An Overview: Surveillance Practices in Colombia
On December 10, 2016, President Juan Manuel Santos received the Nobel Peace Prize for his efforts to negotiate peace between the Colombian government and the FARC guerrilla group. However, only two months earlier, representatives of the Colombian government appeared before the United Nations’ Human Rights Committee over the country’s possible human rights violations. That appearance was preceded by months of the government’s lack of response to the committee’s requests for information, with the committee chairman expressing frustration over Colombia’s “state of amnesia”.
As Colombia faces the road toward, ending a decades-long civil war and insurgency, back-and-forth processes are common. On one hand, the country is intent on healing its wounds and establishing enduring peace within its population of nearly 50 million. On the other hand, it can’t seem to shake off the wartime mindset, which leads to persistent violations of human rights.
Among various other issues, the Human Rights Committee addressed unauthorized intelligence activities by officers of the former Administrative Security Department. They allegedly surveilled and harassed hundreds of politicians, justice officials, reporters, human rights activists, as well as international and regional organizations. The agency was dissolved back in 2011 amid widespread scandals; however, the Colombian government’s lack of cooperation with the Human Rights Committee shows that the country still has a lot to learn in terms of transparency and adequate intelligence practices.
In December 2015, prominent investigative journalists received anonymous tips about their communications being intercepted illegally. The surveillance was attributed to the National Police, which was allegedly retaliating for a news story on a possible police-related prostitution network. The scandal resulted in resignation of the head of the Police, General Rodolfo Palomino, but no significant prosecutions followed.
Mass Surveillance Legislation
The existing surveillance framework in Colombia is outlined in the Decree 1704 on Communications Interception and Data Retention, passed in 2012.
According to the decree, all telecommunications service providers (including ISPs) must implement the technological infrastructure that enables the judicial police to access their networks and intercept users’ communications. In other words, service providers must allow backdoor access that makes it easier for law enforcement to spy on Colombian citizens. Such interception requires a warrant issued by the Attorney General.
Service providers are also required to provide access to the communications history or technical data of any specific user without a warrant. The data must be stored for 5 years, which is one of the longest retention periods in the world. A provider that does not comply with these obligations faces fines and could lose its operating license.
On top of that, Colombia has a legal ban on the use of encryption for communications dating back to 1993. The use of voice encryption is only allowed for certain government officers.
Needless to say, Colombia’s draconian surveillance legislation has attracted widespread opposition from local and international rights groups. The Electronic Frontier Foundation has sharply criticized the Decree 1704, stating that the Colombian government “consistently displayed its contempt for the communication privacy rights of its citizens.”
Somewhat surprisingly, a 2015 report by Privacy International revealed that various Colombian agencies had actually sought to expand their bulk collection of phone and internet data even further. “We all thought that Colombia’s history of illegal surveillance and abuses of power was well documented,” Privacy International said in a statement, pointing out that the report showed there were multiple issues still left unexposed.
While the surveillance situation remains problematic, there are some steps Colombians can take to protect their privacy, such as using a VPN. VPNs (Virtual Private Networks) protect users’ information and location by hiding their IP addresses and encrypting their internet traffic. However, it is imperative to use a VPN provider that does not store data or communication logs, like NordVPN.