The Global Network Initiative launched their report on Digital Freedoms in International Law: Practical Steps to Protect Human Rights Online in Washington DC yesterday. The report makes for interesting reading and can be found on the GNI website with webstreaming of the event also available. The report is of greater interest to me than the title might suggest. The report certainly delivers on its promise of ‘practical measures to protect human rights in networked technologies’, but there is quite an emphasis on recognising and accommodating law enforcement imperatives. It was exciting to see how many of the themes in the report echo topics that I have been discussing in previous blog posts.
The report gives a good primer on relevant principles of international human rights law and on international efforts at controlling export of ‘dual use’ technologies. It gives extensive examples where ICT companies may find themselves involved (unwittingly or otherwise) in situations where the supply of their products in a particular market could contribute to human rights abuses. It focuses on technologies used for blocking or censoring internet access and those used for surveillance. The report also addresses the situation where companies hold users’ information that countries may seek to access.
One of the strengths of the report is that it takes a realistic approach to the need for governments to be able to access information for legitimate purposes. It acknowledges that it is acceptable and, in many cases even desirable, for governments to be able to access users’ information for law enforcement or to use blocking or surveillance tools. The key challenge is in making sure that these purposes are legitimate and that there is appropriate control and scrutiny. The report explains the international human rights law jurisprudence on the ways in which certain rights can legitimately be limited, giving particular attention to the context of security and anti-terrorism measures. It then explores ways in which these issues apply to sale and use of web and mobile technologies.
The report makes practical recommendations companies, governments, NGOs, IGOs and investors. The report includes a significant number of references to mutual legal assistance treaties, including several recommendations relating to MLATs:
- 4.1.7 – companies should insist that, if the company holds data on a server in another jurisdiction, they will only provide that information to the country through MLAT processes.
- 4.2.13 – States should insist that demands for access to data held on their territory should be made only through MLA arrangements
- 4.3.18 – global and regional IGOs should review the international system of MLATs to address legal uncertainties and to confirm that MLAT processes are the only appropriate way in which to demand access to information in another country’s jurisdiction.
It is great to see MLA being given attention in this field; too often it is overlooked as a little-understood and obscure governmental process. The authors acknowledge that the report is not the end of the story, but rather an invitation for further discussion and development of the law and policy in this area. It certainly has raised some interesting questions in my mind:
- What is the role of cooperation outside of the MLAT process? The report does not consider agency-to-agency sharing of information that occurs between foreign police forces or other law enforcement agencies either formally (through memoranda of understanding) or through less formal channels. This is such an important and frequently-used tool from an operational perspective that it would be good to give consideration to issues such as when is agency-to-agency cooperation appropriate, are there adequate safeguards in place and are there improvements that should be made to existing practices?
- How can MLAT processes be improved? The report notes that MLATs are time-consuming and inefficient and invites further consideration on how to improve this system. The formality of MLA is both its strength and its downfall, which the authors implicitly acknowledge by praising the protections provided under MLATs but lamenting MLATs’ inefficiencies. This is certainly an area that is ripe for exploration.
- What is the best way to assist small companies and start-ups to navigate this difficult area? While companies such as Yahoo!, Google and Microsoft may have sufficient depth of experience in their legal and policy teams to be comfortable engaging on these issues, many other ICT companies operate with much smaller teams who are more accustomed to dealing with issues of commercial contracts and intellectual property than international human rights law and mutual legal assistance. The report encourages sharing of information and expertise through networks such as GNI and highlights the supporting role that governments and NGOs can play. Clearly further work is needed to build a culture of human rights protection and information sharing.
- How should companies handle the ‘borderline’ cases? Examples such as Syria and Egypt provide excellent starting points for discussion and formulation of suggestions on the approach that ICTs should take. But as the audience discussed in Thursday’s Q&A session, how should we handle circumstances where ‘good’ countries do bad things?