The NSA Meets International Law: Advantage US?

By Peter Margulies
Thursday, January 30, 2014, 3:00 PM

While NSA critics including David Cole have asserted that the Section 702 program is inconsistent with international privacy norms, the reality is far more complex.  As I explain in a forthcoming Fordham Law Review article, European courts have upheld national security surveillance programs with striking similarities to U.S. practice.  Indeed, the FISC’s role actually makes the U.S. more protective, surveillance-wise, than some of its European counterparts---a fact that ought to matter as U.S. initiatives are assessed against international standards.

That said, critics of the U.S. are right about two things: 1) the United States should abandon its current view that a key instrument of international human rights law---the International Covenant on Civil and Political Rights (“ICCPR”)----does not apply extraterritorially; and 2) reforms like an institutionalized public advocate and tougher minimization requirements for irrelevant foreign communications would “seal the deal,” so as to ensure U.S. compliance with human rights norms.  (As I explain below, the U.S. arguably satisfies such standards already; the changes above would remove any doubt on that score.)

As Ashley Deeks has noted, the U.S. is almost alone in the international community in arguing that the ICCPR does not apply extraterritorially (see Marko Milanovic for further analysis).  Most other nations, international bodies, and scholars agree that the ICCPR protects not only individuals within a state’s territory, but also those within its “effective control.”  My piece demonstrates that Eleanor Roosevelt, who was the U.S. representative at U.N. talks that hammered out the language of the ICCPR, sought a narrower scope for the treaty for only one situation: sparing the U.S. from enacting legislation after World War II to “guarantee” the rights of individuals within Germany and Japan against restrictions by their own governments.

Some might concede that the U.S. position is wrong but counter that the section 702 program does not show U.S. “effective control” over individuals in Europe.  In my article, I argue that the effective control standard makes sense for kinetic operations, but not for electronic surveillance.  Snowden’s disclosures, as irresponsible and damaging as they are, indicate that the U.S. has the power to exercise unprecedented “virtual control” over communications abroad – not just intercepting them, but also taking over and exploiting the machines that generate and receive communications.  That capability is enough, I contend, to meet the threshold for ICCPR coverage.

Finding coverage, however, is only half the battle: the second half is addressing whether the U.S. complies with Article 17 of the ICCPR, which bars “arbitrary” interference with privacy.  Here, the U.S. has a much stronger argument, particularly after President Obama’s recent speech and policy directive.  While Europeans often tout the robustness of their privacy protections, the European Court of Human Rights (ECHR) has upheld Germany’s mass collection of communications content subject to tailored searches based on national security.  This approach parallels the NSA’s use of identifiers under both Section 702 and Section 215.

Moreover, in Weber v. Germany (2006), the ECHR recognized that a state could use surveillance abroad to protect national security or assist law enforcement---grounds that align neatly with the criteria specified by President Obama.  The German program used identifiers to search through vast amounts of content---sound familiar?  Although the ECHR suggested that states had to notify individuals who had been subject to surveillance, it also acknowledged the need for exceptions---like those employed in Germany---when notification would jeopardize an investigation.  Moreover, the ECHR has approved surveillance in Germany and Britain that did not require judicial approval; in the U.S., the FISC plays a substantial role, familiar to any post-Snowden student of the work product of, for example, Judges Walton and Bates.  Most differences with the U.S. approach are attributable to European states being subject to the European Convention on Human Rights, which does not limit privacy rights to protection against “arbitrary” interference.  But that distinction only underscores a key point: if a U.S. program features more procedural safeguards than a roughly comparable German program, which was itself sustained under a more privacy-protective treaty (the European Convention), then it stands to reason that the U.S. surveillance arguably would also pass muster under a less privacy-protective treaty (the ICCPR).

Obviously the United States should aim for clear, rather than merely arguable, compliance.  Puncturing Europe’s pretensions to privacy nirvana should not obscure three areas where reforms would remove any doubt about the conformity of U.S. surveillance with evolving global norms, including those embodied in the ICCPR: 1) more rigorous minimization of irrelevant foreign communications, 2) a national privacy agency, and, 3) an institutionalized public advocate at the FISC.  Increased minimization may be the most urgent imperative, given Europe’s stress on this element.  The ECHR case law also provides some basis for a national privacy agency.  This second step may not fit U.S. privacy governance, which relies more on privacy officers within departments.  However, a national agency could complement the existing structure.  Finally, as Steve and Marty have pointed out, an institutionalized independent voice at the FISC could enhance the surveillance programs’ legitimacy and guard against abuses in future administrations.  Without sacrificing security, these steps would transform the U.S. from a state that follows the ICCPR to a state that leads in vindicating what President Obama called “all persons’… legitimate privacy interests.”