Cyberspying under attack from all sides as ECJ and UN lose patience

27 Mar 2015

A day after the European Court of Justice (ECJ) revealed Safe Harbour for what it is – ridiculous – the UN has agreed to appoint a special investigator to look into digital spying and violations of online privacy.

Yesterday the UN Human Rights Council unanimously decided to get a new ‘UN special rapporteur’ amid the shadows of the current Europe v Facebook case seen by the ECJ.

A Brazil and Germany-backed resolution looked to respond to concerns over electronic surveillance and wide-reaching, largely illegal interception digital communications.

“States must respect international human rights obligations regarding the right to privacy when they intercept digital communication of individuals and/ or collect personal data,” Brazil’s ambassador Regina Dunlop told the Council in presenting the resolution.

During the debate, Russia’s delegation criticised mass surveillance by the US, before everyone signed on to the agreement, commissioning the rapporteur (expert) to review government policies on intercepting and collecting our data.

Private parade

Interestingly, the as yet un-hired expert will also examine private sector responsibilities to respect human rights under the “Protect, Respect, Remedy framework” of the UN Guiding Principles for Business and Human Rights (according to Human Rights Watch) in the specific context of digital information and communication technology.

It’s important to be fair to those private sector actors we all think of in this case, those like Facebook, Google, Microsoft etc. Based in the US, they are essentially at the mercy of immensely powerful laws such as the Patriot Act and the Foreign Intelligence Surveillance Act.

The US has created a global political environment whereby if you’re not tracking absolutely everybody, all the time, then you are unsafe. It’s ludicrous, but it’s their reality now. So, the US reaps whatever possible from companies charged with protecting your personal information.

What’s worse, you may never be told that your information has been compromised, as there are privacy rules with regards many of these charges against US businesses.

Two years in the making

But a full two years after Edward Snowden told us what we should have already known – that being the incredibly broad reach of the NSA and GCHQ in terms of metadata collection – things appear to be finally coming into focus, with action being taken.

Last month a tribunal in the UK called the GCHQ’s snooping on citizens, using information made available through a partnership with the NSA, as entirely unlawful.

And only this week Max Schrems was in the ECJ for the case he brought, which now relates to Facebook, Safe Harbour, PRISM – an NSA powered mass surveillance project uncovered by Snowden – and Ireland’s Data Protection Commissioner.

And now the UN is making a move to get in on the act in a global perspective. “The appointment of a UN expert on privacy in the digital age means that we now have someone to watch those that are watching us,” Donahoe said.

However, it’s not all going to change overnight. Not when news emerges such as that from the ECJ this week.

Close your Facebook, crybabies

Schrems’ case, arguing that his personal data, logged in Austria into Facebook Europe, which is headquartered in Ireland, should not be sent to the US as part of the superpower’s greed for metadata, he has since revealed much about the EU’s (and Ireland’s) poor protection of its constituents.

Indeed during the European Commission’s testimony to the ECJ (tweeted out by Schrems throughout), it admitted that it “could not confirm adequate protection” of its citizens’ information.

That, surely, renders the Safe Harbour agreement as obsolete. Indeed the court responded by saying the Commission must, therefore, prohibit transfers.

Yet that ‘revelation’ is largely overshadowed by some sage advice passed down from the Commission with regards how people can keep their data secure.

“If you don’t want your data to go to the US, close your Facebook.”

And so, we are protected Europe. All we have to do is acquiesce to rules about where we can be protected. Which is essentially anywhere that the US and EU have yet to reach agreement on. And those places are running out.

Thanks. For. That.

Cyber law image via Shutterstock

Gordon Hunt was a journalist with Silicon Republic