January 10, 2014

Privacy and the NSA – the International Covenant on Civil and Political Rights

On a mailing list which I am following, someone suggested in relation to privacy and the NSA:

“There is probably already an international treaty or resolution at https://www.treaties.un.org dealing with privacy of communications. But, the NSA probably does not pay much attention, if they are even aware of these statements at all. NSA will, however, pay attention to the US Executive, US Courts and/or US Congress because these agencies have real power over it.”

Somehow the suggestion to check on an international privacy treaty seemed like an interesting challenge to me. It has been a very interesting exercise, even though I need to add the caveat that I am not a member of the legal profession, but only an interested lay person.

Summary (for those who don’t want to read my full and lengthy commentary):

There is such an international treaty, the ICCPR, it has been signed and ratified by the US Senate, but it does not create a law of the nation that can be independently executed, and Congress has not passed any enabling legislation. The US has already been notified by the UN HRC that this is not ok, and a review will take place in March 2014.

Full commentary below.
(Referenced URLs have been included at the bottom for better readability.)

The resolution on “The right to privacy in the digital age” that Brazil and Germany proposed and which the General Assembly adopted at the UN (1) was referring to such an international treaty dealing with privacy of communications, namely the International Covenant on Civil and Political Rights (ICCPR).(2)

It has been noted by the US Senate that

“The Covenant is part of the international community’s early efforts to give the full force of international law to the principles of human rights embodied in the Universal Declaration of Human Rights and the United Nations Charter. The Civil and Political Rights Covenant is rooted in western legal and ethical values. The rights guaranteed by the Covenant are similar to those guaranteed by the U.S. Constitution and the Bill of Rights.” (4.A)

Clearly, it is correct to say that the NSA does not have to directly pay attention to
such a treaty. However, through ratification in the US Congress, usually (in theory) such treaties become part of the law of the nation.

In such a case, the President, who is the Chief of the Executive Branch of Government, and who takes an oath of office to protect the Constitution (and the laws of the land), would need to tell his executive agencies, including the NSA, to follow the law created through
ratification of such a treaty and through follow-on enactment of national laws giving power to such treaty stipulations.

However, here comes the caveat. While the US did sign and ratify that treaty in 1992, they did also include a number of reservations, understandings, and declarations. (3)

The first of the declarations states:

“(1) That the United States declares that the provisions of Articles 1 through 27 of the Covenant are not self-executing.” (4)

As a clarification, the Senate added in its report on the deliberations:

“For reasons of prudence, we recommend including a declaration that the substantive provisions of the Covenant are not self-executing. The intent is to clarify that the Covenant will not create a private cause of action in U.S. courts. As was the case with the Torture Convention, existing U.S. law generally complies with the Covenant; hence, implementing legislation is not contemplated.” (4.A, page 20)

This means that the ratification does not create independent US law that could be pursued in a US Court, but only binds the US internationally. This interpretation has been upheld in Court (5, 6), but is being challenged by some constitutional scholars. (7)

According to the US Court of Appeals for the Sixth District:

“‘Courts in the United States are bound to give effect to international law and to international agreements, except that a ‘non-self-executing’ agreement will not be given effect as law in the absence of necessary authority.’ Restatement (Third) of Foreign Relations Law 111 (1987). Neither the American Declaration nor the International Covenant is self-executing, nor has Congress enacted implementing legislation for either agreement.” (6)

The general comment by the Human Rights Committee (1994) condemns this practice:

“Of particular concern are widely formulated reservations which essentially render ineffective all Covenant rights which would require any change in national law to ensure compliance with Covenant obligations. No real international rights or obligations have thus been accepted. And when there is an absence of provisions to ensure that Covenant rights may be sued on in domestic courts, and, further, a failure to allow individual complaints to be brought to the Committee under the first Optional Protocol, all the essential elements of the Covenant guarantees have been removed.” (8)

And in 2006, the Human Rights Committee concluded its remarks about the reports by the US government, and under section C. Principal subjects of concern and recommendations makes specific mention of the NSA:

“[..] the Committee is concerned that the State Party, including through the National Security Agency (NSA), has monitored and still monitors phone, email, and fax communications of individuals both within and outside the U.S., without any judicial or other independent oversight.” (9)

The HRC (2006) further recommends:

“The State party should review sections 213, 215 and 505 of the Patriot Act to ensure full compatibility with article 17 of the Covenant. The State party should ensure that any infringement on individual’s rights to privacy is strictly necessary and duly authorized by law, and that the rights of individuals to follow suit in this regard are respected.” (9)

A review meeting scheduled for the 109th session of the UN HRC in the second half of October 2013 has been postponed until March 2014 on request by the USA citing the government shutdown as a reason. (10, 11) The next review on 14 March 2014 could become interesting, having the NSA as a subject at sections 332ff of the US Report. (12)

In light of this, it appears to me that the US may perhaps be liable by international law to ensure the human and civil rights of its citizens and those of people from other nations. However, if any individual feels his/her rights may have been violated by the US executive (e.g. NSA), and presses charges in a US Court, such Court will refuse to make a
judgement, citing lack of jurisdiction under the circumstances of the ratification with the given reservations and declarations.

The only way out could be to challenge this interpretation in the Supreme Court. The Supreme Court of North Dakota in January 2004, however, has already upheld the interpretation of the “not self-executing” clause of the Senate ratification, summarizing a number
of appelate court cases. (13) The (federal) US Supreme Court has to my knowledge not yet made a judgement specifically on that particular clause in relation to the ICCPR.

What is known is an opinion of Chief Justice Marshall, writing in Foster v. Neilson, 27 U.S. 253, 314-15 (1829):

“Our constitution declares a treaty to be the law of the land. It is, consequently, to be regarded in courts of justice as equivalent to an act of the legislature, whenever it operates of itself without the aid of any legislative provision. But when the terms of the stipulation import a contract, when either of the parties engages to perform a
particular act, the treaty addresses itself to the political, not the judicial department, and the legislature must execute the contract before it can become a rule for the Court.” (14)

Perhaps we need to realize that laws and international treaties have entered a new era and we need to continuously challenge and advance human rights. I think this is the essence of the concluding remark by Harold Hongju Koh, legal adviser to the US Dept. of State, in his speech at Georgetown Law in October 2012:

“Make no mistake: this is not your grandfather’s international law, a Westphalian top-down process of treatymaking where international legal rules are negotiated at formal treaty conferences, to be handed down for domestic implementation in a top-down way. Instead, it is a classic tale of what I have long called “transnational legal process,” the dynamic interaction of private and public actors in a variety of national and international fora to generate norms and construct national and global interests. The story is neither simple nor static. Twenty-first century international lawmaking has become a swirling interactive process whereby norms get “uploaded” from one country into the international system, and then “downloaded” elsewhere into another country’s laws or even a private actor’s internal rules.” (15)

 

References:

  1. Draft of Resolution: “The right to privacy in the digital age”
  2. International Covenant on Civil and Political Rights (ICCPR)
    1. http://www.hrcr.org/docs/Civil&Political/intlcivpol.html
    2. https://treaties.un.org/doc/Publication/UNTS/Volume%20999/volume-999-I-14668-English.pdf
  3. Wikipedia entry:
  4. US Senate Ratification (and reservations):
    1. (search for treaty 95-20, 95th Congress)
    2. Background on US ratification:
  5. US Court of Appeals (First Circuit) judgement including a reference on non-self-execution of the treaty:
  6. US Court of Appeals (Sixth Circuit) notes (Footnote 134):
  7. Berkeley Law School: John C. Yoo, “Globalism and the Constitution: Treaties, Non-Self-Execution, and the Original Understanding, 99 Colum. L. Rev. 1955 (1999)”
  8. Human Rights Committee (1994) report (CCPR/C/21/Rev.1/Add.6):
  9. Human Rights Committee (2006) concluding observations (CCPR/C/USA/CO/3/Rev.1):
  10. Postponement of US review by UN HRC (2013)
  11. Agenda for the 110th session of the UN HRC
  12. US Report (CCPR/C/USA/4) to the 110th session of the UN HRC
  13. Supreme Court of North Dakota decision
  14. US Chief Justice Marshall’s opinion:
  15. Twenty-First Century International Lawmaking
July 30, 2013

NSA surveillance hurts U.S. businesses

For many years I have been a strong believer in the benefits of the technology powering our modern information society. I have advocated that the eco-system arising from the merger of computers and communications will ultimately help people in their socio-economic development. I have been a staunch supporter of triple-play (merger of IT, telecom and TV) and quadruple-play (IT, telco, TV and mobile) technologies, thinking that the more we can share information, the better it will be for us individually and for our society overall.

Uncle Sam Listens In

Original image by Jeff Schuler. Licensed under the Creative Commons Attribution 2.0 Generic license.

Surveillance changes everything

However, the revelations triggered by Edward Snowden over the past eight weeks about widespread snooping in on the electronic information we leave behind in this information-rich environment, the news about widespread spying by our own government agencies, and by those of friendly and not-so-friendly governments have made me re-examine my own assumptions and attitudes towards sharing my details with various commercial Internet services.

Turning away from U.S. products and services

Whereas before, I have not had a problem maintaining phone numbers, email addresses or my Skype name on Facebook, today I deleted those. Whereas before, I had no problem keeping my résumé and other personal files in my Google Drive, today, I deleted all files from the service. Whereas I am glad that Microsoft is offering me SkyDrive, today I have decided that I will refrain from using the service.

Next will be Apple’s iCloud, where my iPhone syncs a lot of personal things from me. From now on, I am working with a cloud service under my control. I stopped using Google Chrome today over concerns that I may be tracked more than I would like to be, and switched back to Mozilla’s Firefox browser, which is giving me more control over my privacy settings. As of this week, I am no longer using Microsoft Outlook and have changed to Mozilla’s Thunderbird, although Outlook has provided me with a very good user experience over the past decade or more. My Outlook Calendar is no longer, and the other calendar(s) which I used to sync with Yahoo and Gmail and iCloud is now going to be synced only with my cloud, using open source software under a free license.

Surveillance hurts business interests

This is what surveillance does to U.S. businesses. Customers like me will turn away from proprietary software, from commercial vendors, and increasingly will turn to free and open software. And if even I, who for over twenty years have been a strong supporter of all these technologies, if even I am starting to turn away from U.S. based providers, then it is clear that many others will do the same. And this will hurt U.S. business interests. And if U.S. businesses lose money, then also the U.S. as a whole will be hurt. I really feel sorry for the mostly U.S. based businesses, where many of my professional friends and colleagues work. I trust most people in these businesses are good people. I also trust that most of these businesses don’t want to share my personal data with anyone. However, the current situation with secret laws, secret courts, widespread data collection by U.S. intelligence agencies operating “lawfully” forces me to turn away from U.S.-based services. I have regrettably lost trust in “the system”.

Re-evaluating assumptions and attitudes towards data privacy

It is really ironic that someone like me, who has been an outspoken advocate for all the good things this information society and information technology revolution is bringing us, is going through this exercise. But maybe it will turn out to be a healthy exercise. With whom do I want to share this or that information about myself? In the past, I have of course thoroughly examined, evaluated and adjusted my privacy settings in Facebook, Twitter, LinkedIn, Google+ and other such online services. But in other respects, I have been more trusting that the companies offering email services like Yahoo or Gmail, or cloud services like Microsoft Skydrive, Google Drive, Apple’s iCloud, etc will keep my personal data private to myself. However, what we all have had to learn in the past few weeks results in a loss of our trust in the ability (and perhaps the willingness) of those companies to protect our privacy when ordered by law enforcement authorities.

Nothing to hide – nothing to worry?

NSA headquarters

The NSA headquarters in Fort Meade, Maryland. Photograph: EPA

Well, there is the argument that “those who have nothing to hide” will have nothing to worry about. This is the argument that I have trusted in the past, that the law enforcement and spy agencies will only go after criminals and terrorists. That they will do so only after having obtained a warrant from a judge, that there will be sufficient judicial and parliamentary oversight over the process, ensuring my civil rights. But what has transpired over the past weeks is that this argument is thoroughly wrong-footed. Because these information-hungry agencies are conducting a sweeping vacuuming of all available data, regardless of reasonable suspicions about people, regardless of whether the data belongs to domestic or foreign individuals. So, the “nothing to hide” argument is wrong, because it is not targeted individuals whose data is being vacuumed into the great data abyss of those intelligence agencies, but the data of all of us, regardless of any suspicion.

NSA spying on 4chan

Everyone has something to hide – it’s a central aspect of the right to privacy

And just like most people, of course do I have something to hide. Nothing that would be criminally suspect, of course, but my bank account is and ought to be private, just like my medical records, my phone records, my religious affiliation, the friends I speak with, the letters I receive, the pictures I take of my son, or the books I buy on Amazon. We have a constitution that demands our government to respect our civil rights, yet I get the distinct feeling that these constitutional rights are now under threat precisely by those who claim to be working for us, to guarantee for our security. Thus, somehow, I feel less secure now, less secure because I fear for my freedoms, I’m afraid that someone is taking away my civil rights.

 

Vote for change – talk to your representative

Briefwahl

© dpa

I want to live in a free society, where we can speak out freely what we think, without the fear that whatever we say anywhere anytime can be used against us. That’s why I’m not going to give up and hide. We have elections, and our politicians need to listen. We need more oversight, a stop to suspicion-less data collection, and a lot more transparency and accountability of the surveillance agencies worldwide. I don’t have a vote in the U.S. elections, so I hope my many American friends will do the right thing and call their Congressman, their Senator. I hope they will make sure their voices are heard. I have to trust my ability to engage with lawmakers in my country to protect my constitutional rights, my civil rights, my human rights. Our next election is less than two months ahead.

May 9, 2013

Brute force attack failed!

This morning, my personal Website was subject of an attempt to break into the administrator account with a brute force attack. Due to the advanced security features that I have put in place at this Website, the attempt failed and I was notified of the attack after a certain threshold of login failures was reached that was significant enough to trigger such a notification. The IP number identified could be traced to a location near the city of Changsha in the Hunan province in east-central China.

Brute force attack from China

Dear attacker,

thank you for testing (and failing to break into) the security of my Website. You provided me with a convincing argument to keep the security features in place, despite making it more cumbersome for myself to log into the admin account. Needless to say I will not reveal the nature of these features.

Have a nice day!

November 29, 2012

Excellent analysis and interesting video of how #Syria cut off the #Internet (via @CloudFlare)

See on Scoop.itInformation Society

It really is a shame when a government takes the all too evident step to cut the whole country and all of its citizens off the Internet as has happened today in Syria. The last few governments who tried this (Egypt, Libya) have not lasted much long after that.

 

Let’s hope that connectivity, and peace for the Syrian people, can be restored shortly.

 

See on blog.cloudflare.com

November 26, 2012

European Parliament against fundamental changes to the #ITRs – 22 November 2012 – (WCIT-2012)

See on Scoop.itInformation Society

The European Parliament adopted a resolution on 22 Nov 2012 calling upon the European Council and the Commission to ensure

that any changes to the International Telecommunication Regulations help to advance “the internet as a truly public place, where human rights and fundamental freedoms, particularly freedom of expression and assembly, are respected and the observance of free market principles, net neutrality and entrepreneurship are ensured.”

 

The EP regrets “the lack of transparency and inclusiveness surrounding the negotiations for WCIT-12”, rejects that ITU or any other single entity should have a regulatory authority over Internet governance or traffic flows, and “believes that internet governance and related regulatory issues should continue to be defined at a comprehensive and multi-stakeholder level.”

 

Make sure you read the full text of the resolution.

 

See on www.europarl.europa.eu

October 3, 2012

Amazing mind reader reveals his ‘gift’

Watch this and be reminded about what a mind reader could know about you.

Amazing mind reader reveals his ‘gift’ – YouTube.

September 7, 2012

Barack Obama on Internet Freedom – Reddit AMA on Wed, Aug 29, 2012

U.S. President Barack Obama broke all well-trodden paths and presidential campaign rules Wednesday afternoon, when he became the first candidate of either party to do an AMA (“ask me anything”) on Reddit. The appearance was a complete surprise, even for veteran Redditors.

One of the ten questions answered (out of over a hundred questions asked) was about his position on Internet Freedom:

Question:

We know how Republicans feel about protecting Internet Freedom. Is Internet Freedom an issue you’d push to add to the Democratic Party’s 2012 platform?

Answer:

Internet freedom is something I know you all care passionately about; I do too. We will fight hard to make sure that the internet remains the open forum for everybody – from those who are expressing an idea to those to want to start a business. And although there will be occasional disagreements on the details of various legislative proposals, I won’t stray from that principle – and it will be reflected in the platform.

via I am Barack Obama, President of the United States — AMA : IAmA.

August 16, 2012

Iran threatens to disconnect from the Internet

Iran to switch to a Intranet, dubbed the “Halal Internet”. Can a nation simply flip a switch and disconnect itself from the web? Some commentaries suggest that this is not feasible, that a lot of content would need to be re-created in Iran. However, is it not much the same like a corporate Intranet, allowing some traffic through while disallowing some other? What do you think?

via Iran threatens to disconnect from the Internet – Outside the Box – MarketWatch.

August 14, 2012

ITU should ‘leave Net regulation to stakeholders’ – The Nation

See on Scoop.itInformation Society

“ITU should ‘leave Net regulation to stakeholders’ The Nation The International Telecommunication Union (ITU) should focus on telephony as its core task and not expand its scope to regulate the Internet…David Gross”

See on www.nationmultimedia.com

August 14, 2012

Interview: US Ambassador David Gross explains UN ‘takeover’ of the Internet | Digital Trends

See on Scoop.itInformation Society

Digital Trends talks with former U.S. Ambassador David A. Gross about the international proposals to give member states of the International Telecommunication Union, a United Nations’ agency, more regulatory power over the global Internet.

See on www.digitaltrends.com