Ranking Digital Rights and new TED talk

This blog has not been updated since April 2105, mainly due to the fact that I’ve been so busy with my main job running Ranking Digital Rights (RDR). (I also got married!!)

I’ve decided to revive this blog as a platform on which to share work I continue to do that goes beyond RDR’s scope and which might not be appropriate to share on the project website.

In brief, the main things I’ve done since I last wrote on this blog was to launch the Ranking Digital Rights Corporate Accountability Index in November 2015.  After some funding uncertainty in early 2016 we managed to secure the support to launch a new research cycle for the next Index scheduled for release in March 2017, and to continue the project for at least a couple more years.  If you’d like to learn much more about the Index and its result check out the video and summary of the Index launch. You can also download the full report and related materials here. To get a sense of the impact we’ve been having on companies in collaboration with advocacy partners, read this. Watch the project website for more updates on our research and related activities.

The other major thing I’ve done since this blog went dormant was to give another TED talk at the TEDSummit in Banff, Canada this past June. It’s about why the protection of human rights, freedom of speech and freedom of the press is essential if we are going to succeed in fighting terrorism.Earlier in 2016 I wrote a piece for CNN.com and spoke at South By Southwest Interactive on the same theme. A CSMonitor piece about it is here and a video is here.

 

Advertisements

How not to kill the Internet when fighting terror

Yesterday I testified at a hearing titled The Evolution of Terrorist Propaganda: The Paris Attack and Social Media convened by the House Foreign Affairs Committee’s Subcommittee on Terrorism, Nonproliferation, and Trade. I am not a counter-terrorism expert but I do have a few things to say about how not to destroy Internet users’ right to freedom of expression and privacy. Below is my five-minute oral testimony as delivered, with links added. A pdf of my more detailed written testimony, along testimony of all other speakers can be found here. Video is here.

How do we fight terrorism and violent extremism in the Internet age while not undermining the core principles and freedoms of democratic and open societies?

Terrorists are not the only people who are using social media powerfully and effectively. Yesterday I returned from the Philippines where I participated in a conference of bloggers, activists, and citizen journalists from all over the world. People who believe in freedom of expression, the open Internet, and multicultural tolerance. Many people connected to this community face serious threats of censorship and imprisonment when they write about subjects or advocate policy positions that their governments find threatening. In countries like Ethiopia, Russia, Turkey, Egypt, Morocco, China and elsewhere some have even been charged under broad anti-terror laws that are habitually used as tools to keep incumbent regimes in power.

In response to the tragic massacre in Paris, the French government has called for UN member states to work together on an international legal framework that would place greater responsibility on social networks and other Internet platforms for terrorist use of their services. In addressing the problem of terrorist use of social networking platforms, the United States should adhere to the following principles:

First, multi-stakeholder policymaking. The US opposes UN control over Internet governance because many UN member states advocate policies that would make the Internet much less free and open. Instead the US supports a multi-stakeholder approach that includes industry, civil society, and the technical community alongside governments in setting policies and technical standards that ensure that the Internet functions globally. In constructing global responses to terrorist use of the Internet we need a multi-stakeholder approach for the same reasons.

Second, any national level laws, regulations, or policies aimed at regulating or policing online activities should undergo a human rights risk assessment process to identify potential negative repercussions for freedom of expression, assembly and privacy. Governments need to be transparent with the public about the nature and volume of requests being made to companies. Companies need to be able to uphold core principles of freedom of expression and privacy, grounded in international human rights standards. Several major US-based Internet companies have made commitments to uphold these rights as members of the multi-stakeholder Global Network Initiative. Guidelines for implementing these commitments include: narrowly interpreting government demands to restrict content or grant access to user data or communications; challenging government requests that lack a clear user basis; transparency with users about the types of government requests received and the extent to which the company complies; restricting compliance to the online domains over which the requesting government actually has jurisdiction.

Third, liability for Internet intermediaries including social networks for users’ behavior must be kept limited. Research conducted around the world by human rights experts and legal scholars shows clear evidence that when companies are held liable for users’ speech and activity, violations of free expression and privacy can be expected to occur. Limited liability for Internet companies is an important prerequisite for keeping the Internet open and free.

Fourth, development and enforcement of companies’ Terms of Service and other forms of private policing must also undergo human rights risk assessments. Any new procedures developed by companies to eliminate terrorist activity from their platforms must be accompanied by engagement with key affected stakeholders and at-risk groups.

Fifth, in order to prevent abuse and maintain public support for the measures taken, governments as well as companies must provide effective, accessible channels for grievance and remedy for people whose rights to free expression, assembly, and privacy have been violated. Thank you for listening and I look forward to your questions.

The above recommendations were informed by my years of work on Internet free expression and privacy issues, the Global Network Initiative’s principles and implementation guidelines, standards for Internet and other ICT sector companies currently under development by the Ranking Digital Rights project, and a new report published by UNESCO titled Fostering Freedom Online: The Role of Internet Intermediaries.

In the Q&A session, in response to a question about why companies don’t do a better job of working with the government and others to take down terrorist speech, I tried to remind the committee that we have a bit of a trust deficit between Silicon Valley and the national security community these days. In the wake of Edward Snowden’s surveillance revelations, U.S. companies are already under fire for how NSA has used them for surveillance. The lack of trust, accountability and transparency about the relationship between Internet companies and the US government is a barrier to constructive dialogue. If I’d had more time to comment, I would have suggested that an overhaul of this country’s surveillance laws might be a good place to start in building trust between companies, government, and Internet users. Calling for back doors and opposing encryption doesn’t help either.

Here is the full video:

The Cluetrain Manifesto’s “new clues”

16 years ago, four visionaries published the Cluetrain Manifesto, featuring a set of 95 theses about how the Internet has changed markets and relationships. The first thesis, “markets are conversations,” has become a mantra. Now two of the authors, David Weinberger and Doc Searls have published a set of new clues topped by a warning: “all the good work we’ve done together faces mortal dangers.”

Their “new clues” are meant to inform and spur a call to action:

We, the People of the Internet, need to remember the glory of its revelation so that we reclaim it now in the name of what it truly is.

The first set of “clues” are listed under the heading, “The Internet is us, connected.” In clue number 3 David and Doc give a shoutout to Consent of the Networked:

Verizon, Comcast, AT&T, Deutsche Telekom, and 中国电信 do not own the Internet. Facebook, Google, and Amazon are not the Net’s monarchs, nor yet are their minions or algorithms. Not the governments of the Earth nor their Trade Associations have the consent of the networked to bestride the Net as sovereigns.

Indeed. Which is why I’m so excited about Ranking Digital Rights project, which in late 2015 will release its inaugural ranking of Internet and telecommunications companies on the extent to which they respect users’ freedom of expression and privacy. The full list of companies will not be decided until we complete our pilot study, but it will definitely include at least some of those companies mentioned above.

Ranking Digital Rights: Help decide how to rank companies on free expression and privacy

The following post is featured on the London School of Economics “Measuring Business and Human Rights” blog:

Ranking Digital Rights: How can and should ICT sector companies respect Internet users’ rights to freedom of expression and privacy?

Vodafone’s blockbuster Law Enforcement Disclosure report, published last week, reveals greater detail than any telecommunications company has previously shared about the extent and nature of government surveillance demands all over the world.

Vodafone is certainly not alone: the problem is rampant across the entire sector. Norway’s Telenor isunder pressure from Thailand’s new military leaders who just seized power in a coup to help monitor and censor any content that might “lead to unrest.” Human Rights Watch recently questioned the French company, Orange, about its operations in Ethiopia whose government jails bloggers for political critiques.

Censorship is also a serious and growing problem for the ICT sector. On the 25th anniversary of China’s Tiananmen Square massacre on Wednesday, LinkedIn blocked mentions of the tragedy for its users in China. Last month, Twitter came under fire from free speech activists for agreeing to censor several tweets in Pakistan at the government’s request. Earlier this year, The Atlantic reported that “the Syrian opposition is disappearing from Facebook” – and not by choice.

Clearly, the policies and practices of Internet and telecommunications companies have real impact for the free expression and privacy of people around the world. Are they living up to their responsibilities? Are they doing everything they can to respect the rights of their users?

Some companies are trying – to varying degrees, publishing “transparency reports,” signing up for assessment processes through membership the Global Network Initiative, and making joint commitments as part of the Telecom Industry Dialogue. Others are doing little more than public relations window-dressing, while yet others are making little or no discernible effort to respect their users’ digital rights.

Meanwhile, investors have begun to ask questions about the materiality of companies’ policies and practices related to freedom of expression and privacy. One concrete example is the addition of freedom of expression and privacy criteria to recommended SEC reporting standards by the Sustainability Accounting Standards Board.

As Internet users, or as investors who care about social value as well as financial returns, what should we be asking of these companies? How do we benchmark and compare companies’ policies and practices affecting free expression and privacy? What should be considered “best practice” in a world where governments are making unreasonable demands of companies, whose staff risk jail or worse in many cases for non-compliance?

The Ranking Digital Rights project is working on answers to those questions, developing a system rank the world’s most powerful ICT sector companies on free expression and privacy criteria. We have just released a draft methodology on which we are now inviting public comment until July 7th. After further revision followed by a pilot study, we aim to start ranking up to 50 Internet and telecommunications companies in 2015. (We will add up to 50 more device, software, and equipment companies in 2016.)

The project is modeled after other efforts by investors, universities, NGOs and international organizations that measure companies on other human rights, social responsibility and sustainability criteria – from conflict minerals to labor practices to carbon disclosure. Many rankings efforts such as the Access to Medicines Index and the Corporate Equality Index have had real impact on corporate practices.

Thus we believe that if the methodology is well constructed, a ranking focused on the policies and practices of ICT sector companies affecting free expression and privacy can have a substantial, measurable impact on the extent to which companies respect and protect Internet users’ rights.

The current draft methodology is the product of more than a year’s worth of research and stakeholder consultation. The first step came with a stakeholder consultation in the Fall of 2012 to ascertain whether there was sufficient interest among investors, advocates, and technologists to proceed with the project. After some initial funds had been secured and partnerships forged, an April 2013 workshop at the University of Pennsylvania brought together a group of researchers from around the world, technologists, experts in business and human rights, and experts on rankings. Out of that meeting came a set of draft criteria in the summer of 2013: an initial list of questions that stakeholders believe are relevant to understanding how and whether Internet and telecommunications companies are making genuine efforts to respect Internet users’ freedom of expression and privacy. We then used the draft criteria as the basis for a set of case studies examining companies in the United States, Europe, Brazil, India, China, and Russia. The results of the case study in turn enabled us to make key decisions about the methodology’s scope and focus, and to publish a first draft in February. We then carried out another round of consultations with companies, investors, technologists, experts on business and human rights, and experts on rankings. After absorbing their feedback and carrying out further research, we were able to publish Version 2 of the draft methodology late last month.

Public consultation on the current draft runs through July 7th, after which we will make another round of revisions and produce Version 3. That version will be used as a basis for a pilot study focusing on up to 10 of 50 companies we are likely to rank in 2015. This pilot study will enable us to improve the methodology and make final decisions about scoring and weighting for the full ranking to be implemented in 2015. It will also enable us to identify adoption and advocacy strategies for investors and civil society, so that we can ensure that the ranking is produced in a manner that is as useful to these stakeholder groups as possible.

But first, in order to make sure that our methodology is as solid and credible as possible, it is important that we get feedback on our latest draft from experts on digital privacy and freedom of expression, anybody who might want to use our data when it comes out, as well as companies who may be candidates for ranking.

If you think you might be one of those people – or if you just care about these issues and want to weigh in – please click here, read the methodology, and help us improve it.