Mark News: Internet Freedom and the Erosion of Democracy

Canada’s Mark News has just published my latest essay on how increasing government surveillance around the world is threatening the freedoms granted by Internet access. An excerpt:

This week, at least 125 million people are watching the Eurovision Song Contest, an annual competition of singers from 56 countries across Europe and parts of the former Soviet Union. This year’s contest is hosted by Azerbaijan, a country whose human-rights record has come under heavy fire.

Azerbaijan is a classic example of how, even when people are free to connect to the global Internet, they can be subject to pervasive, unaccountable, and unconstrained surveillance. It is also a case of how, while western democratic governments have been quick to follow the lead of the United States and Secretary of State Hillary Clinton in calling for a free and open global Internet, they are much more conflicted when it comes to surveillance. The democratic world has failed to address the freedom-eroding potential of government surveillance through commercial networks.

Read the rest of the piece here.

Does CISPA Have Sufficient Safeguards?

Mike Rodgers, Republican Representative from Michigan and Chairman of the U.S. House of Representatives’ Intelligence Committee, has responded to my article published on the Foreign Affairs website last month. In my essay, I argued that surveillance technologies and practices originating in the United States are undermining the Obama administration’s “Internet freedom” policy. He objected strongly to my critique of the Cyber Intelligence Sharing and Protection Act (CISPA) which recently passed the House under his co-sponsorship, accusing me of repeating what I had read on Twitter instead of reading the actual bill. I responded. The full exchange can be found here.

Foreign Policy: The Rise of Europe’s Private Internet Police

This week in Foreign Policy I examine the debate in Europe over whether and how private Internet companies should be expected to police people’s activities on the Internet. An excerpt:

European governments may not have intended to create a “privatized police state,” but that is what digital rights activists in Europe warn is happening, due to growing government pressure on companies to police themselves. As Joe McNamee, director of the Brussels-based nonprofit European Digital Rights Initiative (EDRI), puts it, “We are sleepwalking further and further along a road on which we’ve decided that our right to communication and privacy shall be put in the hands of arbitrary decisions of private companies.”

Read the whole commentary here.

Preaching Internet Freedom, Practicing Surveillance

In Foreign Affairs this week, I argue that while Washington preaches global Internet freedom, its practices are facilitating the global spread of unaccountable surveillance. An excerpt:

In the Internet age, it is technically trivial for corporations and governments to gain access to people’s private communications and track their movements. The Obama administration recognizes that online freedom requires not only an open and uncensored Internet, but also one on which government and corporate surveillance powers are appropriately constrained, so that citizens are protected against abuse, and abusers are held accountable. Without strong global standards of public transparency and accountability in how surveillance technologies are deployed, the empowering potential of the Internet diminishes quickly.

Yet, even as the White House clamps down in Iran and Syria, other parts of the U.S. government are driving the development of policies, regulatory norms, and business practices that make a mockery of Washington’s well-meaning efforts to expand Internet freedom abroad. Put another way, although the State Department funnels millions of dollars to nonprofits fighting censorship and surveillance beyond U.S. borders, repressive digital surveillance around the world continues to expand in scope and sophistication.

Read the whole thing here.

Internet Freedom Starts at Home

I have just written an essay for Foreign Policy on the Global Online Freedom Act and why the United States needs to do a better job of practicing at home what it preaches for the world. Here is how it begins:

“An electronic curtain has fallen around Iran,” U.S. President Barack Obama warned in a recent video message marking the Persian New Year. Government censorship and surveillance, he said, make it more difficult for Iranians to “access the information that they want,” denying “the rest of the world the benefit of interacting with the Iranian people.”

Implied though not explicit in Obama’s remarks was the idea that if Iran’s Internet were freer and more open, Iran’s relationship with the world generally — and the United States in particular — would be different. Cases like Iran are the main driver of Washington’s bipartisan consensus around the idea that a free and open global Internet is in the United States’ strategic interest.

Yet more than two years after Secretary of State Hillary Clinton gave her first speech declaring “Internet freedom” to be a major component of U.S. foreign policy, it turns out that many of the most sophisticated tools used to suppress online free speech and dissent around the world are actually Made in the USA. American corporations are major suppliers of software and hardware used by all sorts of governments to carry out censorship and surveillance — and not just dictatorships. Inconveniently, governments around the democratic world are pushing to expand their own censorship and surveillance powers as they struggle to address genuine problems related to cybercrime, cyberwar, child protection, and intellectual property.

Even more inconveniently, the U.S. government is the biggest and most powerful customer of American-made surveillance technology, shaping the development of those technologies as well as the business practices and norms for public-private collaboration around them. As long as the U.S. government continues to support the development of a surveillance-technology industry that clearly lacks concern for the human rights and civil liberties implications of its business — even rewarding secretive and publicly unaccountable behavior by these companies — the world’s dictators will remain well supplied by a robust global industry.

Click here to read the rest.

The 2012 Elections and the Surveillance State

This week ran an opinion piece to which they assigned the headline, We’re losing control of our digital privacy. The essay actually focuses on a very specific invasion of privacy: government surveillance of American citizens through privately-run digital platforms and services. This is a problem I discuss at length in Chapter 5, “Eroding Accountability.”

In the article I point out:

Under two successive administrations, new laws, policies and corporate practices have made it much easier for government agencies to track and access citizens’ private digital communications from their storage “in the cloud” than it is for agents to search or monitor our physical homes, offices, vehicles, and mail.

After citing a number of concrete examples I then raise a question:

In the Internet age, it is inevitable that corporations and government agencies will have access to detailed information about people’s lives. We willingly share personal information with companies for the convenience of using their products. We accept that a certain amount of surveillance is necessary in order to protect innocent people from crime and terror. But as a nation we have failed to address the resulting dilemma: How do we prevent the abuse of the power we have willingly delegated to government and companies?

The essay concludes:

In 2012, the American people rightly expect presidential and congressional candidates to explain how they plan to protect us from crime and terror. In the Internet age, that inevitably requires some degree of surveillance. Yet it is equally vital we demand a clear vision of how they will protect us from abuses of government surveillance power through the corporate-run digital platforms upon which we are increasingly dependent.

Click here to read the whole thing

Surveillance and Censorship in India

Chapter 9 opens with quotes from an infamous April 2011 BBC interview with RIM’s co-CEO Mike Lazaridis, in which he ends the interview abruptly after the BBC’s Rory Cellan-Jones presses him to answer questions about RIM’s “arguments with the Indian government and various other governments in the Middle East” over those governments’ desire to gain access to Blackberry messages and e-mails.  In August 2010, the United Arab Emirates and Saudi Arabia  threatened to ban BlackBerry services until RIM agreed to allow a satisfactory level of government access to communications sent through RIM devices within the country. India soon followed suit with its own demands for access. Late last month, the Wall Street Journal reported that RIM has set up a facility in Mumbai “to help the Indian government carry out lawful surveillance of its BlackBerry services.” The report further quotes a RIM statement which says that “we believe the government of India is now applying its security policy in a consistent manner to all handset makers and service providers in India, which means that RIM should not be singled out any more than any other provider.”

There is a larger problem, however. When it comes to censorship in India, the hardworking folks at the Centre for Internet and Society in Bangalore recently concluded that the Indian government is violating not only Indian laws but also the Indian Constitution in the way it handles censorship demands to companies. What are the chances, then, that the Indian government is not violating its citizens’ rights in similar ways when it comes to demands for user information to RIM and other mobile service providers?

CIS’s Pranesh Prakash compared Google’s most recent Transparency Report, which reveals the number of content removal and user data requests made between January and June 2011 by the Indian government, and compared that information with an official response to CIS queries on content removal and blocking by the Ministry of Communications & Information Department of Information Technology. Prakash’s conclusion:

…it would seem that law enforcement agencies are operating outside the bounds set up under the Indian Penal Code, the Code of Criminal Procedure, as also the Information Technology Act, when they send requests for removal of content to companies like Google. While a company might comply with it because it appears to them to violate their own terms of service (which generally include a wide clause about content being in accordance with all local laws), community guidelines, etc., it would appear that it is not required under the law to do so if the order itself is not legal.

However, anecdotal evidence has it that most companies comply with such ‘requests’ even when they are not under any legal obligation to do so.

This way the intention of Parliament in enacting s.69A of the IT Act—to regulate government censorship of the Internet and bring it within the bounds laid down in the Constitution—is defeated.

As I reported in the book, in April 2011, the Ministry of Communications and Information Technology issued new rules under which Internet companies are expected to remove within thirty-six hours any content regulators designated as “grossly harmful,” “harassing,” or “ethnically objectionable.” Indian free speech advocates have vowed to challenge the rules’ constitutionality. Google publicly protested the rules in a statement warning that “if Internet platforms are held liable for third party content, it would lead to self-censorship and reduce the free flow of information.” As Prakash put it then, “The Indian Constitution limits how much the government can regulate citizens’ fundamental right to freedom of speech and expression. Any measure afoul of the constitution is invalid.”

More details about surveillance and censorship in India can be found in the India-focused chapter of a new book, Access Contested: Security, Identity, and Resistance in Asian Cyberspace, produced by the Open Net Initiative, coming out in December from MIT Press. The India chapter is not currently available online but I discuss India’s issues in a related chapter titled “Corporate Accountability in Networked Asia” (The Citizenlab, one of ONI’s partners, has made that chapter, along with all of Part I of the book, available online here.) I wrote it late last year and it went into production before the new April 2011 rules came out (academic presses take a long time), but I think the larger point remains very relevant. I compare the role played by companies in facilitating government censorship and surveillance in China to the role of companies in two Asian democracies: South Korea and India. I argue that “efforts to hold companies accountable for free speech and privacy in authoritarian countries like China will face an uphill battle unless companies in Asia’s democracies are pushed by domestic civil society actors to defend and protect user rights in a more robust manner than is currently the case.”

The first step is for companies to follow Google’s lead in being more transparent about how they respond to government demands. Then civil society organizations in democracies, like India’s CIS, will be equipped and empowered with the information they need to push their governments to stop using companies as an opaque and unaccountable extension of state power. RIM can and must recognize that by being evasive with the public it is standing firmly on the wrong side of history.

Here is the video of Lazaridis’ interview: