State-sponsored hacking, whether for the purpose of propaganda, destruction or surveillance, is incompatible with international human rights law and should be subject to a global ban, a leading digital rights group argues in a report Tuesday.
“Government hacking interferes with internationally recognized human rights and should be prohibited,” Amie Stepanovich, an attorney and U.S. policy manager for Access Now told Cyberscoop.
Access Now’s report, “A Human Rights Response to Government Hacking,” argues that state-sponsored hacking violates the rights to privacy, property, free expression, free association, and a fair trial — all guaranteed under international law.
“We conclude that there should be a presumptive prohibition on all government hacking,” states the report.
In addition to its predictable violations of human rights, government hacking also has “other direct unexpected and unintended consequences,” the report continues.
These include “the risk of damage to the property of internet users and the financial stability of private entities,” and the “undermin[ing of] global digital security, and by extension, global security as a whole.”
With robust oversight and transparency provisions, plus other safeguards, around the disclosure of newly discovered or “zero day” vulnerabilities, some hacking for narrow intelligence or surveillance purposes might be justified, the report concludes.
It provides a list of ten safeguards needed to ensure the legality of government hacking, including that it must be “provided for in law,” authorized by a court or other tribunal, time-limited, be “the least invasive means” available, refrain from stockpiling zero days and be subject to oversight.
With all these safeguards in place, governments may be able to rebut the presumption that their hacking should be banned, explained Stepanovich, but she said those calculation had to be made in the full light of day and not, as at present, behind closed doors.
“We had to piece … together [our account of U.S. government hacking] from court documents, documents leaked or revealed under [the Freedom of Information Act, or] FOIA and public statements by U.S. officials,” she said.
“There has to be more transparency,” said Stepanovich, “This is a really important conversation.”
She said more was known about U.S. government hacking than that conducted by other governments, but that was only partially due to transparency. Much has come to light through leaks like those from Edward Snowden, she said.
“Australia has a law outlining a legal basis for government hacking,” she said. “That’s an important first step.”
The next step for Access Now, she said would be “Trying to paint a fuller picture of what’s going on, especially in the rest of the world.”