This is the seven article of our Spies Without Borders series. The series looks into how the information disclosed in the NSA leaks affects Internet users around the world whose private information is stored in U.S. servers, or whose data travels across U.S. networks.
As news of the alarmingly broad reach and scope of the U.S. surveillance program reverberates around the globe, we call for a global dialogue on the increased capacity of States around the world to conduct sweeping extra-territorial surveillance from domestic soil. While international public outrage has justifiably decried the scope and reach of U.S. broad surveillance on foreigners, the fact that the U.S. government has carte blanche surveillance powers over foreigners is not new.
In truth, U.S., foreign intelligence has always had nearly limitless legal capacity to surveil foreigners because domestic laws and protections simply don't cover that activity. So while this isn't a new problem, it has been exacerbated as the U.S. has enjoyed a dramatic increase in practical capacity to gather and analyze data that has not been matched with an increase in legal protections. In this context, we asked Korea University Law School Professor Kyung Sin (“K.S.”) Park, Open Net, South Korea to provide his views on the matter.
Note: This is a guest blogpost. We do not necessarily endorse the views expressed nor have we checked the facts asserted.
A Call for Global Dialogue on Principles on “Cross-Border” Surveillance (and Korean PRISM?)
By Professor Kyung Sin (“K.S.”) Park, Open Net
What procedural safeguards shall we demand from our government agencies conducting communications surveillance on people in other countries, regardless of where the surveillance is taking place? Unbeknownst to many, this is the question exposed bare by the recent controversy surrounding PRISM, a scheme of warrantless or secret-warrant-based surveillance taking place within U.S. on people in and outside the U.S., and we need a global dialogue in answering this question, which is more intractable than one may think
Yes, in the ideal world governed by me, I might make many changes to the current system. In an ideal world, maybe we could outlaw all wars and military actions. We could also ban all domestic or foreign surveillance, except under warrants carefully crafted by an independent judiciary wholly disinterested in making surveillance a practice. In fact, in such a world, we could also dissolve all national borders.
But we do not live in that ideal world. In this real world, it is surprisingly not clear what international norms should govern an answer to a question like: Should the agents of MI6, CIA, and KNIS (Korean National Intelligence Service) obtain normal court warrants to wiretap or eavesdrop on their respective potential enemies or on one another? Lack of such norms allowed the US to set up FISA more than 30 years ago, to allow warrantless or secret-warrant domestic surveillance on foreign agents in the US. Moreover, with the advent of the global communication system that is the Internet, US surveillance systems were enabled to access a vast trove of communication information of foreigners in and outside the US. Yet when it comes to outside the U.S., even FISA does not apply, meaning that there seems to be no restriction. Indeed, there is no international principle on cross-border communication surveillance, i.e., state surveillance on people residing outside that state’s territory, regardless of where the information is intercepted.
Maybe, for this reason, we have yet to see American civil society demanding full dismantling of the FISA system. American civil society’s immediate concern has been justifiably local: that the U.S. used FISA wiretapping against their own citizens or residents who are not foreign agents, as proven by the recently leaked court order requiring disclosure of millions of Verizon users, unavoidably people on American soil and mostly innocent given the sheer number. Also, the U.S. is now suspected of sharing the PRISM data with several countries of mainly Anglo or Germanic ancestry. People of these countries certainly should protest against such sharing which allows their governments to sidestep all the domestic due process of law, warrant and what not, in achieving surveillance on their own people. So, Americans and their “allies” already have enough to be angry about.
But, how about the rest of us such as Koreans, with whom the U.S. supposedly has not shared the PRISM data? For one, if we non-Americans are to be angry for the same reason that Americans are angry about FISA and PRISM, our civic anger should be first directed towards our own governments, conducting surveillance on our “own citizens.” In Korea of 2011, a total population of 50 million, 7,167 phone numbers were wiretapped, 37.3 million phone numbers’ (or email addresses’ or internet ids’) communication metadata were turned [Korean] over to the police, and users’ identity on 5.84 million phone numbers’ or internet ids were turned over. Per capita, the number of Korea’s wiretaps is about 15 times the U.S. (2,732) in the same period. Yes, the laws are in place and do require, as other developed countries do, a super-warrant for wiretapping and a certificate of “need to investigate” for acquiring communication metadata but the sting of the numbers is exactly in that law: More than half the total population of Korea “needed to be investigated”? The numbers only account for the ostensibly domestic surveillance, on top of which, Asian constituents should also worry whether their own foreigner-targeting intelligence agencies are actually targeting their domestic citizens. So, certainly, non-Americans shocked by PRISM should also take a sane look at whether they all have their own PRISMS. (Just last week, the Korean Police even set up a ‘backdoor’ with major telcos for metadata[Korean]. Now automated, only God knows how many phones will be metadata-searched.)
At the same time, for this to be a learning process for everyone including Americans, countries that attained that data, and the rest of the world outside the loop, we should begin a global discussion on the question: can we make intelligence agents targeting foreign nationals act under legal procedures protecting the rights of people to whom the agents are not politically accountable? To put it bluntly, since these intelligence agencies are the creatures of our democratically elected governments, how much should we allow ourselves to snoop on one another across the borders? Should they obtain warrants from courts?
Now, of course, before answering, we should take in the weight of these questions because answers to them will determine the fate of all secretive overseas intelligence-gathering agencies including NSA. It is surprisingly a difficult question. I conjecture that the difficulty comes from the fact that, whereas a warrant is valuable because it is issued by an official independent from the success of the investigation and yet politically accountable to the people under surveillance. For obvious reasons, there cannot be such official for cross-border surveillance.
At any rate, there is a quick way to jumpstart such global dialogue. Open Net, EFF, Privacy International, Access Now, and many other digital rights groups have engaged in an effort past few months to write down the international human rights principles applicable to all forms of communications surveillance. Yes, the International Convenant on Civil and Political Rights (ICCPR) already protects privacy but communications privacy presents special issues because communications are on one hand human actions traversing often large expanses of time and space vulnerable and arguably open to interceptions, and on the other hand carry the messages, the results of the communicators’ personal thoughts. We just need more of you to participate in this process to decide on the territorial scope of these Principles, which will also set the restrictions on cross-border communications surveillance.
EFF will continue blogging about the impact of the NSA leaks on Internet users abroad in our Spies Without Borders series.