Digital Security and Privacy for Human Rights Defenders

3.0 Changes to legislation on Internet privacy and freedom of expression affecting the work and safety of Human Rights Defenders around the world78

This section will deal specifically with current laws undermining the legitimate and important work carried out by human rights defenders – as applied to the digital world. We’ll focus on direct and indirect effect of these laws on security and safety of HRDs.

The Internet has ushered in a new medium for global communication and learning. The majority of the world’s governments are aware of its economic and social potential. And whereas most of them are keen to capitalize on the new global market, some are wary of the impact the Internet may have on stability and survival of the ruling regimes.

According to current estimates, around 750 million people on our planet use the Internet – fewer than the population of China or India, yet the number of users keeps growing exponentially. In many countries, the Internet infrastructure is improving, connection costs are going down, and new wireless technologies promise to bring the Internet into every home in the foreseeable future.

The Internet crosses administrative and geographic boundaries with the ease and speed never seen before. It provides a pioneering method of communication, in which one’s voice can be heard simultaneously by all those connected. As opposed to traditional media, where information is sourced, rationed, edited and summarized – on the Internet people choose what they want. They are not fed political propaganda, celebrity news or sports round-ups unless they choose to be exposed to those. Users select what they want to read, who they want to communicate with and which truth is the real truth for them. Unsurprisingly, this has caused a major problem for the countries wishing to maintain political, social and religious freedoms of their citizens within their governments’ grasp.

“As regards the impact of new information technology on the right to freedom of opinion and expression, the Special Rapporteur considers it of pre-eminent importance that they be considered in the light of the same international standards as other means of communication and that no measures be taken which would unduly restrict freedom of expression and information; in case of doubt, the decision should be in favour of free expression and flow of information. With regard to the Internet, the Special Rapporteur wishes to reiterate that on-line expression should be guided by international standards and be guaranteed the same protection as is awarded to other forms of expression.” 79

The rise of Internet Communication Technologies (ICT) has also highlighted the issues of privacy. As we move more of our information and communications over to the digital world, we are confronted by governments and corporations wishing to collect, process, analyse and control this data. It includes the websites we visit, our emails, travel destinations, personal finances and medical history, memberships of political or social movements, religious associations and so on. Whereas this practice of privacy invasion is certainly not new, our over reliance on modern technology and its surveillance-friendly structure has made these threats to our privacy easier to implement. The UN itself has fallen prey to these problems. At the 2003 First World Summit on Information Technology (WSIS) in Geneva (the Second Summit was held in Tunisia in 2005) all participants were issued with identity cards, into which – unbeknownst to the delegates – a radio frequency identification chip was built in. The chip could be used to record the participant’s movements and contacts during the Summit.
The 9/11 bombings in 2001 had a negative effect on privacy laws causing the countries that had not yet implemented (or even discussed) the need to develop monitoring and surveillance technologies, do so.

‘’The immediate period after September 2001 was a time of fear, flux and uncertainty. The United Nations responded with Resolution 1368 calling on increased cooperation between countries to prevent and suppress terrorism. NATO invoked Article 5, claiming an attack on any NATO member country is an attack on all of NATO; legislatures responded accordingly. The Council of Europe condemned the attacks, called for solidarity, and also called for increased cooperation in criminal matters. Later the Council of Europe Parliamentary Assembly called on countries to ratify conventions combating terrorism, lift any reservations in these agreements, and extend the mandate of police working groups to include “terrorist messages and the decoding thereof.’’ 80

In October 2001, the US House of Representatives ratified the Act to Provide Appropriate Tools Required to Intercept and Obstruct Terrorism (“the USA-Patriot Act”). It empowered the FBI to install the online surveillance system, known as CARNIVORE (later as DCS 1000), at all ISPs. In 2003, the US Congress removed the need for investigative teams to obtain warrants in procuring personal data about the Internet users and separate websites81. After that, General Ashcroft granted the FBI the authority to gather information on the Internet users outside official investigations and to initiate online surveillance on the basis of a priori suspicion. Originally passed as a temporary law, this Act was made permanent in the aftermath of the London bombings in July 2005.

In contradiction to its own Constitution, Australia quickly followed suit. According to the Preamble to the Australian Privacy Charter, “A free and democratic society requires respect for the autonomy of individuals, and limits on the power of both state and private organizations to intrude on that autonomy. ...Privacy is a key value which underpins human dignity and other key values such as freedom of association and freedom of speech... Privacy is a basic human right and the reasonable expectation of every person.”

Despite the above and following the Bali attacks of 2003, the Australian Government introduced laws that required all ISPs to voluntarily collect and monitor the data passing through their servers, urge the users to disclose their encryption keys and take part in the US-led ECHELON global surveillance project. The government then granted its agencies powers to intercept and read email, SMS and voice-mail messages without a warrant (as proposed in the Telecommunications Interception Legislation Amendment Bill of 2002) on the grounds that such communications, allegedly, constituted “access to ‘stored’ data” rather than the information ‘intercepted’ in real-time.

Some governments regarded every terrorist incident as opportunity further to enhance their powers. In Russia, a number of new government powers were introduced with little debate in the wake of terrorist attacks. Those included harsher penalties and bans on media coverage of terrorist activities. After the July 2005 bombings in London, France and Italy began collecting DNA samples from immigrants.
Cuba listed “hacking” as an offence in its new anti-terrorism law; Colombia legitimised interception of private communications, related to terrorism, without judicial approval; India passed the Prevention Of Terrorism Act (POTA) which gives the police sweeping powers to intercept communications; Jordan amended its Penal Code to include Article 150 imprisonment for anyone who publishes “a story, speech or act in any way that offends national unity, stirs people to commit crimes, implants hatred among members of society, instigates sectarianism and racism, insults the dignity and personal freedoms of individuals, promotes fabricated rumours, incites others to riot, sit-in or organize public gatherings that violate the laws of the country.”; The Netherlands agreed to a legislative proposal that enables a public prosecutor to request traffic data from providers of public telecommunications networks and services and passed a special decree to allow wiretapping of lawyers; Singapore amended the Computer Misuse Act to allow its authorities to launch pre-emptive actions against suspected hackers based on “credible information” linking the suspects to planned attacks on sensitive information networks.

Those are but a few sweeping measures to increase the governments’ ”. We did not mention the practices of intelligence agencies, operating outside the existing laws and involved in illegal wiretapping, intercepting email and stealing information from personal computers. In March 2006, it transpired that the Bush administration planted thousands of wiretaps on private phones without a permission from the Congress. The rationale behind this decision was that the president’s powers and the need for security outweighed the necessity to operate within the existing law.

The issue of the power abuse, supported by legislative changes, is particularly topical in the countries without a fair judicial system and independent regulatory bodies. The majority of people realise the need to fight terrorism, but are nevertheless surrendering their personal freedoms and their rights to privacy and confidentiality without thinking of consequences.

To quote a general comment on the right to privacy by the United Nations Human Rights Committee, the body that is an authorised to interpret state duties under the International Covenant on Civil and Political Rights:

“As all persons live in society, the protection of privacy is necessarily relative. However, the competent public authorities should only be able to call for such information relating to an individual’s private life the knowledge of which is essential in the interests of society as understood under the Covenant. […] Even with regard to interferences that conform to the Covenant, relevant legislation must specify in detail the precise circumstances in which such interferences may be permitted. A decision to make use of such authorized interference must be made only by the authority designated under the law, and on a case-by-case basis. [...] Correspondence should be delivered to the addressee without interception and without being opened or otherwise read. Surveillance, whether electronic or otherwise, interceptions of telephonic, telegraphic and other forms of communication, wire-tapping and recording of conversations should be prohibited.”82

Bangladesh, Zimbabwe83, Pakistan, China, Vietnam and a number of other countries granted government agencies sweeping powers to access all Internet and email traffic at the latter’s discretion. Multinational Internet corporations are ignoring international standards on privacy. They cooperate with governments by providing personal user information stored on their servers.

Negating the rights to privacy and freedom of expression became a general tendency in many parts of the globe. Technology is being used to monitor individuals – be they on the street or on the Internet. A peculiar reasoning behind this approach was summarised by one Indian policeman: “If people aren’t doing anything wrong, why should they worry about privacy”.

Facts and quotes in this chapter have been borrowed liberally, with permission, from the Privacy and Human Rights report 2004 published by ‘Privacy International’;
Facts and quotes in this chapter have been borrowed liberally, with permission, from the Reporters sans frontières website

Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression to the U.N. Commission on Human Rights, January 29, 1999, E/CN.4/1999/64.

Privacy International – Privacy and Human Rights Report 2004 – The Threats to Privacy

In January 2005 it emerged that the FBI was no longer using Carnivore, and instead switched to an unspecified commercial software application

United Nations Human Rights Committee, General Comment No. 16: The right to respect of privacy, family, home and correspondence, and protection of honour and reputation (Art. 17), 08/04/88, paras. 7 and 8.

Proposed in the INTERCEPTION OF COMMUNICATIONS BILL, 2006 published in the government Gazette on Friday 26th May, 2006

see ‘Internet Settings’ chapter for more details