Back to News & Commentary

European Court Ruling Could Recognize Mass Surveillance Violates Human Rights

Server Wires
Server Wires
Ailidh Callander,
Privacy International
Share This Page
November 14, 2017

The European Court of Human Rights last week held a hearing in a challenge to the United Kingdom’s mass surveillance practices, brought by the ACLU, Privacy International, Liberty, and seven other human rights organizations from around the world.

The case challenges practices, revealed by Edward Snowden, that breach the rights to privacy and freedom of expression, which are guaranteed not only under U.S. domestic law, but also under international human rights law.

The European Court of Human Rights is a critical component of the international human rights system. The court enforces the European Convention on Human Rights, a treaty ratified by 47 nations, including the United Kingdom. Its judgments are legally binding, and its jurisprudence helps shape the interpretation of human rights laws around the world — including those that bind the United States.

Our case, the first before the court to directly challenge surveillance on the scale revealed by the Snowden disclosures, calls upon the court to articulate how human rights standards apply to modern state surveillance capabilities in an age of digital communication.

What does the case challenge?

The case before the court challenges the U.K. government’s bulk interception of internet traffic transiting through undersea fiber optic cables landing in the U.K., as well as its access to communications and data intercepted in bulk by the intelligence services of other countries, such as the NSA. The case also seeks to shed light on the secret information-sharing agreements governing the British government’s access to these troves of NSA-collected data — and vice versa.

The NSA’s bulk collection has included, for example, its recordings of every single cellphone call into, out of, and within at least two countries; its collection of hundreds of millions of contact lists and address books from personal email and instant-messaging accounts; and its surreptitious interception of data from Google and Yahoo user accounts as that information travelled between those companies’ data centers located abroad.

The U.K. government’s mass surveillance program bears some similarities to the U.S. government’s “Upstream” surveillance, which is the subject of a separate challenge by the ACLU. The U.K. government intercepts internet traffic by attaching probes to undersea fiber optic cables. The probes permit the intelligence agencies to extract the traffic, which is then filtered according to “selectors” or “search criteria”. The full scope of permissible selectors and search criteria is unknown, and there is no meaningful regulation or oversight of their use. This intercepted information is then stored in databases, which analysts can query, comb through, or call up to examine in more detail.

The U.K. and U.S also grant each other broad access to the intelligence they gather. The NSA, for example, has access to the internet traffic that the U.K. government intercepts from the undersea fiber optic cables. The U.K. Government Communications Headquarters (GCHQ), in turn, has access to a database containing the content and metadata of hundreds of millions of text messages collected by the NSA. The U.S. and U.K. governments also both have access to a network of servers storing information acquired under various programs operated by their respective intelligence agencies.

How do these practices breach human rights?

These mass surveillance practices breach the European Convention on Human Rights, which recognizes the rights to privacy and freedom of expression. The convention states that any state interference with these rights must be in accordance with law, and be necessary and proportionate.

The “in accordance with law” requirement stipulates a series of safeguards that a state should adopt to avoid abuses of power where the state conducts surveillance. These safeguards include an individualized suspicion of wrongdoing, which is inherently in tension with a mass surveillance program; prior judicial authorization; and notification to those whose information has been intercepted.

The U.K. government’s mass surveillance practices fail to meet the “in accordance with law” requirement, both because the legal framework is so opaque and because that framework lacks any of the safeguards outlined above.

With respect to the “necessity” requirement, the court has indicated that given “the potential of cutting-edge surveillance technologies to invade citizens’ privacy”:

“A measure of secret surveillance can be found as being in compliance with the Convention only if it is strictly necessary, as a general consideration, for the safeguarding the democratic institutions and, moreover, if it is strictly necessary, as a particular consideration, for the obtaining of vital intelligence in an individual operation.”

Finally, the principle of proportionality requires that the interference with privacy be proportionate to the aim pursued by the government and that the government has no less restrictive means of pursuing its aim. Yet bulk surveillance, by its very nature, is not proportionate as it interferes with the privacy of millions of people. And the legal framework governing bulk interception does not require the British government to demonstrate why the information sought cannot be obtained by less intrusive means.

What are the implications of the court’s decision in this case?

The European Court of Human Rights has jurisdiction over 47 member states. The judgment in this case will therefore have significant implications for the legality of surveillance programs conducted in each of those countries. It will be binding on the United Kingdom and provide guidance to the other member states in evaluating the compliance of their own surveillance programs with the convention.

Moreover, as one of the first direct challenges to mass surveillance within the international human rights framework, the judgment will also influence the interpretation of other international human rights instruments, such as the International Covenant on Civil and Political Rights, which the U.S. ratified in 1992. A determination that U.K. mass surveillance programs are incompatible with human rights will send a clear message that comparable surveillance programs in other parts of the world, such as those conducted by the NSA, are also fundamentally incompatible with human rights.

More broadly speaking, the case highlights that all persons are entitled to the rights to privacy and freedom of expression by virtue of our common humanity. It is only because the European Convention on Human Rights speaks this universal language that an American organization like the ACLU was able to bring this case before the U.K. courts and eventually before the European Court of Human Rights.

This universal language of human rights is particularly suited to a context where digital communications can be sent, routed, and stored across the world from their point of origin. Just as Americans should be concerned about the U.K. and other states capturing their private data, this case should prompt global consideration for how U.S. surveillance programs violate the rights of millions of people around the world.

Ailidh Callander and Scarlet Kim are lawyers at Privacy International.

Learn More About the Issues on This Page