Transparency: the first step towards government surveillance reform – in the US, Europe and beyond
The drama surrounding the Snowden revelations helped shine light on a fundamental challenge for both companies and citizens: governments worldwide are accessing more and more personal data through the private sector. Counter-terrorism and national security is an important part of this picture, but it goes broader than that. Governments access, collect and store data for law enforcement, social security, health care, transportation, and lots of administrative purposes – and they do so on a larger and larger scale. Increasingly, authorities’ access to this data is automated, or systematic, indiscriminate, and often requires no human involvement. The laws that authorize access are opaque or secret, national parliaments conduct limited oversight, and judicial review is often lacking.
These are some of the conclusions that emerge from new research recently published by the Center for Democracy & Technology, sponsored by The Privacy Projects. The research compares government access to personal data across 13 countries in North America, Europe, and Asia.
This lack of transparency by governments makes it difficult to have a complete or fully accurate understanding of surveillance and systematic data access practices. The report found that relevant laws are at best vague, and government interpretations of them are often hidden. Oversight and reporting mechanisms are generally either absent or limited in scope, especially with respect to surveillance conducted in the name of national security. To the extent that information is available it shows that there is a gap between what is stated in law and how surveillance is conducted in practice. Pervasive communications tools and ubiquitous Internet access combined with plummeting data storage costs and enhanced analytical capabilities give governments the ability to learn more and more about the personal activities of those they govern.
Moreover, as Internet-based services become increasingly globalized, governments increasingly conduct surveillance across borders. This increases the risk of citizens being subject to surveillance by other states, without knowing it, and with no possibility to challenge it. It also means increased risks for businesses serving global customer bases that government data access laws in one country conflict with data protection requirements in others. While the Snowden revelations have covered several countries’ intelligence programs, they have provided particular insight into US surveillance capabilities. These are especially important due to the structure of the global Internet and the role of the US technology sector.
In the US, the revelations have spurred a vigorous and long overdue public debate about surveillance. It’s too early to tell whether it leads to meaningful legislative change and administrative reform, but it is clear that debate had not been possible before, simply because we knew so little about the NSA’s actual intelligence practices. The revelations have been helpful, but it is also clear that we don’t have the full picture. In a manner of speaking, we now know enough to know that we don’t know enough.
Increased transparency is the basis of a rational debate about what should be the proper legal standards for electronic intelligence surveillance. As demonstrated by our research, the lack of basic relevant information is a problem in the US, Europe, and beyond.
CDT believes, and has consistently argued, that a global approach to the problem of pervasive government surveillance is required if we are to see real progress in restoring the balance between surveillance and fundamental human rights and in restoring trust in the privacy of Internet-based services. We think the solution must be a set of international rules or best practices based on international human rights law that govern the ways in which governments obtain data on citizens in their own and other countries.
We think this solution must be in the interest of civil society, human rights advocates and companies alike. To make the necessary progress these groups must join forces. CDT and other civil society groups have been calling for intelligence programs to be brought in line with fundamental privacy principles, and we are pushing concrete reform measures through US Congress. These efforts have now received a much welcome boost with a group of leading Internet companies stating their support for significant parts of this reform agenda.
We now need to build deeper and broader cooperation among industry and civil society, to drive reform not only in the US, but globally. If we do not succeed in this endeavor, the likelihood is that we will continue to see privacy rights eroded, and quite possibly users’ trust in Internet services decline. We will also continue to see companies met with conflicting legal mandates from different countries.
And, as we have argued before, we will see governments challenge the global Internet, attempting so seal off their communications infrastructure and require local storage of data. The consequences of this would be detrimental to business and innovation, and more fundamentally to the development of democracy worldwide.