The Cloud, Many Clouds, and Free Expression

23 October 2013 - A Workshop on Access in Bali, Indonesia

Also available in:
Full Session Transcript

The following is the output of the real-time captioning taken during the Eigth Meeting of the IGF, in Bali, Indonesia. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.

 

 


 

>>MODERATOR: to give you an example, me. of most people remember in Pakistan, we had a removal of the Chief Justice and then there was a big movement in Pakistan related to bringing the lawyers The cloud service could not be stopped by the Government at that time and bring a democratic change away from what was considered to be a despotic regime. It is important to keep in mind that blocking -- (audio) is to be able to take your content and have it somewhere in the cloud. It has an essential role in being able to protect the rights of citizens and having democratic change. But I will speak more to this as we go along.

>>: I should also encourage other panelists if they have questions -- so you're stating that the fact that a Government does not have access necessarily to cloud service where the speaker exists is actually beneficial.

>>: That is why it is actually a great safeguard.

>>: Governments will allow their users to have access to the services and access to the posts on the servers.

>>: There was a video in Pakistan, that was for a whole bunch of different countries, but the response was wrong. The response was a 20th or 19th or 16th century response of saying, "It's my jurisdiction. I'll block it off." Guess what? The internet can't be blocked. It is not something you can do effectively and efficiently. I'm telling you from a workshop in the Supreme Court, an annual workshop we have, where even the Chief Justice and the judges of the Supreme Court admitted to being using elite and hot spot and their VPNs to try to get data. What it does is it absolutely completely disables the Government from being able to block anything because everybody's got a secure VPNs. So had they not done that, they would have had a little more ability to control stuff. But because it took that step, which again as I said is a 20th century regressive step, they were able to find 21st century technology. YouTube may be blocked but everybody's watching it.

>>MODERATOR: Sarah, let me ask you this. With governments who want control over access to information, or access to information which may be posted online, are there examples of governments trying to control or access this?

>>: SARAH WYNN-WILLIAMS: One of the develops I was seeing our national governments effectively trying to force the cloud to the ground. And during this story a number of ways. One example of proposals for forced infrastructure, and the rationale for this is similar to some of the things that Sahid just pointed out. Governments wanting greater access to data and the control that gives them with freedom of expression. One of the challenges in going about it this way, there are phylosophical challenges with freedom of expression and there are practical changes. If companies are forced to have -- you know, infrastructure in every country that they operate, the technical challenges of that are huge. We don't as a company, segment our data or structure on the basis of national jurisdiction. There is not a Facebook data center for Swedish citizens. There is not a Facebook data center for citizens of Azabaijong (ph). There's a gap between Government's desires and {*} actual technical reality. I think part of the challenge there is is education and part of the challenge is talking about the risk, freedom of expression is one element. But you're also going to drive you have latency, increase the cost of access. When we look at the benefits that the cloud can bring to freedom of expression, part of the challenges more broadly is around connectivity and people having access to the cloud. This is going to make a more restrictive environment. I think we're going to -- we're running into a situation where regulation is not aligned with technical and pragmatic reality and somehow we need to have a conversation around that.as I say, we don't want to force it {*} to the ground.

>>MODERATOR: We're talking about Government access to the information. We're also talking about the ability for users to access the cloud in the first place. And I think you might have a comment about that. But also we're talking about governments wanting to actually obtain the data directly. You were involved with work with regards to data, can you talk about why governments feel they need to revamp legislation for better or worse to improve access to that data which is being hosted in the cloud?

>>: Indeed, I'm -- (Izumi) that basically look being at those issues. I may take a somewhat provocative starting point which is sovereignty is not bad. Not only is sovereignty not bad but it is important. Anybody who lives in a country that has no state and no correct process in the state knows what it is to have no Government. The key challenge is that the international system is based on architecture where you use separate sovereignties, and the whole international architecture is based on the separation of physical territories. In each territory, the key question is: Are the frameworks that deal with such issues as freedom of expression, are they balanced mechanisms that are porportionate that guarantee citizens freedom of expression at the national level? We know there are different levels of protection of freedom of expression this different countries. As long as it stays at the national level, it is an unpleasant situation, but unfortunately, that has been mostly the international system until now. The problem with the internet is that it is transforming this and it's not the problem. It is the benefit of the internet is that it is allowing people to connect across borders, fulfilling basically -- and it is probably the most incredible instrument to fulfill Article 19 of the Inlt national Declaration of Human Rights which is {*} explaining the right of transporting information across borders.

There are things that establish limits to freedom of expression. In some countries, they're okay. With the internet, we're talking about cross-border spaces and we're talking about the cloud, but we're talking about the clouds and major platforms of their own cloud services. And because we're talking about shared spaces, there is a strong collision sometimes between the laws and the norms in one region or in one country and the laws in another which means that when there is a problem regarding freedom of expression on the clouds, there is attention regarding the applicable jurisdiction. And the problem is that the two solutions that are proposed until now that are available are not appropriate on either side. You cannot have a situation that says basically, whenever anybody posts something anywhere on a platform like Google, Facebook or others, what this person posts should be submitted to the legislation of every single 193 countries around.

So the jurisdiction based on the user alone cannot be a criteria. However, the rigorous is not possible either because judging that if anybody in any country posts something on an international platform that just happens to be incorporated or located in France, in Germany, in the US, elsewhere, the France, the German, or the Thai law that is applied is not valuable either. So how do you handle this? This is the major challenge we're faced with. I fully agree with the things that have been said before and there was a -- a panel yesterday on local content and how the availability of cloud services across borders is actually lowering the value to entry, providing infrastructure that facilitates freedom of expression and innovation in general.

The danger at the moment is that the reaffirmation of pure blanket national sovereignty is leading to suggestions under the name "Data Sovereignty" of systematic suggestion of data, and the argument that Sarah just made is that currently, the data centers of those large platforms of cloud services do not distinguish -- are not structured at all according to geographic location. There is an amazing irony -- I'll finish with that it is a longer story. It is an amazing irony that if people were to be doing this in platforms, they would have to actually scrutinize and analyze and identify, in a higher detail, the individual data of people to know where they are located, but is it where they are located or is it citizens of that country who are traveling abroad? What happened -- it's technically impractical and it is bad for the system. That being said, there is a need to discuss those things and to develop frameworks among people and this is what, among others, the internet and jurisdiction project is doing by bringing governments, civil society, private sector, international organization, technical community to try to develop interfaces for dealing with these tensions regarding freedom of expression, or privacy and crime.

>>MODERATOR: We need intellectual processes to deal with these processes as opposed to brute force, national restrictive reactions. You cannot have 20th century responses to a 21st century responses. When you have a localization requirement. One person may be your citizen, but on the other side of an international e-mail is another person with other rights. When you say half of it is from a Brazilian, what does it do to a Portugese? Does that mean that the Portugese information is not protected? These are the kinds of ridiculous contradictions that will start taking place and people will have to deal with it. Another one which I find remarkable is that on the one hand, we have countries who have gone to the UNGA and have screamed and shouted, and how terrible it is, the NSA is obtaining information, so the principle stand is that this should not happen. Why is it -- let's break it down. You say another country that had a law, breached -- was asking for cooperation from -- voluntary, by the way, was asking for that data to be released for criminal matters, right? When you take that objection, in principle, how can you then, in your own country, introduce a legislation that says, "I want to be able to force, by my national law -- which is the same -- for the purpose of a criminal matter -- which is the same, to host content that will have to transfer from the US and elsewhere, make a mirror in Britain for instance, which is the same, and have it be disclosed if I ask it to be disclosed in a criminal matter." These ridiculous distinctions will start showing. You cannot start using 20th century responses to 21st century problems or issues.

So sovereignty has to change from being west failian and borders {*} to being -- it doesn't mean that your sovereignty extends everywhere, it has to be intellectual, not physical. You have to be able to know how to speak, communicate and respond to your citizens and what they believe and how they think and how they respond. You need to do it that way, not start building firewalls. What you have is precisely what is needed. Thank you.

>>: Izumi, let me ask you this question. What does someone do, then, when content is posted online which is illegal? What is -- is there any potential solution to it? Actually, before we do that, let me ask you -- what do you think is happening now with regards to content that is illegal in one jurisdiction which is posted online but little in yet others? That's it. And maybe -- this -- don't feel like you're on the spot. It's a tough question.

>>: IZUMI AIZU: I'm -- thank you for the tough question.

>>MODERATOR: I might ask Sarah the same question. How can we use that to address the intellectual attempt to try to develop a framework for going forward?

>>: There are different kind of illegal content. Now in Japan, downloading the illegal content is deemed criminal. For personal use, thanks to all the lobbying from the music and movie industry, how do you enforce it is a different question.

But it is not -- well, somehow this copyright is of the US is well protected in my country as well. So it is legal. So some of the IP holders have done a good job trying to reach out to all corners of the world with different jurisdictions. Whether this is a solution to the 21st century services such as Google or Facebook, not too sure, but Google has many policy people in my country as well as some other countries and you're grappling with that, I believe.

I'd like to just put some other animal to the debate that I see the growing use of the smart phones and penetration getting very high, not only in the developing countries but some corners of developed country as well, is kind of a twin with the expansion or evolution of the cloud services. With the limited storage of 16 GB, compared with five years ago, whether we like it or not, we use many cloud-based services such as Dropbox or Evernote. I haven't used this -- but there is a new service called Line, L-I-N-E-, I don't know how many of you guys use Line, L-I-N-E-. It is a packet-based voice -- messaging services. It is one of the fastest-growing services, it started in a Korea-Japan-based area. It is more popular than Twitter. How many people are using Way Chat? That is from China. They are cloud services. We don't know where they are housed. And there may be coming more new applications, the apps.

Unfortunately, there's some bad guys around Asia that think providing new apps sound nice and secretly stealing or obtaining all the user data, personal information "Which kind of application are you using?" And they sell to the other parties. Across border a lot, often they are across border. Who is in charge to take care of these -- some wrongdoings? On the one hand, these line or Way Chat or Twitter or Facebook are all promoting the free speeches. It is difficult for authorities to scan voice data or filed datas. It's much easier for the authority to scan the texts datas, right?

So and those with the smart phone, you can take pictures on site, on what is going on in Turkey or whatever. So now I think the police have to be aware of the smart phones, whether they've been taking their wrong doings. On the fly is very important to me. So it is not only the cloud. The cloud merits a lot from the diverse use of the smart phones and the other way around.

And so we need to consider these combinations when we talk about these jurisdictional enforcement or safeguard. Last but not -- finally -- in Japan, we have a Constitution -- almost given from the US after the second world war which guarantees the secrecy of communication which is not freedom of speech, but nobody has a right, including the authority, to go inside your private communication. You cannot open the letter. You cannot read the e-mail unless authorized, but it is difficult for anybody to try to -- you know, invade this.

And then our Government has been doing a good job for that. Now there is attempt from another administration to revise the Constitution, to put the freedom of speech on par with the public order. Whether this secrecy of communication will be preserved as such or not is a good question. The current draft, there is no such a thing.

So maybe with all the advocacy of the free speech, we also need to figure out ways how to protect this secrecy of communication under the cloud. Thank you.

>>: You know, it is interesting that distinction you make between secrecy of communication versus freedom of speech. That is an interesting distinction between the two. And we talk about how the internet can or should be a free-expression zone. At the same time we talk about how there should be some sort of jurisdictional framework as Bertrand talked about. So the distinction between the two is very difficult right now. Bill, I want to ask your thoughts with regards to -- with regards to this issue. Do you think that this involves discussions that expand beyond freedom of expression? Are these issues that involve the cloud development generally?

>>: WILLIAM DRAKE: Thanks. Good morning. The sound from next door is really quite remarkable. I'm not at all surprised that governments are looking to regulate cloud transitions. To me, what is surprising is that it took us this long to get here. And the fact of the matter is, when Zahid said sovereignty is a 16th century invention, or concept -- I was surprised Bertrand didn't give us another inference. Sovereignty is alive and well and has always been applied in national and international flows of accessed information and governments will continue to search for ways to do that. So the whole history of global communications, if you look at the ways different technologies have evolved over time has been impacted by the tension between global norms with the freedom of speech and national sovereignty. That tension has been manifested in multiple instances. I go back to the Treaty of Carlsbad when German states got together and said, "We'll have the agreement that each of us should suppress any speech coming across the border that would some way violate our public sovereignty." There's been a long trajectory to territorialize in transmission across the border. The Treaty of Dresdon, the Treaty of Paris that created the national telegraph union {*}. These established legal norms that said states have a right to monitor any transition or to stop it or terminate it should they decide that it violates their national objectives, their sense of national order and sovereignty. We had the same battles with the development of radio and the questions around establishing mechanisms for non-interference for radio transitions. We had the same battles over direct broadcast satellites and the notion that you had to have prior consent before transition.

On and on and on, all throughout the history. And so this has been an ongoing issue and it is going to come up here. There's been -- the specific and most relevant, I think cases, though, with regard to data flow, would be, in my view, the transporter data flow battles of the 1970s and '80s where governments took on the question of access to databases held in foreign jurisdictions and the instruments of the World Trade Organization which have legally binding provisions pertaining to this very question.

We see then that states have long-dealt with this question. It is simply that the market has evolved, some new practices have emerged and they're asking the same kinds of questions they always ask: To what extent do these types of information resources need to be embedded within a framework of territorial-based public authority? You can say, "Geez, what they're doing is stupid, illogical, blah blah blah" from an open internet standpoint, I may agree. Nevertheless this is what states do. It is not at all surprising and we're seeing more and more actors all across the board, from the European Commissions on down are trying to figure out how to put in place new mechanisms to deal with cloud computing. I think we need to transition past the points of "God, the states. Don't they see what is wrong with this? It's all good for freedom of speech." Sure sure sure. They've got more practical questions and we have to actually engage them on terms that are responsive to points that they're making otherwise you're not going to get very far.

One of the terms I would certainly engage them on is the fact that they have made -- OECD instruments obligations to not impede data flows. So why not start there is my thought.

>>: So just a clarification. Sovereignty will always be alive and well. But it will not be alive and well in the Westfalian model. The butte I have the DC BI protocol {*} it says it is going to go through some way. It doesn't matter how. I'm going to get it through. Let me share a thought (audio out) example. I think the sovereignty has therefore changed from there being just absolute sovereignty that governments had over their people to because of the internet, a question of a greater autonomy that has arisen to citizens within that country which have interconnected like they never did in the '70s or '80s. The ITU treaty said it was able to block stuff because it was able to do that.

When the Instens of Muslims video was released, a lot of countries had issues with that, because there were protests in certain countries, in Pakistan, in Indonesia, many countries decided not to block and if they did, they blocked temporarily. Our country decided "What we're going to do is block it." The problem they have is they've blocked themselves off from the world. So when it went to court -- there was an actual court case which was celebrated at least in our country, where the judges tried to grapple with this issue and the issue became more transparent. How do we deal with this problem? Day after day, technical expert after technical expert came in saying, "What is the solution? Treaty?" "It doesn't matter because it is technology." "Okay. Can we block this?" "Yes, we can have blocking of the domain." "But can we get around it?" "Yes." "Can we block the proxy around the domains?" Giving up and saying, "What's the answer here?" The answer is: We need to cooperate with the service providers.

So the sovereignty of "This is my brute-force space and deal with it." In order to maintain your sovereignty it has to be a cooperative shared space. How do we deal with that collision? Sovereignty of that nature. Much more sophisticated, not westfailian. {*} that is why I say what Bertrand's project does is allows that space to have that debate.

>>: I find myself in the funny situation that, on this panel there is nobody who represents Government. And that is the point. I happen to have been the representive of the French Government between 2006 and 2010, and the experience that I can share in the work of the internet and jurisdiction project this year, we organized basically four meetings on exactly those topics in Brazil, in Paris for Europe, in Delhi, and in Washington is that the presence of not governments with the big G, and one single label, but various actors within governments, including law enforcement, foreign affairs ministry, ministries of communication is absolutely necessary and useful for the discussion. I want to share one thing with you regarding this. The governments -- some of them may be doing things for bad reasons or whatever. The problem is that a lot of them are doing things because they're using the tools that are available to them.

There's no way we can solve those issues in an honest manner in a discussion among all actors in anything that is a purely interGovernmental discussion {*}. So you can go to the UN and draft as many Constitutions as you want. Where are the problems? Not there. So your Government -- I'm trying to make the case for them a little bit. You are law enforcement and you are the ones who are actually bumping their heads on the frontiers of national sovereignty.

If you get a crime that is committed in one country, there is a citizen that is really harmed. You want to get the data. To date, you have circuits that either allow you to get the data by direct contact with the platform, whatever, but there is no guarantee neither for the platform nor for the other side that fair process is being used. The platform may be accused of having cooperated when it shouldn't have and so on. So it has to make a determination which is a bad process. Or you go through mutual legal assistedance treaties which are bordered with caveats and protections that, in most cases, it doesn't work. If it works, it takes many many months.

This is concerning the real life of people. Just to make the case, in some cases, you need to have content taken down. You need to have content taken down sometimes. And I'm repeating this because we tend to believe the freedom of expression is absolutely without limits. Let me give one concrete example in. In India last year -- and in the internet and jurisdiction project, we have a part that collects cases regarding those issues. In India last year there was a group of people coming from another country -- I'm not sure it was Pakistan, it was another country -- that had a very keen desire to trigger religious fighting between different groups. What they did is they were taking a picture of Buddhist monks who, in China, were actually helping after an earthquake. The picture had a lot of bodies on the ground and the monks were helping. These people were circulating the pictures explaining (audio out) (audio disconnect).

>>: Fortunately, nobody was killed. But if 200 people were killed in that environment, this is what, for Government, is a public-order concern. The universal declaration of human rights, {*} has provisions in Article 29 for public order and there's a whole range of protections that the response needs to be porportionate that the protection of freedom of expression is protected, only when the issue is urgent that they bring in protection. There is no framework and there is no framework today that solves the very crucial problem of global public order. Things like that.

The key challenge is to address those issues so there is more protection for that. When also a legitimate concern that is about the harm of individual people, it is, indeed, taken into account. And I give you a second element that is close to my own country. I'm French.

In France, like in Germany, for historic reason for laws against antisemitism. It is criminal in France and in Germany to make antisemetic remarks. It is a criminal offense. There is a strong difference -- a normative collision between the two sets of laws. On Twitter, a couple months ago, somebody in France used Twitter to spread a hashtag that was called "A good Jew." Encouraging people to make racist and antisemetic jokes. It became a trending topic Twitter. This is criminal in France. It was asked to be taken down according to French law. The name of the people that done that was communicated to France. France is still a relatively democratic country and people in France are attached to this law for historic reasons. There is a big tension. Twitter accepted, but there is no way to do that clearly.

To finish on the Westfalian model or not, sovereignty still exists and national law still exists at the national level. Again, if there is a Frenchman living in France, insulting another man in French through a media platform in another country, it is not -- if there is someone in Equador, insulting someone who is an English man living in Italy, try finding the jurisdiction that applies and I wish you good luck.

So when you deal with trans-border cases, this is what we're talking about, to preserve the trans-border system and the accessibility of platforms because they're enablers of freedom of expression, we need to include actors of the Government, how to deal with those issues in what we call the "Challenge of digital coexistence of different norms and shared spaces."

>>: By the way, it is a little bit early, but I think it would be a good time to open up for comments or questions from the floor. Bertrand raised a good point. We don't have a Government representive on the panel. If we have anyone who thinks they know what their Government might say in this case. I think a lot of people live in jurisdictions where there is some form of censorship. It may not be overtly possible or overtly obvious, rather, many jurisdictions have -- and we have a comment I'll get to in one second. Many jurisdictions have bans on, for example, images involving child exploitation which most people don't seem to have a problem with, of course, because it's equally repugnant in many jurisdictions. Just like a ban on antisemetic speech seems perfectly adequate or appropriate in France or Germany to many people, or speech that may insult certain religious views or beliefs.

And I know Zahid, you had a comment. Please introduce yourself before you give your comment, if you feel you'd like to.

>>: Hi, I'm Braxton Perkins, I want to follow-up with service providers. Can you comment on the type of service providers vital to the cooperation. Is it platforms, ISPs, just like to get your thoughts. And then secondly, how do you view the role of new tools, or old tools to do VPNs or proxies to obviscate where your actual location is or what your nationality is and how that translates into service providers cooperating on the issue of a new concept of sovereignty?

>>: Thank you. First of all, I think that the concept of sovereignty when it relates to service providers is currently going through I think, a transition. I think you've got many people trying different things. Some say if you've got individuals who are involved and they are individuals of mine, sovereignty is applies. Others saying, "The data occurred in my country." Application is something that has to evolve. On the side of the service providers, the way I see responses is in trying to have terms of service which basically, in some way, actually have a transnational impact. And I think the greatest challenge -- one of the things I wanted to mention in Pakistan, we gave 15 minutes for YouTube to respond to the request before we blocked it. We didn't read the service to see under what terms of service can we submit this request. We're not trying to interface.

To the extent that you can start having that dialogue with those service providers -- this is without having an international treaty for this purpose, but a framework in which that service providers can agree. This is something that was discussed in your discussion, Bertrand. How can we have modeled in frameworked that the private sectors, social networks, et cetera, come together and have a dialogue with governments and agree to what I would say is the common ground. More often than not, what we see -- this entire discussion is driven by is the emotion and the passion of the extreme examples.

And I think that that is important, that it needs to be discussed, and redefined resolution to that. But the push that comes with trying to push ahead with those extreme examples is, "Oh, I'm not getting cooperation," and to a large extent, what we see is that those countries that are doing this are victims of their own decisions. What do I mean by that? By deciding not to join the Budapest convention which at least lays down a base line of basic offenses that they can get cooperation on, they increase the pressure of not having that issue resolved, illegal access, hacking, phishing, and other things. If we can make progress at least on the common ground, the pressure that we have of using that -- the pressure that is building up on the issues that we should be able to have a common ground, not being able to resolve or get cooperation, then impact being -- the extreme examples not getting resolved is something we would like to try to address. I should explain that the Budapest example, it is the only international treaty used to eliminate cyber crime. People have taken a view that well, you know, I don't like it -- "Would like to side with Russia or China. I'd like to side with another group." Instead of saying, "Does it function? Does it work?" In a sense, there's a sovereign framework that service providers are cooperating with. So that would be a solution. The other question of how do we view technologies? There was an interesting debate this morning or discussion of how should governments in the freedom co-- the Freedom Online Coalition. What should be their response to making available tools that would enable freedom of expression to exist for people to be the -- the use of VPNs, service. On the back of that discussion is: Should netsweeper, which despite 7 other providers say, "We will not provide it to Pakistan." Netsweeper said "No, I'll sell it to them." To what extent should that coalition take action through other cooperation amongst themselves or national law and have their sovereignty applied to that. That would be another question.

I think it is an issue and how do you track and survey? Because the moment you start getting filtering soft way, it doesn't just filter. It also surveys. That is the point you were trying to make. We need to look at sovereignty from the other perspective. How do we keep it open? There can be a coalition that can deal with that.

>>: Well, wait a minute. Bertrand, you said governments should, to some extent, have a right to censor?

>>: (Bertrand) we participated in a meeting and he was at a workshop we organized yesterday. He said one of the results of the discussions is that the documents we produce are using neutral wording {*} that is saying that it is a common problem. He was joking saying, "If I had done your leaflet instead of content take down, I would have said 'fighting the increase of censorship' and the use of data is the unacceptable amount of surveillance." I never said that the governments are allowed to sensor. That is not the point. There are cases {*} when content must be taken down. Yes.

>>MODERATOR: All right. Well, let's -- that is a very interesting distinction. If anyone in the audience has questions about that, you should feel free to ask.

>>: AUDIENCE MEMBER: I was wondering if that made more sense in French. I don't understand how requirements and having being taken down.

>>: (Bertrand) taking down a content that is criminal in France posted on a French platform, I don't call that a censorship. That would be the answer of my Government in France.

>>: AUDIENCE MEMBER: So we're not talking about legal content.

>>: (Bertrand) this is about the procedures that should be followed. Censorship -- it is a very interesting debate. Censorship is when procedures are not followed. When there is {*} a political legitimation for why it is being done. It doesn't fit into the legal process that is done at the national level, or the national process is not balanced and porportionate. That is a very important element.

There are national frameworks that do not specify, and there is a lot of work done by Access and other groups especially in the environment of necessary proportionility and so on. What are the appropriate provisions for a national framework implementing the exemptions to limit, in certain cases, the exercise of human right freedoms. And those provisions need to include judiciary processes, the right to have -- to be -- to have a contradictory procedure. Mechanisms for appeal, proportionality, granularity and you continue the list. There are many frameworks that do not have this. And in that case when it is -- let's say for instance, the brother of the dictator who happens to be the minister of information that says, "Ooh, this is a statement that is against me because I had my fingers in a honey pot," I'm sorry, yes, that is censorship. But when it is the implementation of a court decision that is the application of a national law that has been going through all the appropriate bases, and it is considered as being a country that has a framework that ensures only appropriate protection, I wouldn't call that censorship. The moment that it moves in the extreme -- or maybe you're right. Maybe there is a difference. Maybe in the environment of the US, the expression "Censorship" doesn't ring the same thing that it does in France.

>>: You're basically saying the same act gets a different name depending on how democratic and Constitutional the country is. I have a hard time drawing that line.

>>: May I just share (Bertrand) experiences to the point? {*} there are certain cases like my (not Bertrand) perceived or real. {*} well, about a few months ago, this one guy was killed, youngsters, teen-agers were chatting. It got so bad -- they were starting to joke and more casual thing but they're forced to kill the person.

If that has been intercepted, one way or the other, it could have been stopped. Their case -- two institutions I work for running a hotline locally, and sometimes they receive some kind of consultation or inquiry via e-mail or the phones of the potential suicide, or killing -- some killings are happening -- and people once intercepted, they could inform either the law enforcement or the service providers or the both to try to take it down. And it sounds like extreme, but it could happen in the every day life of people. It doesn't mean that police is 24 hours monitoring these communications per se, but these are the instances and with smart phones and the cloud, it is getting easier to perhaps monitor by other people if not necessarily the authority.

But these are the cases we're facing day to day as well.

>>: I have a quick response. I would fall on the other side of the argument. I think that there are times that may be short for public order and there is a possibility of danger, somebody may be killed. You may -- I would like to think you shouldn't, but there may be some countries that would want to do something. I want to address some of these issues. You know where it may be okay to say, well, antisemetic speech should be shut out? But at the same time, blasphemy could also be justified on the same basis. And (audio out). The effect and the end result is the same. And so the question basically, you would have is to say, "Well, do we therefore because there is a threat of a violent response, say that the violent response should not comply with the law because they're a mob and they will kill? And so we should just listen to what they're saying and not do things like forced busing for equality in the US" as an example. R versus Brown. Why should the blacks and whites not share things? The court would say, "Oh, my goodness, this is so terrible. The moment you start doing this they're going to hang people." Rule of law trumps (audio out) but in the longer sort of stretch of things, you need to be able to comply with the rule of law not saying, "It's okay. This is going to create a problem and people are going to be angry. Don't want to do that." That is not rule of law. That is not democratic. That does not protect minorities because they will always have a mob against it.

I want to come to the earlier point I was making which was that every time we discuss these issues, the extreme example of censorship, religious issues and blasphemy and antisemitism, someone's law -- I can't remember the gentleman -- every time Hitler or Nazis have to be referred to.

>>: Godwin's Law.

>>: He is actually here at the IGF. You go to the most extreme example. As I said -- let's imagine a situation where you have a glass that is empty and a glass that is half full. The choice is: You're thirsty. Do you want to drink that glass that is half full and get agreement on the common ground, say, for instance, join the Budapest Convention and join things that people agree on like child porn, illegal access, hacking, we all agree on this, but we don't do it. But yet at the same time we will get very angry and say, "But we should do something about the blasphemy and antisemitism."

So I think in order to be rational about this and take the emotion out and deal with those issues, absolutely, but let's at least try to make progress where we can make progress and agree on the things we have common ground on. We're all so torn by the politics internationally.

>>: I was thinking further on the question you asked which seemed like a joke, but it is actually not. It is very interesting that whenever we use words, they are loaded with a lot of personal experiences, and national connections. And thinks about what you were saying, it is true that unconsciously in my mind, censorship is transferred to (French word) which used to be an ex ante, you have to submit your paper before publication. It is something that existed in the Soviet Union. The reason I so strongly react about the distinction (Bertrand) {*} in my view, the term censorship is evoking a mechanism that is so immediate, or so ex ante, that it is not at all the result of an exposed judiciary. The second element that I wanted to say is I whole-hearted by support what Zahid about not mentioning the processes to solve the extreme cases. This is what has led us to taking our shoes out of our feet in airports just because one guy -- one day -- had a miniscule amount of explosives in his soles. This is nonsense of the it is complete over-reach. If, indeed, people are dealing with public-order dangers, the biggest danger is when the framework is set to prevent any kind of danger. The best way to prevent any kind of danger in the streets and public order is preventing anybody to get out, and there's no mob and no problem.

Freedom of expression is the same. Where you put the cursor is variable and is a case-by-case discussion to make which brings the last point. The importance of terms of services. It is fascinating for me to see over the last few years, all large companies that have real cross-border activities have incorporated as part of their terms of service elements that try to form a sort of general understanding of what is globally acceptable and the best element in that regard is the progressive introduction of hate speech-related provisions which are absolutely not required under US law and the platforms are in the US, and they could have tried to push completely a First Amendment approach to freedom of expression. Each one after another have tried with difficulty, with great convergence in the end to introduce things that deal with this. Tumblr said, "We do not condone religious bigotry." That is attacks against racial or sexual or whatever orientations. And each platform is actually implementing on their own space, rules that are community rules.

And it is strangely an instrument of organization globally that is emerging almost continuously.

>>: I think we had some comments from the audience as well. The first comment -- the first handy saw was a gentleman with a light blue shirt in the middle. Did you have a comment?

>>: AUDIENCE MEMBER: I have a question about something separately if that is okay. My name is Jase Kadousky. This whole forum is very interesting to me. One thing that is coming to me mind in terms of access to user data, you know, the Government's right to access of user data in terms of sovereignty, let's say someone is in Pakistan and they upload a file to a server in America, does that user have any rights that would be infered to them because the data is now in America? So let's say, does America law enforcement have the right to say, well "Your user is in Pakistan. They're not in America. They weren't ever in America. Give us their data." For any reason.

>>: I'm not a US attorney, but from what I understand and you know, I'm happy for anybody to correct me. The terms of service on the basis of which I have agreed to use that service would be one applicable able, the US has, I assume, has greater protection with freedom of speech and that gives more protection than Pakistan does. And in addition to that, if I'm doing something pretty heinous like a crime, it doesn't matter which country I am in, they'll get to me. So if it's something that is like a financial fraud whether it's in Pakistan, Iran, European Union, they will find a way to find me and bring me down. I choose a jurisdiction where I feel my rights will be protected. I'm trying to gain the protection of the first amendment in the US when I'm up loading. I would be worried that the US Government, the way that it has its laws would take that down. A request by the Pakistani Government made the request to bring down the Innocence of Muslims because it was a freedom of expression thing. People can have opinions on it. The FBI didn't say, "Take it down." Supposing it was being used to host some content to build an IED, or a terrorist bomb, I'm sure that will get taken down. So I want to be more practical about what the examples are.

>>MODERATOR: I think we had other comments from this side of the room. I think first the lady with the red scarf. Would you like --

>>: This is not a comment, but I have a questions. I do my name is Thia. I'm working for mutual.com. It is a social media developer. I'm having to experience with a cloud computings back in 2009 I was working with an Asian Development Bank, and we used cloud service at the time we are using Google Cloud and it's helping us a lot because of we are not being bothered with all the issue with the server and everything like that. We just have to focus with how we are providing services to our user -- our member at this point -- I mean, for the producers like fishermans or farmer.

On the other hand, I'm working for the consultant for the Government of Indonesia in one of the ministry. I will not say the name of the ministry. But you know, we discover -- this Government is forcings to use their own server, to put everythings -- servers owned by them, and for me, they did not have a good human resource. The second, they do not have money to maintains, and the third, it just like -- you know, the investment that they are spending for a huge server, it is huge. The investment is just huge and it is not even used effectively. I have no idea, but just like because of if Government start to pushing people to use the cloud -- they have their own server and their own cloud that is located in their own locations or country, it is going to be a huge mistakes for developing country like Indonesia, I think.

Second, I do have -- I mean, there's always a bad and a good person in life. It's happening all the times. But the things is, we cannot forbid clouds or people who make a bad content to put something in cloud services because you can sometimes -- if there is not a person, there will always be a crimes. So I just wonder, rather than we asking Government to Government the cloud services, I prefer to have another policy that allows the commercial cloud to have an education program to its users about how they should not be influenced by the negative content. That things -- it is something that I am not seeing from cloud commercial services. I have not -- I had hopes any of you can give comments on that. Thank you very much.

>>: Two points. I think you're absolutely right. I think the awareness in developing countries, specially enterprises in those developing countries as well as especially Government so that the misconceptions about the security aspects sometimes are something that can be resolved. I think that is helpful and I would agree with you. To give you the example of basically when you start doing this and saying, "No. You have to use the local service." It creates protectionism which creates higher costs, lower efficiencies. And these sorts of centers which are being created are not able to compete because you need a critical mass and this is something we talk bd in a workshop yesterday. You need a critical mass of people to run these data centers unless it is taxpayer-run system. For users, ordinary people, they want to use something cheaper and accessible immediately. They have to go to the cloud that is near. You're right. What happens is when you start -- there's all this bad and most of good, but it is a minority.

When you say, let me share an example from Pakistan. We had basically a foreign exchange regulation, you know, money changers, et cetera. Because those money changers -- a segment of them were doing something illegally, the Government came down on them and said, "No, no, I'm not going to try you for the illegal thing you did. I'm going to shut down the entire business." That was because they wanted to go to the banks actually.

When this was shut down, guess what happened? You didn't have any legal means to transfer money. And guess who won? The criminals. Because now it wasn't the legal businesses. The entire system has gone underground, you don't have information, you don't have intelligence, you don't know who is doing what? Operating out of garages and the crime has increased ten-fold. So when you try to sort of address the problem by addressing something that is good, and the reason why people aren't going after them is because they're saying, "Yes. But he is trying to get money to send to his mother. He is a criminal but he is doing a great service." So suddenly he gets the protection -- similar thing when it comes to VPNs. You try to block a whole domain name. People are going to use VPNs because they have to have it. It becomes a basic requirement.

>>: Just to pick up on your last point of content. I think the answer is, in many instances, rather than -- content. We are trying to enable people to report the content themselves so it doesn't have to necessarily escalate to a Government-type issue. So we have reporting links on almost every Facebook page you can report specific items of content. You can do that either by reporting it to us or reporting it directly to the person responsible to the content. So we've developed -- these are new innovations, social reporting flows so you're then facilitated with the other user opposed to the content. What we're finding is that in the vast majority of instances, the content get pulled by the person who posted it. So you're not having to escalate it. But I think Bertrand's point about hate speech and the fact that platforms are starting to develop on that is an important one because I think why -- you know, the reason that that is an innovation is you are saying that -- you're accepting that there is a type of speech basically, that shouldn't be on the platform. Where it is challenging is you have to take it in context. Identifying hate speech or identifying incitement is completely dependent on context. The reason that platforms are start to go address this issue is because you can't -- you can't be responsive purely to a crowd response.

So it can't simply be that because someone or a crowd responded violently to speech doesn't mean that it is automatically insightment or hate speech. You need more context. And the reason that -- one of the challenges here is, unless you do that, unless you have a more nuanced sophisticated approach, you're creating a heckler's veto where the people who behave the worst online have the most power in defining the bounds of online speech essentially.

So that is -- and so you're seeing companies and sort of trying to grapple with that and I think if you don't do that, if you don't have some bounds and some ability over context, then you know, a crowd response -- you know, for example, images from Civil Rights movement, a crowd responds to that would probably be to take it down. So I think you're starting to see innovation in this area and trying to be responsive so that it doesn't automatically rise up to the Government level.

>>MODERATOR: I think we had one more comment on this side of the room. From the gentleman in the white jacket. Yes. And then right after the gentleman with the dark jacket. Please.

>>: AUDIENCE MEMBER: My name is Jorjeven. I am from the board for the agency for the Government and information society. So we are very involved in this kind of thing. We don't like the censors. We don't really like the censors. We have a special department to prosecute. They act the same way when another kind of crime -- there is no difference. The difference is which is a cyber crime. Is there a list of cyber crimes? No. There aren't. And this is the problem. The other -- in my country, all the -- in the public school -- so we have to protect and to protect him, we develop basic information and basic kind of game, a role game when they're playing this game, they learn how to use the privacy of information privacy. And also we have many people explaining to conference to a different level of people of the country ages, ancient, young people, and so on. How to protect their personal data. Within the list, best that we can do at this moment and I'm grateful with respect that this is going to be a good results.

>>MODERATOR: Thank you very much. Those are great comments, especially with regards to education. That is going certainly -- certainly going to change the landscape in the short future. We have four minutes left. I think we can take one -- we are going to have time for one more comment here on the left.

>>: AUDIENCE MEMBER: Thank you very much. My name is Tiku Jampana. I am from Indonesia. From privacy versus freedom of expression is always a good debate. I think the Government is in a dilemma because why do we need Government? We need a legal body to govern society. But at one point, Government needs to protect privacy in its country because people aspirate, right? On the other hand, Government also needs to support freedom of expressions because people also ask for it. Freedom of expressions has no limit and privacy is actually about creating limits. So I think there should be a balance between privacy and freedom of expression. So the question is: How to balance it. This is a very quick comment from me and a brief question. Thank you.

>>MODERATOR: Thank you very much for that comment. I want to make sure we have time for everyone to get in one more comment. Did you have a comment, lady in blue?

>>: AUDIENCE MEMBER: I just wanted -- my name is Albira. I am from the UK. Just a brief observation, really. I don't necessarily believe that diversity is a bad thing. I guess part of the solution would be to embrace diversity. It is a good thing that users have a chance to shop around and be able to create content by using, for example, following the example was it earlier on, the jurisdiction which favors -- or at least it protects in a better way under the first amendment freedom of expression. So why would it be necessarily a bad thing to actually have different options? Especially now in the cloud computing where it's easier to transfer service there and be able to avoid all jurisdictional matters.

>>MODERATOR: Thank you very much for that comment. Did we have any other comments from the floor? We have 30 seconds in the front.

>>: AUDIENCE MEMBER: Just a we can question about the right to data portability which is a proposal floating around the European Union. Is this good for human rights and privacy or bad for human rights and privacy?

>>MODERATOR: Knowing that we have 10 minutes left, I'll answer that one. It's good. Definitely. For an expression purpose.

>>: AUDIENCE MEMBER: You can actually do it? This is particularly directed to Facebook because part of the right to data portability is to be able to take all the data that I have on my social media network and take it to another social media network including all the information about all my contacts who may not want their information taken to a different site.

>>: I've been informed I have 10 seconds to respond. So we developed a tool far beyond the -- earlier than the DPR provision came out (Sarah) that essentially {*} enables this. And you can -- you know, it came out of -- I work with the Irish Data Protection Commissioner, and through this tool you can have everything downloaded and sent to you. So I think part of the question is developing technological solutions, but whether you need a harsh regulatory approach to stem that or not. I mean, and I think if you look at the genesis of the tool that it came out of a proactive, you know, developed relationship with the regulator rather than creating one solution that is fairly blunt and static. That provision might be updated with the evolution of the next tool. So I think my point is -- I think we can be responsive without needing to take such formal regulatory -- that is way over 10 seconds.

>>MODERATOR: With that said. That would be a great segway for a panel to continue with next year. Thank you everyone for participating, for the panelists and for participating. We are closing this panelment thank you.

(Applause)