The digital world! As exciting as it can be, it is also an enormous Big Brother, where the State (and also private entities, but this a topic for another post) can know, at any given moment, everything you do. The State is a classic vigilant of our actions, but now, with the digital world, it has gained substantial opportunities for the surveillance of communications, movements, political activities and all types of behaviours and affiliations of its citizens.
State surveillance in liberal democracies
The ‘Surveillance State’ has for long been acknowledged in the context of oppressive regimes, with China leading the way. However, citizen surveillance is not restricted to authoritarian regimes. Liberal democracies also have their say on the matter. Are we being watched right now? Most likely…yes.
Whistle-blowers like Edward Snowden showed the world that liberal democracies also resort to citizen surveillance. It is estimated that at least 75 countries (from a universe of 176) are using different types of AI surveillance. This fact is not, per se, a sure indication that Governments are abusing the system. It all depends on the specific purpose of surveillance and on the mechanisms in place to guarantee the rules of good governance.
Good governance in State surveillance
The concept of good governance refers to the lawful use of power in the management of public affairs. In the era of digital technologies, this concept interrelates with that of digital governance. Good governance covers the respect for several different fundamental rights: privacy rights, data protection rights, freedom of expression rights, self-determination rights. Just a few words about the first two.
Traditional privacy rights—as established in Article 8 of the European Convention of Human Rights (ECHR) and in Article 7 of the Charter of Fundamental Rights of the European Union—are an obvious limit to State intervention. In Liberty and Others v. the United Kingdom, the European Court of Human Rights (ECtHR) considered that the interception of telephone, facsimile, e-mail and data communications by the British Ministry of Defence was a violation of article 8 of the ECHR. More recently, in Big Brother Watch and Others v. the United Kingdom, the ECtHR found again that the United Kingdom was in violation of the referred Article 8 due to its programmes of surveillance and intelligence sharing between the US and the United Kingdom. Even more recently, in Ekimdzhiev and Others v. Bulgaria, the fact that the communications of anyone in the country could be intercepted and accessed by authorities was considered a violation of privacy rights. Several other cases are still pending, for instance, the case of the Association Confraternelle de la Presse Judiciaire v. France et 11 Autres Requêtes, involving the French Intelligence Act of 24 July 2015.
As for Article 7 of the European Charter of Fundamental Rights, some of the most famous statements in its regards were made in the case of Maximillian Schrems v. Data Protection Commissioner (C-362/14). Very emphatically, Advocate General Bot wrote on its opinion: “Such mass, indiscriminate surveillance [the Advocate General was referring to the access of the United States intelligence services to the transferred data] is inherently disproportionate and constitutes an unwarranted interference with the rights guaranteed by Articles 7 and 8 of the Charter” (par. 200).
As to data protection, within the European Union, these rights find their natural field of action in the General Data Protection Regulation (GDPR), the most stringent law on data protection worldwide. If, in turn, surveillance operates in the framework of law enforcement, the applicable legal regime will be the Law Enforcement Directive (LED).
Under the GDPR, data processing can only take place if one of the legal grounds described in Article 6(1) fits the particular situation (the GDPR imposes several other requirements besides the demand of legal ground, but for our current discussion, this is the most relevant one). Moreover, as digital surveillance deals with sensitive data (location data, biometric data), Article 9(2) also applies. Therefore, two legal grounds are required. In theory, both articles can easily provide legal grounds for State surveillance: “performance of a task carried out in the public interest or in the exercise of official authority vested in the controller” (Article 6(1)(e) of the GDPR) and “for reasons of substantial public interest” (Article 9(2)(g) of the GDPR). In the end, it all depends on the concrete assessment made in the specific case. The LED is structured in a different way. Data processing is considered lawful, not in the face of particular scenarios, but when performed by specific authorities/bodies/entities: the ones entrusted with “prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security” (Articles 2(1) and 3(7) of the LED). Chapter II establishes the requirements to be complied with, and Article 10(1) stands out because of the special demanding regime it sets forth for sensitive data: when there is a legal base on an EU law or in national law, vital interests on the data subject or any other natural person are safeguarded, and the processing only involves data “manifestly made public by the data subject”. This latter requirement raises the so-called ‘function creep’ problem’, which happens when a technology created for a given aim changes its purposes, i.e., people might be willing to publicly disclose their data on social media, but not to provide those data for State purposes.
In defence of State mass surveillance?
Surveillance can serve legitimate purposes. Under this assumption, unsuspected authors—that is, authors not related to repressive legal regimes—have advocated State surveillance, even mass surveillance.
Crime reduction and fair justice are certainly compelling reasons to advocate in its favour. In his study ‘In Praise of Big Brother: Why We Should Learn to Stop Worrying and Love Government Surveillance’, James Stacey Taylor made one of the most drastic vindications of State surveillance: “The state should place all of its citizens under surveillance at all times and in all places, including their offices, classrooms, shops – and even their bedrooms”. In this paper, Taylor highlighted the several benefits of State’s mass surveillance: in court, witnesses (or any other type of evidence for that matter) would no longer be necessary because the State would know everything, which, in turn, will make it possible to guarantee a fair judicial outcome for everyone, disregarding if they are rich or poor and how talented are their lawyers. Moreover, if the State can see everything, crime would diminish due to the deterrence effect of constant surveillance.
The fight (and the protection) against terrorism is another seductive reason to advocate for State surveillance. Under the threat of catastrophic terrorist attacks with biological or nuclear material, Persson and Savulescu advocated in favour of mass surveillance in their book Unfit for the Future.
If things are put in such dramatic terms, it is very likely that many of us approve some restrictions to our privacy rights in favour of more surveillance. The question remains, though, in the precise definition of the requirements and red lines: i) when exactly can the State make use of mass surveillance? ii) when that scenario takes place, which rules/requirements should apply?
Tools for State surveillance
Several digital tools—frequently provided by private companies—allow States to carry out their surveillance tasks.
Social media intelligence (SOCMINT) allows constant monitoring of online activities and the detection of potential ‘risks’ (mostly criminal acts) beforehand. Even though social media are in the public eye (still, with different privacy settings), the fact that someone (the State) ‘stalks’ every tweet and every post raise privacy concerns. Adding another layer of troubledness to this equation is the fact that such information can be used to create databases, where all the data about an individual are stored and combined, thus creating a digital profile of every citizen.
Mobile telephones have been for long a source of information about the holder’s location, though cell towers are not very accurate in this regard. Smartphones were a game-changer. Smartphones applications (apps) can nowadays be used for everything, from paying transportation to interacting with governmental bodies, thus providing very detailed information about the person. Moreover, smartphones came equipped with the Global Positioning Systems (GPS), which can collect location data and thus reveal the person’s exact location at any given time. This, in turn, can unveil the person’s religion (is the person near a mosque or a synagogue?), political affiliation (has the person attended a political rally? From a left-wing or a right-wing party?), and even private sins (did a married man enter a gay bar?).
Biometric recognition is also a handy tool for citizen surveillance. This wide concept includes iris recognition, fingerprint identification, and several other forms of identification/recognition using biometric data. Currently, facial recognition technology is one of the most widely used, especially because of its convenience, as it does not require any collaboration from the person. The proliferation of facial recognition cameras makes it possible to ‘check’ every face passing by any public space. Facial data are analysed and transformed into a biometric template, which is then compared against a database of templates to reach an identification. The internet in general, and social media in particular, became a fruitful source of pictures (to be transformed into templates) of properly identified citizens, making it very easy to create databases with millions of templates (the collection of pictures from the internet also became a profitable business, as attested by the rise of Clearview Analytics, a company whose business is to create massive databases of biometric templates with pictures collected online and then sell them to police forces worldwide).
Are liberal democracies becoming less liberal?
Liberal democracies are becoming less liberal. The rise of mass surveillance might be one of the reasons (among others) for this ‘deliberalization’. Recent events—terrorism attacks, right-wing extremists and the proliferation of Nazi groups, the (very real) possibility of a III World War— pressured Governments to know more about what is happening in their territories. In a sense, liberal democracies were forced to become less liberal to survive as such. This is certainly a compelling reason to accept ‘some’ State surveillance. The exact quantity (How much surveillance?) and quality (When? How? Who?) is the one-million-dollar answer. Without a proper answer, liberal democracies might simply disappear. It won’t be the first time that laudable purposes (the preservation of liberal democracies) lead to tragic outcomes (the very extinction of liberal democracies).
Vera Lúcia Raposo, ‘You Can Run, But You Can’t Hide: Digital State Surveillance in Liberal Democracies’ (The Digital Constitutionalist, 23 March 2022) <https://digi-con.org/you-can-run-but-you-cant-hide/>
Vera Lúcia Raposo
Vera Lúcia Raposo is Assistant Professor at the Faculty of Law of Coimbra University, Portugal (FDUC). She is the author of several studies in Portuguese, English and Spanish (some translated into Chinese), in particular on biomedical law (medical liability, patient safety, gene editing, reproductive issues) and new technologies (digital governance, data protection, AI, algorithms).