Extraterritoriality and digital surveillance – time for the lawyers and the advocates to bring the dialogue together

This weekend, as an ex-bureaucrat, I felt for the folk at the State Department.  It must have been a ridiculously busy weekend for those preparing for this week’s Human Rights Committee Hearing in Geneva.  On Friday, the New York Times leaked Harold Koh’s legal advice acknowledging that the US obligations under the International Covenant on Civil and Political Rights do not stop at the border.  The NYT article would have meant that the briefing folders that had been merrily making their way up the clearance chain in time to be packed into the delegation’s suitcases would have been discarded (or at least the sections on extraterritoriality would have been yanked out) and all the talking points would have needed to be rewritten. This is not just an important moment for bureaucrats or international human rights law junkies; it is potentially powerful for digital rights activists pushing for reform of global surveillance practices.  Digital rights advocates have been calling for the US government to end global mass suspicionless surveillance and to adhere to their international human rights law obligations.  There may be a strong moral case to support them, but when it comes to the NSA’s overseas activities, the discourse has often lacked a strong legal underpinning.  In order to push governmental policy on this issue, the dialogue needs to mature to the point where it is built on solid legal underpinnings.  The next couple of months bring an unprecedented opportunity to do just that.

The current state of the digital rights dialogue

Up until now, civil society dialogue has pushed the idea that States owe an obligation to respect privacy online for both citizens and non-citizens.  In an open letter to the UN High Commissioner for Human Rights, the Global Network Initiative “has urged the United States to recognize the right to privacy of non-U.S. persons and to strengthen reforms to effectively protect this right”.  The NGO-led International Principles on the Application of Human Rights to Communications Surveillance state that “In order for States to actually meet their international human rights obligations in relation to communications surveillance, they must comply with the principles set out below. These principles apply to surveillance conducted within a State or extraterritorially.”

But it’s hard to find anything in the digital rights sphere that actually specifies the nature and source of an extraterritorial international obligation.  You can’t really blame them.  While you may have a gut instinct that the “right” thing to do is to extend the article 17 right to privacy beyond a country’s borders, it’s actually really tough to make out the technical legal argument supporting this.  The issue goes to heart of what “control” means and whether the scope of a right can be determined by the ability of a State to impact it.  Tricky stuff.

The emerging ideas for a legal basis

One of the few academic articles to specifically tackle the issue of extraterritorial application of article 17 of the ICCPR to digital surveillance is by Peter Margulies.  This argues that the “effective control” test of jurisdiction is inadequate for the online context.  Instead, he posits a test of “virtual control” under which the ICCPR is “applicable when a state can assert control over an individual’s communications, even though it lacks control over the territory in which the individual is located, or over the physical person of that individual”.  I’m not sure that this argument is nuanced enough yet to be able to adopt it in legal cases (and indeed, digital rights groups may be unhappy with Margulies’ conclusion that US surveillance abroad actually complies with article 17).  However, it does go some way towards breaking down the issues and applying international legal reasoning to the issue.

Marko Milanovic has an excellent series of blog posts on the international human rights law implications of surveillance.  He argues that the best way of understanding jurisdiction and international surveillance is to treat rights differently according to whether they are “negative” or “positive”.  Accordingly, “The reason why the Convention would apply is because it should apply to all potential violations of negative obligations, e.g. the one to refrain from interfering with my privacy”.  This argument has a lot of force and makes sense of some of the confusing jurisdictional cases in international human rights law jurisprudence.  However, it is still early days and it is yet to be seen whether a court (or treaty body) would adopt this approach.

The NYT article has prompted a stream of shorter blog posts over the last couple of days, including a great “mini-forum” on Just Security (see especially Jennifer Daskal, Martin Scheinin and Manfred Nowak.  This does not really go into the same depth as Margulies' and Milanovic's analyses, but does go some way towards bringing the legal issue of extraterritoriality and surveillance to a slightly broader audience.

There has been some high-quality legal thinking on this issue but it is still at a fairly early stage of development, and discussion remains confined to international human rights law circles.

The opportunities for change

The best way to effect change to international digital surveillance is through powerful advocacy that speaks to the public but is also supported by strong legal reasoning that speaks to the government and bureaucrats.  Now is the moment to bring these dialogues together.

The Human Rights Committee tends to listen very closely to NGO input (partly in recognition of their valuable contribution, but also because the committee just does not have the resources to conduct extensive research on all the issues covered by the ICCPR in each State).  This means that the NGO community needs to be in the Committee’s ear over the coming week with helpful, informed and well-reasoned views on extraterritoriality and surveillance.

Another key opportunity will be the UN High Commissioner for Human Rights’ forthcoming report.  At the end of last year, the UN General Assembly passed a resolution recognizing the right to privacy in the digital age.  It backed away from any reference to extraterritorial obligations in the text of the resolution.  However, the resolution:

Requests the United Nations High Commissioner for Human Rights to present a report on the protection and promotion of the right to privacy in the context of domestic and extraterritorial surveillance and/or interception of digital communications and collection of personal data, including on a mass scale to the Human Rights Council, at its twenty-seventh session, and to the General Assembly at its sixty-ninth session, with views and recommendations, to be considered by Member States;

This means that there is now an opportunity for a UN report to directly tackle the issue of extraterritorial application of the right to privacy to online surveillance.  Again, it will be important for civil society to make submissions that are well-reasoned, pragmatic and legally-robust.

Much of the advocacy and legal groundwork has been done – the challenge is in making sure that the two dialogues come together.