ICTs are becoming increasingly central to commerce, economic development, expression, civic participation, and personal identity. ICTs can empower users to speak, organize around issues of common concern, and access the world’s information. However, the technology companies that provide the conduits and platforms for user activity can find themselves under pressure to take actions that restrict the freedom of expression and privacy rights of their users. Governments may ask companies to cut off Internet access, take down content, or turn over information about users – sometimes according to law and in pursuit of legitimate aims, but in some contexts, such governmental actions may conflict with the human rights of users. Such instances raise questions around what responsibility companies have to their users when they are asked to assist in actions that may undermine free expression, privacy, and other human rights. These questions are especially salient in the ICT sector, where the platforms for user expression are often operated by private companies.
The UN Special Representative on business and human rights John Ruggie has published the Protect, Respect and Remedy Framework to help a range of stakeholders navigate these emerging issues. The framework provides guidance for companies regarding their responsibilities with respect to human rights.
The Global Network Initiative (GNI) provides a principled approach and action framework for ICT companies and civil society struggling with these complex issues. GNI is an effort to apply and refine the Protect, Respect, and Remedy framework for the ICT sector and to engage a diverse range of actors, including civil society organizations, investors and academics in developing collaborative interventions and solutions. The GNI provides a set of Principles and Implementation Guidelines for companies in the ICT sector to guide responsible decision making when facing requests or demands from governments that may conflict with the internationally recognized rights of their users.
At this workshop participants will discuss:
• the impact and implications of public discourse taking place on private networks
• how human rights risks may arise in the provision of ICT products and services
• strategies some ICT companies have adopted to promote the free flow of information, protect privacy, and minimize possible risk to human rights of their users
• the value of a multi-stakeholder approach to finding solutions to these challenges
• more about the work of GNI
The GNI is a multi-stakeholder group of companies, civil society organizations, investors and academics, who work together to protect and advance freedom of expression and privacy in the ICT sector.
Dele Olojede welcomed workshop participants and explained that he would be guiding the conversation on the business of the human rights of freedom and privacy and the responsibility of players in the Information and Communications Technology (ICT) sector. He noted that the panel, with representatives from academia, the private sector, government, and civil society, would lead the conversation before the audience joined in, and would lead to a common understanding of challenges and opportunities.
The United States is one of several governments with a strong interest in business and human rights and Internet freedom, demonstrated by Secretary of State Hillary Clinton’s speeches on Internet freedom, and work through the department on business and human rights. More broadly, US Internet freedom policy includes public diplomacy, bilateral diplomacy, and well-developed programs including training in digital safety, evading censors and security services, and circumventing technical blocks.
The topic of this workshop is the emerging frontier of Internet freedom policy. The experience of human rights unfolds online, where both hard and soft networks are owned by the private sector. Three questions to guide today’s discussion: 1) Have companies and their connections and obligations advanced with the adoption of the Ruggie framework? Within Internet freedom, there is a taxonomy of issues related to companies including privacy, censorship, access/shutdowns, and complicity. Disentangling the places where human rights and corporate action intersect if helpful to move the debate forward. 2) what should the relationship between companies and governments be on these issues? Governments have a role to play by convening those who are interested, including companies. 3) Questions about privacy and blocking will not be resolved soon. How do we continue these debates while moving ahead? How do we talk about what companies should do for due diligence and work through them in a responsible way? Welcome thoughts and contributions. GNI, which fits into this third category, as a forum for companies to work through issues of substance and identify processes to help.
Pedro Less Andrade:
Google’s mission is to organize information and make it accessible and useful for everyone. Always tied to free expression. It is hard to run a global service in many jurisdictions with different moral and cultural values, and different legal frameworks. 40 plus governments are interfering with free expression, but the objectives of interventions are very different. Some are related to politics, some to cultural or moral values, others to individual interests. For example, YouTube has been blocked in 17 countries, and is fully blocked in China, Iran, and North Korea. Google is facing issues in Italy, for example, where it is facing criminal charges because of video uploads. Google sees the Internet as an enabler of human rights, proving access to knowledge and information. Denying Internet access is extreme issue. There is no solution that fills all of these problems. In Thailand, had to do IP block of videos on YouTube that denigrate the King. Although that content was blocked in Thailand, it is available on YouTube elsewhere. We have to comply with local law. In Turkey, there is a similar issue with videos that are anti-Ataturk. The Turkish asked them to be blocked worldwide. Google decided not to, and consequently faced a lot of blockages there. When faced with these judgments, Google positions itself on the side of the user and user right to access information. Google is also working on transparency, publishing the number of requests from countries relating censorship or blocking content. Working on tools for users to navigate anonymously. We have security measures for tools like email that are used by activists around the world. Help stakeholders speak out and share views. Need to take into account cultural factors, since what is normal in one country is not in another. Also consider political impacts. For example, the YouTube policy on shocking images. In important political situations (e.g. the murder of activist in Iran), there is a need to consider many issues before making a decision.
Some countries have specific requirements such as locating servers in a particular country for example Kazakhstan. Cybersecurity challenges are an emerging issue, as shown by the proposal presented by China, Russia, Kazakhstan, and Tajikistan for a code of conduct for information security.
CELE is working on research that is applicable for public policy. It was founded in 2009, with the objective to provide rigorous research to civil society, governments, journalists, etc in Latin America. Recently completed a survey establishing trends and comparing Latin America with Europe and the U.S. Preliminary conclusions from this survey are:
1) In Latin America, special laws for Internet have not been passed. Instead existing laws have been applied as is to the Internet, treating it as traditional media.
2) There is a lack of clear guidelines on consequences of Internet speech. Lack of understanding by judges, needs to be addressed.
3) Latin America has not contributed to international debates on Internet governance, the International Telecommunications Union, IP addresses and government roles.
4) In the region, telecoms laws do not regulate the Internet specifically. But could be interpreted to include it.
5) In criminal codes, the Internet is treated as a way content is distributed. In some instances, the distribution through publishing content on the Internet could aggravate the crime.
6) Users have been detained for publishing content on social media that could be political activity.
7) Courts have interpreted Internet as way offensive content could be distributed.
8) Defamation legislation. Libel tourism not addressed.
9) No regulation on ISP liability. Trend emerging that follows of judicial notice and takedown.
10) IN most countries in the region, specific intellectual property regulation for Internet activity has not been adopted.
Many issues could benefit from more research. Looking for good practices in other regions. Fundamental has to have impact in public society: work with governments, advocacy groups, and business. Also important is education: building capacity of judges, prosecutors, etc.
GNI’s participants include companies, human rights groups, investors, and academics. Formed three years ago, GNI is looking at protecting freedom of expression and privacy of users. Created Principles and Implementation Guidelines, to help companies think through responsible decisions when facing requests from governments, related to the technology they are developing, the products they are selling, and the markets they are operating in. In the last few years these issues have become relevant for many companies in many countries.
Companies who join GNI commit to implement GNI’s Principles in their organization and to a process of accountability through independent assessment of that implementation. GNI also offers opportunities for policy engagement, and a safe space for learning, with companies and other stakeholders talking through complex issues confidentially.
This type of initiative is not new, but it is new to the ICT sector. Examples from other sectors include the Extractives Industry Transparency Initiative, the Fair Labor Association and other voluntary codes in apparel, and diamonds. GNI is more recent, but applies this type of model.
The Internet is playing an increasing role in our social, political, and economic life. Private companies provide the services that make that happen. And governments are increasingly interested in the role of communications technology. Company decisions, on where to store data, when to cooperate with governments, matter to millions of people.
Looking at the user perspective, there is a huge gap between what users need to know and understand about these issues, and what they need to be educated consumers. Because of this, very important to encourage transparency and accountability between companies and governments in order to help users become aware of these issues.
Joey Lee, Human Rights in China:
Following up on the proposed code of conduct for info security, which is up for discussion at UN General Assembly as early as next week. Next step in growing cooperation among states to use, in practice and policy, information control to fight not only terrorism, but also to fight other things including political, economic and social instability. Challenging to be consistent with international human rights framework. Has obligation of governments to lead the private sector. Would be interesting to hear thoughts of panelists on how business can incorporate human rights into their operations, while navigating different emerging human rights standards and norms, or “the language” compared to “the spirit” of human rights.
Conclusions and further comments:
Q&A and Discussion
Pedro: We are true believers in the multi-stakeholder approach, and we join others to try to understand what is going on and how to coordinate this with “real” protection of human rights. We make analysis before we decide to provide services. How countries deal with human rights is an important issue. Consider many issues to determine how to localize in a given country. Some market related, some HR related. For countries that want to develop information society services, good treatment of human rights is also a magnet for investment. If you don’t have a good framework for protection, there will not be willing providers of services. Also getting content closer to the user. For example, network access points to improve traffic depends on good regulatory environment.
Question: Presumably there is already at least 1 set of norms in the corporate social responsibility space. What you seem to be saying is this requires a lot more, not just adding to those norms. Question for Susan on the gap?
Susan Morgan: There are a number of CSR standards, such as the Global Reporting Initiative, which look at corporate responsibility in the round (covering social, environmental and economic issues). These are very broad. We are looking to create a CR standard that looks very specifically at this issue. Looks to the example of EITI and voluntary codes in the apparel supply chain. Requires more detail and emphasis, and public accountability in how companies respond. Second, there is a knowledge gap – understanding by users of where data is stored, what are the risks, and is the data encrypted? We have a long way to go in helping users understand the complexity of the issues and bridge this gap.
Question: On taxonomy, civil society has a critical role. Not just governments and business. Civil society groups are working with the private sector in their own right. Second, there is tension around the role of businesses as human rights defenders–upholding, defending and protecting rights online, but being asked by governments to violate those rights. For example, Vodafone in Egypt, complying with government requests to block service. The IGF, a truly multi-stakeholder forum, has something to contribute. How should we measure different proposals?
Dan: I thought it was helpful to lay out the challenges, but there is a parallel taxonomy of solutions: law, codes of conduct, multi-stakeholder initiatives like GNI. In all of these, civil society plays a critical role. We have universal principles – they are in agreement. Article 19 looks prescient. Multi-stakeholder processes are something we try to engage as much as possible, even when not permissive. I meet with NGOs all the time, to hear about opinions, interests, and concerns that feed into official U.S. opinion. This is a safeguard, that helps make sure the interests governments are supposed to be representing are represented.
Question: We are missing a point. I expected to hear companies saying: how can we do more on human rights? For example, blocking content from Turkey, that violated the rights of Turkish people. The problem is, by abiding by unjust laws, corporations are taking the excuse of abiding by law, abetting oppressive regimes. What happens in one country affects others. Abiding by law in Turkey affects us in Egypt.
Dele Olejede: This has raised a central issue, the elephant in the room. Are we asking business to put itself in the position of violating the laws of a country? This is a core tension. Would like to ask audience, and have a conversation on this. Does anyone have different view?
Question: We are faced with the same issue. Business cannot be the arbiter of which government is oppressive and which is not. Some may view the U.S. as oppressive, others may view the former Egyptian government. Business has to abide by the government of the land. Business needs guidance
Question: Joining a code of conduct like GNI is a very good idea. Other more restrictive measures are also possible within the EU, including dual-use regulation. May need to make certain technology usable for repressive measures subject to a licensing system?
Dele: The lack of regulation can also create opacity.
Susan: On the roles and responsibilities of business and Government, Government’s primary duty is to protect human rights, business has a responsibility to respect, and then there is the need for access to remedy. Is there a role for like-minded governments to try to push the agenda from the government side?
Pedro: I didn’t explain role of the public policy team at Google. Our role around world is to work with regulators, legislators, etc to change things. Started with 12 of us, now there are 80 people. Trying to change laws that are restrictive of free expression. Always challenge what is against rights of users, but do so with limits, including risks to people and assets.
Comment from the remote moderator: Notes that NSN have a human rights policy. There are people still in jail because of NSN technology.
Question: When we sold to Iranian operators, it was legal and encouraged. Double-edged sword. Technology first used to enhance communications, but then used to find people hiding from authorities. Technology is a double-edged sword. Don’t leave it to business.
Question: Would like to make distinction between equipment and services, the issue of dual use technology is particularly difficult. Sovereignty and national law is a legitimate area of concern for governments.
Question: There is a model for government enforcement of good practices. For example: US law against companies operating abroad bribing officials. There is the NATO list prohibiting sale of arms to regimes. Also UN arms embargoes. Instead of asking individual companies to carry burden, maybe ask the same companies, through their Chambers of Commerce, to ask governments to pass laws forbidding things like what Yahoo did in China.
Dele: There is also a UK law that was introduced that would be effective in July on corruption.
Question: Companies exporting surveillance to authoritarian regimes should review human rights records provided by US State, UN reports etc. Not only focus on official docs, but also on reports by NGOs such as Human Rights Watch. Also, companies might look at the national level, how does government plan to use that technology? They should evaluate the issues at stake before they engage in selling technology.
Questions: We appreciate the work of GNI, and that Swedish organizations are coming onboard. But it would be better with more companies joining. How is GNI planning to engage more companies, especially in Europe? What are main problems? Is there a possibility to negotiate to get more to join?
Susan: In comparison to other initiatives, GNI is in the very early stage of its development. Now GNI has four companies, including a startup called Evoca who joined recently. GNI is engaging with other parts of the ICT sector. Over time, we hope to develop something that can be applied to the whole sector. The issues to be addressed including differences in business models, operational risks for people on the ground, dual use technologies, etc. We are looking at ways guidelines could be adapted to take into account different operational issues in different parts of the sector.
Question: User rights. Companies have clear responsibilities to ensure that whatever they do does not violate human rights. Risks not restricted to authoritarian regimes. Every user faces privacy and security risks. There are many issues including user awareness, consent, control about information, data breach notification, certificate authority hacked into in the Netherlands, etc.
Dele concluding remarks: This has been a spirited conversation! Here are a few takeaways: there is a clear need for stakeholders to talk through and negotiate the rules of the road for conduct in this environment. It is unrealistic to expect individual companies to confront this by themselves.