Whistleblowing about government surveillance: political offense or serious crime?

[cross-posted from http://cyberlaw.stanford.edu/blog]

It seems like the world has been turned upside down when a US citizen flees to China seeking political asylum.  And yet Edward Snowden is apparently hiding out in a secret location in Hong Kong after revealing that he is responsible for the leaked information on the US government’s PRISM program of surveillance.  He explains his choice of refuge as being based on Hong Kong’s reputation for defending freedom of speech.  He is also apparently considering Iceland as another potential refuge.  But if the US chooses to prosecute him, will he be able to avoid being sent home to face charges?  A key part of the answer lies in whether his leaking of official secrets qualifies as a ‘political offense’.

Continue reading Whistleblowing about government surveillance: political offense or serious crime?


One heck of a timely UN report on government surveillance of communications

If it had happened on House of Cards, you’d have enjoyed the theater of it, but figured that the writers had taken some artistic license in the timing.  I mean, it just doesn’t happen in real life that the UN releases a report on the dangers of government surveillance on the internet immediately before the news breaks that the US Government has been conducting internet surveillance of previously unimagined proportions.  Critics could unkindly say this is because the UN is never ahead of the game, but in this case, you have to hand it to Frank La Rue – he has clearly authored an exceptionally timely report: Continue reading One heck of a timely UN report on government surveillance of communications

Going beyond the guidelines – legal and moral responsibilities on ICT companies

YouTube this week introduced a face-blurring tool to protect activists from being recognised by their online activities.  Human rights groups will no doubt welcome the initiative as it comes in response to calls from groups such as Witness.  Some web companies demonstrate a commitment to not only reducing the negative human rights impacts of their activities, but also to actively improving the positive impacts that they may have.  The uptake of some of the voluntary guidelines on corporate social responsibility and human rights demonstrates a willingness to go beyond the minimum requirements.  But what responsibilities do tech companies really owe to users in other countries?  Is this solely a question of moral responsibility and ethics, or is there a legal obligation?  And should moral responsibility be reflected in a legally-binding regime? Continue reading Going beyond the guidelines – legal and moral responsibilities on ICT companies

Digital Freedoms in International Law – at last a great conversation-starter in the field of law enforcement, human rights and technology

The Global Network Initiative launched their report on Digital Freedoms in International Law: Practical Steps to Protect Human Rights Online in Washington DC yesterday.  The report makes for interesting reading and can be found on the GNI website with webstreaming of the event also available.  The report is of greater interest to me than the title might suggest.  The report certainly delivers on its promise of ‘practical measures to protect human rights in networked technologies’, but there is quite an emphasis on recognising and accommodating law enforcement imperatives.  It was exciting to see how many of the themes in the report echo topics that I have been discussing in previous blog posts.

The report gives a good primer on relevant principles of international human rights law and on international efforts at controlling export of ‘dual use’ technologies.  It gives extensive examples where ICT companies may find themselves involved (unwittingly or otherwise) in situations where the supply of their products in a particular market could contribute to human rights abuses.  It focuses on technologies used for blocking or censoring internet access and those used for surveillance.  The report also addresses the situation where companies hold users’ information that countries may seek to access.

One of the strengths of the report is that it takes a realistic approach to the need for governments to be able to access information for legitimate purposes.  It acknowledges that it is acceptable and, in many cases even desirable, for governments to be able to access users’ information for law enforcement or to use blocking or surveillance tools.  The key challenge is in making sure that these purposes are legitimate and that there is appropriate control and scrutiny.  The report explains the international human rights law jurisprudence on the ways in which certain rights can legitimately be limited, giving particular attention to the context of security and anti-terrorism measures.  It then explores ways in which these issues apply to sale and use of web and mobile technologies.

The report makes practical recommendations companies, governments, NGOs, IGOs and investors.  The report includes a significant number of references to mutual legal assistance treaties, including several recommendations relating to MLATs:

  • 4.1.7 – companies should insist that, if the company holds data on a server in another jurisdiction, they will only provide that information to the country through MLAT processes.
  • 4.2.13 – States should insist that demands for access to data held on their territory should be made only through MLA arrangements
  • 4.3.18 – global and regional IGOs should review the international system of MLATs to address legal uncertainties and to confirm that MLAT processes are the only appropriate way in which to demand access to information in another country’s jurisdiction.

It is great to see MLA being given attention in this field; too often it is overlooked as a little-understood and obscure governmental process.  The authors acknowledge that the report is not the end of the story, but rather an invitation for further discussion and development of the law and policy in this area.  It certainly has raised some interesting questions in my mind:

  • What is the role of cooperation outside of the MLAT process?  The report does not consider agency-to-agency sharing of information that occurs between foreign police forces or other law enforcement agencies either formally (through memoranda of understanding) or through less formal channels.  This is such an important and frequently-used tool from an operational perspective that it would be good to give consideration to issues such as when is agency-to-agency cooperation appropriate, are there adequate safeguards in place and are there improvements that should be made to existing practices?
  • How can MLAT processes be improved?  The report notes that MLATs are time-consuming and inefficient and invites further consideration on how to improve this system.  The formality of MLA is both its strength and its downfall, which the authors implicitly acknowledge by praising the protections provided under MLATs but lamenting MLATs’ inefficiencies.  This is certainly an area that is ripe for exploration.
  • What is the best way to assist small companies and start-ups to navigate this difficult area? While companies such as Yahoo!, Google and Microsoft may have sufficient depth of experience in their legal and policy teams to be comfortable engaging on these issues, many other ICT companies operate with much smaller teams who are more accustomed to dealing with issues of commercial contracts and intellectual property than international human rights law and mutual legal assistance.  The report encourages sharing of information and expertise through networks such as GNI and highlights the supporting role that governments and NGOs can play.  Clearly further work is needed to build a culture of human rights protection and information sharing.
  • How should companies handle the ‘borderline’ cases? Examples such as Syria and Egypt provide excellent starting points for discussion and formulation of suggestions on the approach that ICTs should take.  But as the audience discussed in Thursday’s Q&A session, how should we handle circumstances where ‘good’ countries do bad things?

Human rights risks and strategies in new markets – herding cute cats?

While much of the material on the internet and social media may seem trivial, its power as a tool for political mobilisation was evident during the Arab Spring.  Ethan Zuckerman’s ‘cute cats’ theory posits that while Web 2.0 may have been designed for people to share pictures of cute cats, it can still have a powerful role in political movements.  People who would ordinarily distance themselves from political issues can become politically mobilised when a government restricts their access to their ‘cute cats’.  The habit of sharing everyday thoughts and photos with the world can also become powerful when individuals are in an environment where access to information and sharing of opinions is being restricted.

While commentators love to dispute the importance of the role of social networks and the internet in revolutions (Sarah Joseph offers an interesting summary), there seems to be a strong case that these products can have a beneficial role in developing countries and societies in transition.  However, the principle of ‘first do no harm’ is also relevant here.  Are there times when a company’s presence in a country is doing more harm than good?  And are there steps that a company can take to ensure that the benefits outweigh the detriments? Continue reading Human rights risks and strategies in new markets – herding cute cats?

Whose law and whose rights? US web companies in the global context

Growing numbers of governments are scrambling to reign in the creative chaos of the internet.  Vinton Cerf recently wrote in the New York Times that the internet is at a crossroads as the freedoms that allowed its development are now being curtailed.  While only four countries censored internet content in 2002, this number has now risen to 40.

This puts US web companies in a difficult position.  On the one hand, they do not want to be complicit in attempts to stifle the very freedom that allowed them to prosper.  On the other hand, if they want to expand to new market places and bring some of the benefits of the internet to new audiences, shouldn’t they respect the laws of the jurisdictions in which they operate?  At last week’s Conference on Legal Frontiers in Digital Media at Stanford University, there was much discussion of the need to ‘fly the flag’ for the freedom of expression wherever internet companies were operating.  Ebele Okobi from Yahoo!’s Business and Human Rights Program noted that we are not talking about freedom of expression as one simple law, but instead shades of grey in the way in which it is implemented and interpreted.  However, there was little time to explore this further and the room was left slightly baffled about how we could navigate the complexity of protecting the First Amendment right in a truly global environment.

How helpful is the US approach to freedom of expression for companies operating internationally?  The US approach is uncompromising, allowing very few limits on the freedom of expression.  Is an English law on defamation, a German law against holocaust memorabilia or an Australian law on hate speech so fundamentally inconsistent with the freedom of expression that US companies operating in those jurisdictions are justified in disregarding the local laws?   Continue reading Whose law and whose rights? US web companies in the global context

Legal frontiers in digital media: human rights and social responsibility

A room full of eminent media and internet lawyers is perfectly comfortable with the intricacies of the DMCA, privacy considerations and defamation actions.  But when the Conference on Legal Frontiers in Digital Media (Stanford University, 21-22 May 2012) started to discuss social responsibility and human rights on the internet, some in the room were exploring unfamiliar territory.  Given my background advising government on legal cooperation in criminal matters and human rights law, this is when the conversation became really interesting for me.

The last session on Monday afternoon brought together a panel of Timothy L Alger (Perkins Coie), Erica Johnstone (Without My Consent), Betsy Masiello (Google), Ebele Okobi (Yahoo!) and Kurt Opsah (Electronic Frontier Foundation).  My head is abuzz with questions after this session and I have a long list of topics that I want to further explore.  Top of my list are the following questions:

  • Whose law and principles on human rights should US-based internet companies apply when determining their actions in countries around the world?  US law?  International law?  Local laws?  While we would not want freedom of speech on the internet to be reduced to the world’s lowest common denominator, how can US companies take a principled stance without imposing some kind of US cultural imperialism on the internet?
  • When internet companies enter new markets, what are the ways in which they can manage the risk of potential impact on human rights in those countries?  At what point does it become unacceptable to operate in a particular country?
  • Discussion about human rights in the online and social networking environment tends to focus on the protection of privacy and the freedom of expression.  Is this focus appropriate, or are there other rights that should be taken into account?
  • Are the human rights considerations that are relevant for internet companies responding to subpoenas in civil matters different from the considerations that are relevant in criminal proceedings?  Does the involvement of government actors such as police or the Department of Justice absolve the internet companies of their responsibility (moral or legal) to ensure that the information that they disclose will not lead to the abuse of an individual’s human rights?

These are such dense topics and they warrant closer consideration.  With this is mind, I plan to explore them at greater length in future blog posts.