Remarks to the Freedom Online Conference opening session

In June 2013 shortly after the first Snowden revelations on NSA surveillance came out, I gave a keynote address to the Freedom Online Conference in Tunis. Three years later I was asked to address this morning’s opening session of the Freedom Online Conference in Costa Rica. Below are the remarks I prepared, updated after delivery with links added.

****

It has been five years since the Freedom Online Coalition was founded. Since 2011 we’ve traveled some ways together on a road that has been anything but straight or flat.

I am going to be frank about the work we still need to do to make this coalition more effective in fostering a more free and open global internet that supports “freedoms of expression, association, and peaceful assembly.”

The inconvenient truth is that while global internet use has grown by over a billion people in the past five years, especially in the Global South, the world’s newest users have joined an internet that is measurably less free and open than it was five years ago.

What are we doing for them?

I think its fair to say that member countries have done much to advance the basic concept that human rights apply equally online and offline within the international human rights system.

Support by member countries for the work of the special rapporteurs, on freedom of expression, and now also privacy, has helped advance global understanding of what protection of online rights actually means in a practical sense.

Coalition members have worked together to support and strengthen existing multi-stakeholder internet governance institutions.

The Digital Defenders Partnership is a very tangible product of the coalition.

But let’s face it. Many Coalition member countries are not leading by example in demonstrating what best practice – or even best effort – should look like in tackling very difficult and often urgent domestic economic, political, and security concerns in ways that are consistent with fostering global online freedom.

Recall specifically that the Coalition’s Tallinn Declaration calls “upon governments worldwide to promote transparency and independent, effective domestic oversight related to electronic surveillance, use of content take-down notices, limitations or restrictions on online content or user access and other similar measures, while committing ourselves to do the same”.

Three multi-stakeholder working groups were created two years ago at the time of the Tallinn Declaration to advance those and other objectives related to empowerment of internet users around the world.

All three have produced recommendations for governments and other stakeholders. Yet there is no mechanism that commits member governments even to consider these recommendations – let alone implement them.

For example, Working Group 1 has developed recommendations for human rights based approaches to cybersecurity.

Will any member states lead by example in carrying out a meaningful inter-agency review on the extent to which their own cybersecurity related laws policies and practices are human rights compatible?

Are they willing and able to engage in serious national and international dialogue on how to get from where they are to where they need to be?

To its credit last year the coalition commissioned an independent reviewwhich has produced a number of recommendations, including the creation of new mechanisms:

  • through which stakeholders can raise concerns about actions of member governments;
  • through which member governments’ performance in meeting their commitments can be periodically reviewed;
  •  and by which the coalition considers and responds to the recommendations of the working groups.

The San Jose Statement released by member states today is a helpful clarification of the coalition’s purpose as primarily focusing on cross regional diplomacy that will help to shape global norms on human rights online.

But we cannot escape the reality that internet freedom starts at home. Member states must  lead by example if  diplomacy is to be credible.

I hope we can spend the next two days in practical discussions of whether and how non-government stakeholders engaged in the coalition can help member states bring policy and practice into better alignment.

To that end, in addition to the recommendations produced by the independent review I’d like to propose four further steps:

First, we need be a process through which member governments work with civil society and private sector stakeholders to identify urgent issues and develop statements and recommendations addressing specific time-sensitive threats to freedom online, such as the global epidemic of network shutdowns.

Second, we need a concrete set of Freedom Online Indicators that can be used to benchmark member states on the extent to which they are meeting their commitments – and the extent to which their laws and regulations maximize the private sector’s ability to respect internet users’ rights.

Third, governments should produce  National Action Plans describing concrete efforts they are making to meet their commitments.

Fourth, we should consider establishing a multi-stakeholder transparency reporting and assessment process to help member governments and companies implement  commitments to transparency and accountability around requests made by governments of companies to share user information, restrict content or shut down networks.

This process could be modeled after the Extractives Industry Transparency Initiative (EITI) whereby governments report on payments received by oil and gas and mining companies and companies report in parallel on the payments they make to governments, in order to improve accountability over who benefits from the exploitation of natural resources.

In the case of such a Digital Transparency Initiative some sort of assurance process would verify the quality and accuracy of the reporting.

So while the coalition is to be commended for  positive initiatives and commitments – we still have a long way to go.

Let’s spend the next two days coming up with  concrete plans for how this coalition will have tangible impact on making the global internet more free and open.

For the sake of the world’s current and future internet users, we’ve got to try harder.

Ranking Digital Rights and new TED talk

This blog has not been updated since April 2105, mainly due to the fact that I’ve been so busy with my main job running Ranking Digital Rights (RDR). (I also got married!!)

I’ve decided to revive this blog as a platform on which to share work I continue to do that goes beyond RDR’s scope and which might not be appropriate to share on the project website.

In brief, the main things I’ve done since I last wrote on this blog was to launch the Ranking Digital Rights Corporate Accountability Index in November 2015.  After some funding uncertainty in early 2016 we managed to secure the support to launch a new research cycle for the next Index scheduled for release in March 2017, and to continue the project for at least a couple more years.  If you’d like to learn much more about the Index and its result check out the video and summary of the Index launch. You can also download the full report and related materials here. To get a sense of the impact we’ve been having on companies in collaboration with advocacy partners, read this. Watch the project website for more updates on our research and related activities.

The other major thing I’ve done since this blog went dormant was to give another TED talk at the TEDSummit in Banff, Canada this past June. It’s about why the protection of human rights, freedom of speech and freedom of the press is essential if we are going to succeed in fighting terrorism.Earlier in 2016 I wrote a piece for CNN.com and spoke at South By Southwest Interactive on the same theme. A CSMonitor piece about it is here and a video is here.

 

My response to the “Netgain” challenge

Sounds like some kind of weight gain program, doesn’t it?

Actually, “Netgain” is a consortium of several philanthropic foundations hoping to support good work that will make the Internet open, free, compatible with social justice and democracy. They describe their purpose as follows:

The Internet has transformed how we connect and engage with the world around us, creating challenges and opportunities in every area of contemporary life. It can be used to foster enlightenment and learning, and to promote justice. It can also be used to exert control, stifle legitimate discourse, and concentrate power in the hands of a few. The web’s ubiquitous nature and power demands that we work together to ensure that it serves the common good.

The Knight, MacArthur, Open Society, Mozilla, and Ford Foundations have come together with leaders from government, philanthropy, business, and the tech world to launch an ambitious new partnership to spark the next generation of innovation for social change and progress.

They’re asking people to “submit your ideas using the form below and help us focus on the most significant challenges at the intersection of the Internet and philanthropy.”

Here’s mine:

The forces of repression have evolved to survive and thrive in a networked world. Philanthropy’s response must similarly evolve to meet the threat. Today, Internet-empowered civil society is under fierce attack on all continents. Those who control the means of physical violence have grown skillful at counter-manipulation of technology, law, and media. Democracies are not immune. In pursuit of security and self-interest, citizens and consumers unwittingly consent to their own repression. Politicians seek quick fixes to win elections. Companies rushing to meet market demand can be blind to collateral damage on legal and technical architectures that keep information systems – and by extension social and political systems – open and accountable. Let’s map out where abuses of power are occurring within the world’s information ecosystems. Pinpoint where accountability mechanisms fail and where they are completely absent. Then put together a strategy to hold power accountable in the Internet age.

You can submit yours here.

How not to kill the Internet when fighting terror

Yesterday I testified at a hearing titled The Evolution of Terrorist Propaganda: The Paris Attack and Social Media convened by the House Foreign Affairs Committee’s Subcommittee on Terrorism, Nonproliferation, and Trade. I am not a counter-terrorism expert but I do have a few things to say about how not to destroy Internet users’ right to freedom of expression and privacy. Below is my five-minute oral testimony as delivered, with links added. A pdf of my more detailed written testimony, along testimony of all other speakers can be found here. Video is here.

How do we fight terrorism and violent extremism in the Internet age while not undermining the core principles and freedoms of democratic and open societies?

Terrorists are not the only people who are using social media powerfully and effectively. Yesterday I returned from the Philippines where I participated in a conference of bloggers, activists, and citizen journalists from all over the world. People who believe in freedom of expression, the open Internet, and multicultural tolerance. Many people connected to this community face serious threats of censorship and imprisonment when they write about subjects or advocate policy positions that their governments find threatening. In countries like Ethiopia, Russia, Turkey, Egypt, Morocco, China and elsewhere some have even been charged under broad anti-terror laws that are habitually used as tools to keep incumbent regimes in power.

In response to the tragic massacre in Paris, the French government has called for UN member states to work together on an international legal framework that would place greater responsibility on social networks and other Internet platforms for terrorist use of their services. In addressing the problem of terrorist use of social networking platforms, the United States should adhere to the following principles:

First, multi-stakeholder policymaking. The US opposes UN control over Internet governance because many UN member states advocate policies that would make the Internet much less free and open. Instead the US supports a multi-stakeholder approach that includes industry, civil society, and the technical community alongside governments in setting policies and technical standards that ensure that the Internet functions globally. In constructing global responses to terrorist use of the Internet we need a multi-stakeholder approach for the same reasons.

Second, any national level laws, regulations, or policies aimed at regulating or policing online activities should undergo a human rights risk assessment process to identify potential negative repercussions for freedom of expression, assembly and privacy. Governments need to be transparent with the public about the nature and volume of requests being made to companies. Companies need to be able to uphold core principles of freedom of expression and privacy, grounded in international human rights standards. Several major US-based Internet companies have made commitments to uphold these rights as members of the multi-stakeholder Global Network Initiative. Guidelines for implementing these commitments include: narrowly interpreting government demands to restrict content or grant access to user data or communications; challenging government requests that lack a clear user basis; transparency with users about the types of government requests received and the extent to which the company complies; restricting compliance to the online domains over which the requesting government actually has jurisdiction.

Third, liability for Internet intermediaries including social networks for users’ behavior must be kept limited. Research conducted around the world by human rights experts and legal scholars shows clear evidence that when companies are held liable for users’ speech and activity, violations of free expression and privacy can be expected to occur. Limited liability for Internet companies is an important prerequisite for keeping the Internet open and free.

Fourth, development and enforcement of companies’ Terms of Service and other forms of private policing must also undergo human rights risk assessments. Any new procedures developed by companies to eliminate terrorist activity from their platforms must be accompanied by engagement with key affected stakeholders and at-risk groups.

Fifth, in order to prevent abuse and maintain public support for the measures taken, governments as well as companies must provide effective, accessible channels for grievance and remedy for people whose rights to free expression, assembly, and privacy have been violated. Thank you for listening and I look forward to your questions.

The above recommendations were informed by my years of work on Internet free expression and privacy issues, the Global Network Initiative’s principles and implementation guidelines, standards for Internet and other ICT sector companies currently under development by the Ranking Digital Rights project, and a new report published by UNESCO titled Fostering Freedom Online: The Role of Internet Intermediaries.

In the Q&A session, in response to a question about why companies don’t do a better job of working with the government and others to take down terrorist speech, I tried to remind the committee that we have a bit of a trust deficit between Silicon Valley and the national security community these days. In the wake of Edward Snowden’s surveillance revelations, U.S. companies are already under fire for how NSA has used them for surveillance. The lack of trust, accountability and transparency about the relationship between Internet companies and the US government is a barrier to constructive dialogue. If I’d had more time to comment, I would have suggested that an overhaul of this country’s surveillance laws might be a good place to start in building trust between companies, government, and Internet users. Calling for back doors and opposing encryption doesn’t help either.

Here is the full video:

Thinking about machines that think

At the beginning of every year, literary agent, editor and publisher John Brockman asks his network of authors, scientists, and cross-disciplinary thinkers a big question, then publishes the answers at Edge.org. This year’s annual Edge Question was: “What do you think about machines that think?” He solicited answers from a broad range of people including many like myself who are not considered to be professional “artificial intelligence” experts, but who he though might have something interesting and provocative to say. My answer was titled “Electric Brains“, playing off the Chinese translation for computer. I focused on what I think are extensions of some of the questions and issues I addressed in Consent of the Networked. Here is how it begins:

The Chinese word for “computer” translates literally as “electric brain.”

How do electric brains “think” today? As individual machines, still primitively by human standards. Powerfully enough in the collective. Networked devices and all sorts of things with electric brains embedded in them increasingly communicate with one another, share information, reach mutual “understandings” and make decisions. It is already possible for a sequence of data retrieval, analysis, and decision-making, distributed across a “cloud” of machines in various locations to trigger action by a single machine or set of machines in one specific physical place, thereby affecting (or in service of) a given human or group of humans.

Perhaps individual machines may never “think” in a way that resembles individual human consciousness as we understand it. But maybe some day large globally distributed networks of non-human things may achieve some sort of pseudo-Jungian “collective consciousness.” More likely, the collective consciousness of human networks and societies will be enhanced by—and increasingly intertwined with—a different sort of collective consciousness generated by networks of electric brains.

Will this be a good thing or a bad thing?

Click here to read the rest.

The Cluetrain Manifesto’s “new clues”

16 years ago, four visionaries published the Cluetrain Manifesto, featuring a set of 95 theses about how the Internet has changed markets and relationships. The first thesis, “markets are conversations,” has become a mantra. Now two of the authors, David Weinberger and Doc Searls have published a set of new clues topped by a warning: “all the good work we’ve done together faces mortal dangers.”

Their “new clues” are meant to inform and spur a call to action:

We, the People of the Internet, need to remember the glory of its revelation so that we reclaim it now in the name of what it truly is.

The first set of “clues” are listed under the heading, “The Internet is us, connected.” In clue number 3 David and Doc give a shoutout to Consent of the Networked:

Verizon, Comcast, AT&T, Deutsche Telekom, and 中国电信 do not own the Internet. Facebook, Google, and Amazon are not the Net’s monarchs, nor yet are their minions or algorithms. Not the governments of the Earth nor their Trade Associations have the consent of the networked to bestride the Net as sovereigns.

Indeed. Which is why I’m so excited about Ranking Digital Rights project, which in late 2015 will release its inaugural ranking of Internet and telecommunications companies on the extent to which they respect users’ freedom of expression and privacy. The full list of companies will not be decided until we complete our pilot study, but it will definitely include at least some of those companies mentioned above.

Financial Times Commentary: Companies need to work harder to keep the internet open

My commentary published last week in the Financial Times begins:

Governments and companies are engaged in a battle to determine who can do what on the internet, and the outcome will reverberate around the world.Google’s troubles in Europe over privacy, antitrust and the “right to be forgotten” are one example of this struggle. Multinational companies’ tussles with the US National Security Agency and Britain’s GCHQ over access to user data are another.

At the same time some democracies and companies are working together against a coalition that includes most of the world’s authoritarian regimes in a struggle over how the internet should be governed, by whom, and to what extent states should be able to replicate physical borders in cyberspace. The outcomes of these clashes will affect everybody who uses the internet, determining whether it remains free and open as intended or whether we are left with a cyber space that is “Balkanised” and fragmented.

After explaining to the un-converted why a free and open Internet is important, I continue:

Democracies and multinationals (with Google vocally in the lead) have appointed themselves champions of a “free and open” internet, despite a widening trust deficit with the public exacerbated by the revelations ofEdward Snowden, the former NSA contractor turned whistleblower. They are working with experts and activists from around the world to promote what they call a “multi-stakeholder model” of internet governance and policy making. Here, business and “civil society” groups take a seat at the table on equal terms with governments to make decisions about the future of the internet.

China and Russia lead the camp asserting the sovereignty of governments. Both have made clear that using the internet to organise political opposition is a threat to “national security”. China’s internet is in effect an “intranet” that connects with the global system only at controlled choke points. Iran is working to build a “halal” or “pure” internet. President Vladimir Putin’s Russia is moving in a similar direction.

But..

If the “free and open” camp cannot do better to align words and deeds, it will lose. Further damaging revelations will emerge as long as people have reason to suspect their rights to privacy and freedom of expression are being violated.

Democracies and companies that claim to champion a free and open Internet are not doing enough to earn public trust. The piece concludes:

For companies, the first step is to make public commitments to respect users’ rights, then implement those commitments in a transparent, accountable and independently verifiable manner. A grouping of democracies including the US and the UK, known as the Freedom Online Coalition, should implement policies that support a free and open global internet. These encompass greater transparency about surveillance practices, with genuinely “effective domestic oversight”.

Democracies’ pursuit of short-term political interests can contribute to fragmentation. Take Europe’s recent “right to be forgotten” ruling allowing citizens to request sensitive information be omitted from search results. Activists from Egypt to Hong Kong fear copycat steps in their countries will strengthen barriers to global information flows.

If even democracies cannot be trusted as stewards of an open internet, the power of all governments must be kept in check by companies and civil society through processes based in a common commitment to keep cyber space free and interconnected.

But if companies are to win civil society over to their side, activists must be able to trust them not to violate their privacy or restrict speech. Strengthening trust in public and private institutions that shape the internet should be a priority for anyone with an interest – commercial, moral or personal – in keeping global networks open and free.

World Policy Journal: Joining Zone Nine

In the latest issue of the World Policy Journal, I write about the absurd “terrorism” trial of Ethiopia’s “Zone 9” bloggers and point out that the crackdown in Ethiopia against online speech is part of a disturbing global trend.

Governments are fighting back against the Internet’s empowering, decentralized character. They are upgrading their own institutional, military, and technical power.  They are passing laws criminalizing various forms of online speech and enforcing those laws with police, security, and intelligence forces. Law enforcement and intelligence services of democracies, as well as dictatorships, are pushing their powers of surveillance to the limit. Many governments are also finding new and creative ways to control through their legal and technical powers what people can and especially cannot do on the Internet and with mobile devices.

The piece concludes:

As we think globally, those of us lucky enough to live in democracies must not forget that Internet freedom starts at home. If we cannot figure out how to constrain government and corporate power over digital networks people depend on, prepare to join our Ethiopian friends in Zone 9.

Click here to read the whole thing.

Ranking Digital Rights: Help decide how to rank companies on free expression and privacy

The following post is featured on the London School of Economics “Measuring Business and Human Rights” blog:

Ranking Digital Rights: How can and should ICT sector companies respect Internet users’ rights to freedom of expression and privacy?

Vodafone’s blockbuster Law Enforcement Disclosure report, published last week, reveals greater detail than any telecommunications company has previously shared about the extent and nature of government surveillance demands all over the world.

Vodafone is certainly not alone: the problem is rampant across the entire sector. Norway’s Telenor isunder pressure from Thailand’s new military leaders who just seized power in a coup to help monitor and censor any content that might “lead to unrest.” Human Rights Watch recently questioned the French company, Orange, about its operations in Ethiopia whose government jails bloggers for political critiques.

Censorship is also a serious and growing problem for the ICT sector. On the 25th anniversary of China’s Tiananmen Square massacre on Wednesday, LinkedIn blocked mentions of the tragedy for its users in China. Last month, Twitter came under fire from free speech activists for agreeing to censor several tweets in Pakistan at the government’s request. Earlier this year, The Atlantic reported that “the Syrian opposition is disappearing from Facebook” – and not by choice.

Clearly, the policies and practices of Internet and telecommunications companies have real impact for the free expression and privacy of people around the world. Are they living up to their responsibilities? Are they doing everything they can to respect the rights of their users?

Some companies are trying – to varying degrees, publishing “transparency reports,” signing up for assessment processes through membership the Global Network Initiative, and making joint commitments as part of the Telecom Industry Dialogue. Others are doing little more than public relations window-dressing, while yet others are making little or no discernible effort to respect their users’ digital rights.

Meanwhile, investors have begun to ask questions about the materiality of companies’ policies and practices related to freedom of expression and privacy. One concrete example is the addition of freedom of expression and privacy criteria to recommended SEC reporting standards by the Sustainability Accounting Standards Board.

As Internet users, or as investors who care about social value as well as financial returns, what should we be asking of these companies? How do we benchmark and compare companies’ policies and practices affecting free expression and privacy? What should be considered “best practice” in a world where governments are making unreasonable demands of companies, whose staff risk jail or worse in many cases for non-compliance?

The Ranking Digital Rights project is working on answers to those questions, developing a system rank the world’s most powerful ICT sector companies on free expression and privacy criteria. We have just released a draft methodology on which we are now inviting public comment until July 7th. After further revision followed by a pilot study, we aim to start ranking up to 50 Internet and telecommunications companies in 2015. (We will add up to 50 more device, software, and equipment companies in 2016.)

The project is modeled after other efforts by investors, universities, NGOs and international organizations that measure companies on other human rights, social responsibility and sustainability criteria – from conflict minerals to labor practices to carbon disclosure. Many rankings efforts such as the Access to Medicines Index and the Corporate Equality Index have had real impact on corporate practices.

Thus we believe that if the methodology is well constructed, a ranking focused on the policies and practices of ICT sector companies affecting free expression and privacy can have a substantial, measurable impact on the extent to which companies respect and protect Internet users’ rights.

The current draft methodology is the product of more than a year’s worth of research and stakeholder consultation. The first step came with a stakeholder consultation in the Fall of 2012 to ascertain whether there was sufficient interest among investors, advocates, and technologists to proceed with the project. After some initial funds had been secured and partnerships forged, an April 2013 workshop at the University of Pennsylvania brought together a group of researchers from around the world, technologists, experts in business and human rights, and experts on rankings. Out of that meeting came a set of draft criteria in the summer of 2013: an initial list of questions that stakeholders believe are relevant to understanding how and whether Internet and telecommunications companies are making genuine efforts to respect Internet users’ freedom of expression and privacy. We then used the draft criteria as the basis for a set of case studies examining companies in the United States, Europe, Brazil, India, China, and Russia. The results of the case study in turn enabled us to make key decisions about the methodology’s scope and focus, and to publish a first draft in February. We then carried out another round of consultations with companies, investors, technologists, experts on business and human rights, and experts on rankings. After absorbing their feedback and carrying out further research, we were able to publish Version 2 of the draft methodology late last month.

Public consultation on the current draft runs through July 7th, after which we will make another round of revisions and produce Version 3. That version will be used as a basis for a pilot study focusing on up to 10 of 50 companies we are likely to rank in 2015. This pilot study will enable us to improve the methodology and make final decisions about scoring and weighting for the full ranking to be implemented in 2015. It will also enable us to identify adoption and advocacy strategies for investors and civil society, so that we can ensure that the ranking is produced in a manner that is as useful to these stakeholder groups as possible.

But first, in order to make sure that our methodology is as solid and credible as possible, it is important that we get feedback on our latest draft from experts on digital privacy and freedom of expression, anybody who might want to use our data when it comes out, as well as companies who may be candidates for ranking.

If you think you might be one of those people – or if you just care about these issues and want to weigh in – please click here, read the methodology, and help us improve it.

Where is Microsoft Bing’s transparency report?

On Friday The Guardian published an opinion piece I wrote on a tricky  issue related to Chinese Internet censorship and the role of multinational companies.  It begins:

Microsoft was accused this week of extending the Chinese government’sinternet censorship regime to the rest of the world through its Bingsearch engine. I don’t believe that Microsoft intended to do that, but the company is by no means off the hook.

After conducting my own research, running my own tests, and drawing upon nearly a decade of experience studying Chinese internet censorship, I have concluded that what several activists and journalists have described as censorship on Bing is actually what one might call “second hand censorship”. Basically, Microsoft failed to consider the consequences of blindly applying apolitical mathematical algorithms to politically manipulated and censored web content.

Click here to read the rest.