A Bill has recently been introduced in both Houses of the US Congress, in response to the Wikileaks disclosures, to amend the US Espionage Act 1917 to make it a criminal offence for any person knowingly and wilfully to disseminate, “in any manner prejudicial to the safety or interest of the United States”, any classified information “concerning the human intelligence activities of the United States”.  This proposal would appear to be constitutional with respect to US Government employees who leak such material to those who are unauthorised to receive it.  But what about the constitutionality of criminalising anyone who publishes the information after it has been leaked, especially given that the proposed new offence is not, at any rate expressly, limited to situations in which the spread of the classified information poses a “clear and present danger” of grave national harm?

The “clear and present danger” standard has been the governing principle under the First Amendment to the US Constitution since Supreme Court Justice Oliver Wendell Holmes Opinion in Schenk v United States in 1919.  The principle was stated by Supreme Court Justice Louis D. Brandeis in Whitney v California in 1927.  The founding fathers of the US “did not exalt order at the cost of liberty”, wrote Brandeis.  On the contrary, they understood that “only an emergency can justify repression.  Such must be the rule if authority is to be reconciled with freedom.  Such … is the command of the Constitution.  It is, therefore, always open to Americans to challenge a law abridging free speech and assembly by showing that there was no emergency justifying it”.

Writing in the New York Times on 3 January 2011, Geoffrey R. Stone, Professor of Law at the University of Chicago, and Chairman of the Board of the American Constitution Society, explains that the First Amendment does not compel Government transparency.  It leaves the Government autonomy to protect its own secrets.  It does not accord anyone the right to have the Government disclose information about its actions or policies.  It cedes to the Government authority to restrict the speech of its own employees.  What it does not do, however, is allow the Government to suppress the free speech of others when it has failed to keep its own secrets.

Professor Stone gives a number of reasons why it is right to give the Government limited scope for penalising the circulation of unlawfully leaked information.

First, the mere fact that such information might “prejudice the interests of the United States” does not mean that that harm outweighs the benefit of publication. In many circumstances, it may be extremely valuable to public understanding. Consider, for example, classified information about the absence of weapons of mass destruction in Iraq. Second, the reasons that Government officials want secrecy are many and varied. They range from the compelling to the illegitimate. It is tempting for Government officials to overstate the need for secrecy, especially in times of national anxiety.  Third, a central principle of the First Amendment is that the suppression of free speech must be the Government’s last rather than its first resort in addressing a problem. The most obvious way for the Government to prevent the danger posed by the circulation of classified material is by ensuring that information that should be kept secret is not leaked in the first place. The Supreme Court in Bartnicki v Vopper in 2001 held that when an individual receives information “from a source who obtained it unlawfully,” that individual may not be punished for publicly disseminating the information “absent a need … of the highest order”. The Supreme Court explained that if the sanctions now attached to the underlying criminal act do not provide sufficient deterrence, then perhaps they should be made more severe,  but that “it would be quite remarkable to hold” that an individual can constitutionally be punished merely for publishing information because the Government failed to “deter conduct by a non-law-abiding third party”.  Professor Stone concludes that if  the Government is granted too much power to punish those who disseminate information, then one risks too great a sacrifice of public deliberation; if, on the other hand, the Government is granted too little power to control confidentiality at the source, then  one risks too great a sacrifice of secrecy. The answer is to reconcile the values of secrecy and accountability by guaranteeing both a strong authority for the Government to prohibit leaks and an expansive right for others to disseminate information to the public.

James Goudie QC

In Wild v IC and Chief Constable of Hampshire Constabulary (EA/2010/0132) the Appellant was concerned as to whether the provisions of the Hunting Act 2004 were being complied with in the Isle of Wight and how these provisions were being enforced by the Hampshire Police.  She requested from the Chief Constable dates of pre-hunt meetings in last 5 years and names of officers attending pre-hunt meetings with Isle of Wight Hunt, such meetings being meetings between the organisers of hunts and the police officers responsible for supervising hunts (“Hunt Liaison Officers”).  The Police responded, providing dates, but refusing to disclose the names of the officers in attendance. 

The IC considered the application of S40(2) of FOIA to the case.  He concluded that the names of officers attending the meeting would be personal data and therefore in considering the potential disclosure it was necessary to consider whether it would be in accordance with the data protection principles embodied in the DPA.  He concluded that the disclosure would result in a breach of the first such principle that data should be processed fairly and lawfully.  He accepted that the disclosure may lead to the harassment of the officers identified and consequently the disclosure would be unfair to those officers. 

The Tribunal rejected the appeal and upheld the IC’s decision.  The IC had correctly struck the balance between the Appellant’s legitimate interest in disclosure and the prejudice to Hunt Liaison Officers disclosure of whose identity would put them at risk of harassment.

James Goudie QC

In Byrne v DPP (2010) 1 EHC 382 the Irish High Court held that it was not part of the function of the DPP to surf the internet in order to find and deal with any information on an accused facing a criminal trial. The material on the applicant did not suggest he was guilty of the crime with which he was charged and there was no risk of an unfair trial.  His application that the DPP should seek out and have removed information on him published on the internet was refused. 

The applicant is a former Securicor employee, facing charges in connection with the extortion of money from a Securicor employee through the kidnapping of his family in March 2005. In April 2009, a jury was empanelled to try the applicant along with others.  There was a lot of media coverage of the crime and the subsequent trial.  In May, the trial judge had his attention drawn to material on newspaper websites relating to the bail hearings concerning some of the accused men, and he ordered this material to be removed.  However, the Judge said that it was not the duty of the DPP to sweep the internet and engage in correspondence with local and foreign internet service providers with a view to cleansing cyberspace of any potential reference to an accused person.  Judges should warn jurors that they should not surf the internet in relation to any participant in a case.

James Goudie QC

The Data Retention Directive (Directive 2006/24/EC) requires public electronic communications providers (telephone companies, mobile telecoms, Internet service providers) to retain traffic, location and subscriber data for the purpose of the investigation, detection and prosecution of serious crime. The Directive has been undergoing an evaluation process that seeks to assess its application by Member States, and its impact on businesses and consumers. The aim is also to establish whether the Directive is proportionate in relation to the law enforcement benefits it yields, the costs for the market, and the impact on fundamental rights, in particular the rights to privacy and the protection of personal data.

The Commission held a Conference on the Directive in Brussels on 3 December 2010.  Cecilia Malmström, the Member of the Commission responsible for Home Affairs, made four points: (1) the retention of data is useful for fighting crime; (2) the Directive is implemented in different ways in the Member States, especially as regards retention periods; (3) clearer rules are needed, including in relation to compensation for costs; and (4) there is no evidence of serious abuse.

At the Conference Peter Hustinx, the European Data Protection Supervisor (EDPS), strongly argued in favour of seizing the opportunity of the ongoing evaluation process to demonstrate the necessity and justification for the Directive. The EDPS emphasised once again that the retention of traffic and location data of all persons in the EU, whenever they use the telephone or the Internet, is a huge interference with the right to privacy of all citizens. As such, the EDPS regards the Directive as the most privacy invasive instrument ever adopted by the EU in terms of scale and the number of people it affects. Such a massive invasion of privacy needs profound justification. The EDPS therefore called on the Commission to use the evaluation exercise to prove the necessity for the Directive and its proportionality. The EDPS further insisted on the fact that the Directive clearly failed to harmonise national legislation. Significant discrepancies between the implementing laws of the EU Member States have led to legal uncertainty for citizens. It has also resulted in a situation where the use of the retained data is not strictly limited to the combat of really serious crimes. According to the EDPS, a new or modified EU instrument on data retention should be clear about its scope and create legal certainty for citizens. This means that it should also regulate the possibilities for access and further use by law enforcement authorities and leave no room for the Member States to use the data for additional purposes.

James Goudie QC

EU Justice Ministers have approved the start of talks between the EU and the US on a personal data protection agreement when cooperating to fight terrorism or crime. The stated aim is to ensure a high level of protection of personal information like passenger data or financial information that is transferred as part of transatlantic cooperation in criminal matters. Once in place, the agreement would enhance citizens’ right to access, rectify or delete data when it is processed with the aim to prevent, investigate, detect or prosecute criminal offences, including terrorism. Vice-President Viviane Reding, the EU’s Justice Commissioner, said: “Today’s decision gives us the green light to negotiate a solid and coherent agreement with the United States which balances enforceable rights for individuals with the strong cooperation we need to prevent terrorism and organised crime. I look forward to meeting my US counterparts in Washington next week to kick start these important negotiations.” The EU and US have different approaches in protecting personal data, leading to some controversy in the past when negotiating information exchange agreements (such as the Terrorist Finance Tracking Programme or Passenger Name Records). The purpose of the negotiations is also to address and overcome these differences.  The mandate aims to achieve an agreement which provides for a coherent and harmonised set of data protection standards including essential principles such as proportionality, data minimisation, minimal retention periods and purpose limitation; contains all the necessary data protection standards in line with the EU’s existing data protection rules, such as enforceable rights of individuals, administrative and judicial redress or a non-discrimination clause; and ensures the effective application of data protection standards and their control by independent public authorities.

The agreement would not provide the legal basis for any specific transfers of personal data between the EU and the US. A specific legal basis for such data transfers would always be required. The new EU-US data protection agreement would then apply to these data transfers.

James Goudie QC