An Introduction to Mass Surveillance and International Law

Table of Contents

Introduction

Surveillance: What, When, and Why?

Corporate surveillance: what is it?

Government Surveillance: few cases
United States of America
United Kingdom

Public Outcry against Mass Surveillance

European Union and Laws on Human Rights and Privacy

Article 8 – Right to respect for private and family life

Article 10 – Freedom of expression

International Law: Perspective

International Covenant on Civil and Political Rights

Conclusion

Bibliography

Introduction

Many amongst us frequently hear the term ‘mass surveillance’ these days, and connect it with government monitoring us through the internet and other media – keeping a note on who we are, what we do, any signs within us that could be contrary to the national security and so on. That would be how a layman – if they are acquainted with the term, that is – might define it.

Nonetheless, I decided to look through how mass surveillance is defined under laws in various countries, since there is no specific international law that deals with it. Both the supporters of the surveillance laws (i.e. the government), and those who protest against any form of surveillance on any level have their own sets of arguments. Traditionally, ‘surveillance’ has been understood as a facet of authoritarian regimes where the state demanded more control on its citizens, along with on foreign elements as well. In fact, surveillance on foreign elements – be it on foreigners in the country or international espionage – is common throughout the world. On the other hand, liberal democracies are usually expected to have laws that restrict too much interference by the government and on private use of surveillance; usually limiting it to the circumstances where public safety is at risk.

‘Information is Power’ – and with the advent of the internet, we have gazillion amount of data, incredible amount of information. Earlier, international espionage and surveillance took in the form of covert operations, and physically tracking an individual to extract more information on them. Now with more than 3,2 Billion internet users who use it to for accessing social media, express their opinion, look up their topics of interest, the information and possibilities are endless…shouldn’t we tap on that? After all, if you are a good, law-abiding citizen, then what do you have to fear about?

However, what about the privacy of an individual? As a law-abiding citizen living in a liberal democracy, shouldn’t I have the right to indulge freely in legal activities without any fear or backlash from the authority? Or, is it that as long as you do what you’re told, there is nothing to fear?

I shall analyze these questions, and some more, in this essay where we look into these issues especially from an international and legal perspective.

Surveillance: What, When, and Why?

When surveillance was manual and expensive, it could only be justified in extreme cases. Specific individuals were targeted for surveillance, and maximal information was collected on them alone. Today, the government spending has gone from collecting data on as few people as necessary to collecting it on as many as people.^[1] Origins of global surveillance can be traced back to the UKUSA Agreement in 1946, which was further expanded to the ‘Five Eyes’ – United States, United Kingdom, Canada, Australia, and New Zealand, and eventually to the global surveillance network – ECHELON in 1971^[2]. In a way, this was the largest global surveillance undertaking in the modern world, and was a predecessor to many more upcoming alliances, and covert operations and projects in the post-world war period.

Before dwelling further into the topic though, we ought to specify that mass surveillance can undertake two forms, primarily: Corporate surveillance, where corporations collect information on their customers; and government surveillance, where government gathers information, monitors, and tracks its own citizens. It would be interesting to highlight that often, governments use their authority to piggyback on corporate surveillance. Hence, and for the sake of brevity, we are going to expand more on government surveillance than the former in this paper.

Corporate surveillance: what is it?

Whenever there is a debate on mass surveillance, civil liberty organizations and citizens tend to have a more relaxed view on corporate surveillance than the surveillance by the state. Sheldon Whitehouse, a United States’ Senator from Rhode Island, argues the same is true for America. In his opinion piece^[3] on a popular law and national security related blog, Mr. Whitehouse asserts that “… Americans have become more skeptical of government intelligence gathering, while at the same time they willingly accept that corporations learn virtually every detail of their lives. Indeed, some of the most successful internet companies today are really information companies, and the most valuable commodity they possess is data about their customers.”

He further goes on to question: Why is it that a popularly elected and democratically accountable government—the democracy in which Americans take such pride—is more suspect than immensely large and wealthy private corporations?

Naturally, United States is not the only country where corporations actively seek out customer data. Nevertheless, this question rings a bell when taken into account that companies worldwide have gathered data in the name of marketing purposes and tailoring their products according to their customers’ needs, only to share it with government entities at the end. This data gathering process has evolved from search for better understanding their customer preferences, to storing merely their name and address for marketing campaigns, to a full-blown behavioral pattern and profiling.

Google, for instance, as the world’s most popular search engine currently, stores information for each web search identifying every user. An IP address and the search phrase used are stored in the database for up to 18 months.^[4] In other words, this means that if you have not accessed Google for up to 18 months, only then would the information identifying you would be deleted. In fact, even if you are not a user of Google services (Google search, YouTube, Gmail etc.), your email to someone who does use these services will be scanned by the company.^[5] An excerpt from Google’s terms of service, which the company updated last year, clearly states:

“Our automated systems analyze your content (including e-mails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.”^[6]

In May 2014, popular techblog VentureBeat investigated into Facebook and its cooperation with major security agencies worldwide to turn in its users’ data. It came into the limelight that Facebook acted as a surveillance tool for the National Security Agency (NSA) and Federal Bureau of Investigation (FBI) of the United States, to spy on its more than 1.44 Billion monthly active users and collect their information.^[7] The article leads on the claim by leading security journalist, Glenn Greenwald, who extrapolates in his book, “No Place to Hide”, where he reveals how both NSA and FBI developed techniques for exploiting Facebook chats, capturing private photos, collecting IP addresses to identify users, and gathering profile data.^[8] Once again, this is not a question of an American company acting on American soil upon American users – Facebook is the world’s largest social networking website as of writing this report, and is accessed by millions across the world. Not surprisingly, the company also had worked together with the GCHQ – United Kingdom’s intelligence and security organization, among other few.

However, this is not just the case of a leading search engine provider and a social media platform whose users are solely internet-based; behemoths of the computers industry like Apple and Microsoft were found equally guilty of malice in data gathering process and cooperation with intelligence agencies. It has been alleged that Central Investigation Agency (CIA) of the United States has repeatedly been involved in an effort to break through Apple’s security code and access users’ data, and it has been speculated that the company does provide a backdoor to the iOS operating system in order to let the intelligence agencies monitor its users’ activities.^[9]

Microsoft, on the other hand, has been infamous throughout the recent public ordeal against the global intelligence and privacy breach sparked by Edward Snowden, a former CIA employee turned privacy activist currently based in Russian Federation. The company has been harshly criticized for collaborating with the NSA, CIA, and several other intelligence companies worldwide.^[10] It has been alleged that the company offers backdoors at the operating systems level, and not just the internet and communications level, thus abusing users’ privacy.

Government Surveillance: few cases

United States of America

The formation of ECHELON in the 40s boosted both the extent and scale of collaboration between member intelligence agencies, with United States leading the pack. The Cold War seemed like a necessary step toward further monitoring own citizens and foreign subjects within the country, along with other geopolitical factors in the 90s and 2000s.

September 2001 presented a new threat to the United States government, when it launched several mechanisms in order to thwart terrorism both inside and outside the country.

National Security Agency (NSA) was created in 1952 after the end of the Second World War. Project SHAMROCK acted as a predecessor to the agency; it was created in order to gather all the telegraphic data entering and leaving the country.^[11] Since then, the NSA has become one of the largest US Intelligence organizations in terms of personnel and budget.^[12] Utilizing its prowess, the NSA tapped into data gathered by numerous organizations and companies based in the United States but with users worldwide; currently it accounts for over 91% of raw data acquired by the agency.^[13]

One of the primary and most important acts when it comes to the intelligence and national security is Federal Intelligence Surveillance Act of 1978 (50 U.S. Code § 1801). Highlighted below:

(a)

(1) Notwithstanding any other law, the President, through the Attorney General, may authorize electronic surveillance without a court order under this subchapter to acquire foreign intelligence information for periods of up to one year if the Attorney General certifies in writing under oath that—

(A) the electronic surveillance is solely directed at—

(i) the acquisition of the contents of communications transmitted by means of communications used exclusively between or among foreign powers, as defined in section 1801 (a)(1), (2), or (3) of this title; or

(ii) the acquisition of technical intelligence, other than the spoken communications of individuals, from property or premises under the open and exclusive control of a foreign power, as defined in section 1801 (a)(1), (2), or (3) of this title;

(B) there is no substantial likelihood that the surveillance will acquire the contents of any communication to which a United States person is a party; and

(C) the proposed minimization procedures with respect to such surveillance meet the definition of minimization procedures under section 1801 (h) of this title; and

if the Attorney General reports such minimization procedures and any changes thereto to the House Permanent Select Committee on Intelligence and the Senate Select Committee on Intelligence at least thirty days prior to their effective date, unless the Attorney General determines immediate action is required and notifies the committees immediately of such minimization procedures and the reason for their becoming effective immediately.^[14]

In short – the Act created a secretive court, which is unaccountable to the private individuals or the media, and approves or denies requests for search warrants authorizing surveillance. Interestingly, over the period of 1979 – 2006, over 22.990 applications for warrants were made to the Court of which only 5 were rejected.^[15]

The United States Government granted further power and passed several laws to accentuate the reach of its federal intelligence agencies, especially after the 9/11 incident. One of the most critical acts in the past decade is PATRIOT Act, which granted immense power to the already empowered intelligence agencies. Signed in October 2001, supported by growing euphoria among US citizens for rigorous actions against terrorism, the act granted power to exercise surveillance procedures, anti-money laundering, border security, and removing any obstacles to investigating and acting against terrorism.^[16]

One of the few facets of this act are authorization of indefinite detentions of immigrants; the permission given law enforcement officers to search a home or business without the owner's or the occupant's consent or knowledge; access to business records, including library and financial records, along with surveillance of individuals merely suspected of, although not linked to the terrorist groups.

United Kingdom

United Kingdom collaborated with the United States’ intelligence agencies since ECHELON, as mentioned above. Parliament of the United Kingdom controls the surveillance of the electronic communication, and any authorization is made by the Secretary of State only. Investigative Powers Tribunal is the legal body tasked with overseeing the intelligence services in the United Kingdom.^[17]

Quite ambiguously though, the Investigative Powers Tribunal concludes that GCHQ – British intelligence agency, ‘although collects and analyses data in bulk, it does not practice mass surveillance.’^[18]

Data Retention and Investigatory Powers Act (2014) allowed intelligence agencies complete access to the phone and internet records of individuals in the country.^[19] The main provisions of the acts were:

(1) The Secretary of State may by notice (a “retention notice”) require a public telecommunications operator to retain relevant communications data if the Secretary of State considers that the requirement is necessary and proportionate for one or more of the purposes falling within paragraphs (a) to (h) of section 22(2) of the Regulation of Investigatory Powers Act 2000 (purposes for which communications data may be obtained).

...

(3) The Secretary of State may by regulations make further provision about the retention of relevant communications data.

[...]

^[1] Schneier, B. (2015). Data and Goliath: The hidden battles to capture your data and control your world. New York: W. W. Norton.

^[2] Q&A: What you need to know about Echelon. (2001, May 29). Retrieved November 15, 2015, from http://news.bbc.co.uk/2/hi/sci/tech/1357513.stm

^[3] Why Americans Hate Government Surveillance but Tolerate Corporate Data Aggregators. (2015, June 2). Retrieved November 15, 2015, from https://www.lawfareblog.com/why-americans-hate-government-surveillance-tolerate-corporate-data-aggregators

^[4] Soghoian, C. (2008, September 11). Debunking Google's log anonymization propaganda - CNET. Retrieved November 15, 2015, from http://www.cnet.com/news/debunking-googles-log-anonymization-propaganda/

^[5] Gillmor, D. (2014, April 18). As we sweat government surveillance, companies like Google collect our data. Retrieved November 15, 2015, from http://www.theguardian.com/commentisfree/2014/apr/18/corporations-google-should-not-sell-customer-data

^[6] Google Terms of Service – Privacy & Terms – Google. (2014, April 14). Retrieved November 15, 2015, from https://www.google.com/policies/terms/

^[7] Weber, H. (2014, May 15). How the NSA & FBI made Facebook the perfect mass surveillance tool. Retrieved November 15, 2015, from http://venturebeat.com/2014/05/15/how-the-nsa-fbi-made-facebook-the-perfect-mass-surveillance-tool/

^[8] Greenwald, G. (2014). No place to hide: Edward Snowden, the NSA, and the U.S. surveillance state. Metropolitan Books.

^[9] http://techcrunch.com/2015/03/10/apple-products-may-have-been-compromised-by-cia-mass-surveillance-program/

^[10] Schestowitz, R. (2011, November 13). Windows ‘Update’ and NSA Back Doors, Including a 19-Year Bug Door in Microsoft Windows. Retrieved November 15, 2015, from http://techrights.org/2014/11/13/bug-door-in-microsoft-windows/

^[11] Factbox: History of mass surveillance in the United States. (2013, June 7). Retrieved November 15, 2015, from http://www.reuters.com/article/2013/06/07/us-usa-security-records-factbox-idUSBRE95617O20130607

^[12] Gellman, B., & Miller, G. (2013, August 29). 'Black budget' summary details U.S. spy network's successes, failures and objectives. Retrieved November 15, 2015, from http://www.washingtonpost.com/world/national-security/black-budget-summary-details-us-spy-networks-successes-failures-and-objectives/2013/08/29/7e57bb78-10ab-11e3-8cdd-bcdc09410972_story.html

^[13] NSA slides explain the PRISM data-collection program. (2013, July 10). Retrieved November 15, 2015, from http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/

^[14] 50 U.S. Code § 1802 - Electronic surveillance authorization without court order; certification by Attorney General; reports to Congressional...compensation of communication common carrier; applications; jurisdiction of court. (n.d.). Retrieved November 15, 2015, from https://www.law.cornell.edu/uscode/text/50/1802

^[15] EPIC - Foreign Intelligence Surveillance Act Court Orders 1979-2014. (n.d.). Retrieved November 15, 2015, from http://www.epic.org/privacy/wiretap/stats/fisa_stats.html

^[16] UNITING AND STRENGTHENING AMERICA BY PROVIDING APPROPRIATE TOOLS REQUIRED TO INTERCEPT AND OBSTRUCT TERRORISM (USA PATRIOT ACT) ACT OF 2001. (n.d.). Retrieved November 15, 2015, from http://www.gpo.gov/fdsys/pkg/PLAW-107publ56/html/PLAW-107publ56.htm

^[17] Functions - Key role. (n.d.). Retrieved November 15, 2015, from http://www.ipt-uk.com/section.aspx?pageid=1

^[18] IPT rejects assertions of mass surveillance. (2014, December 5). Retrieved November 15, 2015, from http://www.gchq.gov.uk/press_and_media/news_and_features/Pages/IPT-rejects-assertions-of-mass-surveillance.aspx

^[19] Data Retention and Investigatory Powers Act 2014. (n.d.). Retrieved November 15, 2015, from http://www.legislation.gov.uk/ukpga/2014/27/pdfs/ukpga_20140027_en.pdf