What debates on MLAT, encryption, SIM registration have in common: users’ choice – Comments at INCLO 2016

by | Nov 8, 2016 | Open Blog, Privacy | 0 comments

This is an amalgation of comments I made during the International Advocacy Panel and comments I made from the audience in others sessions at International Civil Liberties Organizations‘ Conference in Johannesburg, October 31- November 2, 2016. 


Multilateral sharing of intelligence among outbound intelligence agencies is being used to outflank the procedural safeguards applicable to their respective citizens. Normally, outbound intelligence agencies are exempt from warrant requirement assuming that they do surveillance on foreigners. Using this loophole, the agencies of Five Eyes have surveilled on one anothers’ countrypeople without warrants and shared the results with the agencies of their home countries, bringing about the same result as if there were no warrant requirement for domestic surveillance! If the multilateral sharing is a necessity, we have 2 options: (1) prohibit sharing of the data with the agency accountable to the surveillance subjects; (2) okay, this is a long shot but hear me out. The reason that outbound intelligence agencies are exempt from warrant requirement for surveilling foreigners is two-fold: that they are not constitutionally responsible for caring for foreigners’ privacy, and that foreigners always have potentially adverse interests to the surveilling agency’s home country. However, if sharing of the intel with a foreign country’s agency is going on, the assumption of adverse interest is either not true or not sustainable. If we can somehow make an argument to cover the constitutional responsibility (this is one of the reasons I believe that the biggest task that the Snowden revelations has given us is whether we should stop making the distinctions between outbound surveillance and domestic surveillance, which has been claimed by NSA for justifications for what they did), there is no longer reason to exempt the outbound intelligence agencies from warrant requirement. Some may think: from which courts should the agencies receive warrants? Well, it is not that difficult: Probably, their home country’s courts for in-country surveillance on foreigners and MLAT process for without-country surveillance. Either option is feasible but needs be policed with international advocacy efforts.

Now, if multilateral sharing of information is a problem, we have a bigger problem where agencies don’t even have to do anything to give data to other countries’ agencies. Currently, foreign law enforcement searching and seizing their own countrypeople’s data with their own judges’ approval still had to get judicial approval from the country of locus of that data if it is another country. Under MLAT reform, foreign agencies will come with warrants issued under their backward standards and enforce those warrants on your companies’ private data without getting approval from any of the public officials in your country. It is an attempt to make it easy for one country’s law enforcement to search and seize the data residing in another country. Some of you already heard me speak about why I oppose it.

Number one, not all 3,000 backlogged data requests to the American companies are kosher under international human rights standards. Some of them are investigations of blasphemies, insult law, defamation of government officials, or sheer oppression and retaliation against dissident journalists and activists. On those investigations, the hurdles of MLAT provide shelters for the victims of surveillance. From human rights perspective, So no reason to make it easy for foreign governments to have their requests filed.

Number two, warrant doctrine empowers officials constitutionally accountable to the targets of surveillance and empowers them to issue approvals for the surveillance. If search and seizure is done on a company holding someone else’s information, that company’s privacy as well as the data subject’s is also breached and should be reviewed in advance by judges responsible for watching out for that company’s privacy.

Number three, people have choices on through what servers, and therefore through what surveillance governance, they will communicate with one another. One of the strongest arguments for MLAT reform is that “people should not have their privacy better protected just for using an overseas server.”

Now, If you take a broader approach including several issues, you can actually make a more compelling argument on all those issues. Think about it. Before the digital age, there were so many communications that were untappable. People talk under a water fall. People talk in a hidden room. What do you? Do you ban taking near a water fall? Law enforcement must accept that some communications are not available for law enforcement access. That argument applies to encryption. Encryption takes efforts and knowledge to use and consumes more network resources. If people choose to use encryption, they should be allowed to and this means that the government should not mandatae turning over the decryption keys. SIM card registration as well. Through the SIM card registration, regulators want to be able to track down criminals but must accept that there are communications not conducive to such tracking on. The same thing with using overseas email services for secure communications. It takes some efforts and risk to use overseas email services but it pays off in terms of reducing exposure to domestic law enforcement’s search and seizure, which must go through MLAT. If the regulators cannot say “we will not let you protect your privacy just by using encrypted communications or by unregistered phones”, they equally cannot say “we will not respect your privacy more just because you used overseas email servers.‘

The current MLAT reform is the companies’ attempt to pass on to people the pressure that they are getting from local governments for data localization. International advocacy is direly needed in this matter. There are many countries where people rely on overseas servers for secure communications. The companies should feel proud of that fact and protect the current MLAT process protecting it.


Submit a Comment

Your email address will not be published. Required fields are marked *