Recent revelations surrounding global communications surveillance by intelligence agencies have ignited worldwide debate and controversy. The debate involves concerns that government monitoring has grown exponentially and unchecked through the use of mass surveillance programs. This is the first post in a three-part series on human rights issues in relation to global communications surveillance. It provides a backdrop to the posts that will follow on the International and Canadian legal frameworks governing this issue.
For the purpose of these posts, “communications surveillance” reflects the Communication Security Establishment of Canada’s (CSEC) definition of the term. It includes the “monitoring, interception, collection, analysis, use, preservation, retention of, interference with, or access to information that includes, reflects, arises from or is about a person’s communications in the past, present or future.” Communications encompass “any information carried on the global information infrastructure”, including phone conversations, text messages, email, web browsing and social media posts.
Communications surveillance is nothing new, and if anything, popular culture has often viewed intelligence agencies with the sort of reverence generally reserved for super heroes, so why are concerns surfacing now? Recent revelations aside, there are several sources for them; largely flowing from the recent explosion of communications technology, as well as state reactions to the 9/11 terrorist attacks in 2001 and their potential impacts on privacy.
In particular, there has been a dramatic and sudden increase in the volume and frequency of electronic communications as a result of smart phones and other emerging mobile technologies. There have also been concurrent advances in technologies that have facilitated mass state surveillance programs. This has resulted in an increased ability for states and private actors to conduct broad interception, analysis and storage of communications information at lower cost.
There is also a growing awareness of the potential sensitivity of communications metadata, which can reveal as much or more sensitive personal information about an individual as the content of a communication. Metadata includes information such as the time and duration of communications, as well as the subscriber information, IP address, geographic location, and equipment used by parties. To date, governments and laws have tended to distinguish between content and metadata or other forms of “non-content” information; providing less protection for the latter category of communications information. It seems quite clear however, that these distinctions are no longer valid.
Snowdon Revelations
There is no doubt that it is the controversial revelations of Edward Snowdon that have highlighted these issues so strikingly. In what has been called the biggest leak in NSA history, Snowden gave thousands of classified internal documents to UK journalist Glenn Greenwald of The Guardian, and US documentary filmmaker Laura Poitras in early 2013. The Guardian began publishing them as a series of detailed disclosures by an “unknown American whistleblower” on June 6. According to The Guardian, which revealed Snowdon’s identity at his request on June 10, 2013, he is a surprisingly young 29-year-old former employee of the CIA, as well as NSA contractors Dell Inc. and Booz Allen Hamilton. His stated motive was “to inform the public as to that which is done in their name and that which is done against them“.
The documents revealed the massive extent of the NSA’s foreign and domestic surveillance practices, such as the PRISM program, as well as an indication of the extent of its strategic partnership with the similar agencies in other countries. In particular, the close strategic alliance, dating back to the Second World War, between the “Five Eyes,” which includes the US National Security Agency (NSA), the UK Government Communications Headquarters (GCHQ), the Communications Security Establishment of Canadian (CSEC), the Australian Signals Directorate (ASD), and New Zealand’s Government Communications Security Bureau (GCSB). Cooperation between these partners, also collectively known as AUSCANNZUKUS, is said to facilitate the sharing of foreign communications intelligence, generally subject to caveats and arrangements. Closest to home, the revelations included documents showing that Canada’s CSEC had been intercepting communications of Brazil’s Ministry of Mines and Energy1.
Global Response
In apparent response to the revelations, Brazil and Germany presented a draft resolution to the United Nations (“UN”) General Assembly titled, “The Right to Privacy in the Digital Age” on Thursday, October 24, 20132. While introducing the resolution, German Ambassador Peter Witting asked, “where do we draw the line between legitimate security concerns and the individual right to privacy?”
The resolution calls on all member states to respect and protect the human rights and freedoms contained in the Universal Declaration of Human Rights and other relevant treaties, including the International Covenant on Civil and Political Rights in the context of digital communication. It also calls on states to take measures to prevent and end any violations of those rights by ensuring that national practices, procedures and legislation related to communications surveillance comply with obligations under international human rights law; as well as to establish independent oversight mechanisms to ensure transparency and accountability of state surveillance.
The resolution was later supported through an open letter to the General Assembly by five international human rights and privacy groups, including the Electronic Frontier Foundation, Privacy International, Human Rights Watch, Amnesty International and Access on November 20. According to the Guardian, a final version of the draft resolution was completed following a week of negotiation on November 22, and was adopted through a unanimous vote in favour of the resolution by the UN Human Rights Committee on November 26. It is expected to be passed by the General Assembly in December. While resolutions are generally not legally binding on member states, they carry political weight and can influence the direction of state laws.
Interestingly, a Report on the Promotion and Protection of the Right to Freedom of Opinion and Expression was recently submitted to the United Nations Human Rights Council during its twenty-third session on April 17, 2013 by Special Rapporteur Frank La Rue. The report was commissioned through a Resolution (16/4) adopted by the Human Rights Council in its 16th session on March 24, 2011. The Report analyzes the implications of States’ surveillance of communications for the exercise of human rights to privacy and freedom of opinion and expression, and highlights the need to revise national laws regulating new surveillance methods in line with human rights practices.
Closer to Home
Closer to home, it no longer comes as a surprise that issues surrounding communications surveillance also have a significant Canadian component. The Communications Security Establishment of Canada (CSEC) is the agency responsible for collecting foreign intelligence signals and protecting the Canadian government’s computer systems. According to CSEC’s website, “The Government of Canada believes that intelligence is the foundation of our nation’s ability to provide for the security of Canada and Canadians.”
CSEC’s mandate comes from the Anti-terrorism Act, which amended the National Defence Act (NDA). Since the Act came into force in 2001, CSEC has enhanced its intelligence collection capabilities through substantial capital investments and hiring. The resources that the Canadian Government has committed to this agency are evident in CSEC’s new $880 Million facility, nicknamed “Camelot”, which is currently under construction and scheduled for completion in 2015-20163.
In fulfilling its role, CSEC also has close relationships with a number of Canadian partners, such as the Canadian Security Intelligence Service (CSIS), the Department of National Defence (DND), Foreign Affairs and International Trade (DFAIT), Public Safety Canada (PS), the Royal Canadian Mounted Police (RCMP), the Canada Border Service Agency (CBSA), and the Financial Transactions and Reports Analysis Centre (FINTRAC).
A surprising number of recent events in Canada have brought increasing focus on our intelligence agencies in relation to communications surveillance. These events are outlined below:
- The first event occurred on June 10, 2013, when the Globe and Mail reported that CSEC had a metadata surveillance program, which had been approved in 2005 by the Liberal government, and later renewed through a ministerial directive from then Defence Minister Peter MacKay in 2011, which may or may not have been halted for several years. The full extent of the metadata program is unknown4.
- Next, on July 31, the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC) at the University of Ottawa’s Faculty of Law, joined 120 civil society group around the world to endorse a set of International Principles on the Application of Human Rights to Communications Surveillance.
- On August 22, the Communications Security Establishment Commissioner released his 2012-2013 Annual Report, in which he found no concerns with most of the CSEC activities reviewed. He noted however, that “a small number of records suggested the possibility that some activities may have been directed at Canadians, contrary to law. A number of CSEC records relating to these activities were unclear or incomplete. After in-depth and lengthy review, I was unable to reach a definitive conclusion about compliance or non-compliance with the law.“
- Soon after, on September 20, the 2012-2013 Annual Report of the Security Intelligence Review Committee (SIRC); the independent review body that reports to Parliament the operations of the Canadian Security Intelligence Service (CSIS); was presented to the Minister of Public Safety. In the report, it was noted that “the government’s decision to locate CSEC headquarters alongside CSIS headquarters is illustrative of a global trend in which the once-solitary worlds of Human Intelligence (HUMINT) and Signals Intelligence (SIGINT) have increasingly merged.” The report identified a potential risk related to the collaboration between CSIS and CSEC due to the erosion of control over information shared between the two agencies and their international allies.
- On October 22, the British Columbia Civil Liberties Association filed a lawsuit against the Attorney General of Canada claiming that claiming that its broad and unchecked surveillance of Canadians, and in particular of the collection, analysis, retention and use of Metadata pursuant to ministerial authorization under the NDA unjustifiably infringe s.8 and s. 2.(b) of the Canadian Charter of Rights and Freedoms (“Charter”).
- The Office of the Privacy Commissioner of Canada’s Audit of the Financial Transactions and Reports Analysis Centre of Canada was tabled in Parliament on October 24. The report concluded that, “in carrying out its analysis and disclosure functions, FINTRAC continues to receive and retain personal information not directly related to its mandate. Plans to enhance current controls, including front-end screening and ongoing monitoring of reports, have yet to be implemented. Until these controls are implemented, FINTRAC will be unable to provide assurance that its information holdings are relevant to its mandate and not excessive.”FINTRAC is conditionally authorized to collect and disclose designated information; such as personal financial information from reporting financial institutions; with other Canadian law enforcement and intelligence agencies, such as CSEC and CSIS under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).
- Finally, on November 9, Glenn Greenwald participated in a CBC Radio Day 6 interview in which he claimed that there were a large number complex documents outlining Canadian surveillance would be published. Greenwald named Canada one of the most active surveillance “agencies” in the world, stating that, “There are many, many, many more significant documents about Canadian surveillance and partnership with the NSA that will be reported and, I think, will be quite enlightening for the people of Canada.
Legal Framework
From a legal perspective, the framework surrounding global communication surveillance has become, whether intentionally or not, a complex and makeshift set of laws that are often unclear. A number of critics have noted that considerable gaps in these laws have emerged. According to Michael Geist, who is a well known law professor at the University of Ottawa, as well as an international columnist on internet law, “the problem is that surveillance technologies (including the ability to data mine massive amounts of information) have moved far beyond laws that were crafted for a much different world5” As a result, legislative and judicial oversight of communications surveillance, including audit and reporting requirements may now be insufficient in many jurisdictions.
The right to freedom of opinion, expression, association and privacy are recognized in the International Covenant on Civil and Political Rights and the Universal Declaration of Human Rights. Significant concerns have been raised that excessive surveillance of international communications can be highly intrusive and could violate these rights. It could also have a chilling effect on the journalists and human rights defenders conducting legitimate advocacy activities.
Technological advances and increased communication flow have made the global threat environment more complex however, and pose increasing challenges for law enforcement and intelligence agencies. And so, in determining whether or not laws related to communications surveillance are consistent with human rights obligations, it is important to balance these rights against national security and public safety concerns, which can justify proportional intrusions. The question is; how is this balance best accomplished?
Role of Private Industry
When considering the scope of this global debate, and the legal framework that surrounds it, it is important not to lose sight of the fact that private corporations, such as information technology companies, telecommunications providers and banks are playing an increasing role in communications surveillance.
Given the enormity of valuable and sensitive personal information that these corporations collect, it is not surprising that they are likely also some of the most significant targets for organized identity theft, or that they are often called upon to assist states in conducting surveillance. According to the Guardian, the NSA obtained varying degrees of access to the systems of US internet giants such as Google, Skype, Yahoo, Microsoft, Facebook, and Apple through its PRISM program.
A clear example of private industry’s participation in global communications surveillance came to light on, Thursday, November 14, when Microsoft announced the opening of a new state-of-the art Cybercrime Center in Redmond, Washington, expanding the facilities of their Digital Crime Unit. In their release, Microsoft announced that the center would bring together “key policymakers, academics, law enforcement officials and industry partners” to fight cybercrime, as highlighted in this video, which includes interviews with members of Interpol and other law enforcement agencies. You can also view Microsoft’s Public Safety & National Security page on the center by clicking here.
In his Report to the UN Human Rights Council, Special Rapporteur Frank La Rue specifically addressed the increasing role of the private sector in global communication surveillance, and highlighted the significant responsibility of corporate actors to protect the privacy and security of the data they collect. La Rue noted that;
“The private sector has also played a key role in facilitating state surveillance of individuals in a number of ways… In its simplest manifestation, this collaboration has taken the form of decisions on how corporate actors collect and process information, which allows them to become massive repositories of personal information that are then accessible to States upon demand.”
The issue of global communications surveillance is by no means a new one, but as technology expands the “game” is changing rapidly. Its recent explosion in global media as a result of the Snowdon revelations has brought it to the forefront of the world’s attention, no doubt blindsiding some of its key players.
Our next two posts in this series will explore the International and Canadian legal frameworks surrounding global communications surveillance, as well as the accountability mechanisms that have been recommended or are already in place surrounding them.
1http://www.theglobeandmail.com/
2http://news.yahoo.com/brazil-germany-debut-un-privacy-114623103.html
3http://www.cse-cst.gc.ca/home-accueil/accommodation-installation/index-eng.html & http://www.ottawacitizen.com/news/CSEC+spies+next+door/9172097/story.html & http://news.nationalpost.com/2012/10/08/canadian-spies-camelot-defence-hoping-to-attract-world-class-talent-with-880m-intelligence-complex/