Bulk Interception: Latest European Court of Human Rights Ruling

The ECtHR has considered a challenge to the regime for bulk interception of communications in Sweden and decided that it meets ECHR standards

 

The case of Centrum för rättvisa v. Sweden (application no. 35252/08) concerned a complaint brought by a public interest law firm alleging that legislation permitting the bulk interception of electronic signals in Sweden for foreign intelligence purposes breached its privacy rights.

The Court considered that the relevant legislation amounted to a system of secret surveillance that potentially affected all users of mobile telephones and the Internet, without their being notified. Also, there was no domestic remedy providing detailed grounds in response to a complainant who suspected that his or her communications had been intercepted. On that basis, the Court found it justified to examine the legislation in the abstract. The law firm could claim to be a victim of a violation of the Convention, although it had not brought any domestic proceedings or made a concrete allegation that its communications had actually been intercepted. The mere existence of the legislation amounted in itself to an interference with its rights under Article 8.

The Court went on to say that, although there were some areas for improvement, overall the Swedish system of bulk interception provided adequate and sufficient guarantees against arbitrariness and the risk of abuse. In particular, the scope of the signals intelligence measures and the treatment of intercepted data were clearly defined in law, permission for interception had to be by court order after a detailed examination, it was only permitted for communications crossing the Swedish border and not within Sweden itself, it could only be for a maximum of six months, and any renewal required a review. Furthermore, there were several independent bodies, in particular an inspectorate, tasked with the supervision and review of the system. Lastly, the lack of notification of surveillance measures was compensated for by the fact that there were a number of complaint mechanisms available, in particular via the inspectorate, the Parliamentary Ombudsmen and the Chancellor of Justice.

When coming to that conclusion, the Court took into account the State’s discretionary powers in protecting national security, especially given the present-day threats of global terrorism and serious cross-border crime.

Principal facts

The applicant, Centrum för rättvisa, is a non-profit foundation which was set up in 2002 and represents clients in rights litigation, in particular against the State. It is based in Stockholm. The applicant foundation believes that, because of the sensitive nature of its activities, there is a risk that its communications through mobile telephones and mobile broadband has been or will be intercepted and examined by way of signals intelligence.

Signals intelligence can be defined as intercepting, processing, analysing and reporting intelligence from electronic signals. In Sweden the collection of electronic signals is one form of foreign intelligence and is regulated by the Signals Intelligence Act. This legislation authorises the National Defence Radio Establishment (FRA), a Government agency organised under the Ministry of the Defence, to conduct the signals intelligence.

For all signals intelligence, the FRA must apply for a permit to the Foreign Intelligence Court, which is regulated by the Foreign Intelligence Court Act and composed of a permanent judge and other members appointed on four-year terms. The court’s activities are in practice covered by complete secrecy.

The Foreign Intelligence Court is overseen by the Foreign Intelligence Inspectorate and the Data Protection Authority.

Decision of the Court

Even though the applicant foundation had not exhausted domestic remedies and could not give a concrete example of its communications having been intercepted, the Court nonetheless considered it justified for it to examine the Swedish legislation on signals intelligence. This was because there was, in practice, no remedy in Sweden providing detailed grounds in response to a complainant who suspected that his or her communications had been intercepted and the legislation amounted to a system of secret surveillance that potentially affected all users of mobile telephones and the Internet, without their being notified. The mere existence of the legislation amounted in itself to an interference with the foundation’s rights under Article 8.

The Court found that it was clear that the surveillance system, as it stood at the present moment in time, had a basis in domestic law and was justified by national security interests. Indeed, given the present-day threats of global terrorism and serious cross-border crime, as well as the increased sophistication of communications technology, the Court held that Sweden had considerable power of discretion (‘wide margin of appreciation’) to decide on setting up such a system of bulk interception. The State’s discretion in actually operating such an interception system was, nevertheless, narrower and the Court had to be satisfied that there were adequate and effective guarantees against abuse.

Following a careful assessment of the minimum safeguards that should be set out in law to avoid abuse of power, as developed in its case-law (see the 2014 Grand Chamber judgment Roman Zakharov v Russia), the Court was of the opinion that the system revealed no significant shortcomings in the system’s structure and operation. Overall, while the Court found certain shortcomings in the system, notably the regulation of the communication of personal data to other States and international organisations and the practice of not giving public reasons following a review of individual complaints, it noted that the regulatory framework had been reviewed several times with a view notably to enhancing protection of privacy and that it had in effect developed in such a way that it minimised the risk of interference with privacy and compensated for the lack of openness of the system.

More specifically, the scope of the interception (which was only permitted for communications crossing the Swedish border and not within Sweden itself) and the treatment of intercepted data were clearly defined in law; the duration of the measures were clearly regulated (any permit is valid for a maximum of six months and renewal requires a review); the authorisation procedure was detailed and entrusted to a judicial body, the Foreign Intelligence Court; there were several independent bodies, in particular the Foreign Intelligence Inspectorate and the Data Protection Authority, tasked with the supervision and review of the system; and, on request the inspectorate had to investigate individual complaints of intercepted communications, as did the Parliamentary Ombudsmen and the Chancellor of Justice.

The Court therefore found that the Swedish system of signals intelligence provided adequate and sufficient guarantees against arbitrariness and the risk of abuse. The relevant legislation met the ‘quality of law’ requirement and the ‘interference’ established could be considered as being ‘necessary in a democratic society’. Furthermore, the structure and operation of the system were proportionate to the aim sought to be achieved.

There had accordingly been no violation of Article 8 of the Convention.

Given those findings, the Court considered that there were no separate issues under Article 13 and held that there was no need to examine the foundation’s complaint in that respect.

Comment

The very fact that the Court thought that the Swedish regime for interception was imperfect suggests that the UK might have more leeway in gaining ‘data adequacy’ status than some have envisaged. But a ECtHR decision is not necessarily going to accord with one from the CJEU on similar facts, even if it should.

The distinction made between signals crossing the Swedish border and internal communications seems hard to justify. Indeed, it is hard to believe that anyone knows for sure when communications such as emails cross the border.

Published: 2018-06-19T19:00:00

    This site uses cookies. By using the site you agree to our use of cookies as set out in our Privacy Policy.

    Please wait...