freedom of speech

Whistleblowing about government surveillance: political offense or serious crime?

[cross-posted from http://cyberlaw.stanford.edu/blog] It seems like the world has been turned upside down when a US citizen flees to China seeking political asylum.  And yet Edward Snowden is apparently hiding out in a secret location in Hong Kong after revealing that he is responsible for the leaked information on the US government’s PRISM program of surveillance.  He explains his choice of refuge as being based on Hong Kong’s reputation for defending freedom of speech.  He is also apparently considering Iceland as another potential refuge.  But if the US chooses to prosecute him, will he be able to avoid being sent home to face charges?  A key part of the answer lies in whether his leaking of official secrets qualifies as a ‘political offense’.

The two parallel processes by which Edward Snowden could legally be returned to the US against his will are extradition or immigration removal.  Extradition is the government-to-government process for transferring an individual to another country to face criminal prosecution.  Immigration removal (including deportation) occurs when a non-citizen is no longer legally entitled to remain in a country and is forced to leave.  Often, the individual returns to their country of citizenship, but this is not always the case.  Both of these processes have protections under international law when the person is being sought for prosecution of a ‘political offense’.

Protections for ‘political criminals’

The first thing to note about the protection under refugee law is that in order to get to the point of considering whether Snowden’s alleged offence is ‘political’, he would first need to demonstrate that he is entitled to protection under the Convention on the Status of Refugees.  This requires that there be a ‘wellfounded fear of being persecuted for reasons of race, religion, nationality, membership of a particular social group or political opinion’.  As other commentators have already noted, it may be a tall order to show that Snowden is being persecuted (rather than just prosecuted) and that this ‘persecution’ is because of his membership of a particular group or political opinion.  If, and only if, he can show that he meets this test under the Convention on the Status of Refugees, article 1(F)(b) of the Convention would mean that Snowden could not be denied refugee status on the basis of his alleged crime IF it is a ‘political crime’.

If Snowden does not qualify for protection as a refugee, he could be subject to extradition under the extradition treaty between the US and Hong Kong.  The extradition treaty protects ‘political criminals’ by allowing the requested country to refuse to extradite an individual if the alleged offence is a ‘political offence’.  It is important to note that this is entirely discretionary; it would be up to Hong Kong as to whether it considers the offense to be ‘political’ and, if it does, whether it wants to refuse extradition on that basis.  Extradition can be a very sensitive matter between countries and decisions about whether or not to invoke a discretionary provision in a treaty fall into the realm of foreign relations, not black letter law.

But what exactly is a ‘political offense’?

The protections under extradition and refugee law share some terminology and there is definitely an overlap.  However, international human rights lawyers can pass many an hour debating the exact nature of the relationship and reasonable minds could certainly differ about the scope of the protections.

Extradition law

It is generally accepted in extradition law that political offenses can be either absolute (a purely political crime such as treason) or relative (a common crime that is given a political flavor by its context or purpose).  The challenge is to differentiate common crimes from ‘relative political crimes’.  There are two key approaches that can be identified from the cases:  the incidence test; and the predominance test.  Under the ‘incidence’ test, the act must be ‘done in furtherance of, done with the intention of assistance, as a sort of overt act in the course of acting in a political matter, a political rising, or a dispute between two parties in the state as to which is to have the government in its hands’ (as defined in the 1891 case of Re Castioni).  Snowden would have a tough time claiming that his act of leaking information was done as part of a political uprising or dispute about government.  He would therefore need to argue that the ‘predominance test’ should apply.

The predominance test weighs the common law criminal elements of the crime against the political elements of the crime in order to determine whether it is predominantly political.  Factors to consider in making this assessment include the existence of an underlying political struggle, the offender’s motive, the nature of the act and the efficacy of the act in achieving its goals.  Snowden would have some good arguments to make using this approach.  He asserts that he was motivated by the belief that the government’s surveillance program breaches the US Constitution and undermines important democratic rights.  There is no violence or direct loss of life caused by his actions but they have been highly effective in generating political debate and public scrutiny.  He would certainly have good case to make that his acts are predominantly political and therefore Hong Kong should not be obliged to extradite him to the US.

Refugee law

There is no definition of ‘political crime’ in the Refugee Convention.  The UN Office of the High Commissioner for Refugees’ guidelines suggest that the following factors should be taken into account:

  1. the crime’s ‘nature and purpose ie whether it has been committed out of genuine political motives and not merely for personal reasons or gain’;
  2. whether there is ‘a close and direct causal link between the crime committed and its alleged political purpose and object’; and
  3. whether the political element of the offence ‘outweighs its common-law character’, which would not be the case ‘if the acts committed are grossly out of proportion to the alleged objective’.

These factors are similar to the factors that are considered in extradition in the context of the incidence test and the proportionality test.  When applying article 1(F)(b), courts have drawn heavily on extradition jurisprudence.

So what does this all actually mean?

In a politically-charged situation like this, the legal framework is important but the outcome will likely be determined by political pressures and careful diplomatic footwork.  The main take-homes of this discussion are that it is not a foregone conclusion that Snowden’s acts will be considered ‘political’, nor that this will prevent him from being either extradited or deported to the US.

Extradition is a very formal process, which can be slow and costly.  Moreover, it can put the two countries in a very awkward situation.  Seeking Snowden’s extradition from Hong Kong would raise the possibility that Hong Kong would have the discretion to refuse on the basis that it is a political offense.  This kind of decision can have a damaging effect on the broader bilateral relationship and both countries would likely prefer to avoid being put in this situation.

Since Snowden is a US citizen, the government may prefer to find a solution through immigration channels rather than seek extradition.  This would mean that Snowden would have to meet the more difficult test of qualifying as a ‘refugee’ before Hong Kong would need to make any decisions about ‘political offenses’.  While this is perhaps an arena in which the countries would feel more comfortable, the case of Julian Assange shows that it certainly does not necessarily remove all controversy.  Whatever happens, we can be sure that it will not be an easy case and the world will be watching very closely.

One heck of a timely UN report on government surveillance of communications

If it had happened on House of Cards, you’d have enjoyed the theater of it, but figured that the writers had taken some artistic license in the timing.  I mean, it just doesn’t happen in real life that the UN releases a report on the dangers of government surveillance on the internet immediately before the news breaks that the US Government has been conducting internet surveillance of previously unimagined proportions.  Critics could unkindly say this is because the UN is never ahead of the game, but in this case, you have to hand it to Frank La Rue – he has clearly authored an exceptionally timely report: 4 June 2013 – “Freedom of expression cannot be ensured without respect to privacy in communications,” United Nations Special Rapporteur Frank La Rue said today, calling for more global attention to the widespread use of surveillance technologies by States in violation of the human rights to privacy and freedom of expression.

5 June 2013 - The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April.

6 June 2013 - The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants …. The NSA access is part of a previously undisclosed program called PRISM, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says. 

The right to privacy is a fundamental freedom in its own right (pardon the pun), but also as an important enabler for other rights such as the freedom of speech.  And yet, the right to privacy is a qualified right.  La Rue’s report notes that international human rights law is not sufficiently nuanced to provide clear guidance for countries and individuals when trying to understand what (if any) government intrusions into an individual’s electronic communications are acceptable.  In general terms, the right to privacy can be limited if the restrictions:

  1. are provided by the law;
  2. do not go to ‘the essence’ of the human right
  3. are necessary in a democratic society;
  4. are not subject to unfettered discretion;
  5. are necessary for reaching an enumerated legitimate aim; and
  6. are proportionate (ie the least intrusive instrument to achieve the desired result, and the restrictions are proportionate to the interest to be protected).

It may well be that the US government’s electronic surveillance activities are permissible restrictions on the right to privacy under international human rights law.  The answer is in the detail of whether the restrictions are ‘necessary’, ‘proportionate’ and sufficiently fettered.  To satisfy this test, the government would certainly need to make some pretty convincing arguments.  President Obama’s brief defence of the program focuses on the fact that the surveillance only looks at ‘meta-data’, in order to identify patterns. This type of pattern can be invaluable in identifying potential security threats, and national security is clearly a legitimate aim in a democratic society.  However, the intrusion on privacy is only acceptable if the level of discretion, oversight and proportionality are adequate, and this can by no means be assumed in the current circumstances.

La Rue’s report concludes by making 17 recommendations.  Many of these recommendations relate to transparency, accountability and public awareness.  For example, he states that laws governing electronic surveillance should meet ‘a standard of clarity and precision that is sufficient to ensure that individuals have advance notice of and can foresee their application’.  In essence, his recommendations capture a sense that reasonable citizens should not be alarmed to learn of the type of surveillance that occurs, should acknowledge that the surveillance is of value and should be reassured that there are adequate oversight mechanisms in place.  Once again, his report is right on the money; the level of outcry in the US media and around water coolers this morning indicates that the current surveillance policies are not meeting the public 'sniff test'.  Something smells decidedly off.

So often, UN reports end with a plea for increased public awareness and further discussion about the issues, but any resulting debate is limited to the international law nerds and human rights nuts amongst us.  However, the freakishly good timing of La Rue’s report may just mean that the issues that he has raised capture mainstream attention and generate some real public debate.

 

Going beyond the guidelines - legal and moral responsibilities on ICT companies

YouTube this week introduced a face-blurring tool to protect activists from being recognised by their online activities.  Human rights groups will no doubt welcome the initiative as it comes in response to calls from groups such as Witness.  Some web companies demonstrate a commitment to not only reducing the negative human rights impacts of their activities, but also to actively improving the positive impacts that they may have.  The uptake of some of the voluntary guidelines on corporate social responsibility and human rights demonstrates a willingness to go beyond the minimum requirements.  But what responsibilities do tech companies really owe to users in other countries?  Is this solely a question of moral responsibility and ethics, or is there a legal obligation?  And should moral responsibility be reflected in a legally-binding regime? Broadly speaking, international human rights law is only binding on States, not companies or individuals.  States have obligations to persons within their jurisdiction. In order to protect the rights of persons within their jurisdiction, States may need to regulate the conduct of companies operating there.  In this way, a State may use its domestic law to impose obligations on companies in an effort to implement its obligations under international law.  However, in many cases there will not be any relevant domestic law, particularly in States that do not have a robust approach to human rights protection or those that are actively abusing their residents’ human rights.  So, while international human rights law provides a useful benchmark for companies in understanding the scope and permissible limits on human rights, it does not actually impose any direct obligations on companies.

Even though international human rights law does not impose direct obligations on companies, there are still ways in which companies may be legally liable for actions that breach individual human rights.  Red Flags provides a great, very brief summary of some of the ‘liability risks for companies operating in high-risk zones’ and I will mention a few of the key legal areas in the following discussion.  It is also worth noting that actions that have an adverse human rights impact can be regulated by laws that are not specifically targeted at ‘human rights’ protection.  For example, many countries have criminal legislation that operates extraterritorially for companies that bribe foreign public officials (this is mandated under the UN Convention against Corruption and the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions).

Human rights obligations under US law

The US is unusual in potentially imposing domestic liability on companies for actions not complying with international law standards even when they occur beyond US territory.  The Alien Tort Claims Statute (28 USC §1350) is the most (in)famous of these, with companies potentially having civil liability for actions that they commit ‘in violation of the law of nations or a treaty of the United States’.  Yahoo! previously settled a case that was brought under the ATS arising from the alleged provision of information by a Yahoo! subsidiary to the Chinese Government that enabled authorities to identify, arrest and subsequently torture political activists (Wang Xiaoning v Yahoo!).  Similarly, Cisco is in the middle of defending an action under the ATS as a result of their provision of software to the Chinese Government that is alleged to have been a part of the ‘Great Firewall of China’ that enabled the torture of political dissidents (Du v Cisco and Doe v Cisco).  The future of actions against companies under the ATS is currently in the balance.  This is because the Supreme Court is grappling with the question of whether companies (ie legal persons, as opposed to ‘real’ persons) can be liable under the ATS in the case of Kiobel v Royal Dutch Petroleum Co.  Depending on the decision in Kiobel, companies that commit major human rights violations may find themselves squarely in the cross hairs of ATS litigants in the US courts.

It had been argued that the Torture Victim Protection Act (18 USC §2340) creates liability for corporations as well as individuals who committed acts of torture outside of the United States.  After an inconsistent approach in various courts, in April of this year the Supreme Court held unanimously that the TVPA only applies to natural persons, not organisations (and, by corollary, not to corporations) (Mohamad v Palestinian Authority).

Two pieces of legislation are worth mentioning even though they do not create liability as such: The California Transparency in Supply Chains Act; and the Global Online Freedom Act.  Since entering into force at the start of this year, the Transparency in Supply Chains Act requires retailers or manufacturers doing business in California with annual worldwide gross receipts exceeding $100 million to disclose via a ‘conspicuous link’ on their main website their efforts to address risks related to slavery and human trafficking in their supply chains.

At the federal level, the Global Online Freedom Act is a Bill that aims to ‘prevent United States businesses from cooperating with repressive governments in transforming the Internet into a tool of censorship and surveillance, to fulfill the responsibility of the United States Government to promote freedom of expression on the Internet, to restore public confidence in the integrity of United States businesses’.  It has been floating around in various incarnations for several years, with the most recent version being passed by a House Committee on 27 March.  Similar to the Transparency in Supply Chains Act, the GOFA would create a reporting regime for internet communications services companies.  Companies would be required to detail their ‘human rights due diligence’ (drawing on the OECD Guidelines for Multinational Enterprises), privacy policies and policy on advising users when content has been filtered or blocked.  It would also establish export controls on certain telecommunications equipment.  The jury seems to be out on whether the latest incarnation of the GOFA could eventually become law, but in any case it does not seem likely that it will enter into force any time soon.

Moral obligations and duties beyond the law?

Anupam Chander wrote an interesting article setting out some of the philosophical arguments that could form the basis for a moral obligation owed by web companies to people in the ‘unfree’ world.  He argues that it is erroneous to apply the same ideas about corporate obligations (or lack thereof) in their interaction with citizens in a free society to corporate interactions with those living in repressive regimes.  As part of this, he argues that ‘given the special role of new media in empowering or oppressing individuals, it seems incumbent upon us to demand the inculcation of a professional ethic among new media companies to protect the freedom-enhancing aspects of cyberspace’.  He explains that ‘new media can either help give voice to dissidents or help perfect totalitarianism’.

Since the Arab Spring, there have certainly been some compelling arguments made about the power of web companies to affect the rights of users in repressive regimes and the moral responsibility that this creates.  However, it is not just the persuasiveness of the arguments about a moral responsibility that cause web companies to go above and beyond the low bar that is set by the international legal framework.  Instead, there seems to be something delightfully self-reinforcing about the freedom of the internet and web companies’ reliance on the trust of their users.

In other global businesses, it is often not the companies’ customers whose human rights are most likely to be affected by the companies’ actions.  For example, in the extractive industries, workers in Burma who may be subject to labour rights violations by a multinational company are not intended to be customers for the oil and gas that they are working to extract.  Instead, the customers are half a world away in developed countries in Europe and America.  This contrasts with a social networking business such as Twitter, where individuals in repressive regimes such as Egypt are able to be users of the product.  While perhaps not possessing the commercial clout of users in more wealthy markets, they are nonetheless part of the business structure.

Moreover, web companies’ branding and reputation is often tightly intertwined with notions of freedom of information and expression. Google’s mission is ‘to organize the world’s information and make it universally accessible and useful’.  In light of this mission statement, being implicated in censorship and suppression of freedom of expression would undermine their brand credibility.  The richness of information sharing and transparency on the internet also makes it more difficult for web companies to adopt sloppy human rights policies because their users are likely to catch them out.  Companies that rely on users’ willingness to share their personal information using their products cannot afford to be caught out too many times!

While there may not be a perfect alignment between the human rights policies that it is in a web company’s business interests to uphold and the human rights standards embodied in international law, there is at least some overlap.  It is this overlap that encourages companies to adopt voluntary guidelines and participate in industry initiatives.