Privacy Principles for Surveillance in the Digital Age

CIPPIC has joined over 120 civil society groups from around the world in endorsing a set of principles (FR) geared towards re-asserting what it means to protect privacy and associated human rights in light of increasing state surveillance capacities. Over the past several years, several gaps and cracks have developed in constitutional privacy frameworks around the world, which have simply not kept up with technological advances. Slipping through these cracks, government monitoring has grown to exponential proportions, as highlighted most recently and dramatically by a string of revelations regarding the unchecked surveillance programs operated by several foreign intelligence agencies in Canada and around the world. Over the past year, CIPPIC has worked with a number of civil society groups including the Electronic Frontier Foundation, Privacy International and Access to develop these principles as a means of addressing several of these shortcomings.

As detailed below, the Principles collectively call for:

Transparency in Surveillance. The basis and interpretation of surveillance powers must be on the public record, and rigorous reporting and individual notification obligations are required;
Technical Neutrality. It is no longer acceptable to rely on artificial technical distinctions such as 'content' or 'non-content' as a basis for harvesting mass amounts of personal information;
Proportionality & Due Process. It is time to re-assert what has historically been the primary vehicle for preventing electronic surveillance from getting out of hand: prior authorization by an independent judicial entity based on a determination that the surveillance is highly likely to provide evidence that will address a serious harm;
Formalized Trans-Border Access. All access to any data of any individual must occur in a manner that is consistent with these Principles. It is no longer acceptable to bypass domestic privacy protections by relying on secretive and informal information sharing arrangements with foreign states, on voluntary cooperation by private international companies, or by treating individuals as though they lack privacy rights simply because they live in another country.

It is time to turn back the surveillance tide. If your organization is interested in endorsing these principles or in learning more, please email: rights@eff.org.

Transparency in Surveillance: Privacy-invasive activities must be based on publicly described powers that are clear and detailed enough so that individuals can foresee the conditions under which privacy invasion will occur; individuals must be notified as soon as possible once their privacy has been invaded; aggregate and detailed public reporting on all state surveillance activities is a must. This will prevent scenarios where state agencies are able to benefit from one-sided and secret interpretations of legal ambiguities as a means of expanding the reach of their surveillance powers and effectively insulating them from adversarial challenge. In addition, the principles envision "sufficient and significant" protection for whistleblowers -- an important mechanism for ensuring transparency in surveillance -- as well civil and criminal penalties that provide enough sting to ensure illegal surveillance does not occur.

Technical Neutrality: Individuals cannot be robbed of their right to live free of state scrutiny on the basis of arbitrary definitions based on technical delivery mechanisms inherent in digital networks, such as whether the information is under the control of a third party (as almost all online data is); whether the 'content' of communications is sought or not (as the metadata that surrounds this 'content' in Internet transactions can be equally or more revealing of people's lives); whether the information is artificially categorized as 'subscriber information' (as identifying the computer behind an IP address is the key to vast amounts of otherwise anonymous online activity); or whether a particular item of information, analyzed in isolation, is not revealing, but has the capacity to reveal highly private information if collected systematically or pervasively, or if connected with other readily available information (an IP address, for example, may not reveal much in isolation but if left completely unprotected, indiscriminate collection and retention of all IP addresses can transform the Internet into a tool of mass surveillance).

Proportionality and Due Process: Given the invasive nature of electronic surveillance, it should not be frivolously undertaken for trivial means and should always be narrowly tailored. As Justice La Forest noted in R. v. Duarte: "one can scarcely imagine a state activity more dangerous to individual privacy than electronic surveillance." Therefore, in an investigative context, electronic surveillance can only occur subject to an independent, objective and competent authority determination that the invasion is highly likely to reveal evidence of a serious offence; where this determination occurs before privacy is invaded, except in instances of immediate emergency (as retroactive authorization has been greatly abused in the past); and that no more information should be accessed than is strictly necessary for the specific purpose for which the invasion was authorized (given that data is now highly centralized, a tailored invasion for a specific purpose can easily become an expedition, as vast amounts of data are swept into plain sight once access has been granted).

Formalize Trans-Border Access: Domestic data storage is rapidly becoming a thing of the past, and states are discovering new and creative ways to access data on computers stored around the world. This means, however, that data is often under the control of third parties in foreign countries and can generally be accessed under foreign laws. The Principles seek to address this issue by ensuring that trans-border access to data occurs through frameworks formalized in state to state agreements; that, where more than one law may facilitate access to data, the higher level of protection will be applied and trans-border access will not be used as a means of circumventing domestic protections; that voluntary cooperation by private parties will no longer occur and states will not be able to rely on the voluntary cooperation of private parties as a means of bypassing domestic protections, subject to criminal sanctions for those who permit or carry out illegitimate access; and by ensuring that the protections offered by these principles is applied to all individuals, whether they are based domestically or not (any access to the information of any individual can only occur in a manner consistent with their specific requirements of the Principles).

A summary of the principles in English and French can be found below. The full set of principles can be found at https://en.necessaryandproportionate.org and https://fr.necessaryandproportionate.org/.


Légalité: Toute limitation au droit à la vie privée doit être fixée par la loi.	Legality: Any limitation on the right to privacy must be prescribed bylaw.
Objectif légitime: Les lois doivent seulement autoriser la surveillance des communications par des autorités étatiques identifiées afin d’atteindre le but légitime qui correspond à un intérêt légal essentiel, nécessaire dans une société démocratique.	Legitimate Aim: Laws should only permit communications surveillance byspecified State authorities to achieve a legitimate aim thatcorresponds to a predominantly important legal interest that isnecessary in a democratic society.

Nécessité: Les lois autorisant la surveillance des communications par l’État doivent limiter la surveillance à ce qui est strictement et manifestement nécessaire au but légitime.
Necessity: Laws permitting communications surveillance by the Statemust limit surveillance to that which is strictly and demonstrably necessary to achieve a legitimate aim.
Pertinence: Tout cas de surveillance des communications autorisé par la loi doit concourir à la réalisation du but légitime spécifique identifié.	Adequacy: Any instance of communications surveillance authorised bylaw must be appropriate to fulfill the specific legitimate aim identified.
Proportionnalité: Les décisions concernant la surveillance des communications doivent assurer un équilibre entre les bénéfices recherchés et les atteintes aux droits des utilisateurs et des intérêts en présence.	Proportionality: Decisions about communications surveillance must bemade by weighing the benefit sought to be achieved against the harmthat would be caused to users’ rights and to other competing interests.
Autorité judiciaire compétente: Les décisions concernant la surveillance des communications doivent être prises par une autorité judiciaire compétente impartiale et indépendante.	Competent judicial authority: Determinations related to communications surveillance must be made by a competent judicial authority that isimpartial and independent.
Procédure équitable: Les États doivent respecter et garantir le respect des droits fondamentaux de chaque individu en s'assurant que des procédures légales régissant les atteintes aux droits de l’homme sont correctement édictées par la loi, systématiquement appliquées, et mise à disposition du public.
Due process: States must respect and guarantee individuals' human rights by ensuring that lawful procedures that govern any interferencewith human rights are properly enumerated in law, consistently practiced, and available to the general public.
Notification à l’utilisateur: Les individus doivent se voir notifier toute décision autorisant la surveillance de leurs communications dans un délai suffisant et avec assez d’informations pour leur permettre de faire appel
de la décision, et doivent avoir accès à tous les documents présentés pour soutenir la demande d’autorisation.
User notification: Individuals should be notified of a decision authorising communications surveillance with enough time and information to enable them to appeal the decision, and should haveaccess to the materials presented in support of the application for authorisation.
Transparence: Les États doivent faire preuve de transparence à l’égard de l’utilisation et de l’étendue des techniques et des possibilités de surveillance des communications.
Transparency: States should be transparent about the use and scope ofcommunications surveillance techniques and powers.
Contrôle public: Les États doivent établir des mécanismes de contrôle indépendants afin de garantir la transparence et la redevabilité dans le cadre de la surveillance des communications.
Public oversight: States should establish independent oversight mechanisms to ensure transparency and accountability of communications surveillance.
Intégrité des communications et des systèmes: Les États ne doivent pas contraindre les fournisseurs de services et les vendeurs de matériel informatique ou de logiciel à développer au sein de leurs systèmes des capacités de surveillance ou de contrôle, ou à collecter ou à stocker des informations.	Integrity of communications and systems: States should not compel service providers, or hardware or software vendors to build surveillance or monitoring capabilities into their systems, or to collect or retain information.

Garanties relatives à la coopération internationale: Les traités d’assistance judiciaire mutuelle en vigueur entre les États doivent garantir qu'en matière de surveillance des communications la loi applicable soit celle présentant le plus haut degré de protection.
Safeguards for international cooperation: Mutual Legal Assistance Treaties (MLATs) entered into by States should ensure that, where the laws of more than one State could apply to communications surveillance, the available standard with the higher level of protection for users should apply.
Garanties relatives à l’accès illégitime: Les États doivent adopter une législation criminalisant la surveillance illégale des communications par des acteurs publics ou privés.
Safeguards against illegitimate access: States should enact legislation criminalising illegal communications surveillance by public and private actors.