A Code of Conduct for Internet Companies in Authoritarian Regimes
Today, the House Subcommittee on Africa, Global Human Rights, and International Operations is holding hearings on the topic "The Internet in China: A Tool for Suppression?" Representatives of Google, Yahoo, Cisco, and Microsoft will all be in attendence.
Our open letter to the Committee follows after the cut.
Subcommittee on Africa, Global Human Rights, and International Operations
The Committee on International Relations
2170 Rayburn House Office Building
Washington, DC 20515
February 15, 2005
Dear Representative Smith, Representative Leach, members of the Committee on International Relations, Subcommittees on Africa, Global Human Rights and International Operations and Asia and the Pacific,
We at the Electronic Frontier Foundation (EFF) strongly agree with your Committee's concern that while United States Internet companies have the power to act as a force for good, they are increasingly becoming unwitting conduits for repression in authoritarian countries. EFF is the leading, and oldest organization working to promote freedom online and we understand the technical and policy issues well. We host one of the most linked-to websites on the Internet and remain one of the premier sources for information about Internet law and policy in the world. Because of this, we understand how, without careful planning, internet routers can be turned into powerful wiretapping tools; web email servers can become a honeypot of stored communications plundered by state police to identify dissidents; and blogging services and search engines can turn from aids to free speech to easily-censorable memory holes. While we believe strongly in the opportunities created by the Internet and promoted by companies like Yahoo, Google, Microsoft and Cisco, we also recognize the risks created when they decide to do business in repressive countries such as China.
In considering how these companies might construct their services to best serve global human rights, we believe that simple guidelines, consciously followed, could significantly limit the damage caused by corporate engagement with these regimes. Both the U.S. government and American Internet corporations have a opportunity, and a duty, to defend human rights. While the best course of action of companies concerned about possible involvement in human rights violations and censorship is to avoid repressive regimes altogether, we understand that some companies will not choose that course. For those that do not, we believe that working together, either under a voluntary code of conduct or statutory or regulatory requirements, these companies can turn their involvement in oppressive systems from an inevitable human rights liability to a neutral or maybe even positive act of engagement.
In order to aid you in your efforts, we make the following suggestions of topics that you should include in your upcoming discussions with these companies.
Limit Data Collection and Data Retention
The most dangerous information that Internet companies can have about their users is personally identifiable information. For those living under repressive governments, their Internet service?s ability to identify them as the person who made the search query about ?democracy,? or sent the email reporting about human rights violations can literally make the difference between life and death.
With the stakes so high in countries like China, no Internet company should gather more information than they absolutely need about their customers and no Internet company should keep that information any longer than is absolutely necessary to provide the requested service.
Neither China nor any other major repressive country that we are aware of currently requires Internet companies to gather or keep identifying information in most circumstances. In order for companies to avoid becoming agents that enable ongoing human rights violations, they must change their current policies to avoid collecting personally identifiable data in the first instance and avoid keeping any data they collect any longer than absolutely necessary.
Increase Transparency and Bear Witness
To the extent possible, Internet companies should document government censorship efforts. Google and Microsoft have taken first steps in this direction, but whenever and wherever possible, Internet companies should note when websites have been removed or search items filtered away, and explain under what power the government forced them to act to remove content or hand over data. The companies should have a clear procedure for engaging with law enforcement, and regularly publish or report to Congress statistics, and case studies of how such procedures have worked in practice. Those companies should also document and publicize exactly what deal has been struck with the repressive governments. If they cannot publish the information within the country, they should do so without.
Even if companies are forbidden to reveal such crucial information even outside the country, they should still keep track. Bearing witness to human rights violations may be upsetting, but if honestly performed, can help in the inevitable truth and reconciliation process that should follow a people's return to freedom.
Doing business in developing countries with poor human rights records can be an act of optimism, built on a hope that by engaging and expanding the horizons of such a state, the values of human rights will eventually permeate the society.
When and if such a transformation occurs, it is imperative for lasting peace that that country's people can discover the truth about their past. Internet companies who choose to do business in repressive companies should ensure that when the truth can come out, it does.
Don't Do Direct Business with Forces of State Oppression
Companies should be prohibited from providing intentional ongoing support and assistance to those who abuse human rights in foreign countries. While many products such as filtering software, Internet monitoring programs and programs to unlock protected data can have multiple uses, American companies should not be actively and knowingly providing services that facilitate censorship or repression.
Offer Opportunistic Encryption with Internet Services
Internet companies like Google have easy technological shifts they can make to protect their users in repressive countries. One of the greatest gifts for evading surveillance and censorship online is built into every web browser: strong, near unbreakable encryption of web traffic. This encryption is generally reserved for high-security communications, such as banking and webmail applications. Many of the companies speaking today offer the majority of their services unencrypted: but it would be possible to offer the same facilities using optional Secure Socket Layer (SSL) encryption turned on. A search engine that allowed you to visit it as https://www.google.cn/ as well as http://www.google.cn/ would make little difference to the end-user. But repressive governments would be unable monitor or record what searches were being entered and what results were being provided.
Support Technologies that Innovate Around Censorship and Surveillance
Censorship of foreign sites by oppressive regimes is a limitation of free trade and free expression. The Internet benefits from technology that lets communication pass unhindered from one end to end. And citizens everywhere deserve the right to privacy. Free governments benefit from sponsoring anti-censorship and anonymizing software, such as those supported by the United States' International Broadcasting Bureau. But companies, too, stand to gain from investing in development that might lead to an opening of previously closed societies. If U.S. companies find that oppressive governments block or impede their Internet services, they should not simply give in to the threat. By working together on ways to surmount Internet control they will not only be providing wanted new products to 1.3 billion new customers, they will help open trade and communications between all countries, and all citizens.
Thank you for your attention to this important topic. We look forward to continuing to work with you. Please feel free to contact us to discuss these or other ideas further.
Electronic Frontier Foundation
Recent DeepLinks Posts
Aug 23, 2016
Aug 22, 2016
Aug 22, 2016
Aug 19, 2016
Aug 18, 2016
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Fair Use and Intellectual Property: Defending the Balance
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Free Speech
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Know Your Rights
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- State-Sponsored Malware
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trade Agreements and Digital Rights
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- UK Investigatory Powers Bill
- Video Games