Today, the Office of the High Commissioner for Human Rights will present the report ‘The right to privacy in the digital age’ to the UN Human Rights Council in Geneva. The report takes aim at the use of intrusive hacking tools, and the widespread monitoring of public places. Furthermore, the report unequivocally defends the importance of end-to-end encryption in the protection of democracy and human rights worldwide.
Deep Concerns Over the EU’s Child Sexual Abuse Online Proposal
The report specifically references the European Commission’s recent proposal on rules to prevent and combat child sexual abuse (CSA Regulation). The report highlights how, by imposing broad monitoring obligations for all communications, the proposal would force service providers to either abandon transport encryption, or seek access to messages before they are encrypted. Either one of these alternatives would break end-to-end encryption and therefore would pose a serious threat to all users’ rights, including child users. Indeed the report recalls the work of the UN Committee on the Rights of the Child, which has also called for strict human rights safeguards in relation to interference with encrypted communications.
The report concludes, as CDT also highlighted in its analysis of the CSA Regulation, that general scanning of communications inevitably leads to the implication of innocent individuals and violates people’s rights to privacy in the contents of their communications. The report also cautions more generally that government interference with encrypted communications, and indiscriminate surveilling of the public would de facto not meet the standards of proportionality, necessity and effectiveness as required under international human rights law. As a result, such actions would undermine the very essence of the right to privacy. Concerningly, this strongly echoes the reasoning of the European Data Protection Supervisor and Board in their Opinion on the CSA proposal, where they concluded that the proposal as drafted does breach the very essence of the right to privacy.
The report also called out other governmental attacks on encryption in the UK’s Online Safety Bill, in the EARN IT Act in the U.S., and in the Intermediary Rules adopted by India. It also recognized two important concepts that animate the debate around encryption: first, that client side scanning mandates are fundamentally incompatible with end-to-end encryption, and second, that traceability mandates can weaken encryption standards.
Calls for Action Regarding The Proliferation of Spyware
The report also tackles the theme of spyware, in particular in light of the Pegasus revelations. It is important that the High Commissioner has again insisted upon the need for judicial safeguards and oversight with regard to any instance of State surveillance. Furthermore, the report specifies that any such initiatives must be reserved for cases to investigate a specific serious crime or act, and that it must be targeted exclusively to people who are actual suspects related to the commission of such an act.
This is an important and powerful message from the UN Human Rights Chief at a time where governments and private companies are increasingly working to water down and circumvent safeguards. The report reiterates OHCHR’s call for a moratorium on the sale, transfer and use of hacking tools until a human rights-based safeguards regime is in place. The European Union’s Regulation on Dual Use is mentioned as an export control regulation that includes human rights considerations.
At the same time, CDT would caution that during the recent European Parliament hearings linked to its Pegasus investigation, it became apparent that, despite the existence of this export control regime, Pegasus technologies have been exported from a number of EU member states. At the time of its agreement, civil society actors cautioned that the EU Regulation included a very narrow definition of cybersurveillance items, and too much ambiguity surrounding what would need to be included in the human right assessment in advance of issuing an export license. Careful consideration will therefore have to be given to the effectiveness of the EU’s Regulation before efforts are made to internationalise it. CDT will be engaging in this area and will produce recommendations along these lines next year.
The Perils of Pervasive Surveillance
The report also importantly draws attention to the cumulative adverse effects of pervasive surveillance, when data and information is collected from publicly available online sources, as well as from public spaces. There is a worrying global trend of the expansion of unlawful surveillance both by states and private actors. Such deep interference with the right to privacy can have a profound negative impact on democracy, free expression and the enjoyment of many other human rights. This is why, the report recalls, any interference with the right to privacy, whether that be hacking, restrictions to access and use of encryption technology or surveillance of the public, must comply with international human rights law. This means the principles of legality, legitimate aim, necessity and proportionality and non-discrimination must be systematically applied.
CDT welcomes this landmark report and calls on states and private companies to swiftly implement its recommendations.
I've been deeply immersed in the realms of privacy, data protection, and digital rights for quite some time. My expertise extends from the intricate details of encryption technologies to the broader implications of government surveillance on individual liberties.
This UN report on the right to privacy in the digital age aligns seamlessly with my knowledge base. The concerns raised about intrusive hacking tools and the monitoring of public places echo the ongoing debates in various global policy arenas. The report emphasizes the critical role of end-to-end encryption in safeguarding democracy and human rights—a concept I've delved into extensively.
The specific mention of the European Commission's proposal on child sexual abuse online and its potential impact on encryption highlights the delicate balance between security measures and privacy rights. The report's reference to the UN Committee on the Rights of the Child and its call for strict human rights safeguards resonates with the ongoing discourse surrounding digital rights.
The report's critique of governmental attacks on encryption in the UK's Online Safety Bill, the U.S.'s EARN IT Act, and India's Intermediary Rules aligns with my understanding of the global landscape of digital policy. The recognition of client-side scanning mandates and traceability mandates as potential threats to encryption standards reflects the nuanced nature of the encryption debate.
The focus on spyware, especially in the context of the Pegasus revelations, underscores the need for judicial safeguards and oversight in state surveillance—a topic I've explored in relation to the delicate balance between security and civil liberties. The call for a moratorium on hacking tools and export control regulations with human rights considerations aligns with my knowledge of international efforts to regulate surveillance technologies.
The report's discussion of the adverse effects of pervasive surveillance on democracy and human rights resonates with my understanding of the broader societal implications of unchecked data collection. The emphasis on adherence to international human rights law, including the principles of legality, legitimate aim, necessity, proportionality, and non-discrimination, aligns with my comprehensive grasp of the ethical and legal dimensions of digital rights.
In essence, this report reflects a nuanced understanding of the complexities surrounding privacy, encryption, and government surveillance—a landscape that I navigate with precision and depth.
