In the light of recent events a number of civil society organisations participating in this Coalition meeting, call on governments who are members of the FOC to commit to:
- Recognize that they are responsible for protecting the human rights of all people online, not just those of their own citizens. FOC members should review their policies and practices to ensure that they adhere to this principle.
- Render any law, regulation, or legal interpretation related to monitoring and surveillance of online communications and connection accessible and foreseeable to the public. Secret law or secret interpretation is not valid law consented to by citizens.
- Make transparent the scope and nature of requests to service providers related to surveillance of online communications, and not prohibit public disclosure to users by these service providers.
- Improve understanding within national governments on the implications of surveillance for digital freedoms and the relations of trust between states and citizens.
The explosion of digital communications content and information about communications, or "communications metadata," the falling cost of storing and mining large sets of data, and the provision of personal content through third party service providers make State surveillance possible at an unprecedented scale. Broad collection of such information not only has a chilling effect on free expression and association; it threatens confidence in the internet as a safe platform for personal communications. It is therefore incumbent upon FOC members to extend and defend fundamental rights in ways that respond to this changing environment.
In taking this commitment forward, we urge FOC members to adopt, comply with, and implement the International Principles on the Application of Human Rights to Communications Surveillance published in June, 7, 2013 by civil society groups active in the FOC. These principles address the following:
- Legality: Any limitation on the right to privacy must be prescribed by law.
- Legitimate Aim: Laws should only permit communications surveillance by specified State authorities to achieve a legitimate aim that corresponds to a predominantly important legal interest that is necessary in a democratic society.
- Necessity: Laws permitting communications surveillance by the State must limit surveillance to that which is strictly and demonstrably necessary to achieve a legitimate aim.
- Adequacy: Any instance of communications surveillance authorized by law must be appropriate to fulfill the specific legitimate aim identified.
- Proportionality: Decisions about communications surveillance must be made by weighing the benefit sought to be achieved against the harm that would be caused to the users’ rights and to other competing interests.
- Transparency: States should be transparent about the use and scope of communications surveillance techniques and powers.
- Public oversight: States should establish independent oversight mechanisms to ensure transparency and accountability of communications surveillance.
- Integrity of communications and systems: States should not compel service providers, or hardware or software vendors to build surveillance or monitoring capabilities into their systems, or to collect or retain information. Any such backdoor or capability should be considered a vulnerability.
- Safeguards for international cooperation: Mutual Legal Assistance Treaties (MLATs) entered into by States should ensure that, where the laws of more than one State could apply to communications surveillance, the available standard with the higher level of protection for users should apply.
- Safeguards against illegitimate access: States should enact legislation criminalizing illegal communications surveillance by public and private actors with exceptions for security researchers.
Widespread, untargeted surveillence and data collection is not consistent with these principles.
For the full text of the Principles, please visit http://www.necessaryandproportionate.net/
These principles, the concept of privacy by design, and the international human rights framework should also be applied to the technical architecture of communications and surveillance systems, ensuring that technological and policy protections are developed in parallel.
We see the FOC as a platform for constructive multistakeholder global debate on these issues and look forward to working with the FOC to take substantive steps to advance the goals above and report back on progress made at the IGF in Bali and the 2014 FOC in Talinn.