Against the background of the continuing democratic crisis in Poland, attention is increasingly being paid to the progressive expansion of state surveillance powers. While these trends began around the same post-9/11 shift towards securitizations that many states experienced, though in Poland, expansive surveillance also correlates with the populist shift that started in the mid-2010s. The correlation between non-democratic forms of government and extensive surveillance powers is not a new phenomenon. It characterises both authoritarian states and those quasi-democracies drifting towards them. As before in Hungary, the ruling majority in Poland is not only trying to monopolise all public institutions, including the judiciary, but also systematically attempting to extend the scope of surveillance powers. These changes are accompanied by a weakening (or complete removal) of the legal safeguards that normally serve to counteract the risk of abuse of power in a democracy.
The Polish example is also interesting because it allows one to assess the relationship between the evolution of surveillance powers and the formation of non-democratic forms of government. In particular, it begs the question; is it undemocratic governance that leads to the creation of elaborate forms of surveillance, or is it the other way around? And further, is it overly broad surveillance powers that inevitably lead to the erosion of democratic principles, ultimately corrupting those in power?
Expansion of surveillance powers
In Poland, the problem of using extensive surveillance powers is discussed mainly in the context of criminal procedure. As a result, unlike, for example, in Sweden or Germany, Polish regulation on the use of electronic surveillance in the intelligence field (foreign or domestic) is not publicly debated at all. This is because national regulation in this area is very broad and of a blanket nature. However, to summarise these regulations simply as ‘incomplete or requiring improvement’ would be an oversimplification. The Polish legislature has not defined any limitations nor established any legal safeguards for the Intelligence Agency (Agencja Wywiadu) regarding its foreign electronic surveillance activity. At the same time, credible reports exist of serious abuses by Polish security services involving the bulk collection of electronic communications and the transfer of several million items of intercepted data to the US National Security , beginning around 2009 and revealed by Edward Snowden’s leaks.
By contrast, electronic surveillance measures used in the fight against crime have been an enduring element of public debate. The need to increase the effectiveness of law enforcement agencies has been the main argument used by the ruling majority in recent years to maintain existing and establish new surveillance measures.
For these reasons, neither the government nor the constitutional court have ever challenged the legitimacy of a general data retention obligation – even in the context of collecting data for criminal investigations. As a result, domestic retention laws have not changed for more than 10 years and are still a direct transposition of the EU Data Retention Directive, annulled by the CJEU back in 2014. Moreover, in Poland, access to retention data is not preceded by any form of judicial review, which per se is not compatible with the Charter of Fundamental Rights.
At the same time, retained data is an important source of information for law enforcement agencies. According to the Ministry of Justice, the police and security services gather 1,5 million pieces of data from telecommunications systems every year. This number is increasing year on year, with no discernible decrease in crime or other objective reasons to justify this practice.
Poland is also a country where a number of new mechanisms for collecting data on citizens have been introduced in recent years. One example is STIR – an IT system that is (or should be) used by the tax authorities to collect data from financial institutions on their clients, including accounts held and transactions made. STIR contains billions of records that allow one to trace the financial transactions of a large part of society. It is impossible to see how small everyday transactions are supposed to help combat serious tax crimes, such as VAT carousels. Nor have the authorities demonstrated the need to automatically collect and process – as they do – data on a large number of taxpayers, including those for whom there is not even an even indirect link to tax offences. This process is beyond the control of the courts. Moreover, while formal approval by the prosecutor or the court is still required for the security services in order to obtain data directly from financial institutions, accessing the same information using the STIR database can be carried out without any authorisation or external control whatsoever. This excessive amount of data on citizens and unchecked access to it clearly raises questions about the proportionality and legitimacy of the measures taken to gain it. Similar doubts have been raised about targeted surveillance measures.
Since the current Polish government came to power in 2015, there have been a number of regulatory changes that have reduced the effectiveness of pre-existing legal protections. One example is the removal of a provision prohibiting the use of illegally obtained evidence in criminal proceedings. The new government-dominated legislature not only sanctioned the use of this type of defective evidence, but also established a norm whereby excluding evidence on the grounds that it was obtained in violation of the law effectively became prohibited. In this way, a kind of anti-safeguard was introduced in the Polish criminal procedure – creating an incentive to conduct extrajudicial surveillance. It is difficult, if not impossible, to explain the need for such an extraordinary mechanism in a democratic state.
Deformation of independent control
The impact of these expanded surveillance powers on individual rights and freedoms could be partially reduced if effective control mechanisms were introduced. In fact, the essence of the abuse of power is not the acquisition of information by public authorities, but the ability to use it in carrying out their own – possibly illegal – activities. Taking this into account, the purpose of exercising control over state surveillance activity is not only to prevent individual cases of surveillance where it is not required, but to also prevent the occurrence of systemic violations where the authorities remain beyond any real legislative control and are free to pursue their own agendas.
In Poland, no dedicated bodies to supervise state surveillance activity have ever been established. Therefore, the entire burden of control in this area is exercised by the courts of law. Prior review is used in surveillance cases pertaining to criminal procedures. As mentioned earlier, in Poland, this type of control is not only applied in the case of obtaining metadata but also in some cases of the surveillance of foreigners. Formally, the court authorising the surveillance should verify that the condition of necessity has been met and confirm that the requested measure is the least invasive among those available. In practice, however, prior review has not been used properly for many years now – as evidenced by the fact that courts accept more than 95% of requests for surveillance (see e.g. data from 2018, 2019 and 2020). In some cases – for example, applications made by the Internal Security Agency (Agencja Bezpieczeństwa Wewnętrznego) in 2017 – all (100%) of the applications submitted to the court were approved. This means that, in practice, there was not one single case where the court had any doubt about the need for the surveillance measures requested. This is a remarkable statistic, and one which strongly suggests that this control mechanism lacks effectiveness. Such a conclusion is supported by the case law of the ECtHR, which, when examining a similar case, concluded that the unusually high rate of accepted applications indicated that “investigating judges do not address themselves to the existence of compelling justification for authorising measures of secret surveillance.”
Blanket approval of surveillance requests is not the only deficiency in judicial review in Poland. Similarly ineffective is the biannual verification of law enforcement agency reports on the scope of metadata collected from telecommunications systems. This verification is carried out without clearly defined standards, is random in nature, and in many cases the court itself has concluded that, on the basis of the data presented, it has proved impossible to determine whether law enforcement agencies have acted within the scope of the powers granted to them. Yet this mechanism continues to remain in place without any kind of legislative initiative taken to address its glaring weaknesses.
Surveillance state in action? The 2022 Pegasus case
Overly expansive surveillance powers combined with the erosion of their oversight inevitably lead to abuse of power. In 2018, it was reported in the media that one of Poland’s security services, the Central Anti-Corruption Bureau (CBA), had purchased Pegasus – a modern electronic surveillance software programme – from the Israeli NSO Group. It is worth recalling that the CBA is a service that was created by the current government the last time it was in power, back in 2006, and that the Bureau has a reputation not for fighting against corruption, but for conducting illegal activities motivated by political reasons. It is not surprising, therefore, that the purchase of Pegasus by the CBA generated discussion not about increasing the effectiveness of the fight against crime, but about the risk of the tool being used to pursue political ends.
These suspicions were confirmed in early 2022 when Citizen Lab and Amnesty International provided evidence of Pegasus being used to eavesdrop on a key opposition politician, and on a lawyer acting in disputes with the government and public prosecutor about abuses of power. As a result, public attention was once again drawn to the problem of excessive surveillance powers and the lack of control over their exercise.
The outbreak of war in Ukraine has caused other issues – including those related to the surveillance affair – to be pushed into the background for the time being. It is worth noting, however, that the Pegasus affair has not led to any in-depth reflection on the need to reform the entire Polish surveillance framework. What is more, the current government not only, it seems, fail to see any need for change, but conversely, maintain that the current regulatory model is wholly adequate, obviating the need to either create new or strengthen existing mechanisms of control over the activities of special services.
There is no doubt that authorities must have effective tools to both protect national security and conduct the fight against crime. At the same time, the understandable secrecy surrounding the work of the security services must not create an opportunity for the abuse of powers. Surveillance without adequate control weakens democracy, leads to a distortion of its principles, and ultimately, as the ECtHR has warned, threatens its very existence.
The current model of Polish surveillance regulation is the result of many years of neglect and the mistaken conviction of those in power that a state limited in its freedom to make decisions becomes weak. However, being effective is not the only (and for many not the most important) goal of the government. Suffice it to say that though authoritarian states are usually effective in achieving goals of those in power, this does not mean that their form of government can be considered superior.
The Polish experience demonstrates how a determined populist government, using the tools available in a democracy, can in a relatively short space of time erode legal safeguards established to control state surveillance activity. This is a scenario that has already played out in Poland, and there is no reason to assume that it cannot be repeated in other countries, including those with – for the time being, at least – well-established democratic governments.