It's been twenty years since John Perry Barlow declared cyberspace independent, but there continues to be a long line of not-so-weary giants aiming to expand their territory over the electronic frontier. Here is 2016's roll call of national governments and courts who either presumed that their own local law should be enforced across the global Internet, or are attempting to lock down their own citizens into a shuttered and parochial version of the world wide net:
- In Google v. Equustek, a Canadian appeal court insisted that an order to remove search engine links to a site involved in a trade secrets case should be removed from everyone's sight—including billions of Internet users outside Canada's jurisdiction. EFF intervened and earlier this month argued before the Canadian Supreme Court that forcing search engines to implement the court's order worldwide would affect non-Canadians' right to access information that could very well be lawful in their own nation.
- France's data protection regulators, CNIL, similarly declared that search engines implementing France's Right to Be Forgotten must de-list links globally—as opposed to the EU-only geo-blocking accepted by the data protection authorities in other European countries. The case is now being appealed to France's highest administrative court, the Conseil d'Etat, where EFF joined with eight other human rights groups to point out the dangerous consequences if every country claimed that their censorship laws must apply across the global net. We also stressed how such an order would be unlawful in the United States.
The parties in both Equustek and CNIL cases highlight who is expected to use their power to erase and forget: Google and the social media giants of the 2016's Internet.
As well as attempting to turn these multinationals into global censors, governments across the world are working with them in subtler ways, with the same effect.
Shadow regulations are "voluntary" agreements between corporations and governments, where companies agree to take down content or suspend accounts under vague and wide-ranging terms. We've got a whole other blog post devoted to reviewing creeping shadow regulation in 2016, but here are a couple of this year's examples that ended up with one part of the world broadening its laws and prohibitions through deals with globe-spanning Internet companies.
- The European Commission negotiated a "code of conduct" this year with the big social media companies, where they agreed to remove the majority of "illegal hate speech" within 24 hours of being notified by EU authorities. Because these take-downs would take place under the companies' own terms of service, this content removal would be worldwide in its effect, with no due process, no court of appeals, and very little transparency.
- In December, the same Internet companies agreed to compile, share and act on a collective set of hashes (digital fingerprints) of terrorist imagery and videos—a secret database of content that will be pro-actively forbidden on the vast majority of social media platforms. What counts as "terrorist" is left undefined, but given the companies' base in the United States, it will undoubtedly track closely that country's view of who in the world is a terrorist. That is, until other countries decide to encourage these companies to adopt their suggested hashes.
The United States government was also caught expanding its jurisdiction across the Atlantic:
- After attempting to use a U.S. search warrant to seize data stored by Microsoft overseas, the Second Circuit Court of Appeals told the U.S. Department of Justice that if they wanted to get data held in Ireland, they'd need to come back with a local, Irish, warrant. (EFF provided an amicus arguing in favor of this approach.)
- But requiring the American government to come back with a local warrant may not last much longer, at least in the United Kingdom and United States. Over the summer of 2016, the U.K. and U.S. governments began lobbying Congress to create a new shortcut for obtaining the contents of communications and live taps of data in each other's countries. The new U.K./U.S. agreement would expand the jurisdiction of the U.S. courts to obtain email and other private data from the U.K. It would also allow British law enforcement to ask American companies for the contents of emails without a U.S. warrant. The bill would require a change to the law in the United States, and a new willingness in the U.K. to let the United States government rifle through private U.K. users' data without asking.
The biggest headline-grabber in Internet control this year, though, was ICANN. One of the net's few points of centralized control, the domain name authority officially ended its ties with the U.S. government and established itself as independent body. Despite cries from U.S. politicians that Washington was losing control of the Internet, the end result remained close to the status quo. ICANN stays a private company, still working out of the United States. It continues to be courted by governments and corporations alike to reflect their vision of how domain names should be policed. EFF continues to advocate that ICANN should stand up for the privacy and free expression rights of domain name owners wherever they live.
While Western countries fought to expand (or fight to maintain) their influence on the global net, we also see countries have been flexing their muscles close to home. These included:
- Russia, where the increased enforcement of 2013's 242-FZ data localisation mandate, together with the new Yarovaya data retention law, increased the pressure on foreign companies to track their Russian users and keep their private data available for the authorities.
- China, where the PRC's new Cybersecurity Law gave that country even wider powers to force foreign and local companies to provide Chinese authorities access to personal data.
- Brazil, where judges and politicians continued to threaten net service providers like WhatsApp with bans and blocks unless they provide back doors or keep data stored locally.
Those are just this year's latest attempts to divide and conquer the net. We anticipate, as John Perry Barlow did two decades ago, continuing attempts to erect these "guard posts at the frontiers of cyberspace." But while you're still there supporting us, we'll work to keep the net an open frontier, not enclosed and divided by scrapping states.
This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016.