Are some companies ‘yes men’ when foreign governments ask for user data?

Once you start looking at which countries are requesting data from US companies, the next obvious (and critical) question is: how do companies respond to those requests? This is largely a matter of company discretion because the Electronic Communications Privacy Act does not apply to requests for user data from foreign governments. Without laws governing this important issue, foreign users are reliant on due diligence and good will by individual companies. This ad hoc approach means that different companies can have quite different compliance rates for the same countries. Continue reading Are some companies ‘yes men’ when foreign governments ask for user data?


Which countries’ law enforcement are data hungry?

One of the trends from the industry-wide transparency report that’s worth looking at more closely is which countries are making requests for user data, to which companies, and on what scale.  This post will break down these statistics and suggest some of the trends behind the numbers. Continue reading Which countries’ law enforcement are data hungry?

Extraterritoriality and digital surveillance – time for the lawyers and the advocates to bring the dialogue together

This weekend, as an ex-bureaucrat, I felt for the folk at the State Department.  It must have been a ridiculously busy weekend for those preparing for this week’s Human Rights Committee Hearing in Geneva.  On Friday, the New York Times leaked Harold Koh’s legal advice acknowledging that the US obligations under the International Covenant on Civil and Political Rights do not stop at the border.  The NYT article would have meant that the briefing folders that had been merrily making their way up the clearance chain in time to be packed into the delegation’s suitcases would have been discarded (or at least the sections on extraterritoriality would have been yanked out) and all the talking points would have needed to be rewritten.

This is not just an important moment for bureaucrats or international human rights law junkies; it is potentially powerful for digital rights activists pushing for reform of global surveillance practices.  Digital rights advocates have been calling for the US government to end global mass suspicionless surveillance and to adhere to their international human rights law obligations.  There may be a strong moral case to support them, but when it comes to the NSA’s overseas activities, the discourse has often lacked a strong legal underpinning.  In order to push governmental policy on this issue, the dialogue needs to mature to the point where it is built on solid legal underpinnings.  The next couple of months bring an unprecedented opportunity to do just that. Continue reading Extraterritoriality and digital surveillance – time for the lawyers and the advocates to bring the dialogue together

Legal frontiers in digital media: human rights and social responsibility

A room full of eminent media and internet lawyers is perfectly comfortable with the intricacies of the DMCA, privacy considerations and defamation actions.  But when the Conference on Legal Frontiers in Digital Media (Stanford University, 21-22 May 2012) started to discuss social responsibility and human rights on the internet, some in the room were exploring unfamiliar territory.  Given my background advising government on legal cooperation in criminal matters and human rights law, this is when the conversation became really interesting for me.

The last session on Monday afternoon brought together a panel of Timothy L Alger (Perkins Coie), Erica Johnstone (Without My Consent), Betsy Masiello (Google), Ebele Okobi (Yahoo!) and Kurt Opsah (Electronic Frontier Foundation).  My head is abuzz with questions after this session and I have a long list of topics that I want to further explore.  Top of my list are the following questions:

  • Whose law and principles on human rights should US-based internet companies apply when determining their actions in countries around the world?  US law?  International law?  Local laws?  While we would not want freedom of speech on the internet to be reduced to the world’s lowest common denominator, how can US companies take a principled stance without imposing some kind of US cultural imperialism on the internet?
  • When internet companies enter new markets, what are the ways in which they can manage the risk of potential impact on human rights in those countries?  At what point does it become unacceptable to operate in a particular country?
  • Discussion about human rights in the online and social networking environment tends to focus on the protection of privacy and the freedom of expression.  Is this focus appropriate, or are there other rights that should be taken into account?
  • Are the human rights considerations that are relevant for internet companies responding to subpoenas in civil matters different from the considerations that are relevant in criminal proceedings?  Does the involvement of government actors such as police or the Department of Justice absolve the internet companies of their responsibility (moral or legal) to ensure that the information that they disclose will not lead to the abuse of an individual’s human rights?

These are such dense topics and they warrant closer consideration.  With this is mind, I plan to explore them at greater length in future blog posts.