Difference between revisions of "Scenario 08: Certificate authority hack"

With regard to the number of affected individuals (“several hundreds of thousands”), it should be noted that the Court of Justice of the European Union (CJEU) ruled any bulk online surveillance as incompatible with the EUCFR;<ref>CJEU, the judgments in [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62012CJ0293 <i>Digital Rights Ireland</i>] and [http://curia.europa.eu/juris/celex.jsf?celex=62015CJ0203 <i>Tele2 Sverige</i>].</ref> however, as of October 2018, the case-law of the ECtHR seems to be developing in a less strict direction.<ref>ECtHR, the Chamber judgments in [http://hudoc.echr.coe.int/eng?i=001-183863 <i>Centrum för Rättvisa</i>] and [http://hudoc.echr.coe.int/eng?i=001-186048 <i>Big Brother Watch</i>].</ref> Although these rulings do not directly apply to States not members of the relevant international organizations, they may nonetheless carry persuasive value for the further development of the law in this area.
 
OnTo sum up the basisthree steps of the foregoingtest, it therefore cannot be concluded that the interception of emails by itself amounts to a violation of international human rights law. Although such conduct would most certainly interfere with several human rights of the affected individuals, its compatibility with IHRL would fall to be determined by the justification proffered by the acting State.
 
On the basis of the foregoing, it therefore cannot be concluded that the interception of emails by itself amounts to a violation of international human rights law. Although such conduct would most certainly interfere with several human rights of the affected individuals, its compatibility with IHRL would fall to be determined by the justification proffered by the acting State.
 
== Checklist ==