Speech by Brett Solomon from AccessNow.org to the Dutch Ministry of Foreign Affairs – The Hague
December 9, 2011
I am the Executive Director of Access Now (https://www.accessnow.org). We are a global movement for digital freedom. Being in this room is somewhat of a dream come true, because we, and other civil society organizations who are also present here, have been talking about many of these issues for a number of years now, and to see it all played out here in this room, at such a high level, is a major step. Hilary Clinton and Eric Schmidt articulating so eloquently the importance of digital freedom is a powerful endorsement the importance of these issues. Now, it feels as though we can go forward together.
Fact: While we are migrating online, we are not moving into a civic commons—rather, into a series of shiny and digital private malls. The privatized internet and corporation-owned mobile communication networks are increasingly fundamental to our ability to express our opinion, to seek, receive and impart information, and serve as gateway to all other rights in the digital age.
Because the private sector, essentially, owns the net, produces the hardware, lays the cables, stores the data and manages the networks – and is the sphere that we go to exercise our rights – it is becoming the arbiter of our freedoms. Indeed, as the internet becomes the front line of human rights defense and enjoyment, the question becomes whether the corporate keymasters to that front line really care, and how can we make them care?
Fortunately, to some extent they are already on board because the right to communication and the business model of the communication sector overlap. Remember, our right to communication is also their network traffic. Our right to freedom of expression is also their social network. Our cameras are their mobile handsets.
What concerns me more is when the business model of the communication sector and the right to communication do not over lap. In particular when the business model is to suppress information, to silence speech, to surveil. Some of the tech is made right here – and it has enabled the oppressor. It has been used to track, to monitor, to detain. That digital arms trade must be stopped – and congratulations to the European Parliament for getting the Syrian ban on certain technologies through, but now we need to see Commission recommendations on how Member States implement these guidelines. These will form the test case for the dual use regulation that has been amended to include IT. We need to get those regulatory details right – there is nothing worse than poor regulation.
Indeed, responding to dual use technology is a problem which has not yet been solved. There is the stark reality that dual use technology can be employed legitimately to manage network traffic and spam, as well as survey and censor political opponents.
So when we are asked what can corporations can do? We have some answers for this: Technology companies must therefore question their code, employ due diligence to whom they sell to, and interrogate their policies that guide their start-ups.
This is not just about corporate responsibility. That is the wrong term and the wrong frame. It assumes you can do wrong and then feel better with charitable acts or press releases. Technology companies must employ human rights by design and this is the first principle I want to refer to from the Silicon Valley Standard – the outcome document from the Silicon Valley Human Rights Conference that just took place in San Francisco (https://www.rightscon.org)
First, Human Rights by Design. This includes developing a human rights policy and engaging in due diligence at the earliest stages that helps companies prevent crises, limit risk, and enable evidence-based assessment of company activities and reporting.
We need to recognize the human rights implications all the way along the value chain. For example, there are decisions made in code. Off the shelf geo-location technology may get you closer to a customer, it also gets a dictator closer to his dissenters.
A word on the Ruggie Framework – it is an important place to start to understand the rights framework for business. But I would also argue that this sector is a different ballgame to other sectors. And to be honest, I am not sure whether the Ruggie Framework is strong enough for this environment. Perhaps the state should now be joined by the corporation as a primary rights protector. This does not mean that the state is no longer obligated. To the contrary, companies themselves have a primary and not a referred obligation. That is:
The company has the duty to protect against human rights abuses by third parties, including business and government;
The company has the responsibility to respect human rights; and
The company has to provide remedy to those negatively impacted.
My first call to action for companies then is to adopt the Ruggie Framework at a minimum. Join the GNI and begin your human rights impact assessments.
Second, Power in the marketplace: Companies are not just idle players. They have supreme power in the market and they should be using that role to encourage governments to protect human rights through appropriate policies, practices, legal protections, and judicial oversight. This includes net neutrality provisions, which are at risk in the European Union, The Netherlands lead on committing to net neutrality was a major step forward, as is prompting such legislation in Belgium, Spain and elsewhere.
But companies need to do more.
They need to pressure governments to not allow the copyright industry to trump freedom of speech in the name of IP. It is also vital that they advocate for control over their networks even in times of crisis. Vodafone cannot say they are just following the laws of the country when they are also helping make the laws in the post revolution period.
My second call to action is for companies to lobby for rights respecting environments for copyright, law enforcement and national security – even, if it is bad for business
This raises the third thing companies can do – coming out the Access Silicon Valley Human Rights Conference.
Third, Security and Encryption of Web Activity. Effective internet security is essential to ensuring freedom of speech, privacy, and the right to communicate online. You may not know this, but we, civil society are under attack—our accounts hacked, our networks compromised, our sites brought down. We need security by default, and we need the assistance of the corporate sector.
Technology companies must provide a basic level of security (e.g., HTTPS and its improvements) and resist bans and curtailments of the use of encryption.
To my mind digital attack is the greatest threat to an open internet. To respond we are in the process of putting together the Digital Security Council. We envision a body that would act as a warning system, analyst and responder to key digital security issues. A high level, multi-stakeholder council of technologists, digital security experts, policy practitioners and others who are able to expertly identify, assess and manage digital threats to international peace and security.
A series of triggers would give rise to the Council’s operations whereby a first responders group would diagnose the threat, determine the threat level and likely harm and decide whether it is a matter for the Council. The Council’s initial role would be to monitor, receive reports, provide advice and mediate as necessary and possible. Over time, its capacity might grow to include an online peace keeping force or mirror other functions deployed by the Security Council offline.
My third call to action is for the tech sector to work together on establishing security by default and to establish the infrastructure, including the Digital Security Council, to respond to impending threats.
Fourth, Intermediary Liability. Freedom of speech, association, and commerce increasingly depend on internet intermediaries such as broadband service providers and web hosting companies.
These intermediaries should not be required to determine the legality of, or be held liable for, the content they host. But this is exactly what is being asked of them, by the copyright lobby in proposed agreements such as ACTA, TPP and SOPA as well as by governments such as Thailand through the Computer Crimes Act.
Companies must fight this trend. If India passes domestic laws requiring Facebook and Youtube to pre-screen content that is the end of the open internet as we know it. I wish to underline their proposal again so that we collectively understand the absurdity of it. The Communications Minister was demanding not that the social media sites bring content down after it is posted, but to censor it before it even goes up.
My fourth call to action is global coordination to protect intermediaries because if they are held liable, our rights to freedom of speech will be severely impacted.
Finally, Legal Jurisdiction in a Borderless Virtual World. Government mandates that infringe upon freedom of expression and other human rights should be interpreted by corporations so as to minimize the negative impacts of these rules and regulations. For example, technology companies should incorporate adequate privacy protections for users by default. The Silicon Valley Standard tells companies that they should, for example:
Resist overboard requests from governments to reveal users’ information, disclose no more information about users than is legally required, and inform users so they can choose to legally respond to these requests.
Resist efforts to shut down services and block access to their products, especially during times of crisis when open communications are critical.
Resist blanket government surveillance of corporate networks.
The last call to action to companies is that they do not negotiate non-rights respecting internet and telecom policy. We ask that telecoms look at the Telco Action Plan with a view to adopting it in their operations.
I want to close with a quick reflection on the post-revolution digital world, particularly in the Middle East. This need to be our frontline. We need to work even harder than before because to go through a revolution and deliver the same telecom and internet policies after the upheaval must be avoided at all costs. We know that those legal frameworks are being discussed right now in a number of jurisdictions. The decisions that are made here will affect the freedom of speech online environment for decades. Embedding surveillance technology will turn citizens into suspects; legislating for censorship will end political satire and comment. We must support the development and implementation of an open internet and mobile communication environment.