Archives for January 2015

How not to destroy the Internet while fighting terror

Yesterday I testified at a hearing titled The Evolution of Terrorist Propaganda: The Paris Attack and Social Media convened by the House Foreign Affairs Committee’s Subcommittee on Terrorism, Nonproliferation, and Trade. I am not a counter-terrorism expert but here at Ranking Digital Rights we do have a few things to say about how not to destroy Internet users’ right to freedom of expression and privacy. A copy of my written testimony, along with testimony of all other speakers can be downloaded here. Video of the hearing is here. Below is a distillation of my main arguments with links to key resources:

In response to the tragic massacre in Paris, the French government has called for UN member states to work together on an international legal framework that would place greater responsibility on social networks and other Internet platforms for terrorist use of their services. In addressing the problem of terrorist use of social networking platforms, it is important to adhere to the following principles:

First, multi-stakeholder policymaking. The international human rights community opposes UN control over Internet governance because many UN member states advocate policies that would make the Internet much less free and open. The alternative is a multi-stakeholder approach that includes industry, civil society, and the technical community alongside governments in setting policies and technical standards that ensure that the Internet functions globally. In constructing global responses to terrorist use of the Internet we need a multi-stakeholder approach for the same reasons.

Second, any national level laws, regulations, or policies aimed at regulating or policing online activities should undergo a human rights risk assessment process to identify potential negative repercussions for freedom of expression, assembly and privacy. Governments need to be transparent with the public about the nature and volume of requests being made to companies. Companies need to be able to uphold core principles of freedom of expression and privacy, grounded in international human rights standards. Several major US-based Internet companies have made commitments to uphold these rights as members of the multi-stakeholder Global Network Initiative. Guidelines for implementing these commitments include: narrowly interpreting government demands to restrict content or grant access to user data or communications; challenging government requests that lack a clear user basis; transparency with users about the types of government requests received and the extent to which the company complies; restricting compliance to the online domains over which the requesting government actually has jurisdiction.

Third, liability for Internet intermediaries including social networks for users’ behavior must be kept limited. Research conducted around the world by human rights experts and legal scholars shows clear evidence that when companies are held liable for users’ speech and activity, violations of free expression and privacy can be expected to occur. Limited liability for Internet companies is an important prerequisite for keeping the Internet open and free.

Fourth, development and enforcement of companies’ Terms of Service and other forms of private policing must also undergo human rights risk assessments. Any new procedures developed by companies to eliminate terrorist activity from their platforms must be accompanied by engagement with key affected stakeholders and at-risk groups.

Fifth, in order to prevent abuse and maintain public support for the measures taken, governments as well as companies must provide effective, accessible channels for grievance and remedy for people whose rights to free expression, assembly, and privacy have been violated. Thank you for listening and I look forward to your questions.

The above recommendations were informed by years of work on Internet free expression and privacy issues, the Global Network Initiative‘s principles and implementation guidelines, standards for ICT sector companies currently under development by the Ranking Digital Rights project, and a new report published by UNESCO titled Fostering Freedom Online: The Role of Internet Intermediaries.

New UNESCO Report – Fostering Freedom Online: The Role of Internet Intermediaries

We are pleased to announce the release of a new report edited and co-written by several members of the Ranking Digital Rights project team and affiliated research partners, published this week by United Nations Educational, Science, and Cultural Organization (UNESCO). Fostering Freedom Online: The Role of Internet Intermediaries examines in detail how legal, regulatory, and commercial frameworks help or hinder Internet companies’ ability to foster free expression online.

Research for the 200-page report, supported by the Internet Society, Open Society Foundations, and the University of Pennsylvania’s Center for Global Communication Studies was conducted in the first half of 2014 by a global team working in North and South America, South and East Asia, Europe, Africa, and the Middle East. They examined 11 Internet services with a focus on search engines, social networks, and Internet service providers (ISPs) operating across 10 countries. The result is a uniquely global perspective on how information flows online as well as how content gets restricted, by whom, and under what circumstances.

According to the UN Guiding Principles on Business and Human Rights, governments have the primary duty to protect human rights, including freedom of expression and the right to privacy (which itself is considered a prerequisite for freedom of expression). All companies, including those that operate Internet platforms and services, also have a responsibility to respect those rights. The report takes stock of how companies are doing in this regard, and how governments either help or hinder companies from upholding their human rights responsibilities. It identifies two broad categories of problems:

Governments are making it hard for companies to respect users’ free expression rights. The problem exists to varying degrees across the gamut of political systems and cultural contexts. The report identifies cases around the world in which laws, government policies, and regulations – even those enacted by well-meaning public servants seeking to address genuine problems of crime, terror, and child protection – not only erode free expression rights online but also cause companies to carry out censorship and surveillance, affecting speech that should be protected and respected under human rights law.

A major culprit is law that holds companies legally responsible – liable – for what their users say and do. The legal term for this is “intermediary liability.” While countries like China have long blacklists of words and phrases that companies must delete if they want to stay in business, censorship can still be heavy in some democracies. Facebook received more government requests to censor content in India than in any other country where it makes an effort to operate (Facebook is blocked in China).

Companies are not transparent enough about how they restrict content and collect or share user data. Despite the clear problems that governments cause, companies are not doing enough to minimize users’ freedom of expression from being unduly restricted when they comply with government demands or enforce their own terms of service. Companies also need to be more transparent about how these actions affect users’ ability to express themselves or access information – as well as clarify who has access to users’ personal information and under what circumstances.

A growing number of companies, mainly in the US and Europe, have started to issue transparency reports with data about the number of government requests they receive and how many they comply with. But many companies report more extensively on user data requests than on censorship requests, and many do not report any information at all about requests for content restriction or how they comply.

Vodafone started to report last year about the law enforcement requests it receives for user data and bulk surveillance. But it is not transparent about content removals, including its role in a voluntary scheme in the UK to protect children from age-inappropriate content. In mid-2014 the non-profit Open Rights Group found that the system blocked adults from accessing content that included an article about postpartum depression and the blog of a Syrian commentator. Also, while companies like Twitter report extensively on content restrictions in response to legally binding external requests, they provide no information about content removed to enforce their private “Twitter rules.”

The report does not argue that people should be free to do anything they want online regardless of consequences. Rather, restriction of speech or interference in peoples’ privacy should be “necessary and proportionate,” based on clear legal authority to address a specific threat or crime, and should be as narrowly tailored as possible. Accountability mechanisms are key. Recommendations to governments and companies include:

  • Laws and regulations affecting online speech must undergo due diligence to ensure they are compatible with international human rights norms.
  • Policies at the national, regional, and international level that affect online speech need to be developed jointly by representatives of all affected stakeholder groups (such as industry, civil society groups, and technical experts).
  • Transparency about censorship is just as important as transparency about surveillance. Transparency from governments and companies about how their censorship and content restriction processes work, in addition to public reporting about the amount and nature of content being restricted, is essential to prevent abuses and improve accountability.
  • Companies that “self-regulate” by using private terms of service to restrict content that the law does not forbid, or which comply with extra-legal blacklists generated by non-governmental groups, must be transparent with the public about what is being restricted, under what circumstances, by whose authority.
  • Governments and companies need to set up effective mechanisms for people to report abuses and grievances, as well as processes through which aggrieved parties can obtain redress.

Organizations such as Freedom House and the World Wide Web Foundation annually rank governments on how well they protect Internet users’ rights. Ranking Digital Rights is in the process of developing a parallel methodology to measure and compare companies’ respect for users’ rights around the world. Our first public ranking is scheduled for launch in late 2015. The UNESCO research helped our team refine our thinking about what standards companies should be expected to uphold despite the challenging and constantly changing patchwork of legal environments in which they operate.