Thursday, 14 September 2017

The Privacy International case in the IPT: respecting the right to privacy?



Matthew White, PhD candidate at Sheffield Hallam University.

Introduction

On 21 December 2016, the Grand Chamber (GC) of the Court of Justice of the European Union (CJEU) in Cases C-203/15 and C-698/15 Tele2 and Watson ruled that blanket indiscriminate data retention was incompatible with European Union (EU) law. With that judgment, Professor Lorna Woods highlighted that this did not mean that the CJEU’s interpretation of the requirements of the Charter of Fundamental Rights (CFR) was ‘limited only to this set of surveillance measures.’ Hence, on 9 September 2017, the Investigatory Powers Tribunal (IPT) in Privacy International v the Secretary of State for Foreign and Commonwealth Affairs and Others handed down a judgment regarding the lawfulness under EU law of the acquisition and use of Bulk Communications Data (BCD) under s.94 of the Telecommunications Act 1984 (TA 1984) [4], including a request to the CJEU to answer further questions on EU law. This blog post concerns itself not with the preliminary reference itself, but the underlying flawed logic of the IPT’s reasoning with regards to fundamental rights protection.

The IPT’s faulty premise plagues its judgement from the beginning

The IPT highlighted that the issue before them was the balance between steps taken by the State, through Security & Intelligence Agencies (SIAs) and to ‘protect its population against terror and threat to life against the protection of privacy of the individual’ [6]. The premise of the IPT is deeply flawed from the outset thus impacting upon its reasoning. Daniel Solove has highlighted that ‘protecting the privacy of the individual seems extravagant when weighed against the interests of society as a whole’ (Daniel Solove, (2009) Understanding Privacy, Harvard University Press, p89). When privacy is confined to individualistic notions (particularly of ‘bad guys’), the argument for the departure of its protection becomes easier to justify, no less when that justification is protecting an entire nation.

Privacy is not just an Individual Right

Many (including Solove) have argued that privacy has a common, public and/or social value (Priscilla M. Regan, Legislating Privacy, Technology, Social Values and Public Policy, The University of North Carolina Press, 1995; Kirsty Hughes, ‘The social value of privacy, the value of privacy to society and human rights discourse’ in Beate Roessler and Dorota Mokrosinska (eds), Social Dimensions of Privacy Interdisciplinary Perspectives (Cambridge University Press). Privacy is a prerequisite for liberal democracies because it sets limits on surveillance by acting as a shield for groups and individuals (Alan F. Westin, Privacy and Freedom, New York: Atheneum (1967), p24). It is also important in that, in terms of voter autonomy and its attraction of talented people to public office (Hughes, p228-229). Privacy is also important for social relations (ibid, p229), even more so in that privacy invasive technologies can affect social life more generally (Beate Roessler and Dorota Mokrosinska, p2). A failure to protect social relations, is a failure to protect the democratic state (Francesca Malloggi. “The Value of Privacy for Social Relationships.” Social Epistemology Review and Reply Collective 6, no. 2 (2017): 68-77, p70).

These Powers do NOT just affect Individuals

Another problem with the IPT’s premise is that to argue that such measures as BCD acquisition/use only affect an individual’s privacy is simply not true. It should be obvious by the very name and nature of the powers that they are not targeted on individuals (para 2.1), something which the Respondents in Privacy International even attested to [9(ii)]. The draft BCD Code of Practice under the Investigatory Powers Act 2016 (IPA 2016) notes that ‘if the requirements of this chapter are met then the acquisition of all communications data generated by a particular CSP (Communications Service Provider e.g. BT, Google, iCloud) could, in principle, be lawfully authorised’ (para 3.5). Thus, any suggestion that the issue at hand only concerns an individual is palpably false. As the Grand Chamber (GC) of the European Court of Human Rights (ECtHR) in S and Marper v United Kingdom noted that the:

[M]ere storing of data relating to the private life of an individual amounts to an interference within the meaning [of Article 8]…subsequent use of the stored information has no bearing on that finding [67]. 

Due to the nature of the BCD powers, to say they only affect the individual is to ignore the reality of such sweeping powers which constitute mass interference of a ‘substantial portion, or even all of the relevant population’ [256] and do have chilling effects on totally innocent people (Rozemarijn van der Hilst, (2009), ‘Human Rights Risks of Selected Detection Technologies Sample Uses by Governments of Selected Detection Technologies’ p20; German Forsa Institute, Meinungen der Bunderburger zur Vorratsdatanspeicherung, 28 May 2008). Just like blanket data retention, BCD acquisition/use would ‘relate to all communications effected by all users, without requiring any connection whatsoever with’ [180] national security. 

Article 8 is not limited to Privacy

As ‘private life’ in Article 8 of the European Convention on Human Rights (ECHR) is not susceptible to exhaustive definition [66], this means that the notion is much wider than that of privacy (p12). This encompasses a sphere within which every individual can freely develop and fulfil his personality, both in relation to others and with the outside world (ibid). Private life also includes one’s physical and psychological integrity [58], autonomy [ibid] as well as a right to a form of informational self-determination [137], physical, social [159] and ethnic identity [58], professional activities [29], a certain degree of anonymity [42] and the protection of personal data (S and Marper, [103]).

This does not even begin to consider how such concepts overlap (p10-11). Nor is Article 8 limited to private life, as ‘correspondence’ [44] and the potential for ‘home’ [41] and family life (p21) (even more so now under the new regime of the IPA 2016 in light of the Internet of Things etc) are equally important in the surveillance context. The measure ‘strikes at freedom of communication between users of the postal and telecommunication services [41] because we increasingly use the internet to ‘establish and support personal relationships, bank, shop, to gather the news, to decide where to go on holiday, to concerts, museums or football matches. Some use it for education and for religious observance – checking the times and dates of festivals or details of dietary rules.’ Very few aspects of our lives are untouched by the internet (Paul Bernal, ‘Data gathering, surveillance and human rights: recasting the debate’ (2016) Journal of Cyber Policy, 1:2 243, p247).

Correspondence becomes particularly important when it affects legal professional privilege (LPP) and journalistic sources. This was a criticism of data retention laws in that it did not provide any exceptions for professional secrecy (Tele2 and Watson, [105]). The ECtHR in Kopp v Switzerland noted that Swiss law violated Article 8 because it provided ‘no guidance on how authorities should distinguish between protected and unprotected attorney-client communications’ [73-75]. BCD acquisition/use suffers from the same drawbacks.  

Thus, when the IPT refers merely to individual privacy, it does so without acknowledging the breadth and multifaceted nature of Article 8, or how surveillance measures impact on them in various ways, which limits their ability to give a thorough assessment resulting in a possible divergence from the ECtHR.

Confining the discussion to Privacy foregoes the broader context of Fundamental Rights Protection

[i]t is hard to imagine, for example, being able to enjoy freedom of expression, freedom of association, or freedom of religion without an accompanying right to privacy (Benjamin J. Goold, ‘Surveillance and the Political Value of Privacy’ (2009) 1:4 Amsterdam Law Forum 3, p4).

When Article 8 is confined to the narrow aspect of the privacy of a suspected terrorist, not only does it overlook the breadth of Article 8 (mentioned above) but it does not even entertain other fundamental rights that might be at stake. This is also a view the then Independent Reviewer of terrorism legislation, David Anderson acknowledged (para 2.12) and Paul Bernal (Paul Bernal). The CJEU were also aware of this to some degree in Tele2 and Watson where they noted that the data retention could have an effect on the use of means of electronic communication and, consequently, on the exercise by the users thereof of their freedom of expression, guaranteed in Article 11 of the CFR [101], which is essentially equivalent to Article 10 ECHR.

Article 10 ECHR: Freedom of Expression

Article 10 applies to communications via the internet [34] (in French), regardless of the message conveyed [55] and irrespective of its nature [47]. The ECtHR regards freedom of expression as constituting ‘one of the essential foundations of a democratic society and one of the basic conditions for its progress and for each individual’s self-fulfilment [100]. Not only does this highlight freedom of expressions value to democracy, it highlights one of the various ways in which Article 10 interplays with Article 8 i.e. self-development [117].

Another way in which Articles 10 and 8 interlink is that of anonymity, where Lord Neuberger noted that in the context of anonymous speech, Article 8 reinforces Article 10 (para 25). Within that context, Neuberger continued that Article 8 rights are of fundamental importance (ibid, para 42). Political reporting and investigative journalism attract a high level of protection under Article 10 [129]. The then Special Rapporteur for the United Nations of freedom of expression, Frank La Rue highlighted that that restrictions on anonymity can have a chilling effect, which dissuades the free expression of information and ideas (para 49).

Article 9 ECHR: Freedom of Religion, Thought and Conscience

Like Article 10, Article 9 is regarded as one of the foundations of a democracy [34]. Article 9 entails the freedom to manifest one’s religion can be done in public or in private [78]. It also includes the absolute and unconditional right to hold a belief [ibid, 79]. The right to manifest one’s belief has a negative aspect, in that an individual has a ‘right not to be obliged to disclose his or her religion or beliefs and not to be obliged to act in such a way that it is possible to conclude that he or she holds’ [41]. BCD acquisition/use makes this entirely possible (para 1.1), causing a notable chilling effect.

Article 11 ECHR: Freedom of Association/Assembly

The GC of the ECtHR has referred to freedom of assembly, like Article 9 and 10 as one of the foundations of a democratic society [91]. Similarly, freedom of association is of utmost importance because it ‘enables individuals to protect their rights and interests in alliance with others’ (p4). The Steering Committee on Media and Information Society (Sterling Committee) in their to human rights for Internet users when referring to Article 11 noted that users have ‘the right to peacefully assemble and associate with others using the Internet’ (para 61). Just as noted above with other Convention Rights, surveillance has harmful effects on freedom of association (see also Valerie Aston, ‘State surveillance of protest and the rights to privacy and freedom of assembly: a comparison of judicial and protester perspectives’ (2017) EJLT 8:1).

The enjoyments of the rights contained in Articles 9-11, which are foundations for democracy (especially online) are underpinned by Article 8.

How the premise impacts upon the IPT’s reasoning

Given the above mentioned, it is important to discuss how the lack of consideration for the potential effects on other fundamental rights affects the IPT’s reasoning.

It’s not all about Utility

The IPT discussed the evidence for supporting BCD acquisition/use, ranging from Anderson’s report, the case studies within them, Mi5 witness statements (Privacy International, [11-17]). The IPT makes reference to the critical value of BCD acquisition/use and the need for the haystack, in order to find the needle. A quick counter to the second point is ‘[i]f you’re looking for a needle in a haystack, how does it help to add hay?’ The problem with the needle in the haystack argument is that it could be used to justify any amounts of data to be stored/used, even all that is available.

Furthermore, this part of the judgement concerns what the IPT considers to be ‘The Facts’ yet on closer examination, not everything highlighted by the IPT are facts. For example, the IPT refers to the Respondents’ witnesses speaking persuasively and refers to an Mi5 witness. If the IPT were to regard witness statements as facts, then for example, Bruce Schneier’s, or former National Security Agency (NSA) official William Binney’s denunciation of mass surveillance should be given equal weight. There is no suggestion that this is what was (or should have been) presented before the IPT, but it highlights the weight given to opinions by the IPT. Discussing only the evidence of the Respondent also demonstrates the problematic information asymmetry in the surveillance context where:

[I]nformation asymmetrification provides a foundation on which the existence of elites is built and possibilities of strengthening that asymmetry will be enthusiastically sought (Geoffrey Lightfoot and Tomasz Piotr Wisniewski, ‘Information asymmetry and power in a surveillance society’ (2014) Information and Organization 24 214–235, p230).

Regarding the first point, the value of a measure does not necessarily make it necessary [48]. The IPT considers that although BCD acquisition/use is essential, this does not completely resolve the question of proportionality (Privacy International, [16]). Lord Kerr in his dissenting opinion in Beghal v DPP quite rightly noted that ‘powers which can be used in an arbitrary or discriminatory way are not transformed to a condition of legality simply because they are of proven utility’ [93]. Although the IPT did find s.94 not to be compliant with Article 8 prior to its avowal, this follows a trend of watering down the prescribed by/in accordance with law requirements noted in Kennedy v United Kingdom in where for the IPT, honesty appears to be synonymous with legality.

Moreover, the supporting evidence for BCD acquisition/use does not refer to what type of communications data was used, how it was used, or why it was key. The IPT noted that nothing in the evidence they examined contradicts what was set out in paragraphs 11-16. This is problematic for two reasons, if the IPT only considered evidence from the Respondent, then it would make sense that there is less likelihood that evidence presented would contradict arguments put forward, and thus becomes a one-sided argument. Secondly, as Bruce Schneier noted ‘no method of surveillance or inquiry will ever stop a lone gunman.’ Although, the murder of Fusilier Lee Rigby involved two assailants, the Intelligence and Security Committee (ISC) noted that Mi5 ‘put significant effort into investigating [Michael Adebolajo] and employed a broad range of intrusive techniques. None of these revealed any evidence of attack planning.’ What this demonstrates is the contrary view that all the surveillance in the world did not prevent individuals ‘such as the Fort Hood shooter, or Anders Behring Breivik, or the Charlie Hebdo attackers.’ Therefore, the IPT draws attention to its obscured view given that it has inquisitorial powers (s.68(2)(b) of the Regulation of Investigatory Powers Act 2000 (RIPA 2000)) and could have sought information regarding counter arguments.

No Genuine Intrusion?

When the IPT discussed the operation of s.94 TA 1984, they noted that access to BCD is either targeted or more likely to involve electronic trawling of masses of data which are not ‘read’ to find the needle in the haystack (Privacy International, [19]). The IPT continues that a ‘miniscule quantity of the data trawled is ever examined. There is thus no genuine intrusion to any save that miniscule proportion’ (ibid). This reasoning of the IPT is almost as if the UK exists in a vacuum when it comes to the findings of the GC in S and Marper. The IPT’s reasoning is that only when communications data is accessed/examined, then follows genuine intrusion. This is why confining the issue to privacy proves problematic because the GC in S and Marper noted that the protection of personal data is of fundamental importance to the enjoyment of private and family life. This protection begins as soon as the data is processed and retained, thus marks the genesis of genuine intrusion, any subsequent use has no bearing on this. The IPT’s reasoning follows the sentient being argument which suggests that privacy is only interfered with when private data is read by an intelligence officer. Following this argument would lead to the logical conclusion of sowing the seeds of the total destruction of private life and data protection as surveillance becomes increasingly automated e.g. by analogy automatic number plate recognition (ANPR) [169-170], see also CJEU Opinion on PNR [121-132]. Using last century’s arguments (if one could even call it that) are not suitable today.

The IPT maintains the approach of significantly downplaying the severity of interference caused by storing and using communications data. The IPT had previously accepted a false analogy from the Respondent of equating GPS data (a particular type of communications data) with communications data in general to argue that it is not as serious as interception (Matthew White, ‘Protection by Judicial Oversight, or an Oversight in Protection?’ (2017) Journal of Information Rights, Policy and Practice 2:1, p9). This was argued that when giving weight to this position:

[I]t did so by considering a case of an isolated specific type of data, which cannot be used to justify an argument that interference is less severe whilst ignoring the cumulative total of the different types of communications data (ibid).

Malte Spitz of the German Green party published data that was retained under Germany’s data retention laws in which Zeit Online created an interactive map detailing Spitz’s movements. Biermann continued that this data revealed:

[W]hen Spitz walked down the street, when he took a train, when he was in an airplane. It shows where he was in the cities he visited. It shows when he worked and when he slept, when he could be reached by phone and when was unavailable. It shows when he preferred to talk on his phone and when he preferred to send a text message. It shows which beer gardens he liked to visit in his free time. All in all, it reveals an entire life.

Advocate General (AG) Saugmandsgaard Øe in Tele2 and Watson noted that that in the individual context a general data retention obligation would facilitate equally serious interference as targeted surveillance measures, including those which intercept the content of communications [254]. AG Saugmandsgaard Øe continued that the risks associated with access to communications data ‘may be as great or even greater than those arising from access to the content of communications’ [259]. For example, replying to an email saying ‘lmao’ my not reveal much to an observer, but the observer could learn what email address the message was sent from and to, the time and date that message was sent, the location of when it was sent, what browser was being used and what device was being used etc. This simple analogy demonstrates why yet again the IPT are incorrect to downplay the revealing nature of communications data given that people get killed based on it. This seriousness only intensifies when the acquisition/use is in bulk.

Powerful Submissions?

The IPT highlighted the powerful submissions (hence very persuasive (Privacy International, [51])) made by the Respondent:

The use of bulk acquisition and automated processing produces less intrusion than other means of obtaining information.
The balance between privacy and the protection of public safety is not and should not be equal. Privacy is important and abuse must be avoided by proper safeguards, but protection of the public is preeminent.
The existence of intrusion as a result of electronic searching must not be overstated, and indeed must be understood to be minimal.
There is no evidence of inhibition upon, or discouragement of, the lawful use of telephonic communication. Indeed the reverse is the case.
Requirements or safeguards are necessary but must not, as the Respondents put it, eviscerate or cripple public protection, particularly at a time of high threat [50].

It is important to deal with these points individually (some of which are already dealt with above).

The Respondents maintain that BCD acquisition/use is less intrusive than other methods of gathering information without explaining what other methods are more intrusive or why and why this is the least restrictive measure to obtain the objective [260].

As noted above, this is not just an issue of narrow privacy, but an issue of other applicable fundamental rights protected by the ECHR. The premise of the balance between privacy and public safety i.e. security is a miscast (Paul Bernal, p244), misleading (ibid) and false (see here, here and here) one to begin with. It ignores factors that demands for security can actually reduce security therefore, safety (Paul Bernal, p224; Harold Abelson et al, Keys under doormats: mandating insecurity by requiring government access to all data and communications. Journal of Cybersecurity, 2015, 1–11, p5) and otherwise prove ineffectual (see here and here). It also suggests that privacy should always be on the back foot when the issue concerns the protection of the public, when the irony is that it’s the publics’ data that is being acquired and used (see social dimension of privacy above which protects against utilitarian calculation of majoritarian societal interests and/or political whims (Kirsty Hughes, p 227)). It also assumes that when Convention Rights are a stake, the only question that needs to be answered is whether the appropriate balance has been struck, forgoing legality and necessity.

These types of arguments would seemingly fall into the narrow nothing-to-hide-like argument that looks for singular type of injury, be it some grave physical violence, a loss of substantial money or something severely embarrassing (Daniel Solove. Nothing to Hide: The False Tradeoff between Privacy and Security (2011). Yale University Press, p29). This of course also ignores both European Courts on the severity of the mere storage of data interfering with private/family life/freedom of expression/association [107] and data protection.

Contrary to what the Respondents assert, there is evidence for chilling effects due to surveillance measures, some highlighted above. Moreover, assessing chilling effects should not just be measured by inhibitions, but actual methods of protecting online activity. There was An increase in Virtual Private Network (VPN) (this essentially aims hide online activity) subscriptions in Australia when their national data retention laws came into force and in the UK when the IPA 2016 and Digital Economy Act 2017 (DEA 2017) were in passing. Or by the increasing the use of ad blockers, which 11 million devices in the UK now have. As Edward Snowden revealed ‘government surveillance efforts are sometimes bolstered by online advertising practices.’ Moreover, Solove contends that the value of protecting against chilling effects is not measured simply by its effects on individuals exercising their rights, but its harms to society because among other things ‘they reduce the range of viewpoints expressed and the degree of freedom with which to engage in political activity’ (Daniel J. Solove, ‘’I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy’ (2007) San Diego Law Review 44 745, p746). It is true that the uptake in technology has increased e.g. smartphones but this does not necessarily disprove the idea of chilling effects etc. This is due to ignoring the fact that many may not be fully aware of what information is being collected (Sandra Braman, 2006, Tactical memory: The politics of openness in the construction of memory Sandra Braman. First Monday, 11(7); Connor Sheridan, (2016) "Foucault, Power and the Modern Panopticon". Senior Theses, Trinity College, Hartford, CT 2016. Trinity College Digital Repository, p48; Majority of Brits Unaware of Online Surveillance) where awareness leaves open the possibility of resistance (Andrew Roberts, Privacy, Data Retention and Domination: Digital Rights Ireland Ltd v Minister for Communications, (2015) 78(3) MLR 522–548, p545). This resistance could be not using the technology, to finding ways to circumvent surveillance law (self-regulatory), protests (Hintz, A. & Dencik, L. (2016). The politics of surveillance policy: UK regulatory dynamics after Snowden. Internet Policy Review, 5(3), p8) (political), or legal action all designed to protect fundamental rights.

This is the ‘the ends justify the means’ justification. Not every interference or derogation from the principle of protection of fundamental rights are necessary in a democratic society.

Prior Authorisation
The IPT noted that Secretary of State authorisations complied with the ECHR for reasons set out in a prior judgment. The IPT were of the opinion that the ECtHR in Szabo & Vissy v Hungary were not recommending any new safeguards because Hungarian law fell below even existing principles [60]. This of course does not consider cases such as Dumitru Popescu v Romania [71-73], Iordachi and Others v Moldova [40], and Uzun v Germany [72] all endorsing the view that the body issuing authorisations for interception should be independent and that there must be either judicial control or control by an independent body over the issuing body's activity.

So, when the ECtHR in Szabo endorses the view in Iordachi that ‘control by an independent body, normally a judge with special expertise, should be the rule and substitute solutions the exception, warranting close scrutiny’ [77] it is difficult to suggest the ECtHR in Szabo were not strongly advocating for prior judicial control (Matthew White, p15). The ECtHR did acknowledge that post factum oversight may counterbalance the short comings of initial oversight (referring to the IPT in Kennedy) (Szabo, [77]). However, it has already been argued that this counterbalance is not adequate (Matthew White, p14-16).

Notification

According to the IPT, a requirement of notification is inadequate in the circumstances of national security because (a) national security is ongoing and (b) it relates to further operations and methodologies (Privacy International, [62]). The IPT also noted that this is not required for compliance with the ECHR [63]. This, however, overlooks Association for European Integration and Human Rights and Ekimdzhiev v Bulgaria where the ECtHR found violations of Article 8 and 13 (effective remedy) for among other things, a lack of a notification procedure [94] and [103]. Yet Ekimdzhiev concerned national security and the ECtHR even referred to the notification in the national security context in Germany for both individual (Klass v Germany, [11] and general surveillance measures (Weber and Saravia v Germany, [51-54] and in Leander v Sweden [31]). This is permissible due to the ECtHR establishing the principle that:

[A]s soon as notification can be made without jeopardising the purpose of the surveillance after its termination, information should be provided to the persons concerned (Ekimdzhiev, [90]).

This establishes that to the ECtHR’s mind, notification in the national security context is not inappropriate or inadequate considering this has been the practice of Germany for decades. Furthermore, the ECtHR acknowledge that it would not be desirable in all circumstances to notify, therefore leaving that possibility open whereas the IPT would prefer it kept shut. Also, in the national security context, the GC of the ECtHR in Roman Zakharov v Russia noted that notification was inextricably linked ‘to the effectiveness of remedies before the courts and hence to the existence of effective safeguards against the abuse of monitoring powers’ [234]. A point in which Paul de Hert and Franziska Boehm share.

Although the GC referred to the alternative to notification of the UK system i.e. the IPT jurisdiction (Roman Zakharov, [234]), de Hert and Boehm have questioned whether Kennedy ‘is capable of responding to the challenges arising out of the use of new surveillance techniques’ (Franziska Boehm and Paul de Hert, The rights of notification after surveillance is over: ready for recognition? (Yearbook of the Digital Enlightenment Forum, IOS Press 2012), pp. 19-39, p37). Boehm and de Hert continue that in light of powers such as data retention and ‘fishing expeditions’ that target a greater number of people without suspicion, a notification duty appears to be an effective tool to prevent abuse (ibid, p37-8). Finally, Boehm and de Hert note that the Belgian Constitutional Court has now adopted the notification principle as a requirement to comply with Article 8 (ibid, p38). The IPT highlights difficulties with the notification of BCD acquisition/use as to whether notification should be to everyone whose data is in the database, those subject to an electronic search or all those who feature in data in targeted access (Privacy International, [64])? Accepting this premise would accept the powers that are exercised to begin with, which is at the heart of this issue.

Conclusions: Be careful what you wish for

Ultimately, the IPT referred the question as to whether the Tele2 and Watson requirements apply in the national security context to the CJEU (ibid, [72]). This blog post has argued that much of the IPT’s reasoning with regards to fundamental rights protection is lacking. By confining itself to a restrictive notion of individual privacy of a person of interest, the IPT blinds itself to the broader notions of Article 8 and the other fundamental rights it underpins. Some aspects of the IPT’s reasoning (and Respondent’s arguments) is not even consistent with the very human rights system (ECHR) the Respondents are seeking to rely upon. The ECtHR have firmly noted that:

Given the technological advances since the Klass and Others case, the potential interferences with email, mobile phone and Internet services as well as those of mass surveillance attract the Convention protection of private life even more acutely (Szabo, [53]).

The GC in Roman Zakharov found that Russian law to be in violation of Article 8 because interferences with privacy rights were ordered ‘haphazardly, irregularly or without due and proper consideration’ (Roman Zakharov, [267]) in the national security context. Judge Pinto de Albuquerque noted that Roman Zakharov was a rebuke of ‘strategic surveillance’ (Szabo, Concurring Opinion of Judge Pinto de Albuquerque, [35]) which would accord a previous concurring opinion of judge Pettiti in which surveillance should not be used for ‘fishing’ exercises to bring in information (Kopp). If as the IPT say that a ‘miniscule quantity of the data trawled is ever examined’ how would this square with the position of ‘[t]he automatic storage for six months of clearly irrelevant data cannot be considered justified under Article 8’ (Roman Zakharov, [255])? Time will tell if the ECtHR follows this trend in Big Brother Watch and Others v UK, Bureau of Investigative Journalism and Alice Ross v UK and 10 Human Rights Organisations v UK. Therefore, the IPT should not convince itself of the ‘illusory conviction that global surveillance is the deus ex machina capable of combating the scourge of global terrorism’ (Szabo, Concurring Opinion of Judge Pinto de Albuquerque, [20]). Surveillance has never just been an issue of privacy, or private life or else the ECtHR would never have uttered its awareness:

[O]f the danger such a law poses of undermining or even destroying democracy on the ground of defending it, affirms that the Contracting States may not, in the name of the struggle against espionage and terrorism, adopt whatever measures they deem appropriate (Klass, [49]).

Barnard & Peers: chapter 9

Photo credit: Pixabay

No comments:

Post a Comment