See related documents
Resolution 2045 (2015)
1. The Parliamentary Assembly is deeply concerned about the mass surveillance practices that have been disclosed since June 2013 by journalists to whom a former United States National Security Agency (NSA) contractor, Mr Edward Snowden, had entrusted a large amount of top secret data establishing the existence of mass surveillance and large-scale intrusion practices hitherto unknown to the general public and even to most political decision makers.
2. The information disclosed so far in the Snowden files has triggered a massive, worldwide debate about mass surveillance by the intelligence services of the United States and other countries and the potential lack of adequate legal regulation and technical protection at national and international levels, and/or their effective enforcement.
3. The disclosures have provided compelling evidence of the existence of far-reaching, technologically advanced systems put in place by United States intelligence services and their partners in certain Council of Europe member States to collect, store and analyse communication data, including content, location and other metadata, on a massive scale, as well as targeted surveillance measures encompassing numerous people against whom there is no ground for suspicion of any wrongdoing.
4. The surveillance practices disclosed so far endanger fundamental human rights, including the rights to privacy (Article 8 of the European Convention on Human Rights (ETS No. 5)), freedom of information and expression (Article 10), a fair trial (Article 6) and freedom of religion (Article 9) – especially when confidential communications with lawyers and religious ministers are intercepted and when digital evidence is manipulated. These rights are cornerstones of democracy. Their infringement without adequate judicial control also jeopardises the rule of law.
5. The Assembly is deeply worried about threats to Internet security by the practices of certain intelligence agencies, disclosed in the Snowden files, of seeking out systematically, using and even creating “back doors” and other weaknesses in security standards and implementation that could easily be exploited by terrorists and cyberterrorists or other criminals.
6. It is also worried about the collection of massive amounts of personal data by private businesses and the risk that these data may be accessed and used for unlawful purposes by State or non-State actors. In this context, it should be underlined that private businesses should respect human rights pursuant to the Resolution 17/4 on human rights and transnational corporations and other business enterprises, adopted by the United Nations Human Rights Council in June 2011.
7. The Assembly unequivocally condemns the extensive use of secret laws and regulations, applied by secret courts using secret interpretations of the applicable rules, as this practice undermines public confidence in the judicial oversight mechanisms.
8. The consequences of mass surveillance tools such as those developed by the United States and allied services falling into the hands of authoritarian regimes would be catastrophic. In times of crisis, it is not impossible for executive power to fall into the hands of extremist politicians, even in established democracies. High-technology surveillance tools are already in use in a number of authoritarian regimes and are used to track down opponents and to suppress freedom of information and expression. In this regard, the Assembly is deeply concerned about recent legislative changes in the Russian Federation which offer opportunities for enhanced mass surveillance through social networks and Internet services.
9. In several countries, a massive “surveillance-industrial complex” has evolved, fostered by the culture of secrecy surrounding surveillance operations, their highly technical nature and the fact that both the seriousness of alleged threats and the need for specific counter-measures and their costs and benefits are difficult to assess for political and budgetary decision makers without relying on input from the interested groups themselves. There is a risk that these powerful structures could escape democratic control and accountability and threaten the free and open nature of our societies.
10. The Assembly notes that the law in most States provides some protection for the privacy of their own citizens, but not that of foreigners. The Snowden files have shown that the United States NSA and its foreign partners, in particular among the “Five Eyes” partners (Australia, Canada, New Zealand, the United Kingdom and the United States), circumvent national restrictions by exchanging data on each other’s citizens.
11. The Assembly recognises the need for effective, targeted surveillance of suspected terrorists and other organised criminal groups. Such targeted surveillance can be an effective tool for law enforcement and crime prevention. At the same time, it notes that, according to independent reviews carried out in the United States, mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials. Instead, resources that might prevent attacks are diverted to mass surveillance, leaving potentially dangerous persons free to act.
12. The Assembly also recognises the need for transatlantic co-operation in the fight against terrorism and other forms of organised crime. It considers that such co-operation must be based on mutual trust founded on international agreements, respect for human rights and the rule of law. This trust has been severely damaged by the mass surveillance practices revealed in the Snowden files.
13. In order to rebuild trust among the transatlantic partners, among the member States of the Council of Europe and also between citizens and their own governments, a legal framework must be put in place at the national and international levels which ensures the protection of human rights, especially the protection of the right to privacy. An effective tool for the enforcement of such a legal and technical framework, besides enhanced judicial and parliamentary scrutiny, is credible protection extended to whistle-blowers who expose violations.
14. The reluctance of the competent United States authorities and their European counterparts to contribute to the clarification of the facts, including their refusal to attend hearings organised by the Assembly and the European Parliament, as well as the harsh treatment of whistle-blower Edward Snowden, does not contribute to restoring mutual trust and public confidence.
15. The Assembly welcomes initiatives within the US Congress to review existing legislation in order to minimise abuses, as well as the German Bundestag’s decision to set up a committee of inquiry into the repercussions of the NSA affair in Germany. It calls on the Bundestag committee to carry out its tasks of holding to account the executive and seeking the truth without regard to political considerations and encourages other parliaments to embark on similar inquiries.
16. Recalling the findings of the report on the democratic oversight of security services, adopted by the European Commission for Democracy through Law (Venice Commission) in 2015, the Assembly emphasises that parliaments should play a major role in monitoring, scrutinising and controlling national security services and armed forces in order to ensure respect for human rights, the rule of law and democratic accountability, as well as international law. The sub-contracting of security or intelligence operations to private firms should be the exception and must not hamper the democratic oversight of such operations.
17. The Assembly welcomes the thorough investigation carried out by the European Parliament leading to the adoption, on 12 March 2014, of a comprehensive resolution on the NSA affair and its repercussions for transatlantic relations. In particular, the Assembly strongly endorses:
17.1. the invitation addressed to the Secretary General of the Council of Europe by the European Parliament to use his powers under Article 52 of the European Convention on Human Rights to request information on the manner in which States Parties implement the provisions of the Convention;
17.2. the European Parliament’s call to promote the wide use of encryption and resist any attempts to weaken encryption and other Internet safety standards, not only in the interest of privacy, but also in the interest of threats against national security posed by rogue States, terrorists, cyberterrorists and ordinary criminals.
18. The Assembly invites the European Union to accelerate its work towards finalising the General Data Protection Regulation and the Passenger Name Record (PNR) system, to conclude international co-operation agreements based on the Schengen Information System and to accede to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108).
19. The Assembly therefore urges the Council of Europe member and observer States to:
19.1. ensure that their national laws only allow for the collection and analysis of personal data (including so-called metadata) with the consent of the person concerned or following a court order granted on the basis of reasonable suspicion of the target being involved in criminal activity; unlawful data collection and processing should be penalised in the same way as the violation of the traditional confidentiality of correspondence; the creation of “back doors” or any other techniques to weaken or circumvent security measures or exploit their existing weaknesses should be strictly prohibited; all institutions and businesses holding personal data should be required to apply the most effective security measures available;
19.2. ensure, in order to enforce such a legal framework, that their intelligence services are subject to adequate judicial and/or parliamentary control mechanisms. Those responsible for national control mechanisms must have sufficient access to information and expertise and the power to review international co-operation without regard to the “originator control” principle, on a mutual basis;
19.3. provide credible, effective protection, including asylum, for whistle-blowers who expose unlawful surveillance activities and for those threatened by retaliation in their home countries, as far as possible under national law, provided their disclosures qualify for protection under the principles advocated by the Assembly;
19.4. agree on a multilateral “intelligence codex” for their intelligence services, which lays down rules governing co-operation for the purposes of the fight against terrorism and organised crime. The codex should include a mutual engagement to apply the same rules to the surveillance of partner states’ nationals and residents as those applied to the surveillance of their own nationals and residents, and to share data obtained through lawful surveillance measures solely for the purposes for which they were collected. The use of surveillance measures for political, economic or diplomatic purposes in participating States should be banned. Adherence to this codex should be open to all States which implement a national legal framework corresponding to the specifications enumerated in paragraphs 19.1 to 19.3;
19.5. promote the further development of user-friendly (automatic) data protection techniques capable of countering mass surveillance and any other threats to Internet security, including those posed by non-State actors;
19.6. refrain from exporting advanced surveillance technology to authoritarian regimes.
20. The Assembly also invites the competent bodies of the European Union to make use of all the instruments at their disposal to promote the privacy of all Europeans, for example the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, in their relations with their counterparts in the United States, in particular in negotiating or implementing the Transatlantic Trade and Investment Partnership (TTIP), the Safe Harbour Decision, the Terrorist Finance Tracking Program (TFTP) and the Passenger Name Records agreement.