Mass Internet surveillance endangers fundamental human rights and has not helped to prevent terrorist attacks, a top European human rights body concluded after analyzing documents leaked by Edward Snowden in 2013.
The leaks detailing government mass surveillance programs have shown "compelling evidence" of "far-reaching, technologically advanced systems" put in place by U.S. intelligence services and their partners to collect, store and analyze communication data on a massive scale, which threaten fundamental privacy rights, a report by the legal affairs and human rights committee of the parliamentary assembly of the Council of Europe found. States should do more to protect whistleblowers like Snowden, the report said.
The parliamentary assembly can't create legislation, but has the right to hold the governments of Council of Europe member states to account over their human rights records. It can also press those states, including those in the European Union and some in the former Soviet Union, to achieve and maintain democratic standards.
Its legal affairs committee is "deeply concerned" about the mass surveillance practices and found that mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials. "Instead, resources that might prevent attacks are diverted to mass surveillance, leaving potentially dangerous persons free to act," it said.
That conclusion puts the committee at odds with those who have called for more surveillance powers in the EU in the wake of the shootings at satirical newspaper Charlie Hebdo in Paris. The EU's Counter-Terrorism Coordinator for instance has called on the European Commission to oblige Internet companies to share encryption keys with police and intelligence agencies to fight terrorism. That's a remarkable suggestion given that Internet companies including Google and Facebook have just begun encrypting their traffic because of the Snowden revelations.
The committee's report, released on Monday, instead calls on countries to promote wide use of encryption technology and to "resist any attempts to weaken encryption and other Internet safety standards." That, it said, will help protect citizens' privacy and also help countries defend national security from spying by rogue states, terrorists and ordinary criminals.
The Council of Europe's parliamentary assembly was asked to adopt the still provisional report in order tor urge the 47 countries represented in the assembly to stop using mass surveillance techniques.
National laws should only allow the collection of personal data without consent following "a court order granted on the basis of reasonable suspicion," the report said. In addition, unlawful data collection should be penalized and the creation of "backdoors" to circumvent security measures should be strictly prohibited. Moreover, all institutions and businesses holding personal data should be compelled to use the most effective security measures available.
To ensure these laws will be followed, better judicial and parliamentary control of intelligence services is needed, the report said. It also urged countries to provide credible, effective protection for whistleblowers exposing unlawful surveillance.
The parliamentary assembly of the Council of Europe elects the judges of the European Court of Human Rights, which is currently dealing with several cases based on Snowden revelations which allege that mass surveillance by British intelligence services have violated human rights.
The legal affairs committee urged countries to agree on an "intelligence codex" defining mutual obligations that secret services could opt into; ban the use of surveillance for political, economic or diplomatic purposes; promote user-friendly, automatic data protection techniques capable of countering mass surveillance, and refrain from exporting advanced surveillance technology to authoritarian regimes.
The report is due to be debated by the full plenary assembly in April. If adopted, recommendations will be made to the Committee of Ministers, the Council of Europe's decision making body composed of the Ministers for Foreign Affairs of the 47 states, to take the necessary measures to uphold the fundamental right to privacy on the Internet.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.