Threats to privacy and human rights growing, UN report warns: Spyware and surveillance

OHCHR

GENEVA (16 September 2022) – People’s right to privacy is coming under ever greater pressure from the use of modern networked digital technologies whose features make them formidable tools for surveillance, control and oppression, a new UN report has warned. This makes it all the more essential that these technologies are reined in by effective regulation based on international human rights law and standards.

The report – the latest on privacy in the digital age by the UN Human Rights Office* – looks at three key areas: the abuse of intrusive hacking tools (“spyware”) by State authorities; the key role of robust encryption methods in protecting human rights online; and the impacts of widespread digital monitoring of public spaces, both offline and online.

The report details how surveillance tools such as the “Pegasus” software can turn most smartphones into “24-hour surveillance devices”, allowing the “intruder” access not only to everything on our mobiles but also weaponizing them to spy on our lives.

“While purportedly being deployed for combating terrorism and crime, such spyware tools have often been used for illegitimate reasons, including to clamp down on critical or dissenting views and on those who express them, including journalists, opposition political figures and human rights defenders,” the report states.

Urgent steps are needed to address the spread of spyware, the report flags, reiterating the call for a moratorium on the use and sale of hacking tools until adequate safeguards to protect human rights are in place. Authorities should only electronically intrude on a personal device as a last resort “to prevent or investigate a specific act amounting to a serious threat to national security or a specific serious crime,” it says.

Encryption is a key enabler of privacy and human rights in the digital space, yet it is being undermined. The report calls on States to avoid taking steps that could weaken encryption, including mandating so-called backdoors that give access to people’s encrypted data or employing systematic screening of people’s devices, known as client-side scanning.

The report also raises the alarm about the growing surveillance of public spaces. Previous practical limitations on the scope of surveillance have been swept away by large-scale automated collection and analysis of data, as well as new digitized identity systems and extensive biometric databases that greatly facilitate the breadth of such surveillance measures.

New technologies have also enabled the systematic monitoring of what people are saying online, including through collecting and analysing social media posts.

Governments often fail to adequately inform the public about their surveillance activities, and even where surveillance tools are initially rolled out for legitimate goals, they can easily be repurposed, often serving ends for which they were not originally intended.

The report emphasises that States should limit public surveillance measures to those “strictly necessary and proportionate”, focused on specific locations and time. The duration of data storage should similarly be limited. There is also an immediate need to restrict the use of biometric recognition systems in public spaces.

All States should also act immediately to put in place robust export control regimes for surveillance technologies that pose serious risks to human rights. They should also ensure human rights impact assessments are carried out that take into account what the technologies in question are capable of, as well as the situation in the recipient country.

“Digital technologies bring enormous benefits to societies. But pervasive surveillance comes at a high cost, undermining rights and choking the development of vibrant, pluralistic democracies,” said Acting High Commissioner for Human Rights Nada Al-Nashif.

“In short, the right to privacy is more at risk than ever before,” she stressed. “This is why action is needed and needed now.”

Public Release. More on this here.