Hacking Necessary Safeguards Introduction

A growing number of governments around the world are embracing hacking to facilitate their surveillance activities. But many deploy this capability in secret and without a clear basis in law. In the instances where governments seek to place such powers on statutory footing, they are often doing so without the safeguards and oversight applicable to surveillance activities under international human rights law.

Hacking can present unique and grave threats to our privacy and security. For these reasons, even where governments conduct surveillance in connection with legitimate activities, such as gathering evidence in a criminal investigation or intelligence, they may never be able to demonstrate that hacking as a form of surveillance is compatible with international human rights law. To date, however, there has been insufficient public debate about the scope and nature of these powers and their privacy and security implications.

Our proposed safeguards are designed to help interested parties assess government hacking in light of applicable international human rights law. They are further designed to address the security implications of government hacking. Generally speaking, security considerations must be embedded into surveillance safeguards and oversight mechanisms. We separately explain the legal and conceptual bases for our proposed safeguards in “Government Hacking and Surveillance: Commentary to the 10 Necessary Safeguards.”

These safeguards form part of a comprehensive strategy pursued by Privacy International and others across civil society to ensure that:

  • Governments and industry prioritise defensive security;
  • Our devices, networks and services are secure and privacy- protective by design and that these protections are maintained; and
  • Legal and technological protections apply to everyone across the world.