A Concrete Proposal to Enshrine the Necessary and Proportionate Principles
Thus Ending Mass Surveillance
Association for Proper Internet Governance

On 30 June 2014, pursuant to Resolution 68/167 of the United National General Assembly, the United Nations High Commissioner for Human Rights (HCHR) published a report on the protection and promotion of the right to privacy in the context of domestic and extraterritorial surveillance and/or the interception of digital communications and the collection of personal data, including on a mass scale.

The Association for Proper Internet Governance (APIG) thanks and commends the High Commissioner for this courageous, frank, objective, well reasoned and balanced report.

We note in particular that paragraph 14 of the report rightly confirms what was expressed by Dilma Rousseff, President of Brazil, in her 24 September 2013 speech at the UN General Assembly: In the absence of the right to privacy, there can be no true freedom of expression and opinion, and therefore no effective democracy.

We also notes that paragraph 26 of the report rightly states that mandatory third-party data retention appears neither necessary nor proportionate, thus confirming a recent ruling of the European Court of Justice.  Such data retention may not be consistent with human rights, unless strict limitations are placed on its use (see paragraph 27 of the report).

And we note that paragraphs 32 to 36 of the report convincingly demonstrate that states must respect the privacy of non-residents and non-nationals, contrary to what has been argued by the United States of America

We note that the forthcoming ITU Plenipotentiary Conference provides an excellent opportunity to transpose into binding treaty language the recommendations made in the High Commissioners report, and thus to confirm in clear and unambiguous language what is in fact already implied by international law. 

Specifically, Article 37 of the ITU Constitution covers the secrecy of telecommunications.  The current provisions appear to be too weak and should be strengthened.  Thus, states should agree to amend paragraph 2 of Article 37, and to add new paragraphs 3 and 4, as follows:

2 Nevertheless, they reserve the right to communicate such correspondence to the competent authorities in order to ensure the application of their national laws or the execution of international conventions to which they are parties.  However, any such communication shall take place only if it is held to be necessary and proportionate by an independent and impartial judge.

3 Member States shall respect the secrecy of telecommunications in accordance with both their own laws and the laws of the state of the originator of such correspondence.

4 Third parties shall not be required to retain telecommunications data or metadata.  However, end-users may be required to retain data and metadata for a reasonable period of time and be requested to produce it if ordered to do so by an independent and impartial judge.

The proposed new paragraph 4 recognizes that mandatory third-party data retention is neither necessary nor proportionate, and thus violates human rights, but that law enforcement authorities have a legimitate right to seek information in certain cases.  The approach proposed in the new paragraph 4 is the same as that used for tax compliance, compliance with accounting rules, etc.: the citizen is responsible to keep records and to produce them upon request; of course a citizen can refuse to produce the data, in particular if he or she knows that producing the data will incriminate him or her.  In the case of telecommunications data and metadata, users may well outsource the data retention task to their telecommunications supplier, but the data would remain under the exclusive control of the user, who would be responsible to respond to court orders for discolure.