Report by Nils Muižnieks, commissioner for human rights at the Council of Europe, says ‘secret, massive and indiscriminate’ intelligence work is contrary to rule of law

The “secret, massive and indiscriminate” surveillance conducted by intelligence services and disclosed by the former US intelligence contractor Edward Snowden cannot be justified by the fight against terrorism, the most senior human rights official in Europe has warned.

In a direct challenge to the United Kingdom and other states, Nils Muižnieks, the commissioner for human rights at the Council of Europe, calls for greater transparency and stronger democratic oversight of the way security agencies monitor the internet. He also said that so-called Five Eyes intelligence-sharing treaty between the UK, US, Australia, New Zealand and Canada should be published.

“Suspicionless mass retention of communications data is fundamentally contrary to the rule of law … and ineffective,” the Latvian official argues in a 120-page report, The Rule of Law on the Internet in the Wider Digital World. “Member states should not resort to it or impose compulsory retention of data by third parties.”

As human rights commissioner, Muižnieks has the power to intervene as a third party in cases sent to the European court of human rights (ECHR) in Strasbourg. His report is published the week after the UK’s Investigatory Powers Tribunal (IPT) found that the legal regime governing mass surveillance of the internet by the monitoring agency GCHQ is “human rights compliant”.

In his report, Muižnieks wrote: “In connection with the debate on the practices of intelligence and security services prompted by Edward Snowden’s revelations, it is becoming increasingly clear that secret, massive and indiscriminate surveillance programmes are not in conformity with European human rights law and cannot be justified by the fight against terrorism or other important threats to national security. Such interferences can only be accepted if they are strictly necessary and proportionate to a legitimate aim.”

The civil liberties organisations which brought the claim in the IPT case are planning to appeal against the ruling to the ECHR - a case in which the commissioner could participate.

Muižnieks told the Guardian: ”I’m interested in weighing in on such cases about surveillance. Surveillance has gone beyond the bounds of the rule of law and democratic oversight needs to be more robust.

“We have seen examples where there’s a clear lack of oversight of security: the first was black sites, torture and rendition; the second was the revelations about mass surveillance. I want to influence the working of the court and its thinking.

“These recommendations [in the report] are my interpretation of basic human rights principles. The court often refers to my work in their judgments. There’s no substantial case law in internet-related issues so far.

“The UK is a country we are watching closely on these issues. It has a huge influence on whether or not the rule of law will prevail in the digital environment. All of these data sharing agreements should be as transparent as possible so we can assess the extent to which they are abiding by the law. Our right to privacy has been compromised on a regular basis and on a mass scale. I find that very worrying.”

Muižnieks said he expects to visit the UK next year and examine the UK’s record on surveillance. Asked about the IPT ruling, he commented: “I would note that very few complaints to this tribunal have been upheld in the last few years which raises many questions for me.”

He supported calls for publication of the so-called Five Eyes treaty that authorises intelligence sharing between the UK, US, Australia, Canada and New Zealand as a contribution to greater transparency. A case requesting its release has already been lodged at the ECHR.

His report contained a number of recommendations including:

• No states … European or otherwise, should access data stored in another country without the express consent of the other country or countries involved unless there is a clear, explicit and sufficiently circumscribed legal basis in international law for such access.

• Member states should ensure that their law-enforcement agencies do not obtain data from servers and infrastructure in another country under informal arrangements.

• [Countries] should stop relying on private companies that control the internet and the wider digital environment to impose restrictions that are in violation of the state’s human rights obligations.

• The activities of national security and intelligence agencies [should be brought within] an overarching legal framework. Until there is increased transparency on the rules under which these services operate their activities cannot be assumed to be in accordance with the rule of law.

• States should ensure that effective democratic oversight over national security services is in place. For effective democratic oversight, a culture of respect for human rights and the rule of law should be promoted, in particular among security service officers.

The Council of Europe, which has 47 member states including the UK, Russia and Turkey, is the body that oversees the European court of human rights in Strasbourg.