BEIRUT: Releasing vast amounts of data in the name of national security is a violation of the Constitution and the spirit of Law 140, which was adopted in 1999 and governs security and law enforcement access to telecoms data, analysts said this week.
The most recent chapter in the recurring controversy over the telecoms data effectively came to a close Wednesday, with the Cabinet backing the prime minister’s demand that he be allowed to approve or reject requests for data by the Internal Security Forces on a case by case basis, and urging the cooperation of the telecommunications minister.
The Cabinet’s decision ends the current standoff between Prime Minister Najib Mikati and Telecommunications Minister Nicolas Sehnaoui, who had refused to approve a proposal that amounts to an extension of a request that was granted last year giving security forces access to all technical data for the entire country.
This information allows authorities to track cellphones – and by extension subscribers – as well as map out communication networks.
Much of the debate boils down to the interpretation of Law 140.
Sehnaoui, whose ministry has handed over such data in the past, fought the request citing the constitutional provision guaranteeing the right to privacy.
Last week, Mohammad Najem, the co-founder of the Beirut-based Social Media Exchange, which advocates for digital privacy rights, wrote a piece on the group’s website accusing both Mikati and Sehnaoui of violating Law 140 related to telecoms data.
According to Najem, Sehnaoui does not have to right to deny the prime minister’s request, citing Article 9 of Law 140. But the request itself, he added, is illegal according to Article 1 of the same law, which protects the right to secure communications.
“Even if Sehnaoui has legal grounds for refusing, because the request violates the Constitution, he cannot legally refuse,” said Riad Bahsoun, a former Middle East representative to the International Telecommunications Union.
“If the Cabinet makes the decision, Sehnaoui must comply,” he said. “And if Mikati decides to transfer the data, he would be overstepping his authority.”
Other experts argue that Law 140 does not apply in such cases, because the law specifically outlines the legal procedure for the interception of communications, and does not cover data mining, by which huge swaths of technical data for an entire region or network are collected and analyzed.
“We have had many requests that are not related to interception ... information that would allow them [security forces] to intrude on citizens’ privacy,” says Karim Kobeissi, a lawyer and senior adviser to Sehnaoui. “We are outside the scope of Law 140 and so we have to apply the constitutional right to privacy,” he added.
The outcome of this debate has far-reaching implications for the freedom of privacy in Lebanon. Sweeping requests for data have become common since 2005, when a string of assassinations increased pressure on politicians to grant security forces increased powers of investigation. Since then, it has become an intensely political debate generally breaking down along March 14-March 8 lines.
March 14 sees the telecoms data as key evidence in the investigation to discover who has been behind numerous attacks, while March 8 opposes handing over the data for privacy and security reasons.
“Maybe it’s normal for a security agency to be after as much information as they can get but we have a democratic system with laws, a Constitution, and checks and balances. I do not blame [the security agencies] for requesting, I blame the executive branch for accepting it,” said Kobeissi. “We fought it, and we were accused of covering up for criminals and assassins.”
In December, conflicting reports emerged over an alleged request by the security forces for passwords to websites accessed through mobile phones, and a leaked version of the request even appeared on the news website ElNashra. Since then, rumors have been flying about which information security forces have access to, and what they could do with such information.
“When I saw the request, I thought it was written by somebody who didn’t understand the technology,” said Marwan Taher, a software engineer who has also written about telecommunications and privacy. “I think it mainly has to do with being tracked – some accusations are exaggerated and some are not.”
When it comes to intercepting phone calls, Taher said, “as far as I’m aware, that’s already being done” illegally using equipment imported from abroad.” He dismissed rumors that the security forces could remotely activate features on the phone, such as the camera, as “far-fetched.”
“Definitely there is a privacy issue here, and the ISF is asking for the whole treasure chest of information which they can run through programs and come up with communication networks all over the country,” he said. “They’re doing a fishing expedition instead of targeted investigations.”