This section contains suggestions for in-class or pre-class educational exercises, while a post-class assignment for assessing student understanding of the Module is suggested in a separate section.
The exercises in this section are most appropriate for classes of up to 50 students, where students can be easily organized into small groups in which they discuss cases or conduct activities before group representatives provide feedback to the entire class. Although it is possible to have the same small group structure in large classes comprising a few hundred students, it is more challenging and the lecturer might wish to adapt the facilitation techniques to ensure sufficient time for group discussions as well as providing feedback to the entire class. The easiest way to deal with the requirement for small group discussion in a large class is to ask students to discuss the issues with the four or five students sitting close to them. Given time limitations, not all groups will be able to provide feedback in each exercise. It is recommended that the lecturer makes random selections and tries to ensure that all groups get the opportunity to provide feedback at least once during the session. If time permits, the lecturer could facilitate a discussion in plenary after each group has provided feedback.
All exercises in this section are appropriate for both graduate and undergraduate students. However, as students' prior knowledge and exposure to these issues varies widely, decisions about appropriateness of exercises should be based on their educational and social context.
Play the following short YouTube film which explains what metadata is and its accompanying privacy concerns:
" The NSA and surveillance ... made simple - animation", The Guardian (27 November 2013).
Allow a few minutes of reflection and comment by your students on their initial thoughts about metadata. Was this already familiar to them, or were they surprised about what they have just learned?
Sarland experienced several consecutive terrorist attacks. In response to these events, it passed a law regulating the provision of communication services by telephone companies. The law obligates individuals to provide their biometric details to the telephone company as a condition for entering into a contract. It requires telephone companies to collect information on the users. The companies are to keep a database with the client's name, biometric data, associated account, a record of telephone calls, the locations from which the individual made the calls, the times of the day during which the individual made the telephone call and the record of the conversation. The law allows law enforcement agents to use artificial intelligence programmes to scan the sets of data held by telephone companies to identify suspicious patterns. To enable the law enforcement officials to achieve this, the law requires the companies to disclose to the government its encryption protocols. A separate clause stipulates that the law enforcement officials should obtain a court order to be entitled to request the telephone company to disclose the information associated with the client's account. Ask the students to work in teams and to comment on the following:
Ask your students, whether individually or in small groups, to produce a podcast on issues arising out of this class. It should not be too long - depending on factors such as the size of the class, what access to IT resources students have, whether students do their own or group podcasts, 2-5 minutes maximum should be about right.
You could use the outputs of this exercise in different ways. For example, the podcasts could be made available to all students as an additional teaching resource (indeed, with your students' permission, you may even embed a few of the best ones within your own teaching on these issues). They could be used to encourage e.g. group work or independent research. They could also be used as part of student assessment against pre-defined assessment criteria.
Students could examine many different issues, such as:
Contrast the way in which different regional human rights bodies justify the need for public authorities to respect the right to privacy.
ECJ judgment on the European Data Retention Directive *
In 2006, the European Union adopted legislation (the Data Retention Directive) intended to harmonize member States' provisions concerning the retention of data which are generated or processed by providers of communications services. The Directive as adopted as a mechanism for facilitating the investigation and prosecution of the most serious crimes, especially terrorism and organised crime. It provides that the service providers must retain traffic and location data as well as related data necessary to identify the subscriber or user for all fixed telephony, mobile telephony, Internet access, Internet email and Internet telephony traffic. By contrast, it does not permit the retention of the content of the communication or of information consulted. The Data Retention Directive was challenged before the Court of Justice of the European Union (CJEU) as a disproportionate interference with the right to privacy. CJEU observed that, while the Directive does not permit the acquisition of knowledge of the content of the electronic communications as such, the collection and retention of traffic and location metadata constitutes a serious interference with the right to privacy.
CJEU then proceeded to examine this interference with the right to privacy in the light of the requirements of a legitimate aim and of proportionality. It noted that the purpose of the retention of the data is their possible transmission to the competent national authorities for the investigation, prosecution and adjudication of serious crime, which genuinely satisfies an objective of general interest (at para. 41).
Although the retention of the data was thus justified by a legitimate aim, CJEU concluded that it was not sufficiently circumscribed to be considered strictly necessary, and therefore failed the proportionality test and constituted a violation of the right to privacy. The reasons for this finding included that:
Since this judgment and in response to it, the EU Commission has been "monitor[ing] developments at national level, in particular as regards the assessment by Member States of their data retention legislation".**
The Uzun case *
Mr. Uzun was suspected of involvement with a terrorist group and a criminal investigation had been launched into charges that he, together with an accomplice, had participated in several bomb attacks designed to kill members of the public. The investigation by German police into the activities of the applicant involved surveillance and the use of phone taps and wireless transmitters. When the applicant and his accomplice destroyed the transmitters and stopped using the telephone, a global positioning system (GPS) device was placed in a car which they regularly used. At trial, the GPS evidence was used to corroborate information received through other surveillance methods and Mr. Uzun was convicted of attempted murder and causing explosions. Mr. Uzun submitted that the authorities' use of the GPS had breached his right to privacy in that it had enabled them to draw up a comprehensive pattern of his movements, to share that with third parties, and to initiate further investigations.
The European Court of Human Rights (ECtHR) found that, although the actions of the police had interfered with Mr. Uzun's rights, his rights had not been violated by the placing of the GPS and the collation and storage of information from it. ECtHR noted that that extensive safeguards were available (and had been properly applied in the instance case) to prevent misuse of the power of surveillance. These included: (1) the operation had been subject to judicial supervision throughout; (2) the duration of the operation had to be authorized and approved by a court; (3) an operation involving the tracking of an individual's movements with GPS could only be ordered in relation to a crime of particular gravity; and (iv) evidence obtained through use of GPS could be challenged and, if necessary, excluded at trial. Finally, ECtHR noted that the surveillance measures had been proportionatein that: (1) other investigative means had been tried and failed owing to the conduct of the applicant; (2) the investigation was into a serious matter, involving terrorist bombing; and (3) the measures had only been employed for a short period of time. Given the safeguards and proportionality of the measures applied, ECtHR considered that Mr. Uzun's right to privacy had not been violated.
The Escher case *
In the late 1990's social conflict, including disorder and violence, arose out of issues of land reform in Paraná, a municipal state within Brazil. Several social organizations were involved in campaigning around these issues. The Military Police of Paraná requested that a specific phone number be monitored. Permission was granted by the court. A second request was subsequently submitted in relation to a phone line used by a different organization without any accompanying justification. This was also granted. Subsequently, various recorded conversations between those using the phone line were broadcast on national television.
The case was brought before the Inter-American Court of Human Rights alleging violations of the rights to judicial guarantees, privacy, freedom of association and judicial protection established in the American Convention. In its judgment, the Court emphasized the importance of independent supervision of surveillance. The Court acknowledged that Brazil had a system for judicial authorization of telephone intercepts in place, and that applications had been filed and approved by a judge in the case at hand.
The Court underscored, however, that the judge has a special role to play in dealing with ex parte applications, such as applications for surveillance measures: "In proceedings whose juridical nature requires the decision to be issued without hearing the other party, the grounds and justification must show that all the legal requirements and other elements that justify granting or refusing the measure have been taken into consideration. Hence, the judge must state his or her opinion, respecting adequate and effective guarantees against possible illegalities and arbitrariness in the procedure in question" (at para. 139).
In considering the way the Brazilian judge in the case had dealt with the applications submitted by the military police, the Court found that these requirements had not been met: "Contrary to the foregoing, [the judge] authorized the telephone interceptions with a mere annotation that she had received and examined the requests and granted them … . In her decision, the judge did not explain her analysis of the legal requirements or the elements that caused her to grant the measure, or the way in which the procedure should be carried out or its duration" (at para. 140). The Court also found that there had been insufficient safeguards to ensure that the private information was not obtained by third parties.