Phnom Penh, 18 February 2021 – We, the undersigned national and international non-governmental organizations and communities, call on the Royal Government of Cambodia (“RGC”) to discard the Sub-Decree on the Establishment of the National Internet Gateway (“NIG Sub-Decree”). This legislative instrument violates Cambodia’s international human rights obligations and its Constitution, by threatening human rights online and offline in Cambodia, particularly the rights to freedom of expression, access to information, and privacy.
The NIG Sub-Decree sets in motion the creation and governance of a national internet gateway (“NIG”) – an infrastructure that requires all internet communications and internet data traffic circulating within and coming into Cambodia to pass through a gateway. The NIG Sub-Decree facilitates monitoring and surveillance of internet activity, empowers the interception and censorship of digital communications, and enables the collection, retention and sharing of personal data, thus fundamentally threatening the rights to privacy, freedom of expression and information. The NIG aims to place all international internet traffic under a single authority, enabling the government to more efficiently and effectively cut the country off from the international internet.
In addition to the many alarming human rights concerns raised by the NIG Sub-Decree’s provisions, its practical feasibility, in particular the establishment of the infrastructure required for the NIG, is also doubtful. The creation of a NIG is likely to cause a significant reduction in internet speeds, which has discouraged other governments’ attempts to create NIGs, including Thailand’s national internet gateway proposal which was scrapped in 2015. Establishing an NIG would therefore have a detrimental economic impact, especially on Cambodia’s emerging e-commerce market, acting as a deterrent to technology companies and creating uncertainty that could result in businesses leaving the Cambodian market. If private companies are compelled to leave, it will be consumers who ultimately pay the price.
Our key concerns about the NIG Sub-Decree include:
1. Surveillance – The NIG Sub-Decree seeks to establish an infrastructure that would facilitate broad surveillance of the online activities and personal data of individual users. Vaguely defined parameters throughout the Sub-Decree will enable a system capable of maximum surveillance with minimum oversight, thereby bolstering Cambodia’s already over-bearing surveillance powers in violation of the right to privacy. The right to privacy – enshrined in the Civil Code of Cambodia, and the International Covenant on Civil and Political Rights (“ICCPR”) – is a fundamental human right which is increasingly threatened by digital surveillance. Restrictions on the right to privacy should respect the principles of legality, proportionality and necessity, including by establishing safeguards, oversight systems and remedies for overreach. The Sub-Decree only provides for oversight from State entities, which, lacking independence, is a recipe for inadequate procedural safeguards and ineffective oversight. Internal safeguards without robust and independent oversight systems have been proven to be ineffective against unlawful or arbitrary privacy interferences, especially through surveillance, in a digital environment.
In addition to violating the right to privacy, government surveillance cultivates an environment of fear, creating incentives for self-censorship and directly undermining the ability of journalists and human rights defenders to undertake their work. The threat of surveillance therefore impedes on a number of other protected human rights including freedom of expression and information.
2. Censorship – Article 6 of the NIG Sub-Decree empowers the blocking of online connections or content deemed to “affect safety, national revenue, social order, dignity, culture, traditions and customs”. This highly subjective and undefined list of reasons for censoring content gives the RGC broad powers to police and censor online content, with the NIG providing unfettered access to and control over all data exchanges in the country. This provision contravenes the right to freedom of expression as enshrined in Article 41 of the Constitution of the Kingdom of Cambodia, and Article 19 of the ICCPR, as it goes beyond the permissible restrictions to freedom of expression. Furthermore, it is unclear from Article 6 whether it enables content to be blocked prior to its publication – a form of prior censorship – which would be a grossly disproportionate restriction on the freedom of expression.
There is a grave risk that the censorship powers granted by the NIG Sub-Decree could be used to block or punish dissenting opinions online in violation of international human rights law. Critical dissent, and other expression deemed impermissible by the RGC, is routinely silenced, punished, and delegitimized, making it reasonable to anticipate that this new legislative instrument will be used to prohibit legitimate criticism of the RGC, State institutions and State-linked actors, preventing accountability and contributing to the RGC’s broader crackdown on dissent.
3. Data privacy – Article 14 of the NIG Sub-Decree poses risks to data protection and data confidentiality, mandating the retention and sharing of personal data. International human rights standards provide that the right to privacy, as enshrined in Article 17 of the ICCPR, includes the right to the protection of personal data, which, among other things, prevents States from requiring the mass retention of personal data by companies and access to personal data outside of clearly defined circumstances and subject to safeguards. The NIG Sub-Decree does not provide a clear list of the types of information or data that can be retained and shared, and instead includes a vague catch-all provision – “other information as required” – under which companies may be required by the RGC to provide access to any form of personal data on demand.
Furthermore, through requiring data retention without requiring sufficient protection for data security, the NIG Sub-Decree increases risks to data security from third-party interference, or hackers. Centralizing internet traffic and data under an NIG creates a central point of vulnerability for malicious actors, while mandating the retention of data without also ensuring the capacity of service providers to adequately address the resultant increase in data security needs, compounds this risk.
In recent years, Cambodia’s domestic legal framework has granted increasingly intrusive powers to the RGC to control online activities and restrict civic space online. Worryingly, the threat posed by the NIG Sub-Decree to digital expression and the right to privacy is compounded by another looming piece of legislation, the draft of the Law on Cybercrime, which contains a number of overly broad provisions that do not meet international standards pertaining to freedom of expression and the right to privacy. The NIG Sub-Decree joins the Law on Telecommunications and the 2018 Inter-Ministerial Prakas on Publication Controls of Website and Social Media Processing via Internet, furthering the power of the RGC to use the internet as a tool of repression and undermining its potential as a key platform for exercising fundamental freedoms.
We therefore call on the RGC to immediately discard the NIG Sub-Decree, in line with Cambodia’s obligations under the Constitution and international human rights law, ensuring the rights to freedom of expression and information, and the right to privacy of all individuals in Cambodia is protected.
The post Cambodia urged to discard sub-decree that would detrimentally impact human rights online appeared first on IFEX.
Source: MEDIA FEED