7th Hearing of the LIBE Inquiry on Mass Surveillance of EU Citizens

14 October 2013 Volha attended the 7th Hearing of the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) Inquiry on Mass Surveillance of EU Citizens that took place in Brussels.

The inquiry itself was mandated by European Parliament resolution of 4 July 2013 on the US National Security Agency (NSA) surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ privacy (2013/2682(RSP) (http://www.europarl.europa.eu/meetdocs/2009_2014/documents/ta/04/07/2013%20-%200322/p7_ta-prov(2013)0322_en.pdf).

Mass Surveillance LIBRE Brussels October2013

The resolution, inter alia, instructed LIBE:
“to conduct an in-depth inquiry into the matter in collaboration with national parliaments and the EU-US expert group set up by the Commission and to report back by the end of the year, by:

  1. gathering all relevant information and evidence from both US and EU sources (fact-finding);
  2. investigating the alleged surveillance activities of US authorities as well as any carried out by certain Member States (mapping of responsibilities);
  3. assessing the impact of surveillance programmes as regards: the fundamental rights of EU citizens (in particular the right to respect for private life and communications, freedom of expression, the presumption of innocence and the right to an effective remedy); actual data protection both within the EU and for EU citizens outside the EU, focusing in particular on the effectiveness of EU law in respect of extraterritoriality mechanisms; the safety of the EU in the era of cloud computing; the added value and proportionality of such programmes with regard to the fight against terrorism; the external dimension of the area of freedom, security and justice (assessing the validity of adequacy decisions for EU transfers to third countries, such as those carried out under the Safe Harbour Agreement, international agreements and other legal instruments providing for legal assistance and cooperation) (damage and risk analysis);
  4. exploring the most appropriate mechanisms for redress in the event of confirmed violations (administrative and judicial redress and compensation schemes);
  5. putting forward recommendations aimed at preventing further violations, and ensuring credible, high-level protection of EU citizens’ personal data via adequate means, in particular the adoption of a fully-fledged data protection package (policy recommendations and law-making);
  6. issuing recommendations aimed at strengthening IT security in the EU’s institutions, bodies and agencies by means of proper internal security rules for communication systems, in order to prevent and remedy unauthorised access and the disclosure or loss of information and personal data (remedying of security breaches)”.

Mass Surveillance LIBRE Inquiry

The focus of the 7th hearing was “on the question of whether the alleged surveillance activities would, if confirmed, be in violation of law, whether at international, Council of Europe, EU or national level” (LIBE, 2013).

In addressing this question, the hearing distinguished between four types of alleged surveillance issues “(i) the NSA mass surveillance of EU citizens / legal entities in terms of electronic or phone communications, (ii) its spying on Member States’ embassies and EU institutions, bodies, offices and agencies, (iii) the cooperation of Member States’ authorities in the aforementioned programs and/or access to the data produced in result, as well as (iv) the surveillance activities conducted by Member States themselves” (LIBE, 2013).

The discussion was informed by expert testimonies. Thus, Prof. Martin Scheinin, Former UN Special Rapporteur on the promotion and protection of human rights while countering terrorism, Leader of the FP7 project “SURVEILLE”, stated that “both the United States and the United Kingdom have been involved, and continue to be involved, in activities that are in violation of their legally binding obligations under the International Covenant on Civil and Political Rights [ICCPR] of 1966”, in particular, Article 17. He suggested that in evaluating the lawfulness of these activities and any other privacy interferences under the ICCPR, the following criteria could be used:”

  1. Any restrictions must be provided by the law;
  2. The essence of a human right is not subject to restrictions;
  3. Restrictions must be necessary in a democratic society;
  4. Any discretion exercised when implementing the restrictions must not be unfettered;
  5. For a restriction to be permissible, it is not enough that it serves one of the enumerated legitimate aims; it must be necessary for reaching the legitimate aim;
  6. Restrictive measures must conform to the principle of proportionality; they must be appropriate to achieve their protective function; they must be the least intrusive instrument amongst those which might achieve the desired result; and they must be proportionate to the interest to be protected; and
  7. Any restrictions must be consistent with the other rights guaranteed in the Covenant”.

Prof. Scheinin further explained that, in terms of the redress mechanisms available under the ICCPR, given that neither the US nor the UK accepted the right of individual complaints, the only two options include inter-state complaints (a procedure that has never been invoked before, but there is a good reason why it should be considered in this instance) and examination of state periodic reports by the Human Rights Committee.

European Court of Human Rights (ECtHR) Judge Bostjan Zupančič, speaking in personal capacity, pointed out that, first, the ECtHR has never considered a case on mass electronic surveillance; and, second, because it is based on complementarity principle, it can only consider cases once the national remedies have been exhausted. This means that EU citizens should bring their cases to national courts first. Furthermore, unlike some national courts, the ECtHR does not have the power to strike down a relevant piece of legislation (e.g., if it finds it to be unconstitutional). However, one of the difficulties with the current case of mass surveillance is that national systems are elements of a wider assemblage of surveillance programmes.

In response to a question by Jan Philipp Albrecht (MEP) as to what can be done in cases when there may not be possible to have full evidence of infringements due to secrecy, Judge explained that under such circumstances it is not necessary to demonstrate that one is affected directly, rather it is sufficient to demonstrate that it is probable.

In his presentation Douwe Korff, Professor of International Law (London Metropolitan University, UK), argued that “[i]ndiscriminate mass surveillance of everyone’s e-communications, without any individualised suspicion of criminal or subversive activities, and effectively without time-limit, is fundamentally contrary to the substantive legal principles adduced by the ECtHR in relation to national security surveillance”. More specifically, as far as the European data protection framework was concerned, he held that “[c]ontinuous interception and “buffering” of all traffic going through the fibre-optic cables carrying large portions of European (and global) Internet traffic (as is apparently done by NSA and GCHQ), for ill-defined purposes, without any individualised suspicion or targeting, is impossible to square with the basic data protection principles”.

He further argued for the national security exemption to be minimised, and pointed out that states cannot have it both ways in wanting to combat terrorism together, but, when criticised, invoking national security exemption to protect themselves.

Mass Surveillance Parliament

According to LIBE (2013), “[a] number of court cases have been initiated in different EU Member States (France, Ireland, Luxembourg, Germany, Netherlands and UK), ever since the alleged NSA activities, as well as some national ones, were made public”.

The two cases presented at the 7th hearing were:

  • complaint against X to the Tribunal de Grand Instance of Paris, for several crimes concerning unauthorised access and use of personal data, following the revelations made by Edward Snowden, submitted by La Fédération Internationale des Ligues des Droits de l’Homme and La Ligue française pour la défense des droits de l’Homme et du Citoyen; and
  • complaint before the European Court of Human Rights, which concern alleged violation of Article 8 ECHR by the UK government, due to the latter’s involvement in NSA activities as well as its own Tempora programme, lodged by Big Brother Watch with English PEN, Open Rights Group and Dr Constanze Kurz.

In his presentation of the case, Nick Pickles, Director of Big Brother Watch, suggested that recent revelations about the surveillance programmes demonstrated two things in particular: first, that “the scale and nature of surveillance is far beyond what has ever been publicly acknowledged or legislated for, whether the en masse collection of content through the Tempora programme or the work through Bullrun to undermine the encryption that protects our bank accounts, personal details and online transactions”; and, second, that “where surveillance powers have been granted, they have been exploited with regard to the internet to a degree that few would recognise as features of a civil society and oversight mechanisms have proved woefully ill equipped to perform their tasks”.

He also pointed out that, despite a lack of public debate on these issues in the UK, it would be wrong to suggest that “the British public is not concerned by these revelations”, as, for instance, their appeal to contribute to the costs of their legal action received an overwhelming public response. He also pointed out that, while the Intelligence and Security Committee of the UK Parliament examined PRISM, they did not examine the Tempora, which forms an important element of the case that Big Brother Watch et al. are taking to the ECtHR, the main argument being that “the reported activities of GCHQ constitute a violation of Article 8 of the ECHR [European Convention on Human Rights”.

Overall, the experts told the 7th LIBE hearing that “[m]ass storage of EU citizens’ personal data clearly contravenes international, Council of Europe and EU laws” (LIBE, 2013).

Meeting documents are available at:
http://www.europarl.europa.eu/meetdocs/2009_2014/organes/libe/libe_20131014_1500.htm