The Second Chamber of the Supreme Court of Justice of the Nation (SCJN) in Mexico will soon discuss the constitutionality of Articles 189 and 190 of the Federal Telecommunications and Broadcasting Act (known simply as the “Telecom Law”), which went into effect in August 2014. These articles state that, among other things, telecommunication companies must maintain records of their users’ metadata for a period of two years, and grant unrestricted access to the proper state authorities.
As defined by the NGO Derechos Digitales (Digital Rights), metadata is information that puts into context other data, such as the information we exchange when we communicate. FayerWayer Magazine adds that the stored metadata makes it possible to know many of the behaviors and habits of a user, including:
Nombre y domicilio del suscriptor
Tipo de comunicación -voz, datos, conferencia- y servicios- suplementarios, de mensajería o multimedia- empleados
En telefonía móvil: datos para conocer el origen y destino de las comunicaciones
Fecha, hora y duración de la comunicación
Fecha, hora y ubicación de la primera activación del equipo
Datos de identificación y características técnicas de los equipos
The subscriber’s name and address
The type of communication (voice transmission, voicemail, conference) and additional services employed, such as messaging or multimedia.
Data about the origin and destination of mobile communications.
The date, time, and duration of communication.
The date, time, and location of the first service activation.
Identification data and technical characteristics of the device.
The geographical position of the lines.
In 2014, when the telecom law was passed, it was billed as a much-needed reform of the telecommunications sector, which continues to be dominated by monopolies. To date, authorities have not discussed in depth why the two articles in question were included, beyond justifying them for vague reasons of “security”.
At the time, the Network in Defense of Digital Rights (R3D) filed a writ of amparo (a legal instrument that aims to defend fundamental rights and counter arbitrariness) against the legislation's “Collaboration With Justice” articles, arguing that they violate human rights. Other organizations dedicated to defending digital rights, free expression, and transparency (such as Article 19 and FUNDAR) also supported the amparo.
R3D later published a paper titled “Frequently Asked Questions About the Unconstitutional Nature of Articles 189 and 190 of the LFTR,” noting that the content of the articles violates citizens’ right to the inviolability of private communications and the right to protection of personal data. The organization also says “there is an absence of clarification about who constitutes the competent authorities.”
The following video is part of R3D’s informational materials developed to show the importance of what the court will discuss:
La conservación masiva e indiscriminada de metadatos nos asume a todos como presuntos delincuentes y nos pone en mayor riesgo […]
En otros países la retención de metadatos ya fue prohibida. En abril de 2014, el Tribunal de Justicia de la Unión Europea invalidó su ley de retención de datos argumentado que “constituye una injerencia de gran magnitud y especial gravedad en los derechos fundamentales al respecto de la vida privada…”
It is thus possible to deduce things like your personal relationships, your political and religious preferences, or health status.
Metadata conservation assumes we are all criminal suspects and puts us at greater risk.
In other countries metadata retention has already been prohibited. In April 2014, the Court of Justice of the European Union overruled its data retention law arguing that it “constitutes an interference of a large magnitude and is particularly serious with respect to the fundamental rights to privacy…”
The Supreme Court was scheduled to settle the amparo on Wednesday, March 20, 2016, but a resolution was postponed, as announced by Ivan Martinez, an advocacy writer for R3D:
— Iván (@protoplasmakid) April 20, 2016
Court postponed decision regarding the amparo of @r3dmx another week.
Don’t let your guard down! Stalker Law. Telecom Law.
In preparation for the hearing, more than a dozen national and international organizations for the defense of digital rights have urged the court to protect the right to privacy and reject the constitutionality of the telecom law. A joint statement from these groups says Mexico faces a “historic opportunity”:
La SCJN posee una oportunidad histórica para establecer un precedente de protección a la privacidad en México y replicar las tendencias internacionales en el tema. Por el contrario, en caso de validar la vigilancia sin controles que facilita la Ley de Telecomunicaciones, la SCJN estaría enviando un mensaje sumamente peligroso de que todo se vale con el pretexto de proteger la seguridad, incluso medidas que, lejos de proteger la seguridad, la comprometerán aún más, sobre todo en el contexto de crisis en materia de derechos humanos por el que atraviesa el país.
The Supreme Court has a historic opportunity to set a precedent for privacy protection in Mexico and to replicate international trends on the issue. On the other hand, in the event that it validates the surveillance without limitations that is facilitated by the Telecommunications Act, the Supreme Court would be sending a very dangerous message that anything goes on the pretext of protecting safety, including measures that, far from protecting safety, would endanger it even more, especially in the context of crisis in the matter of human rights that is faced by this country.
The Electronic Frontier Foundation says the indiscriminate and massive retention of data allowed by the Telecom Act is “a serious state interference and full-scale invasion of privacy in the communications of millions of Mexican citizens,” arguing that judicial oversight in such policing measures is a necessity:
A dos años de la reformas de la Ley Telecom, el estado mexicano no se ha puesto a la altura de sus compromisos internacionales en materia de derechos humanos en el entorno digital, al poseer un instrumento legal que abre la puerta de manera desproporcionada a la vigilancia de las comunicaciones de una población entera e incluso autoriza el acceso a los datos retenidos sin autorización judicial.
Two years after the Telecom Law was reformed, the Mexican state has still not caught up to its international human rights obligations; mandatory data retention is an unnecessary and disproportionate measure that affects the privacy rights of millions of Mexicans. The Telecom law also allows warrantless access to the retained metadata, contrary to international human rights standards. Determinations related to communications surveillance must be made by a competent judicial authority that is impartial and independent.
Using the hashtag #LeyTelecom (Telecom Law), Internet users have discussed the controversial legislation on Twitter:
— ARTICLE 19 MX-CA (@article19mex) April 7, 2016
How can the government obtain your information and what can it do with it? We explain the capabilities of the Telecom Law.
— Rancho Electrónico (@hackrancho) April 20, 2016
No to the retention of metadata allowed by #Mexico with the Telecom Law because it facilitates control and surveillance.
Twitter users also shared the hashtag #LeyStalker (Stalker Law) to characterize the law as invasive and spy-like.
— Mariel García M (@faeriedevilish) April 20, 2016
Happy day. I hope you are all working on behalf of the world you want to see.
Especially one that respects privacy, @SCJN. Follow @r3dmx #LeyStalker <3
Concerns about granting the Mexican government greater spying powers are especially high, in light of the 2015 leaks, which revealed that several of the country's state institutions are some of the Italian company Hacking Team‘s biggest buyers of surveillance technology in the world. (And much of this equipment was purchased to intercept communications illegally.)
There are also worries that officials will abuse any new surveillance powers and put citizens at risk, if the court upholds the law's constitutionality. Carlos Brito, the director of Advocacy at R3D, says this danger is real, pointing to the federal police in Mexico currently being investigated for kidnapping and extortion:
— Carlos Brito (@Britovsky) April 20, 2016
These people can access metadata and geolocation through the #TelecomLaw? Yes. The Stalker Law authorizes them to.
Following the same logic, others online have recalled the recent cyberattack on the National Electoral Institute's database, which resulted in the massive leak of 93.4 million voters’ information.
— Carlos Brito (@Britovsky) April 22, 2016
Beware – INE's database with 93.4 million registrations is on Amazon… and they still want to retain metadata.
En un país con un serio déficit democrático y en el que funcionarios públicos son los principales responsables de agresiones a periodistas y disidentes, la medida [prevista por la Ley Telecom] podría ser utilizada fácilmente para perseguir voces incómodas dentro del marco de la legalidad formal.
In a country with a serious democratic deficit and in which public officials are primarily responsible for attacks on journalists and dissidents, the measures [allowed by the Telecom Law] could easily be used to pursue uncomfortable opinions within the framework of formal legality.
In their collaboration for Nexos Magazine, Luis Fernando García, the director of R3D, and Ana Gaitán Uribe, a lawyer for R3D, asked Mexicans to think about the risks of handing so much power over to people who have inspired such little confidence:
Es entendible que demandemos mayor seguridad ante el miedo de ser víctimas de un delito, pero debemos preguntarnos si dichas medidas realmente nos hacen estar más seguros, rescatar a más víctimas, atrapar a más criminales. O si, por el contrario, fomentan un clima de opresión en el que nuestra expectativa de privacidad se erosione. Preguntémonos, también, cuál es el daño que se ocasionaría cuando las personas equivocadas tienen un fácil acceso a todos nuestros datos sensibles. Particularmente en un país en donde la diferencia entre el Estado y la delincuencia es frecuentemente inexistente.
It is understandable that we demand greater security in the face of the fear of being victims of crime, but we must ask whether these measures really make us safer, rescue more victims, catch more criminals. Or if, on the contrary, they foster a climate of oppression in which our expectation of privacy erodes. We should ask ourselves as well, what's the harm that would be caused when the wrong people have easy access to all of our sensitive data. Particularly in a country where the difference between the state and crime is often nonexistent.
Mexico has to wait until Wednesday, April 27, 2016, for the court to announce its decision. If the court upholds the legislation, R3D says it's prepared to take the case to the Inter-American Commission on Human Rights.