As the year draws to a close, EFF looks back at the major trends influencing digital rights in 2012 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.
All things considered, 2012 was a terrible year for online privacy against government surveillance. How bad was it? States around the world are demanding private data in ever-greater volumes—and getting it. They are recognizing the treasure troves of personal information created by modern communications technologies of all sorts, and pursuing ever easier, quicker, and more comprehensive access to our data. They are obtaining detailed logs of our entire lives online, and they are doing so under weaker legal standards than ever before. Several laws and proposals now afford many states warrantless snooping powers and nearly limitless data collection capabilities. These practices remain shrouded in secrecy, despite some private companies’ attempts to shine a light on the alarming measures states are taking around the world to obtain information about users.
To challenge the sweeping invasions into individuals’ personal lives, we’re calling on governments to ensure their surveillance policies and practices are consistent with international human rights standards. We’re also demanding that governments and companies become more transparent about their use of the Internet in state surveillance.
Signs of Growing International Surveillance in 2012
- A new law in Brazil allows police and public prosecutors to demand user registration data from ISPs directly, via a simple request, with no court order, in criminal investigations involving money laundering. And, a new bill seeks to allow the Federal Police to demand registration data of Internet users in cases of crimes without the need of a court order nor judicial oversight.
- Colombia adopted a new decree that compels ISPs to create backdoors that would make it easier for law enforcement to spy on Colombians. The law also forces ISPs and telecom providers to continuously collect and store for five years the location and subscriber information of millions of ordinary Colombian users.
- Leaked documents revealed that the Mexican government shelled out $355 million to expand Mexican domestic surveillance equipment over the past year.
- The Canadian government put proposed online surveillance legislation temporarily "on pause" following sustained public outrage generated by the bill. The bill introduces new police powers that would allow authorities easy access to Canadians’ online activities, including the power to force ISPs to hand over private customer data without a warrant.
- The EU’s overarching data retention directive has become a dangerous model for other countries, despite the fact that several European Courts have declared several national data retention laws unconstitutional.
- Romania went ahead with adopting a new data retention mandate law without any real evidence or debate over the right to privacy, despite the 2009 Constitutional Court ruling declaring the previous data retention law unconstitutional.
- The German government is proposing a new law that would allow law enforcement and intelligence agencies to extensively identify Internet users, without any court order or reasonable suspicion of a crime. This year, more details were found on German State Trojan Program to spy on and monitor Skype, Gmail, Hotmail, Facebook and other online communications.
- The UK government was considering a draft Communications Data Bill that would extend the police’s access to individuals' email and social media traffic data. The UK ISPs will be compelled to gather the data and allow the UK police and security services to scrutinize it. On December, the UK Parliament Committee made clear that the draft Bill is unacceptable in its current form, and "tinkering around the edges" is not good enough. The bill is back to the drawing board for the Home Office.
- A Dutch proposal seeks to allow the police to break into foreign computers and search and delete data. If the location of a particular computer cannot be determined, the Dutch police would be able to break into it without ever contacting foreign authorities. Another Dutch proposal seeks to allow the police to force a suspect to decrypt information that is under investigation in a case of terrorism or sexual abuse of children.
- In Russia, several new legal frameworks or proposed bills enable increased state surveillance of the Internet.
- Australian law enforcement and intelligence agencies have continued to advance the false idea of the need for data retention mandates, mandatory backdoors for cloud computing services and the creation of a new crime for refusing to aid law enforcement in the decryption of communications.
- A controversy arose in Lebanon over revelations that the country's Internal Security Forces (ISF) demanded the content of all SMS text messages sent between September 13 and November 10 of this year, as well as usernames and passwords for services like Blackberry Messenger and Facebook.
- The Rwandan Parliament is discussing a bill that will grant the police, army and intelligence services the power to listen to and read private communications in order to protect "public security", the keyword often invoked to justify unnecessary human rights violations.
- Pakistan adopted a Fair Trial Bill authorizing the state to intercept private communications to thwart acts of terrorism. No legal safeguards have been built in to prevent abuse of power and the word "terrorism" has been poorly defined (a word that's often invoked to justify unnecessary human rights violations).
- RIM announced that they had provided the Indian Government with a solution to intercept messages and emails exchanged via BlackBerry handsets. The encrypted communications will now be available to Indian intelligence agencies.
- The Indian government approved the purchase of technological equipment to kickstart the National Intelligence Grid (NATGRID)—a project that seeks to link databases for ready access by intelligence agencies. The project is expected to facilitate "robust information sharing" by security and law enforcement agencies to combat terror threats.
EFF's international team and a coalition of civil society organizations around the world have drafted a set of principles that can be used by civil society, governments and industry to evaluate whether state surveillance laws and practices are consistent with human rights. In 2013, we will continue demanding that states adopt stronger legal protections if they want to track our cell phones, or see what web sites we’ve visited, or rummage through our Hotmail, or read our private messages on Facebook, or otherwise invade our electronic privacy. EFF will keep working collaboratively with advocates, lawyers, journalists, bloggers and security experts on the ground to fight overbroad surveillance laws. Our work will involve existing legislative initiatives, international fora, and other regional venues where we can have a meaningful impact on establishing stronger legal protections against government access to people’s electronic communications and data.