Mando Rachovitsa
Mando is an Associate Professor in Human Rights Law, School of Law, University of Nottingham. She is also the Deputy Director of the Human Rights Law Centre.
Mando joined the University of Nottingham in 2023. Prior to that she was an Assistant Professor of International Law at the University of Groningen, The Netherlands (2016-2023) and an Assistant Professor of International Law at Qatar University, Qatar (2013-2016).
Mando's expertise lies in the areas of human rights law and technology law. She researches the intersection between human rights law and technology, including digital human rights, and human rights-based design for cybersecurity standards and algorithmic systems. She has written on the human rights assessment of the use of new technologies, including encryption, and digital ID systems, and how human rights law may inform the design and implementation of Internet standards. She has also published on how international law-like standards are created and used to assess the legality and legitimacy of the Internet Corporation for Assigned Names and Numbers (ICANN) work in the domain names' space.
Mando is also systematically writing on comparative human rights law bringing together the case law of the 3 regional courts of human rights (European, Inter-American and African) regarding interpretational, jurisdictional and substantive issues. She is particularly interested in the case law of the African Court of Human and Peoples' Rights.
Mando joined the University of Nottingham in 2023. Prior to that she was an Assistant Professor of International Law at the University of Groningen, The Netherlands (2016-2023) and an Assistant Professor of International Law at Qatar University, Qatar (2013-2016).
Mando's expertise lies in the areas of human rights law and technology law. She researches the intersection between human rights law and technology, including digital human rights, and human rights-based design for cybersecurity standards and algorithmic systems. She has written on the human rights assessment of the use of new technologies, including encryption, and digital ID systems, and how human rights law may inform the design and implementation of Internet standards. She has also published on how international law-like standards are created and used to assess the legality and legitimacy of the Internet Corporation for Assigned Names and Numbers (ICANN) work in the domain names' space.
Mando is also systematically writing on comparative human rights law bringing together the case law of the 3 regional courts of human rights (European, Inter-American and African) regarding interpretational, jurisdictional and substantive issues. She is particularly interested in the case law of the African Court of Human and Peoples' Rights.
less
InterestsView All (9)
Uploads
Conference papers by Mando Rachovitsa
The first part of the paper demonstrates how the technical understanding of privacy, freedom of expression and security online creatively informs the design, interpretation and application of human rights law. A lesson learnt in the aftermath of the mass surveillance revelations is that ensuring privacy is a precondition for maintaining freedom of communications and for Internet users to trust the network. Moreover, privacy is an essential requirement for preserving security and resilience online. Interestingly, the interdependence of privacy and network security also extends, in many instances, to national and international security; this is illustrated in the current encryption debate although few emphasise sufficiently that a sound network and national security framework should ensure the users’ privacy instead of undermining it. The second part of the paper explores in more concrete terms how the legal reasoning of national and international courts should be enhanced by a systemic digital perspective. This means that courts must fully appreciate the impact of a restrictive measure, not only from a human rights point of view, but also from the perspective of the functioning of the Internet. A given interference may seem minor, if examined from the perspective of the affected individual, but the same measure may have a devastating impact on the general operation of the Internet (this is the case when courts find hyperlinking unlawful or promote a wide-ranging intermediary liability) and the security thereto (for example, in cases of ordering mandated decryption of data or conducting mass surveillance). Therefore, preserving the integrity and interoperability of the network must be an autonomous consideration in legal reasoning when assessing the seriousness of an interference with a human right and the proportionality test. This is all the more important since a substantial impact on the network could in turn adversely affect other human rights of users. For instance, enforcing the right to be forgotten not only adversely affects the interoperability of the Internet but also impacts freedom of expression. The analysis critically assesses the existing case law of both the European Court of Human Rights and the Court of Justice of the European Union and points out to novel approaches coming from Supreme Courts in Latin America.
Online privacy is a serious global issue that will define the future of the Internet as a platform for the realization of human rights and a driving force in the acceleration of the digital economy and international development. At the same time, online privacy has implications to combatting cyber crime, addressing cyber security and maintaining international peace and security. A prevalent aspect of the discussion surrounding privacy is the narrative of “humanizing” the Internet. This narrative concerns the applicability and application of international human rights law to the digital environment as well as a “rights-based” approach, which relates to policy and technological arguments regarding the protection of the end-user. As a consequence, the relationship between cyber security and privacy is mostly framed in terms of human rights law.
This paper submits that there is no singular answer to the question of whether cybersecurity and privacy are reconcilable. It argues that the interrelation between cyber security and privacy is much more complex and richer due to the unique features of the online environment. Privacy online has a different value and meaning to different epistemic and professional communities when addressing cyber security concerns. For this reason international law and, in particular, international human rights law should enrich its vocabulary and analytical tools with a view to aptly articulate the interests at stake.
The first part of the paper explains how privacy online and cyber security are addressed by the human rights and the technical approaches respectively. On the one hand, the international human rights paradigm provides the universal framework against which any interference in individual privacy rights must be assessed. A series of recent developments in the United Nations formally acknowledged that human rights apply online. The UN General Assembly in its 2014 Resolution affirmed, for the first time, that the right to privacy applies in digital communications and called upon States to respect their pertinent obligations. Similarly, the UN Human Rights Council confirmed that the same rights that people have offline must also be protected online and stressed that all States should address security concerns on the Internet in accordance with their human rights obligations. However, there is no substantial discussion of how the right to privacy will be applied online in the light of the cyber specificities. On the other hand, according to the computer engineers’ point of view safeguarding the privacy of the users is an intrinsic value for maintaining trust to the network. This signifies the importance but also the instrumentality of privacy. Moreover, a rigorous understanding of the technical perspective evidences that privacy and cyber security are not concepts that necessarily need to be balanced or reconciled; in many instances, preserving privacy is a precondition for dealing with cyber security.
The second part of the paper proceeds to set out how the international human rights paradigm can be informed by the technical function of privacy. The discussion provides insights from recent efforts by the Internet Society as well as various synergies between technologists and human rights lawyers (for example, the Charter of Human Rights and Principles for the Internet or the International Principles on the Application of Human Rights to Communications Surveillance). The analysis furnishes examples on how to read together, on the one hand, the “trade-off” engineering approach when discussing privacy and network security and, on the other hand, the proportionality test or balancing exercise when assessing limitations to the right to privacy. Furthermore, cyber security and the technical understanding of privacy make one question the relevance of the location and nationality requirements under domestic and international human rights law.
The paper concludes that the application of the human rights paradigm to cyberspace and cyber security presupposes a serious reconsideration of the vocabulary, aims, structure and scope of human rights. Many aspects of the new interests that are under discussion may not be readily reducible to human rights concerns. International law, therefore, should take account of its contours as well as as pursue imaginative solutions.
The right to privacy may be seriously and extensively threatened online without the awareness of its users. Tracking is passive and invisible to the users and it has become relatively easy for states, business actors and individuals to interfere with the privacy of communications. Recent revelations that states conduct, and that the private sector facilitates, extraterritorial surveillance, interception of digital communications and collection and retention of data give rise to alarming concerns. The United Nations High Commissioner for Human Rights (OHCHR) warns that ‘governmental mass surveillance emerges as a dangerous habit rather than an exceptional measure’. Moreover, the exercise of the right to privacy is a prerequisite for realising other human rights - online and offline. Respect for online privacy enables the exercise of the freedom of expression, freedom of assembly and of association. Conversely, threats to, and violations of, privacy pave the way to censorship or self-censorship and could have chilling effects on freedom of expression, media freedom. Further, serious and systematic violations of the right to online privacy further undermine relations among states, trust of the citizens in the rule of law, and trust in the digital economy and the Internet.
The pressing need to address the protection of online privacy led to a series of activities in the United Nations. The UN General Assembly in its 2014 Resolution on ‘The Right to Privacy in the Digital Age’ affirmed, for the first time, that the right to privacy applies in digital communications and called upon states to respect their pertinent international obligations. Similarly, the UN Human Rights Council confirmed that the same rights that people have offline must also be protected online and stressed that all states should address security concerns on the Internet in accordance with their human rights obligations. The OHCHR and the UN Special Rapporteur on the Freedom of Expression, Frank La Rue, made important contributions in setting out the relevant international human rights law framework applicable to recent practices of states and other actors.
A full consideration of the Internet’s special features, however, is crucial to fully comprehending the ramifications of its abuse. Affirming that human rights apply equally offline and online is an invaluable and timely pronouncement, but it does not address the issue that privacy is exercised and challenged in different ways in the digital environment compared to the “offline” environment. Notably, there is little, if any, communication between the technical and non-technical epistemic communities. Lawyers and policy makers, in particular, lack a basic understanding of the Internet’s technical features, which results in an inability to assess the technical implications in policy decision-making.
The purpose of this paper is to fill in this gap by addressing how privacy is hardwired into the core Internet protocols that form the Internet’s fundamental architecture. It introduces and analyses the important, albeit largely neglected, privacy-related work of the Internet’s technical standardisation bodies. It shows that the Internet is regulated and managed by technical standards, the Internet standards, which are developed by private bodies. The Internet Advisory Board (IAB) and the Internet Engineering Task Force (IETF) are the most prominent and influential standardisation bodies in the area. Despite an emerging interest in the informal law-making functions of standardisation bodies, the work of the IETF and IAB has escaped the attention of international lawyers. This is not the first time that novel international bodies appear, at first, insignificant or irrelevant in the eyes of international lawyers.
Through it analysis of the important practical aspects of the standardisation bodies’ work, the paper argues that the effective protection of online privacy cannot be thought of only in terms of compliance with legal frameworks but that – in practice - it also needs to be secured through technological means such as privacy enhancing technologies and privacy by design. It suggests, in particular, that the design of the network and the Internet protocols (as developed via the technical standards) by default encapsulate regulation and, therefore, de facto prescribe a certain level of protection for Internet users. Recent developments in the standardisation practices of the IETF and IAB provide evidence of a paradigm shift with respect to integrating ‘privacy by design’ requirements in the Internet protocols, which will have an immense impact on the privacy of global users.
Having established the relevance and significance of technical standardisation, the paper further argues that international law - in particular human rights law - and technical standards should not be compartmentalised. The analysis demonstrates that there is a dynamic interrelation between the two paradigms and that the technical standards both shape and nurture the law. In addition to this, the convergence of the existing paradigms – “privacy as a technical issue” and “privacy as a human rights issue” – establishes an interdisciplinary, and arguably more effective, approach to online privacy.
The paper argues that construing the interrelationship among different human rights norms as ‘integration’ may raise certain concerns and that, therefore, cautiousness should be exercised. It does so by discussing specific examples from the case law of the European and Inter-American Courts of Human Rights. The examples concern a variety of norms and regimes, such as social and economic rights, human trafficking and non-discrimination.
The paper is structured into two parts. The first part addresses methodological issues when interpreting two or more human rights together. It discusses the concept of equivalent norms and the difficulties involved in identifying and appreciating the subtle contextual nuances between similar or even identical human rights norms, which originate from different treaty regimes. It also highlights the challenges in deciding when (and, if yes, to what extent) another norm is relevant for the purpose of interpreting a given human right.
The second part deals with policy oriented concerns from the point of view of the human rights bodies. It shows that the extent to which a given human right body is receptive to considering other human rights norms is a matter of judicial policy. Further, the analysis underscores the limits posed to the integrated interpretation by the jurisdictional confines of international human rights bodies.
The paper concludes by stressing that convergence (or divergence) within international human rights law is not a static and fixed interrelationship between human rights norms. It is rather a dynamic matter that needs to be assessed by means of interpretation in specific instances.
Academic Articles by Mando Rachovitsa
The first part of the paper demonstrates how the technical understanding of privacy, freedom of expression and security online creatively informs the design, interpretation and application of human rights law. A lesson learnt in the aftermath of the mass surveillance revelations is that ensuring privacy is a precondition for maintaining freedom of communications and for Internet users to trust the network. Moreover, privacy is an essential requirement for preserving security and resilience online. Interestingly, the interdependence of privacy and network security also extends, in many instances, to national and international security; this is illustrated in the current encryption debate although few emphasise sufficiently that a sound network and national security framework should ensure the users’ privacy instead of undermining it. The second part of the paper explores in more concrete terms how the legal reasoning of national and international courts should be enhanced by a systemic digital perspective. This means that courts must fully appreciate the impact of a restrictive measure, not only from a human rights point of view, but also from the perspective of the functioning of the Internet. A given interference may seem minor, if examined from the perspective of the affected individual, but the same measure may have a devastating impact on the general operation of the Internet (this is the case when courts find hyperlinking unlawful or promote a wide-ranging intermediary liability) and the security thereto (for example, in cases of ordering mandated decryption of data or conducting mass surveillance). Therefore, preserving the integrity and interoperability of the network must be an autonomous consideration in legal reasoning when assessing the seriousness of an interference with a human right and the proportionality test. This is all the more important since a substantial impact on the network could in turn adversely affect other human rights of users. For instance, enforcing the right to be forgotten not only adversely affects the interoperability of the Internet but also impacts freedom of expression. The analysis critically assesses the existing case law of both the European Court of Human Rights and the Court of Justice of the European Union and points out to novel approaches coming from Supreme Courts in Latin America.
Online privacy is a serious global issue that will define the future of the Internet as a platform for the realization of human rights and a driving force in the acceleration of the digital economy and international development. At the same time, online privacy has implications to combatting cyber crime, addressing cyber security and maintaining international peace and security. A prevalent aspect of the discussion surrounding privacy is the narrative of “humanizing” the Internet. This narrative concerns the applicability and application of international human rights law to the digital environment as well as a “rights-based” approach, which relates to policy and technological arguments regarding the protection of the end-user. As a consequence, the relationship between cyber security and privacy is mostly framed in terms of human rights law.
This paper submits that there is no singular answer to the question of whether cybersecurity and privacy are reconcilable. It argues that the interrelation between cyber security and privacy is much more complex and richer due to the unique features of the online environment. Privacy online has a different value and meaning to different epistemic and professional communities when addressing cyber security concerns. For this reason international law and, in particular, international human rights law should enrich its vocabulary and analytical tools with a view to aptly articulate the interests at stake.
The first part of the paper explains how privacy online and cyber security are addressed by the human rights and the technical approaches respectively. On the one hand, the international human rights paradigm provides the universal framework against which any interference in individual privacy rights must be assessed. A series of recent developments in the United Nations formally acknowledged that human rights apply online. The UN General Assembly in its 2014 Resolution affirmed, for the first time, that the right to privacy applies in digital communications and called upon States to respect their pertinent obligations. Similarly, the UN Human Rights Council confirmed that the same rights that people have offline must also be protected online and stressed that all States should address security concerns on the Internet in accordance with their human rights obligations. However, there is no substantial discussion of how the right to privacy will be applied online in the light of the cyber specificities. On the other hand, according to the computer engineers’ point of view safeguarding the privacy of the users is an intrinsic value for maintaining trust to the network. This signifies the importance but also the instrumentality of privacy. Moreover, a rigorous understanding of the technical perspective evidences that privacy and cyber security are not concepts that necessarily need to be balanced or reconciled; in many instances, preserving privacy is a precondition for dealing with cyber security.
The second part of the paper proceeds to set out how the international human rights paradigm can be informed by the technical function of privacy. The discussion provides insights from recent efforts by the Internet Society as well as various synergies between technologists and human rights lawyers (for example, the Charter of Human Rights and Principles for the Internet or the International Principles on the Application of Human Rights to Communications Surveillance). The analysis furnishes examples on how to read together, on the one hand, the “trade-off” engineering approach when discussing privacy and network security and, on the other hand, the proportionality test or balancing exercise when assessing limitations to the right to privacy. Furthermore, cyber security and the technical understanding of privacy make one question the relevance of the location and nationality requirements under domestic and international human rights law.
The paper concludes that the application of the human rights paradigm to cyberspace and cyber security presupposes a serious reconsideration of the vocabulary, aims, structure and scope of human rights. Many aspects of the new interests that are under discussion may not be readily reducible to human rights concerns. International law, therefore, should take account of its contours as well as as pursue imaginative solutions.
The right to privacy may be seriously and extensively threatened online without the awareness of its users. Tracking is passive and invisible to the users and it has become relatively easy for states, business actors and individuals to interfere with the privacy of communications. Recent revelations that states conduct, and that the private sector facilitates, extraterritorial surveillance, interception of digital communications and collection and retention of data give rise to alarming concerns. The United Nations High Commissioner for Human Rights (OHCHR) warns that ‘governmental mass surveillance emerges as a dangerous habit rather than an exceptional measure’. Moreover, the exercise of the right to privacy is a prerequisite for realising other human rights - online and offline. Respect for online privacy enables the exercise of the freedom of expression, freedom of assembly and of association. Conversely, threats to, and violations of, privacy pave the way to censorship or self-censorship and could have chilling effects on freedom of expression, media freedom. Further, serious and systematic violations of the right to online privacy further undermine relations among states, trust of the citizens in the rule of law, and trust in the digital economy and the Internet.
The pressing need to address the protection of online privacy led to a series of activities in the United Nations. The UN General Assembly in its 2014 Resolution on ‘The Right to Privacy in the Digital Age’ affirmed, for the first time, that the right to privacy applies in digital communications and called upon states to respect their pertinent international obligations. Similarly, the UN Human Rights Council confirmed that the same rights that people have offline must also be protected online and stressed that all states should address security concerns on the Internet in accordance with their human rights obligations. The OHCHR and the UN Special Rapporteur on the Freedom of Expression, Frank La Rue, made important contributions in setting out the relevant international human rights law framework applicable to recent practices of states and other actors.
A full consideration of the Internet’s special features, however, is crucial to fully comprehending the ramifications of its abuse. Affirming that human rights apply equally offline and online is an invaluable and timely pronouncement, but it does not address the issue that privacy is exercised and challenged in different ways in the digital environment compared to the “offline” environment. Notably, there is little, if any, communication between the technical and non-technical epistemic communities. Lawyers and policy makers, in particular, lack a basic understanding of the Internet’s technical features, which results in an inability to assess the technical implications in policy decision-making.
The purpose of this paper is to fill in this gap by addressing how privacy is hardwired into the core Internet protocols that form the Internet’s fundamental architecture. It introduces and analyses the important, albeit largely neglected, privacy-related work of the Internet’s technical standardisation bodies. It shows that the Internet is regulated and managed by technical standards, the Internet standards, which are developed by private bodies. The Internet Advisory Board (IAB) and the Internet Engineering Task Force (IETF) are the most prominent and influential standardisation bodies in the area. Despite an emerging interest in the informal law-making functions of standardisation bodies, the work of the IETF and IAB has escaped the attention of international lawyers. This is not the first time that novel international bodies appear, at first, insignificant or irrelevant in the eyes of international lawyers.
Through it analysis of the important practical aspects of the standardisation bodies’ work, the paper argues that the effective protection of online privacy cannot be thought of only in terms of compliance with legal frameworks but that – in practice - it also needs to be secured through technological means such as privacy enhancing technologies and privacy by design. It suggests, in particular, that the design of the network and the Internet protocols (as developed via the technical standards) by default encapsulate regulation and, therefore, de facto prescribe a certain level of protection for Internet users. Recent developments in the standardisation practices of the IETF and IAB provide evidence of a paradigm shift with respect to integrating ‘privacy by design’ requirements in the Internet protocols, which will have an immense impact on the privacy of global users.
Having established the relevance and significance of technical standardisation, the paper further argues that international law - in particular human rights law - and technical standards should not be compartmentalised. The analysis demonstrates that there is a dynamic interrelation between the two paradigms and that the technical standards both shape and nurture the law. In addition to this, the convergence of the existing paradigms – “privacy as a technical issue” and “privacy as a human rights issue” – establishes an interdisciplinary, and arguably more effective, approach to online privacy.
The paper argues that construing the interrelationship among different human rights norms as ‘integration’ may raise certain concerns and that, therefore, cautiousness should be exercised. It does so by discussing specific examples from the case law of the European and Inter-American Courts of Human Rights. The examples concern a variety of norms and regimes, such as social and economic rights, human trafficking and non-discrimination.
The paper is structured into two parts. The first part addresses methodological issues when interpreting two or more human rights together. It discusses the concept of equivalent norms and the difficulties involved in identifying and appreciating the subtle contextual nuances between similar or even identical human rights norms, which originate from different treaty regimes. It also highlights the challenges in deciding when (and, if yes, to what extent) another norm is relevant for the purpose of interpreting a given human right.
The second part deals with policy oriented concerns from the point of view of the human rights bodies. It shows that the extent to which a given human right body is receptive to considering other human rights norms is a matter of judicial policy. Further, the analysis underscores the limits posed to the integrated interpretation by the jurisdictional confines of international human rights bodies.
The paper concludes by stressing that convergence (or divergence) within international human rights law is not a static and fixed interrelationship between human rights norms. It is rather a dynamic matter that needs to be assessed by means of interpretation in specific instances.
The analysis shows how human rights integration can and should be relevant in supporting convergence on a regional and/or universal level (or both). In the case of the ACtHPR, human rights integration highlights and justifies different arguments and interpretative directions concerning the advancement of an African human rights corpus juris and/or the convergence of the African Charter with other regional and universal human rights treaties. However, at the same time, divergence in treaty design should be understood as contextual difference and, consequently, the pursue of human rights integration should weigh this appropriately in legal reasoning. The chapter concludes with a few remarks on how the ACtHPR needs to “calibrate” its case law in order to develop the distinctive features of the African Charter and construe an African human rights corpus juris, on the one hand, and embed these features in international (human rights) law, on the other hand.
The book chapter discusses how fostering students’ agency and establishing a co-creative and trusting learning environment paves the way for countering the ‘parachuted’ Western features of an international law course. Specific examples are analysed on how the teaching of international law was adapted to accommodate students’ lived experiences and aspirations. Linking the legacy of (post)colonialism to the early making of international law, in connection to issues relevant to the country, and using learning tools contextually relevant to students’ identities were of paramount significance. The discussion explores techniques that engaged with and harnessed students’ sense of distrustfulness towards international law. Moreover, the distinction between civilised and ‘uncivilised’ nations, and how it formed the foundations for the making of State sovereignty and international law, not only allowed the class to unpack international law’s role in construing coloniality but also showed the enduring relevance of internalised perceptions of colonialism in the rest of the world. Finally, State creation was approached by reframing the narrative about the creation of Qatar as a State. In light of the fact that Qatar’s history is essentially based on the written colonial archive – Lorimer’s Gazetteer of the Persian Gulf –, students disrupted coloniality first by discovering and (re)telling relevant local oral storytelling (hi)stories and, second, by discovering and deconstructing Lorimer’s Gazetteer.