Comparative Analysis of Surveillance Laws and Practices in Latin America with Paraguay
In December 1992, following a hastily-drawn sketch of a map given to him by a whistleblower, the Paraguayan lawyer Martin Almada drove to an obscure police station in the suburb of Lambaré, near Asunción. Behind the police offices, in a run-down office building, he discovered a cache of 700,000 documents, piled nearly to the ceiling. This was “the Terror Archive,” an almost complete record of the interrogations, torture, and surveillance conducted by the military dictatorship of Alfredo Stroessner. The files reported details of “Operation Condor,” a clandestine program between the military dictatorships in Argentina, Chile, Paraguay, Bolivia, Uruguay and Brazil between the 1970s and 1980s.1 The military governments of those nations agreed to cooperate in sending teams into other countries to track, monitor and kill their political opponents.2 The files listed more than 50,000 deaths and 400,000 political prisoners throughout Argentina, Bolivia, Brazil, Chile, Paraguay, Uruguay, Colombia, Peru, and Venezuela.3
Stroessner’s secret police used informants, telephoto cameras, and wiretaps to build a paper database of everyone that was viewed as a threat, plus their friends and associates. Almada had been tortured under this regime: his wife died from a heart attack shortly after the police played her, over the phone, the screams of her incarcerated husband. The Terror Archive shows how far a country’s government might sink when unchecked by judicial authorities, public oversight bodies, and the knowledge of the general public.
A modern-day Stroessner or a revamped Operation Condor, however, would have far more powerful tools at hand than just ring-binders, cameras, and wiretapped phones. Today’s digital surveillance technology leaves the techniques documented in the Terror Archive in the dust. New tech like the IMSI-catcher, a portable mobile cell-tower that lets its operator sweep up all the mobile phone calls and messages within a 200 meter radius, would let the authorities collect the identities of everyone at a protest. Mobile phones tell their providers where they are at all times: government orders could demand a mobile provider retain such data and hand it to the government. That would let the authorities track the movements of everyone who owns a cellphone. It would also allow them to “time travel”: pick a target, and then look back in their history to see everywhere they had been for months or years.
For targeted intimidation and entrapment, governments could take advantage of the email, social media, and messages that dominate our lives. States could deploy for the purposes of social control, the same malicious software, or malware, that petty Internet criminals use to take over innocent users’ computers, by tricking them to click on fraudulent emails or websites. Some of this malware is also “spyware”—it can covertly record audio and video from the microphone and camera of a target’s smartphone or laptop. Once installed, government malware could go much further: retrieving lists of contacts, or remotely planting incriminating evidence on the device. A net far wider and far more pervasive than any 20th century secret police project would be cast over the whole of society.
The disturbing truth is that these tools are not theoretical. Many governments are already using these techniques, with neither legislative constraints holding them back, nor any effective public oversight, as our research shows.
It took a leak from one of the world’s most notorious malware providers, the Italian “Hacking Team,” and careful detective work from investigative journalists, to reveal just how many Latin American governments were already using mass surveillance and other invasive tools such as commercial malware. IMSI catchers and worse are hinted at in court filings. On the rare and random occasions that courts are asked to sanction such super-spying, judges are often kept in the dark about the power and reach of these tools.
Twentieth century surveillance law mostly regulates the simple wiretapping of a single phone line, with no guidance on how to apply these laws to this growing menagerie of new spying capabilities. When new surveillance or cyber-security laws are passed, they are written primarily to legitimize existing practice, or widen existing powers—such as data retention laws that force phone and Internet companies to log and retain even more data for state use.
Each of these new powers is a ticking time-bomb, waiting for abuse. The only way to stop them being turned against the public is to create robust and detailed modern laws to constrain its use, an independent judiciary who will enforce those limits, and a public oversight mechanism that allows the general public to know what its country’s most secretive government agents are up to in their name.
Unfortunately, legislators and judges within Latin America and beyond have little insight into how existing surveillance law is flawed, or how it might be fixed.
To assist in that imposing task, the Electronic Frontier Foundation has spent over a year working with our partner organizations across Latin America. Our intention was to hold a light up to current surveillance activities, in law, and in practice. We’ve carefully documented existing law in 13 countries, and gathered together the evidence of its misapplication whenever possible. Our aim with these papers is to compare existing practices to established human rights standards. Without that constraint, every country, within Latin America and without, not only risks violating the rights of their own citizens, but places themselves in danger of being overthrown by illegitimate elements in their own society, powered by a tech-enabled secret police.
In our research, we have analyzed publicly available laws and practices. Given the deeply rooted culture of secrecy surrounding surveillance, it is far harder to judge the extent to which states comply with their own published legal norms. Ensuring that law not only complies with human rights standards but also genuinely governs and describes the states’ real-world behavior is an ongoing challenge.
State officials and civil society must take care that written norms are translated into consistent practice and that failures to uphold the law can be discovered and remedied. That raises a second problem: the lack of adequate public oversight throughout the region. This is the main reason why even positive guarantees established by law—and there are many examples of good surveillance standards in the region—simply do not work. These can only be overcome if civil society demands transparency and accountability from the intelligence and law enforcement community.
Public oversight efforts are usually trumped by the secrecy which surrounds intelligence and law enforcement activities. However, the advances produced in the last decade in Freedom of Information laws throughout the region provide an opportunity to pierce through these obstacles and strengthen citizens’ control over a part of the state which remains in the dark.
Our message is not entirely pessimistic. Our analysis has uncovered rights-preserving procedures in the books that are a step ahead of the rest of the world. Now we need to ensure that those procedures are actually enforced. In summary below, we list both the good and bad of modern Latin American surveillance law. Every state can improve, but many might benefit from imitating the positive experiences of other jurisdictions.
Technology cannot entirely defend us from the misuse of these new tools and capabilities. We need strong rule of law, robust statutes that are actually prescribed by law, necessary, adequate and proportionate. We need judicial guidance, due process, transparency and a right to be notified of the surveillance decision with enough time and information to enable them to challenge the decision or seek other remedies whenever possible. We need avenues for redress for those affected by the surveillance measure. Besides having a better institutional design for overseeing and controlling surveillance activities, the region should commit to implementing public oversight mechanisms that are carefully matched in resources and authority over those who wield these powers. We also need a strong civil society coalition working on these issues. With the help of watchful and informed judges and legislators, we hope that digital technology will be used wisely to protect, not violate human rights. We must ensure that we build a world where the Terror Archive remains a grim record of past failings, not a low-tech harbinger of an even darker future.
More info, visit EFF web – Comparative Analysis