It is a testament to the enduring success and growing importance of the Internet that the original space of over four billion addresses has effectively been exhausted. Workarounds are in common use to share and reuse addresses, making this a problem that most users can continue to ignore for now. On the other hand, it already forces network engineers to work under difficult constraints and justify each request for a new address. Serving a variety of hostnames from only one IP address can make SSL certificate management complex, adding a needless obstacle to HTTPS adoption. Address scarcity also presents a serious roadblock to new ISPs, especially outside North America. As every new mobile device service is now an ISP too, the problem is only accelerating.
IPv6 solves this issue by starting out with a much larger block of addresses. Famously, the address space of 2128 is large enough to assign almost 5 x 1028, or 50 billion billion billion, addresses to every living human. The protocol also includes built-in features for configuration and encryption that have traditionally been performed by other software running on top of the IP network layer, and support for extremely large frame sizes for future scalability.
The transition to IPv6 presents some privacy concerns that users should be aware of. As first conceived, a portion of an IPv6 address would be generated from a device's MAC address, making it possible for every remote machine a user communicates with to calculate the unique hardware identity of the user's machine. That allows sites and services anywhere in the world to recognize and track the user's device forever. The sparse address space and decreased need to pool IP addresses with Network Address Translation also make it easier to uniquely identify and track a user.
However, more and more operating system vendors are including plugins to mitigate these concerns and, better yet, enabling them by default. IPv6 support is also available from the Tor Project, but for now you will need to know the address of an IPv6 bridge to use it. As more people adopt IPv6, we should all be vigilant about protecting our privacy, but right now we see no serious hurdles that should warrant putting off IPv6 adoption.
Because the IPv6 protocol follows the standard TCP/IP networking model and sits squarely on the Internet layer, many IPv4 applications can be updated to add IPv6 support with only small changes. For site operators like EFF, the changes can be almost as simple as updating the server software's configuration file to include its IPv6 address and adding IPv6 'AAAA' domain name records. We also recommend configuring an IPv6 aware firewall, such as ip6tables for GNU/Linux.
If getting ready for the Internet of the future is so easy, why hasn't everyone already done it? Unfortunately, for major hosting providers and ISPs, it can be a much bigger task. In order to provide your server with a v6 IP address, they might need to upgrade a significant portion of their network infrastructure. Very few home ISPs offer IPv6, and home routers with IPv6 support haven't been on the shelves for very long. Until demand increases, uptake might be slow, and with workarounds to share IPv4 addresses in place demand remains low. The organizations taking part in World IPv6 Launch Day are helping to change this picture.
If your ISP or hosting provider doesn't offer native IPv6, you can still offer connectivity or start using IPv6 care of a transition technology whereby v6 traffic is tunneled through an IPv4 address. A number of providers and client packages can help make configuring this scenario relatively painless.
www.eff.org will launch over IPv6 on June 6, 2012. Due to hosting limitations, our other sites and services will follow at an as yet undetermined date. In the meantime, future-proofed users can enjoy a preview at ipv6.eff.org.
In the ongoing effort to bring you cool things that support important civil liberties issues, EFF is happy to unveil our third annual DEF CON hacker conference t-shirt featuring the dangerous, and yet cuddly Script Kitty. He hacks, he glows, and he demands coders' rights.
Our spokeskitten shows that, if you own a killer robot, you have the right to pwn it. The front of the shirt features our EFF-DEF CON logo mashup in a subtle homage to our mutual support (as well as a shout-out to EFF's advocacy for remix culture and fair use). And watch the front and back glow acid green under cover of darkness!
While you're at it, start your own D(EFF)CONtest team and be your own first contributor. Compete to protect coders' rights and win a whole lot of 1337 including a stay at the Rio Hotel and Casino, DEF CON Human Badges, Ninja Party badges, passes to theSummit, and more!
New legislation in the Netherlands makes it the first country in Europe to establish a legal framework supporting net neutrality. In addition to the net neutrality provisions, the law contains language that restricts when ISPs can wiretap their users, and limits the circumstances under which ISPs can cut off a subscriber's Internet access altogether.
The anti-wiretapping section of the new law specifies that ISPs may not use technologies like deep packet inspection (DPI), except under limited circumstances, or with explicit consent from the ISP’s customer, or to comply with a court order or other legislative provisions. One Dutch ISP, KPN, came under fire last year for using DPI to determine whether its subscribers were using VoIP on mobile devices.
The new law sets out an exhaustive list of six circumstances in which an ISP can disconnect or suspend the Internet access of subscribers. These include: termination at the request of the subscriber, non-payment by a subscriber, in cases of deception, at the expiry of a fixed contract, force majeure, or if the ISP is required to terminate by law or a court order. In addition, the network neutrality provisions also permit blocking of an Internet connection where necessary for the integrity and security of a network.
The provisions are the Dutch government’s implementation of the 2009 EU Telecoms Package revision framework. Article 1(3a) of the Framework Directive states that EU Member States may only adopt measures interfering with citizens’ ability to access and use the Internet in limited circumstances. In particular measures may only be imposed if they are “appropriate, proportionate and necessary within a democratic society, and their implementation shall be subject to adequate procedural safeguards in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law, including effective judicial protection and due process.”
As Dutch digital rights group Bits of Freedom notes, the new provisions are needed because “[c]urrently, Internet providers on the basis of their terms and conditions may terminate or suspend the Internet connection for various reasons.” This law ensures that ISPs cannot disconnect users for nebulous terms of service violations. This gives Internet users some protection against ISPs adopting voluntary or semi-voluntary measures, such as policies to disconnect Internet users on three allegations of copyright infringement.
This is important as voluntary three strikes policies become an increasingly real danger. In the United States, for example, ISPs and major media trade groups have developed a voluntary "graduated response" program — the so-called "six strikes" deal — that is set to go into effect this July. EFF is now calling on Internet users to pressure the participating ISPs for a public commitment not to cut users off under the new program.
The Dutch law comes after vigorous campaigning by civil society groups including influential digital rights group, Bits of Freedom. Ot van Daalen, the Director of that organization, hopes it will spark similar legislation elsewhere. "Bits of Freedom campaigned hard for these provisions and our work paid off. The law sets an example for other countries, and we call on the rest of Europe to follow."
The International Telecommunication Union (ITU) will hold the World Conference on International Telecommunications (WCIT-12) in December in Dubai, an all-important treaty-writing event where ITU Member States will discuss the proposed revisions to the International Telecommunication Regulations (ITR). The ITU is a United Nations agency responsible for international telecom regulation, a bureaucratic, slow-moving, closed regulatory organization that issues treaty-level provisions for international telecommunication networks and services. The ITR, a legally binding international treaty signed by 178 countries, defines the boundaries of ITU’s regulatory authority and provides "general principles" on international telecommunications. However, media reports indicate that some proposed amendments to the ITR—a negotiation that is already well underway—could potentially expand the ITU’s mandate to encompass the Internet.
In similar fashion to the secrecy surrounding ACTA and TPP, the ITR proposals are being negotiated in secret, with high barriers preventing access to any negotiating document. While aspiring to be a venue for Internet policy-making, the ITU Member States do not appear to be very open to the idea of allowing all stakeholders (including civil society) to participate. The framework under which the ITU operates does not allow for any form of open participation. Mere access to documents and decision-makers is sold by the ITU to corporate “associate” members at prohibitively high rates. Indeed, the ITU’s business model appears to depend on revenue generation from those seeking to ‘participate’ in its policy-making processes. This revenue-based principle of policy-making is deeply troubling in and of itself, as the objective of policy making should be to reach the best possible outcome.
Release the documents
The ITU Member States should urgently lift restrictions on sharing the preparatory materials and ITR amendments, and release the documents. The current preparatory process lacks the transparency, openness of process, and inclusiveness of all relevant stakeholders that is the hallmark of Internet policy-making. A truly multi-stakeholder participation model requires equal footing for each relevant stakeholders including civil society, the private sector, the technical community, and participating governments. These principles are the minimum that one could expect following commitments made at the World Summit on Information Society (WSIS). The ITU Secretary-General Dr. Hamadoun I. Touré reiterated these commitments last year at the Internet Governance Forum in Kenya:
In its own words, the "ITU remains firmly committed to the WSIS process," and it considers itself to have "made considerable progress in many areas in advancing the implementation of the WSIS outcomes."
And in practice? Not likely. This is why EFF, European Digital Rights, CIPPIC and CDT and a coalition of civil society organizations from around the world are demanding that the ITU Secretary General, the WCIT-12 Council Working Group, and ITU Member States open up the WCIT-12 and the Council working group negotiations, by immediately releasing all the preparatory materials and Treaty proposals. If it affects the digital rights of citizens across the globe, the public needs to know what is going on and deserves to have a say. The Council Working Group is responsible for the preparatory work towards WCIT-12, setting the agenda for and consolidating input from participating governments and Sector Members.
We demand full and meaningful participation for civil society in its own right, and without cost, at the Council Working Group meetings and the WCIT on equal footing with all other stakeholders, including participating governments. A transparent, open process that is inclusive of civil society at every stage is crucial to creating sound policy.
Respect the multi-stakeholder process
Civil society has good reason to be concerned regarding an expanded ITU policy-making role. To begin with, the institution does not appear to have high regard for the distributed multi-stakeholder decision making model that has been integral to the development of an innovative, successful and open Internet. In spite of commitments at WSIS to ensure Internet policy is based on input from all relevant stakeholders, the ITU has consistently put the interests of one stakeholder—Governments—above all others. This is discouraging, as some government interests are inconsistent with an open, innovative network. Indeed, the conditions which have made the Internet the powerful tool it is today emerged in an environment where the interests of all stakeholders are given equal footing, and existing Internet policy-making institutions at least aspire, with varying success, to emulate this equal footing. This formula is enshrined in the Tunis Agenda, which was committed to at WSIS in 2005:
83. Building an inclusive development-oriented Information Society will require unremitting multi-stakeholder effort. We thus commit ourselves to remain fully engaged—nationally, regionally and internationally—to ensure sustainable implementation and follow-up of the outcomes and commitments reached during the WSIS process and its Geneva and Tunis phases of the Summit. Taking into account the multifaceted nature of building the Information Society, effective cooperation among governments, private sector, civil society and the United Nations and other international organizations, according to their different roles and responsibilities and leveraging on their expertise, is essential.
84. Governments and other stakeholders should identify those areas where further effort and resources are required, and jointly identify, and where appropriate develop, implementation strategies, mechanisms and processes for WSIS outcomes at international, regional, national and local levels, paying particular attention to people and groups that are still marginalized in their access to, and utilization of, ICTs.
Indeed, the ITU’s current vision of Internet policy-making is less one of distributed decision-making, and more one of ‘taking control.’ For example, in an interview conducted last June with ITU Secretary General Hamadoun Touré, Russian Prime Minister Vladimir Putin raised the suggestion that the union might take control of the Internet: “We are thankful to you for the ideas that you have proposed for discussion,” Putin told Touré in that conversation. “One of them is establishing international control over the Internet using the monitoring and supervisory capabilities of the International Telecommunication Union (ITU).”
Perhaps of greater concern are views espoused by the ITU regarding the nature of the Internet. Yesterday, at the World Summit of Information Society Forum, Mr. Alexander Ntoko, head of the Corporate Strategy Division of the ITU, explained the proposals made during the preparatory process for the WCIT, outlining a broad set of topics that can seriously impact people's rights. The categories include "security," "interoperability" and "quality of services," and the possibility that ITU recommendations and regulations will be not only binding on the world’s nations, but enforced.
In this sense, it is somewhat concerning that the ITU appears to draw its inspiration for Internet reform from the earliest days of the network. For example, earlier this year, Ntoko zeroed in on online anonymity, which EFF has fought to protect in the past. Citing the early days of ARPAnet, when the Internet consisted of a number of academic institutions who could identify each other by IP address, Ntoko has expressed his view regarding the anonymous nature of the Internet as: "[it] wasn't always that way, and shouldn't be in the future."
Rights to online expression are unlikely to fare much better than privacy under an ITU model. During last year’s IGF in Kenya, a voluntary code of conduct was issued to further restrict free expression online. A group of nations (including China, the Russian Federation, Tajikistan and Uzbekistan) released a Resolution for the UN General Assembly titled, “International Code of Conduct for Information Security.” The Code seems to be designed to preserve and protect national powers in information and communication. In it, governments pledge to curb “the dissemination of information that incites terrorism, secessionism or extremism or that undermines other countries’ political, economic and social stability, as well as their spiritual and cultural environment.” This overly broad provision accords any state the right to censor or block international communications, for almost any reason.
Promote openness and transparency
Currently, there are several organizations dealing with Internet Policy at the global and regional level. The Committee of Ministers of the Council of Europe issued guidance on Internet governance in a Declaration on Internet Governance Principles. It emphasizes the need for openness and transparency:
The development and implementation of Internet governance arrangements should ensure, in an open, transparent and accountable manner, the full participation of governments, the private sector, civil society, the technical community and users, taking into account their specific roles and responsibilities.The development of international Internet-related public policies and Internet governance arrangements should enable full and equal participation of all stakeholders from all countries.
The decentralised nature of the responsibility for the day-to-day management of the Internet should be preserved. The bodies responsible for the technical and management aspects of the Internet, as well as the private sector should retain their leading role in technical and operational matters while ensuring transparency and being accountable to the global community for those actions which have an impact on public policy.
There are some factors in place that may, perhaps, insulate strong democracies such as the United States from the more harmful elements of the ITU proposal. As with all international policy-making venues, ITU outputs will not become law until enacted domestically by Member States such as the United States, Canada o Sweden. This means that any ITU policies antithetical to a free and democratic society might not necessarily make it into domestic law. Central to this will be the legitimacy of the institution, and the United States government, for example, has already stated that the ITU’s lack of adherence to multi-stakeholder principles is deeply problematic and a barrier to the institution’s legitimacy.
In spite of this, a closed and expanded ITU policy-making role remains a threat to an already fragile public interest. Several governments have continuously sought to launder unpopular measures through international intergovernmental venues that would subvert democratic Internet principles or hard-won international human rights law protections. The Council of Europe’s Cybercrime Treaty is a good example of policy laundering at an international level. Similarly, multi-lateral or pluri-lateral agreements, like ACTA and TPP, are a way to bypass national and global inter-governmental institutions that are more transparent and open to civil society participation as well as democratic checks and balances.
The ITU proposal will establish an ongoing source of international policy that does not have the interests and rights of Internet users in mind. Further, unlike other venues which recognize the importance of ongoing flexibility in Internet policy-making, the ITRs are a treaty, legally binding on its signatories. While the ITU’s refusal to commit to a multi-stakeholder model may act to safeguard strong democracies from its more harmful policy outputs, democratic countries with weaker internal checks and balances will find it more difficult to provide such insulation. Even countries with well-entrenched safeguards for human rights may be tempted to adopt laws that conflict with human rights where these align with powerful domestic interests, as was demonstrated by recent attempts to pass SOPA/PIPA and CISPA in the United States.
We urge the ITU Secretary General et al to ensure that the outcomes of the WCIT and its preparatory process truly represent the common interests of all who hold a stake in the future of our information society. If your government is a member of ITU, demand transparency and tell them to open the process and disclose the WCIT preparatory documents and Treaty amendments.
According to a recent investigation by the Swedish news show Uppdrag Granskning, Sweden’s telecommunications giant Teliasonera is the latest Western company revealed to be colluding with authoritarian regimes by selling them high-tech surveillance gear to spy on its citizens. Teliasonera has allegedly enabled the governments of Belarus, Uzbekistan, Azerbaijan, Tajikistan, Georgia and Kazakhstan to spy on journalists, union leaders, and members of the political opposition. One Teliasonera whistle-blower told the reporters, “The Arab Spring prompted the regimes to tighten their surveillance. ... There’s no limit to how much wiretapping is done, none at all.”
The investigative report, titled “Black Boxes,” in reference to the black boxes Teliasonera allowed police and security services to install in their operation centers--which granted them the unrestricted capability to monitor all communications—including Internet traffic, phone calls, location data from cell phones, and text messages—in real-time. This has caused concern among Swedish citizens and Teliasonera shareholders, who had previously been assuaged by assurances from the telecommunications company that they follow the law in the countries in which they are operating. After a meeting with Peter Norman, Sweden’s Minister of Financial Markets, the chairman of Teliasonera’s board of directors issued a statement, announcing that they had launched “an action programme for handling issues related to protection of privacy and freedom of expression in non-democratic countries, in a better and more transparent way.”
Teliasonera’s declaration of good intentions may be too little too late after the damning evidence of abuse compiled by Uppdrag Granskning. Documents obtained by their investigators showed an Azerbaijani had his phone tapped after he published a piece about being beaten at the hands of government security agents while covering a story. The report also found that black-box surveillance was used in Belarus to track down, arrest, and prosecute protesters who attended an anti-government protest rally following the 2010 Belarusian presidential election. One Azerbaijani citizen says he was interrogated solely due to the fact that he voted for the Armenian representative in the 2009 Eurovision song contest.
In the post-Soviet state of Georgia, these recent revelations have prompted the Georgian Young Lawyers Association (GYLA) to challenge indiscriminate wiretapping in their country, alleging that far from complying with local statutes, Teliasonera was breaking Georgian law.
GYLA points out that the Georgian criminal code and constitution protect personal information such as private phone calls. Police must obtain a court order before they can listen in to a citizen’s private phone conversations. GYLA attorney Maya Khutsishvili says that companies can only provide private information about a person to investigative bodies based on such a court order—and that a court’s ruling must indicate why the investigative body needs to listen to a specific person or receive other kinds of personal information.
EFF believes that for Western countries providing telecommunications equipment or services, merely complying with the law is insufficient. Authoritarian regimes can interpret the law in ways that justify unlimited spying on journalists and political dissidents. Or, as is the case in Georgia, the laws on the books are not enforced—unrestricted surveillance is the order of the day. If tech companies want to avoid being repression’s little helper, they must know their customer and refrain from cooperating with governments that they believe will use their technology to facilitate human rights violations.
A series of events in the last two weeks have set the stage for how surveillance drones will be operated by local law enforcement in the United States and how citizens can demand privacy protections as domestic use escalates.
We know that dozens of law enforcement agencies already have drones, based on information from EFF’s Freedom of Information Act lawsuit over the FAA’s initial refusal to release the list of authorizations. And one of the biggest cities with a police department on the list was Seattle.
It turned out Seattle’s city council—which oversees the police department—was just as surprised as many citizens to see Seattle Police Department’s name on the list. The city council learned about the drones through a reporter asking questions related to EFF’s lawsuit, not through official channels. After front page stories in the Seattle Times and an official apology from the Seattle police department, Seattle is now the first city to consider privacy safeguards for drone use by law enforcement.
The ACLU of Washington has asked the city council to pass a legally binding ordinance detailing “what kind of information can be collected, who can collect it, how the information can be used, and how long it can be kept,” along with “an auditing process to make sure the policies are followed.” The Seattle Times agreed. In an editorial written on May 6, the city’s largest paper urged city council to adopt “usage restrictions, image-retention limits, and regular audits and reviews of drones as a law-enforcement tool.”
Seattle’s Police Department has already pledged drones would not be used for surveillance, and only “for situations like crime scene photography, missing person searches, and barricaded person scenarios.” They’ve also indicated they would work with the FAA to develop privacy policies. But as the Seattle Times noted, privacy safeguards must be implemented by binding ordinance, “not by policy nods, promises and good intentions.”
In a similar incident just yesterday, after the Shelby County Tennessee sheriff’s office requested two drones as part of a $400,000 Homeland Security grant, the Shelby county commission questioned the Sheriff’s Office on how they would be using the drone and asked them to draw up privacy guidelines. The sheriff’s office promptly withdrew its request for drones. But encouragingly, the commission is still pushing the sheriff’s office for privacy policies. As the Memphis Daily Newsreported, “several commissioners said they might still pursue setting some guidelines on the use of such surveillance through a memorandum of understanding with the sheriff’s office.”
Responding to an EFF public records request, Miami-Dade County also released information about its drones earlier this week, which it bought using a grant from the Justice Department (DOJ).
The FAA itself estimates that there may be as many as 30,000 drones in the US by the year 2020, and with the loosened restrictions coupled with the Department of Homeland Security and DOJ issuing grants for local police forces to buy drones, it’s imperative that local governments act swiftly to ban surveillance drones outright or institute robust safeguards for their citizens. Americans cannot afford to wait for the FAA or Congress to act.
EFF would also like your help. In the coming days, we’re going to announce a crowd-sourcing campaign aimed at finding out as much information as possible on each law enforcement agency’s use of drones and how citizens can voice their concerns to their local governments. Right now, if you have any information on how your local law enforcement plans to use drones, email email@example.com. You can get this information by calling your local police department.
And stay tuned for more, as we plan on announcing a detailed campaign soon.
Civil Society Seeks Access to Planning Documents for Secret Negotiations Around Internet Regulation
An upcoming treaty renegotiation process could prove to have dire implications for digital civil rights. As we have explained, the World Conference on International Telecommunications – "WCIT" for short, pronounced “wicket” by insiders – will be held in Dubai this coming December, and preparations for this important treaty-writing conference are in full swing. The forum is being organized by a secretive United Nations agency called the International Telecommunication Union (ITU).
The fear that’s been bouncing around the blogosphere amid civil society organizations this week is that the WCIT could be used to push through expansion of the ITU’s mandatebeyond telecommunications, to encompass the Internet.
This does not bode well for the future of the Internet.
At the WCIT, member states will hash out revisions to a set of regulations that make up a treaty called the International Telecommunication Regulations, or ITRs. Some proposed revisions to the ITRs have already been made, but they haven’t been made public. This renegotiation process could prove to have a serious impact on online civil liberties – yet the talks are being held in secret, without adequate input from the organizations that represent the public interest.
If negotiations continue down this path, we could end up with a treaty that allows for greater governmental control over the Internet.
That’s why EFF and 30+ civil society organizations issued a letter May 17 demanding that the ITU ends its secrecy. We are calling for the immediate release of all the documents describing preparations for WCIT and proposed ITR revisions. Since it’s prohibitively expensive to obtain the planning documents that are being drafted in advance of the WCIT, it’s impossible for most public interest participants to review them and weigh in with informed opinions.
Joe McNamee,Executive Director, European Digital Rights (EDRi), a coalition of 32 privacy and civil rights organisations based in Europe, told EFF:
Beyond the creaking bureaucracy, the undemocratic procedures and the fact that the ITU effectively sells access to decision-makers through exorbitant corporate membership fees, the single biggest practical problem with the ITU is that it moves extremely slowly and cannot readily remedy any mistakes that it makes. Any damaging policy adopted under this process will burden global freedom of communications for years to come.
Jérémie Zimmermann, co-founder and spokesperson of citizen advocacy group La Quadrature du Net, told EFF:
This trend by governments to increasingly use trade agreements and treaties to try to control a free, open and universal Internet is alarming. Citizens must take action and expose their governments' roles in these negotiations, in order to protect the networked public sphere that we all share as a common good.
The secrecy surrounding these talks brings to mind the closed-door negotiations that civil society has condemned throughout negotiations of ACTA and the TPP, as Milton Mueller of the Internet Governance Project pointed out in a recent blog. Mueller noted that ACTA was negotiated in secret to appease the copyright and intellectual property lobbies, but this tactic ultimately backfired because “the closed process … gave the resulting treaty a lack of legitimacy,” triggering organized opposition.
It’s time for ITU to respect the multi-stakeholder process and let the sun shine in. All restrictions on sharing the preparatory materials and proposed ITR amendments should be lifted, and the documents should be released and subjected to public scrutiny.
We demand transparency, and call upon the ITU to open the process and disclose the WCIT preparatory documents and treaty proposals. The public should not be kept in the dark.
Letter from Civil Society
Civil society organizations and academics are invited to join this call to address deficiencies in the WCIT process. For more information, contact firstname.lastname@example.org.
17 May 2012
To Secretary-General Dr. Hamadoun Touré, the Council Working Group to Prepare for the WCIT-12, and ITU Member States:
The undersigned human rights advocates, academics, freedom of expression groups, and civil society organizations write to express our desire to participate in the preparatory process undertaken for the World Conference on International Telecommunications (WCIT). The current preparatory process lacks the transparency, openness of process, and inclusiveness of all relevant stakeholders that are imperative under commitments made at the World Summit on Information Society (WSIS). We ask that the Secretary-General, the Council Working Group, and Member States work to resolve these process deficiencies in several concrete ways.
The continued success of the information society depends on the full, equal, and meaningful participation of civil society stakeholders (along side the private sector, the academic and technical community, and governments) in the management of information and communications technology, including both technical and public policy issues. Indeed, WSIS outcome documents recognize the need for a multi-stakeholder approach in technical management and policy decision-making for ICTs. The Tunis Agenda for the Information Society urges international organizations “to ensure that all stakeholders, particularly from developing countries, have the opportunity to participate in policy decision-making … and to promote and facilitate such participation.” And such participation depends on transparency and openness of process at every stage of substantive and procedural dialogue.
Yet there has been scant participation by civil society in the Council Working Group’s preparatory process for the WCIT so far, even as media reports indicate that some Member States have proposed amending the International Telecommunication Regulations to address issues that could impact the exercise of human rights in the digital age, including freedom of expression, access to information, and privacy rights. Under the current process, civil society participation is severely limited by restrictions on sharing of preparatory documents, high barriers for ITU membership (including cost), and lack of mechanisms for remote participation in preparatory meetings.
As an important step towards fulfilling WSIS commitments for building a more inclusive information society, the undersigned request that the Secretary-General, the Council Working Group, and Member States:
Remove restrictions on the sharing of WCIT documents and release all preparatory materials, including the Council Working Group’s final report, consolidated reports from all preparatory activity, and proposed revisions to the International Telecommunication Regulations;
Open the preparatory process to meaningful participation by civil society in its own right and without cost at Council Working Group meetings and the WCIT itself, providing formal speaking opportunities and according civil society views an equal weight as those of other stakeholders. Facilitate remote participation to the extent possible; and
For Member States, open public processes at the national level to solicit input on proposed amendments to the International Telecommunication Regulations from all relevant stakeholders, including civil society, and release individual proposals for public debate.
We welcome Secretary-General Touré’s commitment to creating a more inclusive information society and ensuring equitable access to ICT around the world. Collectively and individually, the undersigned human rights advocates, academics, freedom of expression groups, and civil society organizations work to fulfill this vision through a range of national and global institutions and we call for the same opportunity to engage at the WCIT, consistent with WSIS commitments. We urge you to ensure the outcomes of the WCIT and its preparatory process truly represent the common interests of all who have a stake in the future of our information society.
Association for Progressive Communications (APC)
Eduardo Bertoni, Centro de Estudios en Libertad de Expresión y Acceso a la
Información (CELE), Universidad de Palermo, Argentina
Bytes for All, Pakistan
Canadian Internet Policy & Public Interest Clinic (CIPPIC)
Center for Democracy & Technology
Center for Technology and Society (CTS/FGV), Brazil
Centre for Internet & Society (CIS), India
Digitale Gesellschaft e.V.
Egyptian Initiative for Personal Rights
Electronic Frontier Foundation
European Digital Rights
Global Partners & Associates
Global Voices Advocacy
Human Rights in China
Human Rights Watch
Internet Democracy Project, India
Internet Governance Project (IGP)
New America Foundation’s Open Technology Institute
ONG Derechos Digitales, Chile
Open Rights Group
Panoptykon Foundation, Poland
Reporters sans frontières / Reporters Without Borders
Under a new policy announced today, Twitter will be suggesting accounts for Twitter users to follow based on data collected from an individual’s browsing habits on websites that have embedded Twitter buttons. While this is sure to garner scrutiny from the press and public, Twitter is also taking a pioneering step toward respecting users’ privacy choices: it has committed to respecting Do Not Track -- a simple browser setting users can turn on to tell website they don’t want to be tracked. Often framed as a signal from users to behavioral advertisers, Do Not Track isn’t actually about ads we see online; it’s about user control over tracking of our web usage that could be used to build an intimate portrait of our online lives. Twitter is showing an inventive way that websites other than behavioral advertisers can respect Do Not Track. We’re heartened to see this forward-thinking approach and hope other sites with embedded widgets will follow suit.
If you haven’t done so already, this is a great reminder to turn on Do Not Track; Twitter has a tutorial for doing this on different browsers.
For example, many of those who visit BoingBoing.net likely follow the account of @doctorow, the digital-rights-loving BoingBoing founder Cory Doctorow. If you sign up for Twitter and you’ve got a browser cookie from Twitter showing that you recently visited BoingBoing, you might see @doctorow listed as a suggested user even before you’ve started interacting with Twitter. Twitter will be relying on data collected about your browsing habits within the last 10 days (after 10 days, they start discarding data). When you start a Twitter account, you’ll have the option to turn off the tailored suggestions. Unchecking this box won’t just stop the suggestions from appearing – it’ll actually remove the unique cookie that Twitter uses to track your browsing habits and show you tailored user suggestions.2
Established Twitter users may find suggested users under the "Who To Follow" sections of Home and Discover. Just like with new users, established users can uncheck the “tailor” Twitter box in their account settings to stop the data collection about their web browsing.
Do Not Track makes this a lot simpler – no messing with account settings or unchecking any boxes to keep your privacy. If you’ve got Do Not Track selected in your browser settings, then Twitter assumes you just don’t want them collecting details of your online browsing habits in an identifiable way. Users who have turned on Do Not Track will find, upon signing up for Twitter, that the “tailor Twitter” button is unchecked by default. Similarly, established users who had Do Not Track already enabled in the days before the new policy took effect will also find the account personalization turned off by default. Users who enable Do Not Track must change their privacy settings if they want the “tailored” Twitter experience.
As with Facebook, Twitter also treats users differently depending on whether or not they are logged out. If you’re a Twitter user wanting to protect your browsing privacy, then remember to log out when you leave the site so that Twitter won't associate your online browsing habits with your Twitter account.
There’s sure to be a lot of discussion about Twitter’s decision to use data collected through social widgets for increased site personalization. If nothing else, this is a good opportunity for everyone to reconsider the nature of our highly trackable online lives, where corporations we do and don’t have relationships with can vacuum up highly sensitive data about what we do on the web and even a savvy user can’t win the arms race against online tracking. This is exactly the promise of Do Not Track: to make it easy for everyday Internet users to clearly indicate a preference not to be tracked around the web, whether it’s by a social network or an advertiser or another data-hungry corporate entity.
We’ve previously examined Facebook’s practices when it comes to collecting browsing data on users and urged it to respect the Do Not Track flag. So, in the wake of Twitter’s decision to respect Do Not Track, we’re calling on other social networking sites to start respecting user choice as well. The time has come for websites to start listening to users when it comes to privacy, and there’s no easier way for a user to tell companies “Don’t track me” than to turn on Do Not Track.
Get started now by checking out the tutorial Twitter created for turning on Do Not Track.
1. Eff.org has Twitter icons that allow visitors to share content from our site on Twitter but we have chosen not to embed Twitter code on our site, so visiting eff.org will not result in data about your visit going to Twitter.
2. Note: this doesn’t mean Twitter will stop collecting all data on you. They’ll still be able to collect aggregate data about your browsing habits for analytics and security, but they won’t set a cookie and they won’t use data to suggest users to you or tailoring your Twitter experience.