US Panel Review Group on Intelligence and Communications Technologies Publishes Report

Yesterday the panel established by President Obama to review the surveillance practices of the NSA released its final report. One important dimension relates to the possible privacy protections of non-US citizens abroad. You can find the Review Group’s report HERE. The report does not elaborate on the international human rights law obligations of the US (as a matter of law) but it draws inspiration from them and comes pretty close to the correct conclusions. Recommendation 13 quoted below (p. 151) comes close to a proper permissible limitations test. What is missing is proportionality, though as necessity is present (see “exclusively” in item 2) even proportionality can be inferred. Some of the reasoning quotes international law standards on privacy, even if presented in the context of policy considerations (democracy and reciprocity). The points articulated on pp. 155-156 in the report can be seen as a turn from policy to principle and can (perhaps optimistically) be read as an aspiration to respect foreigners’ privacy also/just because it happens to be a human right (please see quote #2, below). QUOTE #1: ‘Recommendation 13’ (on page 29 of the report) – “We recommend that, in implementing section 702, and any other authority that authorizes the surveillance of non-United States persons who are outside the United States, in addition to the safeguards and oversight mechanisms already in place, the US Government should reaffirm that such surveillance: (1) must be authorized by duly enacted laws or properly authorized executive orders; (2) must be directed exclusively at the national security of the United States or our allies; (3) must not be directed at illicit or illegitimate ends, such as the theft of trade secrets or obtaining commercial gain for domestic industries; and (4) must not disseminate information about non-United States persons if the information is not relevant to protecting the national security of the United States or our allies. In addition, the US Government should make clear that such surveillance: (1) must not target any non-United States person located outside of the United States based solely on that person’s political views or religious convictions; and (2) must be subject to careful oversight and to the highest degree of transparency consistent with protecting the national security of the United States and our allies.” QUOTE #2:  (pp. 155-156 of the report) – “Perhaps most important, however, is the simple and fundamental issue of respect for personal privacy and human dignity – wherever people may reside. The right of privacy has been recognized as a basic human right that all nations should respect. Both Article 12 of the Universal Declaration of Human Rights and Article 17 of the International Covenant on Civil and Political Rights proclaim that “No one shall be subjected to arbitrary or unlawful interference with his privacy. . . .” Although that declaration provides little guidance about what is meant by “arbitrary or unlawful interference,” the aspiration is clear. The United States should be a leader in championing the protection by all nations of fundamental human rights, including the right of privacy, which is central to human dignity.”

EU Counter-Terrorism Strategy Discussion Paper highlights SURVEILLE Advisory Service

In his latest discussion paper presented to the Council of the European Union Gilles de Kerchove, the EU Counter-Terrorism Coordinator, has highlighted the advisory service of the SURVEILLE project and encouraged its use. In addressing the nexus of counter-terrorism with human rights, Mr. De Kerchove stated: “On a practical level, I would encourage making use of the advisory service for security research in the EU financed SURVEILLE project which helps to develop technology consistent with ethical and human rights commitments and useful to end users (https://surveille.eui.eui.eu/index.php/advisory-service/).” The SURVEILLE Advisory Service provides advice which is practical and constructive towards the aim of developing technology consistent with ethical and human rights commitments and useful to end users. The Advisory Service is run by the University of Birmingham under the leadership of Professor Tom Sorell with the assistance of Dr John Guelke and Dr Katerina Hadjimatheou, all of whom are based at the university’s Centre for the Study of Global Ethics.

European Commission proposes law enforcement access to EURODAC

The European Commission on Wednesday (30 May) proposed to allow law enforcement authorities access to EURODAC, a biometric database of asylum seekers. The proposal will be presented to the Home Affairs Ministers at the next Justice and Home Affairs Council on 7-8 June 2012. The Commission has yet to release the full details of the proposal. Member state law enforcement authorities and EUROPOL would be able to request the comparison of fingerprint data with those already stored in the EURODAC central database, but under strict conditions. The comparison with the EURODAC database for law enforcement purposes would be strictly limited to the prevention, detection or investigation of terrorist offences as defined in the Council Framework Decision on combating terrorism (2002/475/JHA) and of other serious criminal offences as defined in the Council Framework Decision on the European Arrest Warrant (2002/584/JHA).

 The new proposal introduces the possibility for Member States’ law enforcement authorities and Europol to request comparison of fingerprint data with those stored in the EURODAC central database in a specific case when they seek to establish the exact identity of or get further information about a person who is suspected of a serious crime or is a victim of crime. Law enforcement authorities may only request the comparison with EURODAC data if there are reasonable grounds to consider that such comparison will substantially contribute to the prevention, detection or investigation of the serious criminal offence in question. The proposal makes clear that the comparison of fingerprint data using EURODAC may only be made after national fingerprint databases and the Automated Fingerprint Databases of other Member States under Council Decision 2008/615/JHA (the Prüm Agreements) were consulted and have returned negative results. A comparison using the EURODAC database will provide result on a ‘hit’/’no hit’ basis. Following a hit, the available information on the person (related to his/her asylum application) can then be requested from that Member State by using existing instruments for information exchange, such as Framework Decision 2006/960/JHA on simplifying the exchange of information and intelligence between law enforcement authorities. The proposal excludes that the EURODAC database be searched by law enforcement authorities on a systematic basis, and prohibits them from sharing personal data obtained with third countries, organisations or other entities. According to responsible Commissioner Malmstrom, “robust safeguards have been introduced to guarantee full the respect of fundamental rights and of privacy and in order to ensure that the right to asylum is not in any way adversely affected.” But Melita Sunjic, spokeswoman for the United Nations High Commissioner for Refugees (UNHCR) in Brussels, told EUobserver that law enforcement access to the database would equate asylum seekers with criminality. A similar proposal was already tabled by the Commission in 2009 but was quickly shot down the European Data Protection Supervisor (EDPS) and the Meijers Committee, a group of experts on international immigration, refugee and criminal law. According to Dr. Maarten den Heijer, a member of the Meijers Committee: “The proposal would effectively transform all asylum seekers whose data is stored into criminal suspects and it will, indeed, increase the chance of prosecution of asylum seekers solely on the basis that they have once lodged an asylum claim somewhere,” said Dr den Heijer. Furthermore, Dr den Heijer argues the proposal would violate a data protection principle of ‘purpose limitation’ which holds that stored personal data may only be used for the purpose it was initially collected for. He cited a case brought against Germany by an Austrian national at the European Court of Justice in 2008 which ruled that a system for processing personal data specific to foreign nationals for the purpose of fighting crime is not permissible.