Over at EJIL: Talk!, the estimable Marko Milanovic notes what he describes as a "hugely important" surveillance opinion in the Grand Chamber of the European Court of Human Rights. I have not yet read Roman Zakharov v. Russia yet, but Milanovic describes it as finding "serious and systematic faults with the Russian legislative framework regulating the surveillance of mobile communications. This is set to be a leading Strasbourg authority on assessing the compliance of surveillance measures with human rights law . . . . This judgment is important for a number of reasons."
I recommend reading his entire post for a fuller summary, but Milanovic gives a a handy set of bullet-points of the deficiencies in Russian surveillance law and practice as found by the court:
And these were the principal faults that the Court identified in the Russian regulatory framework:
- The breadth of discretion granted to the executive in cases dealing with national, military, economic and ecological security (para. 248);
- Lack of sufficient safeguards against abuse with regard to the discontinuation of surveillance measures (para. 251);
- The continued storage of data which proves to be irrelevant (para. 255), as well as the unlimited storage of interception evidence after the conclusion of a criminal trial (para. 256);
- The fact that while Russian law requires prior judicial authorization for interception measures, Russian judges in practice only apply purely formal criteria in deciding whether to grant an authorization, rather than verifying the necessity and proportionality of imposing such measures (para. 263);
- The fact that Russian ‘courts sometimes grant interception authorisations which do not mention a specific person or telephone number to be tapped, but authorise interception of all telephone communications in the area where a criminal offence has been committed’ (para. 265);
- That the emergency procedure provided for in Russian law, which enables interception without judicial authorization, does not provide sufficient safeguards against abuse (para. 266);
- That the secret services had direct remote access to the databases and networks of communications service providers, thus enabling them to easily circumvent even the existing legal safeguards, in particular because they were not required to serve a judicial order to service providers before collecting data (paras. 268-271);
- That the equipment installed by the secret services keeps no logs or records of intercepted communication, which coupled with the direct access rendered any supervisory arrangements incapable of detecting unlawful interceptions (para. 272);
- That judicial involvement was limited solely to the authorization stage, with the courts having no continuous supervisory function (para. 274);
- That supervisory functions within the executive branch were entirely unregulated, while other mechanisms (such as prosecutorial oversight) were lacking in independence and not open to any significant public scrutiny (paras. 277-283);
- That the government was unable to provide the Court with any examples of effective prosecutorial oversight (para. 284);
- That judicial remedies in Russia were generally ineffective, particularly in light of the total absence of any notification requirement with regard to the interception subject, without any meaningful ability of retrospective challenges to surveillance measures (para. 300).
I may have thoughts after reading the opinion.