This is a guest post from Joe Mcnamee, Executive Director, European Digital Rights (EDRI). If you have comments on this post, you can contact EDRI on Twitter. This post was originally published in http://edri.org/13principles

Between 15th-19th of September, in the week leading up the first year anniversary of the 13 Necessary and Proportionate Principles, EFF and the coalition behind the Principles will be conducting a Week of Action explaining some of the key guiding principles for surveillance law reform. Every day, we'll take on a different part of the principles, exploring what’s at stake and what we need to do to bring intelligence agencies and the police back under the rule of law. You can read the complete set of posts at: https://necessaryandproportionate.org/anniversary. The Principles were first launched at the 24th Session of the United Nations Human Rights Council in Geneva on 20 September 2013. 

Let's send a message to Member States at the United Nations and wherever else folks are tackling surveillance law reform: surveillance law can no longer ignore our human rights. Follow our discussion on twitter with the hashtag: #privacyisaright

Public Oversight and The Rule of Law

One of the most striking elements of the surveillance practices is the extent to which laws and judicial procedures have been breached, ignored and undermined by agencies whose tasks it is to uphold the rule of law.

Before the Snowden revelations, the world had drifted into an unconscious acceptance that existing and unquestioned principles of law were somehow no longer valid. The most striking example of this was the report on “the use of the Internet for terrorism purposes” that was published by the United Nations Office on Drugs and Crime in 2012. That report actively encourages United Nations member states to establish “informal relationships or understandings with ISPs (both domestic and foreign) that might hold data relevant for law enforcement purposes about procedures for making such data available for law enforcement investigations.” These “informal relationships” seem to be exactly what the International Covenant on Civil and Political Rights (ICCPR) prohibits in Article 17, which states that “no one shall be subjected to arbitrary or unlawful interference with his privacy”.

The same UNODC report called for long-term storage of communications data of innocent individuals. It did this despite the fact that there is no evidence that such an extensive intrusion into the privacy of innocent individuals is necessary or proportionate. Indeed, since the report was published by the UNODC, the European Court of Justice has ruled that such measures are contrary to the primary law of the European Union. As a result, the EU's Data Retention Directive was declared invalid. This Directive was adopted in 2006, even though no evidence of necessity or proportionality was provided when the legislation was proposed. More shockingly, EU Member States that did not consider the measures to be necessary in a democratic society were taken to court by the European Commission to force them to transpose the legislation in their jurisdictions.

The impunity that led to the EU Directive to be adopted and enforced was also evident in an “evaluation report” adopted by the European Commission in 2012. That report was forced to recognise that one of the three main reasons for proposing the legislation in the first place – ensuring cross-border access to historical records – was statistically insignificant in practice. The European Commission felt that it was politically safe to take the position that this could be explained by cross-border access being facilitated by “domestic operators” "rather than launching mutual legal assistance procedure [sic] which may be time consuming without any guarantee that access to data will be granted”. No Member State – and no press publication – publicly raised any concern that data was being extracted about citizens, across borders, without authorisation, in situations where national judiciaries would not necessarily grant access to the data.

We cannot uphold the law by breaking the law. We cannot fight lawlessness by undermining the rule of law with impunity.