UN High Commissioner: Mass Surveillance Violates International Law … And Snowden Should NOT Be Prosecuted

From the article:

The U.N. High Commissioner on Human Rights – Navi Pillay – also said this week that Snowden should not be prosecuted:

Those who disclose human rights violations should be protected. We need them. And I see some of it here in the case of Snowden, because his revelations go to the core of what we are saying about the need for transparency, the need for consultation of all, as what we say, ‘multi-stakeholders,’ everybody concerned. So we do owe it to him for drawing our attention to this issue.

UN High Commissioner: Mass Surveillance Violates International Law … and Snowden Should NOT Be Prosecuted (Washington’s Blog, July 19, 2014):

Mass Surveillance Violates U.S. Law

Despite the fancy footwork of government lawyers, mass surveillance undoubtedly violates the U.S. Constitution.   See this, this and this.

After all:


  • When these judges raised concerns about NSA spying, the Justice Department completely ignored them

Indeed, the NSA itself admitted that similar surveillance which it conducted in the 1970s was probably illegal:

During the Vietnam war, the NSA spied on two prominent politicians – Senators Frank Church and Howard Baker – as well as critics of government policy Muhammad Ali, Martin Luther King, and a Washington Post humorist.

A recently declassified history written by the NSA itself called the effort “disreputable if not outright illegal.”

(And that’s just surveillance.  The NSA might also be involved in dirtier tricks.)

Mass Surveillance Violates International Law

The U.N high commissioner for human rights released a report this week saying that mass surveillance may violate international law.   EFF summarizes:

The report is issued in response to a resolution passed with unanimous approval by the United Nations General Assembly in November 2013. That resolution was introduced by Brazil and Germany and sponsored by 57 member states.


Forget The “Haystack”

The report issues a powerful condemnation of the “collect-it-all” justification that an infinitely large “haystack” of personal data must be accumulated in order to find the needles. The report points out that few “needles” that have been uncovered, and that in any event:

Mass or “bulk” surveillance programmes may thus be deemed to be arbitrary, even if they serve a legitimate aim and have been adopted on the basis of an accessible legal regime. In other words, it will not be enough that the measures are targeted to find certain needles in a haystack; the proper measure is the impact of the measures on the haystack, relative to the harm threatened; namely, whether the measure is necessary and proportionate.

The second part of that passage, emphasis added, is critical: it gives guidance that the proper measure of a mass surveillance program is not its effectiveness in a vacuum, but whether the surveillance is both necessary and proportionate.

Metadata Matters

EFF has long called for moving beyond the fallacy that information about communications is somehow inherently less privacy-sensitive than the communications themselves.


The report agrees, debunking the argument that “interception or collection of data about a communication, as opposed to the content of the communication, does not on its own constitute an interference with privacy.” It argues, “From the perspective of the right to privacy, this distinction is not persuasive” The aggregation of information commonly referred to as ‘metadata’ may give an insight into an individual’s behaviour, social relationships, private preferences and identity that go beyond even that conveyed by accessing the content of a private communication.”

Monitoring Equals Surveillance

Much of the expansive state surveillance revealed in the past year depends on confusion over whether actual “surveillance” has occurred and thus whether human rights obligations apply. Some suggest that if information is merely collected and kept but not looked at by humans, no privacy invasion has occurred. Others argue that computers analyzing all communications in real-time for key words and other selectors is not “surveillance” for purposes of triggering legal protections again, unless the analysis is by human eye.

[But the U.N.] report makes clear that:

“any capture of communications data is potentially an interference with privacy and, further, that the collection and retention of communications data amounts to an interference with privacy whether or not those data are subsequently consulted or used. Even the mere possibility of communications information being captured creates an interference with privacy, with a potential chilling effect on rights, including those to free expression and association.”

(Again, emphasis added.)

Mandatory Data Retention Is Unnecessary and Disproportionate

EFF has long held that government mandated data retention impacts millions of ordinary users, compromising the online anonymity that is crucial for whistle-blowers, investigative journalists, and others engaging in political speech.

The report calls data retention mandates unlawful, saying:

Mandatory third party data retention, a recurring feature of surveillance regimes in many States, where Governments require telephone companies and Internet service providers to store metadata about their customers’ communications and location for subsequent law enforcement and intelligence agency access appears neither necessary nor proportionate.”

Shut the Backdoor: Re-use of Data

As EFF has noted here,here and in the legal background to the 13 Principles , many national frameworks lack “use limitations,” allowing data collected for one legitimate aim, to be subsequently used for others.

The report also emphasized that point. The report explained that the absence of effective use limitations has been exacerbated since September 11, 2001, with the line between criminal justice and protection of national security blurring significantly. The resultant sharing of data between law enforcement agencies, intelligence bodies and other State organs risks violating Article 17 of the Covenant on Civil and Political Rights, because surveillance measures that may be necessary and proportionate for one legitimate aim may not be so for the purposes of another.

No Secret Law

EFF has long held that the basis and interpretation of surveillance powers must be on the public record, and that rigorous reporting and individual notification (with proper safeguards) must be required.


The report agreed:

Secret rules and secret interpretations even secret judicial interpretations of law do not have the necessary qualities of “law”. Neither do laws or rules that give the executive authorities, such as security and intelligence services, excessive discretion; the scope and manner of exercise of authoritative discretion granted must be indicated (in the law itself, or in binding, published guidelines) with reasonable clarity. A law that is accessible, but that does not have foreseeable effects, will not be adequate. The secret nature of specific surveillance powers brings with it a greater risk of arbitrary exercise of discretion which, in turn, demands greater precision in the rule governing the exercise of discretion, and additional oversight.

Human Rights Law Does Not Discriminate For “Foreigners”

This new report underscore the value that the UN places on “measures to ensure that any interference with the right to privacy complies with the principles of legality, proportionality and necessity regardless of the nationality or location of individuals whose communications are under direct surveillance.”

Again this position is supported by our previous submissions, available here and here and here. In the words of the report:

If a country seeks to assert jurisdiction over the data of private companies as a result of the incorporation of those companies in that country, then human rights protections must be extended to those whose privacy is being interfered with, whether in the country of incorporation or beyond. This holds whether or not such an exercise of jurisdiction is lawful in the first place, or in fact violates another State’s sovereignty.

We have seen precisely these questions raised, and not always answered satisfactorily, in cases like the demands to Twitter for information on Wikileaks supporters or Chevron’s demands for email data to Twitter, Google and Yahoo.

Right to an Effective Remedy and Notification

Quite impressively, the report lays out four characteristics that effective remedies for surveillance-related privacy violations must display. Those remedies must be “known and accessible to anyone with an arguable claim.”  This means that notice is critically important, and that people must be to challenge the legality of the surveillance program without having to prove that their particular communication was monitored or collected.

EFF has always said that the notification principle is essential in fighting illegal or overreaching surveillance. Individuals should be notified of authorization of communications surveillance with enough time and information to enable them to appeal the decision, except when doing so would endanger the investigation at issue.

The report continues, stressing the importance of a “prompt, thorough and impartial investigation”; a need for remedies to actually be “capable of ending ongoing violations”; and noting that “where human rights violations rise to the level of gross violations…as criminal prosecution will be required”.

No Tech Backdoors

EFF has said no law should impose security holes in our technology in order to facilitate surveillance. Diminishing the security of hundreds of millions of innocent people who rely on secure technologies in order to ensure surveillance capabilities against the very few bad guys is both overbroad and short-sighted.

The report supports that conclusion, stating that: “The enactment of statutory requirements for companies to make their networks “wiretap-ready” is a particular concern, not least because it creates an environment that facilitates sweeping surveillance measures.”

Company Complicity

Finally, the report addresses the issue of when companies should and should not assist states with technology or with access to user data—and what obligations those companies have when there is an overreach.

The Guiding Principles clarify that, where enterprises identify that they have caused or contributed to an adverse human rights impact, they have a responsibility to ensure remediation by providing remedy directly or cooperating with legitimate remedy processes.

The responsibility to respect human rights applies throughout a company’s global operations regardless of where its users are located, and exists independently of whether the State meets its own human rights obligations.


From the report:

International human rights law provides a clear and universal framework for the promotion and protection of the right to privacy, including in the context of domestic and extraterritorial surveillance, the interception of digital communications and the collection of personal data.

The U.N. High Commissioner on Human Rights – Navi Pillay – also said this week that Snowden should not be prosecuted:

Those who disclose human rights violations should be protected. We need them. And I see some of it here in the case of Snowden, because his revelations go to the core of what we are saying about the need for transparency, the need for consultation of all, as what we say, ‘multi-stakeholders,’ everybody concerned. So we do owe it to him for drawing our attention to this issue.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.