Former NSA contractor Edward Snowden’s leaks of surveillance secrets have already prompted concerted efforts to reform spy laws in the United States. But now a burgeoning international attempt to rein in the mass surveillance is taking shape.
Led by the German government, a loose coalition of privacy chiefs from countries across the world is pushing to update an influential international human rights treaty that enshrines the right to privacy. German officials first wrote to their counterparts in other European Union countries with the proposal after Snowden’s revelations about the sweeping scope of spy programs operated by the NSA. They were seeking support for an attempt to protect citizens’ right to privacy in the Internet Age—and the effort is now beginning to gather momentum.
The intention is to draw up an additional protocol to the International Covenant on Civil and Political Rights, a 1966 multilateral treaty that is part of the Universal Declaration of Human Rights and is endorsed by more than 160 countries, including the United States. Article 17 of the ICCPR already states that citizens should not be “subjected to arbitrary or unlawful interference with [their] privacy, family, home or correspondence” and contains a vague so-called “general comment” that says the collection of information from computers must be “regulated by law.” But the German government wants to broaden and update Article 17, adding an additional protocol for the “digital sphere” that specifically covers the conduct of spy agencies. It may as well be named the “Snowden Protocol,” as it is being put forward as a direct result of the backlash sparked by the NSA whistle-blower’s disclosures.
Data protection chiefs in Austria, Hungary, Switzerland, and Lichtenstein were quick to back the plan, which the German government says was initially proposed in a letter it sent to other EU member states in July. On Tuesday, however, the proposal received a major boost at the International Conference of Data Protection and Privacy Commissioners in Warsaw, Poland. The annual conference was attended by a diverse selection of privacy and data protection officials from across the world, with representatives attending from countries including Japan, New Zealand, France, Slovenia, Uruguay, Belgium, Ireland, Finland, Spain, Australia, Germany, Burkina Faso, Canada, the United States, and the United Kingdom.
During a closed session at the conference open only to the privacy chiefs, a resolution was put forward for a vote on the proposal to update Article 17. They voted overwhelmingly in favor of the idea, recognizing a need to “create globally applicable standards for data protection and the protection of privacy in accordance with the rule of law.” Notably, only one country did not approve of the resolution: the United States. A representative from the Federal Trade Commission abstained. I sent an email to the FTC asking why it refused to endorse the proposal, but had not received a response at the time of publication.
At this point, the proposed Article 17 protocol is still a long way off. It will eventually need to be put forward at the United Nations and voted on by member states, and that could take time. But the growing appetite to amend the international treaty in light of the Snowden revelations is highly symbolic if nothing else, reflecting widespread concerns about the power of mass surveillance technology in the digital age to trample over basic universal privacy rights. Dutch data protection chief Jacob Kohnstamm, who also chairs the European Parliament’s working group on data protection issues, told me in a phone interview Wednesday that he believes there is a need for the U.N. to tackle the transparency and proportionality concerns raised by the surveillance programs. “One of the problems that we are facing is that there is no supra-national regulation,” Kohnstamm said.
Of course, even if an update to Article 17 of the ICCPR is eventually accepted by countries at the United Nations, there is no guarantee that it will have a substantive impact. The ICCPR is enforced by the U.N.’s Human Rights Committee, but its recommendations are not legally binding, making the committee mostly just a moral authority. As the various dragnet spying programs exposed by Snowden have shown, the United States, the United Kingdom, and the three other partners in the so-called “Five Eyes” network—New Zealand, Australia, and Canada—have for years ignored what international treaties and human rights law says about the right to privacy. However, the coalition led by Germany is at least trying to recognize that it is a problem to have intelligence agencies aggressively eavesdropping on millions of communications daily—and that is a significant development in itself.
In the meantime, more serious options are still on the table that could have a tangible impact on the spying in the shorter term. Several politicians in the European Parliament are pushing to suspend or radically reform data-sharing agreements with the United States, and angry leaders in countries like Brazil and Mexico, which were reportedly targeted for surveillance, may force the Obama administration to make assurances that it will cease or at least limit its politically-charged eavesdropping in these countries. On Obama’s home turf, too, the debate about snooping is still raging, with freshly proposed reforms seeking to rein in the scope of NSA surveillance.
Snowden said that his biggest fear about leaking the secret files was that “nothing will change.” But it seems clear at this point that he can rest easy, because change is already in motion.