Decisive report on surveillance shakes up debate in Europe

A waterfall it was: review of intelligence agency oversight; an intelligence codex and a right to asylum for whistleblowers. These were the cornerstones of a report passed on 26 January 2015 the Council of Europe (CoE) in Strasbourg. By the Legal and Human Rights Committee of the Parliamentary Assembly (PACE) of the CoE, to be precise. The document touches upon the hot issue of encryption, advocating mass encryption as a near future remedy against mass surveillance. Creating backdoors and weakening security to allow for continued mass surveillance is not only violating human rights, it is outright dangerous, it concludes.

“I am fighting this cause because in fighting terrorism it is harmful when you create backdoors, because when you create backdoors you create backdoors into your own security and it is one thing if, let’s say, the NSA is snooping, but what if ISIS is doing it?“ said rapporteur Pieter Omtzigt of the Dutch Christian Democratic Appeal Party. In accordance to the position of his (conservative) party, Omtzigt at the same time does not want to rule out access to encrypted communication where deemed necessary and proportionate by a court.

Mass surveillance evident and harmful

Omtzigt’s report, now sent on to the plenary of the 47 member state body (CoE), is harsh in its condemnation of mass surveillance by the services of the Five Eyes alliance (composed of Australia, Canada, New Zealand, the United Kingdom and the USA) and, on a smaller scale, other partner services. The fourty-page report lists many of the NSA programmes and details individual attacks on EU and international institutions. It also takes an American law firm representing a foreign government in a trade dispute with the United States.

The many programmes revealed to date were not only used against those who pose a threat to national security or against individuals regarded as extremist by the NSA, the report reads. The NSA has also targeted system administrators working at phone and internet service providers only to gain access to the communications processed by the respective company. In summary, “the disclosures have provided compelling evidence of the existence of far-reaching, technologically advanced systems put in place by US intelligence services and their partners in certain Council of Europe member states to collect, store and analyse communication data, including content, location and other metadata, on a massive scale, as well as targeted surveillance measures encompassing numerous persons against whom there is no ground for suspicion of any wrongdoing,“ the report insists.

The practices were “endangering” the rights to privacy (Article 8, European Convention on Human Rights (ECHR)), freedom of information and expression (Article 10, ECHR), the rights to a fair trial (Article 6, ECHR) – because of the use of data generated by the surveillance apparatus - and freedom of religion (Article 9), “especially when privileged communications of lawyers and religious ministers are intercepted and when digital evidence is manipulated”. The infringement of such fundamental rights “without adequate judicial control also jeopardizes the rule of law”.

The Committee of Ministers should, according to the recommendations by the Council of Europe Committee, not only review its own respective legislation but also push for respect of the ECHR through the ongoing trade and data transfers agreement negotiations, the Legal Committee recommends.

Crypto wars

For the time being, pervasive end-to-end encryption and decentralisation is described by the Legal Committee as the “only available defense” as all legal review, update and international convention measures will take more time. By addressing encryption, the PACE dives head on into the ongoing debate about the need to ban encryption or allow it only under the condition that keys can be retrieved. Omtzigt said, he certainly did not want to rule out access to encrypted material. “At the same time I do not want to have millions of keys lying around. I disagree with the proposals made recently by various countries,” he said. He expected the plenary to look into that issue in greater detail.

The crypto debate was also on stage in the Civil Liberties, Justice and Home Affairs Committee of the European Parliament on 27 January. Discussing the counter-terrorism measures of the European Union after the murder of 17 journalists and citizens in Paris, the EU Counter-terrorism Coordinator Gilles de Kerchove said that many of the big US internet platform providers had reacted to the Snowden revelations by encrypting traffic. “I have been told that they use such sophisticated encryption that we now are practically blind,“ Kerchove claimed, “for example with regard to Skype and WhatsApp, we can do nothing.“ Potential steps on encryption are expected to be discussed at the upcoming meeting of the EU Justice and Home Affairs Ministers in Riga tomorrow, 29 January.

The first shot at hard end-to-end encryption came from British Premier David Cameron, earlier this month. There had been crypto wars before. The US had tried to ban the export of encryption by its companies before 2005. China had asked for some encryption to be registered with a special office. The current debate could result in obligations for the big platform providers to store and give access to keys when asked by the authorities, Chaos Computer Club activist Frank Rieger just warned in an editorial (in German).

If the political bodies in charge will go along, is open, even if some MEPs yesterday in Brussels clearly stated their opposition. As long as the European Commission and member states don’t come up with information about how that would make her voters more secure, Liberal politician Sophie In't Veld said during the debate with Kerchove that she was not prepared to vote for weakening encryption. Members of the Socialist Party and the Greens all questioned the calls for weakening encryption. Forcing access to encrypted communication would also “give access to the bad guys“, Jean-Marie Guéhenno, CEO of the International Crisis Group said in a debate with MI6 boss John Sawers over the weekend at the World Economic Forum. This just illustrates the level of the crypto debate.

International agreements: intelligence codex and Digital Arms Convention

With regard to next steps on mass surveillance, at least some politicians are not prepared to go back to business as usual. The PACE report includes a recommendation to the ministers of the 47 Council of Europe member states to negotiate an intelligence codex that could include self-obligations to focus on anti-terrorism and serious crimes, not engage in economic espionage, refrain using mass data collection and filtering and, to not force telecom and internet providers to allow for blanket access to their networks and data.

Other ideas for potential international agreements are currently considered, among other by German Pirate Party Member Angelika Beer, who called for a Digital Arms Convention similar to the existing conventions on A-, B- and C-weapons.

Certainly these kind of initiatives look like many-year exercises. The clash on encryption though, is imminent.