in Digital Rights Ireland demonstrates clearly that mass, generalised surveillance is unlawful under European Union law. The ruling of the Court of Justice in Digital Rights Ireland demonstrates clearly that mass, generalised surveillance is unlawful under European Union law.In reaching this conclusion, the Court has adopted the three-step test of assessing human rights compliance adopted by the European Court of Human Rights in Strasbourg: the Court assessed in turn interference of mass surveillance with the right to privacy; its necessity in a democratic society; and its proportionality to the aim pursued.

Mass surveillance does not pass the proportionality test. Proportionality in this context provides a stronger privacy safeguard than the Fourth Amendment ‘reasonableness’ test. The establishment of privacy-specific constitutional rights (Article 8 ECHR and Articles 7 and 8 of the Charter) further contributes to the achievement of a high level of substantive privacy protection in European Union law.

As evidenced by the ruling of the Court of Justice in Schrems, the clear limits that European Union law places on mass surveillance and the resulting high level of privacy protection in the European Union are required to apply extraterritorially when personal data is transferred from the European Union to third countries.

The right to privacy here serves to limit not only the processing of personal data (which is a key outcome of data protection law) but also, at an earlier stage, the very collection of such data for surveillance purposes.

Moreover, in a long series of case-law on data retention, national constitutional courts in Europe and the Court of Justice have linked the protection of privacy against mass surveillance to upholding the rule of law and maintaining the relationship of trust between the citizen and the state. This democratic dimension of the right to privacy must be taken into account and serve as a limit to mass surveillance practices.

Principle 3: Everyone must have a right to an effective remedy for privacy violations

The third area where European Union and ECHR law provides a high level of protection involves the provision of remedies and avenues for judicial redress to individuals whose privacy rights have been affected. In the case ofSchrems, European Union law has made it possible for individuals who claim to be potentially affected by mass surveillance (in the case of Schrems by being a Facebook subscriber concerned about the potential access to his personal data by US security services) to be provided with a remedy before national courts and before the Court of Justice of the European Union.

An extensive approach to standing has also been endorsed by the European Court of Human Rights. In its recent ruling in Zakharov, the Court stressed the need to ensure that the secrecy of surveillance measures does not result in the measures being effectively unchallengeable and outside the supervision of the national judicial authorities and of the Court.

Accordingly:

‘the Court accepts that an applicant can claim to be the victim of a violation occasioned by the mere existence of secret surveillance measures, or legislation permitting secret surveillance measures, if the following conditions are satisfied. Firstly, the Court will take into account the scope of the legislation permitting secret surveillance measures by examining whether the applicant can possibly be affected by it, either because he or she belongs to a group of persons targeted by the contested legislation or because the legislation directly affects all users of communication services by instituting a system where any person can have his or her communications intercepted. Secondly, the Court will take into account the availability of remedies at the national level and will adjust the degree of scrutiny depending on the effectiveness of such remedies…. where the domestic system does not afford an effective remedy to the person who suspects that he or she was subjected to secret surveillance, widespread suspicion and concern among the general public that secret surveillance powers are being abused cannot be said to be unjustified. In such circumstances the menace of surveillance can be claimed in itself to restrict free communication through the postal and telecommunication services,thereby constituting for all users or potential users a direct interference with the right guaranteed by Article 8. There is therefore a greater need for scrutiny by the Court and an exception to the rule, which denies individuals the right to challenge a law in abstracto, is justified. In such cases the individual does not need to demonstrate the existence of any risk that secret surveillance measures were applied to him. By contrast, if the national system provides for effective remedies, a widespread suspicion of abuse is more difficult to justify. In such cases, the individual may claim to be a victim of a violation occasioned by the mere existence of secret measures or of legislation permitting secret measures only if he is able to show that, due to his personal situation, he is potentially at risk of being subjected to such measures.’(paragraph 171. Emphasis added).

In Zakharov, the European Court of Human Rights has provided a meaningful route towards upholding the right to an effective remedy with regard to privacy violations resulting from state surveillance. It has allowed standing where applicants can evoke the mere existence of secret surveillance measures, with individuals not needing to demonstrate the existence of any risk that surveillance measures were applied to them if national systems do not provide an effective remedy for individuals to challenge such surveillance.

The approach of the European Court of Human Rights is in stark contrast to the ruling of the United States Supreme Court in the case of Clapper (Clapper, Director of National Intelligence, et al. v. Amnesty International USA et al., 568 U.S. (2013)), where the Supreme Court rejected the respondents’ standing plea based on the claim that they have suffered injury, which is traceable to Section 702 of the Foreign Intelligence Surveillance Act of 1978 (FISA, 50 U.S.C. para.1881a) because there is an objectively reasonable likelihood that their communications with their foreign contacts will be intercepted under para.1881a at some point, ruling that the respondents’ claims are highly speculative.

Principle 4: The requirement of independent supervision

The enjoyment of the right to an effective remedy is closely linked to the fourth area where European Union law provides a high level of constitutional protection of privacy compared to US law, namely the area of independent privacy supervision.

Independent supervision with regard to data protection law is firmly enshrined in EU constitutional law after Lisbon in both the Treaty on the Functioning of the European Union (TFEU) and in the European Union Charter of Fundamental Rights (Articles 16 TFEU and 8(2) of the Charter respectively).(See Hielke Hijmans.)

It is a European Union constitutional requirement which features prominently in transatlantic negotiations on the establishment of a level-playing field of protection, with the United States being seen as not providing an equivalent level of independent supervision.

Independent supervision has a dual role. It is essential to ensure rigorous and independent scrutiny of the compliance of Member States with EU constitutional and secondary legislation on data protection. However, it is also an avenue — via the powers of independent authorities to investigate individual complaints concerning breaches of data protection law — for the provision of an effective remedy for individuals whose privacy rights have been adversely affected.

This dual role of independent supervisory authorities in ensuring a meaningful and high level of protection has been confirmed in the ruling of the Court of Justice of the European Union in Schrems. There, the Court emphasised the powers of independent authorities to review the substance of individual complaints, even in the existence of a general decision presuming that the level of data protection in a third country (in that case in the United States) is ‘adequate’, with the Court linking such review with upholding the rule of law in the European Union (paragraphs 38-66, in particular paragraphs 58-60).The existence of an independent authority at the national level… has thus in this case proven essential in giving a voice to these individuals and providing remedies at both national and European Union level.

At the same time, the very existence of an independent authority at the national level has effectively provided the complainant with standing and an effective remedy at the national and at the Union level: Mr Schrems complained about the potential misuse of his Facebook personal data in the United States to the Irish independent supervisory authority, the Data Protection Commissioner. Upon rejection of his claim by the Commissioner, he brought an action challenging the Commissioner’s decision before the Irish High Court, which then decided to send the question in the form of a preliminary reference to the Court of Justice of the European Union — giving thus rise to the seminal ruling in Schrems.

The existence of an independent authority at the national level, where individuals can lodge complaints regarding potential breaches of their rights, has thus in this case proven essential in giving a voice to these individuals and providing remedies at both national and European Union level. The action of an individual citizen inSchrems, lodging a general claim before an independent authority (a claim which, under the reasoning of the US Supreme Court in Clapper would most likely be considered ‘speculative’), has resulted in a ruling by the Court of Justice of the European Union which has established a very high benchmark for the protection of privacy at European Union and transatlantic level.