Pharos - Organization and Governance

From Identifying Difficult Problems in Cyberlaw
Revision as of 21:42, 3 February 2011 by Mdhagan (talk | contribs)
Jump to navigation Jump to search

Pharos will be built around its core mission: to protect, enable and promote human rights media. The challenge will be to interpret the mission into clear principles, upon which the organization will be able to function deftly and responsibly.

It will have two bodies, the board of directors and the day-to-day team, to establish & to implement these principles. The first will be responsible for formulating a clear statement of Pharos' principles and, in difficult or changing circumstances, interpreting how they should be applied. The implementation team will oversee the functioning of the site, protect the security of the data, and manage relations with other content publishers and users.

Pharos's Organizational Chart

Alongside Pharos' formal organization, we envision a worldwide network that Pharos can promote active and appropriate submissions, as well as providing information to submitters about to do so securely. The network can also supply Pharos with the necessary contextual information to provide alongside the video. While Pharos does not want to reveal any information about the people in the video, it does want to provide information that will help explain where the event occurred, in what circumstances, and related to what underlying factors.


The Board of Directors

The Board of Directors will include a variety of professionals and experts with proven experience in human rights, freedom of expression, human security, and international relations. Like other mission driven organizations, we want to draw members from several different fields to ensure that the principles are written in a rich and thoughtful way. We envision some of the members may be human rights attorneys, former diplomats, professors, journalists, activists, and IT professionals.

Their initial task will be to draw up a clear mission statement and list of principles, upon which Pharos will accept, process, and distribute content. We envision that the mission statement will be 'To Promote Freedom of Expression and Protect Human Rights'. It should provide a clear, but general, vision of why Pharos exists. Ideally, these principles will be sufficient guidelines for how the operations will be carried out day to day. After its initial meetings, the board will only have to meet quarterly to review the operations of Pharos. But in case there are some submissions that are particularly difficult to evaluate, the Board should be on call for

The list of guiding principles will necessarily be more specific. These will determine which videos Pharos will process, publish, and distribute, and which it will not. Other organizations, like CNN's I-Reporter and Witness' The Hub, have formulated content policies that provide useful baselines for Pharos.

CNN I-Report's submission guidelines
The Hub's submission guidelines

We envision Pharos' list may be similar. It may contain prohibitions against which types of content will not be allowed, unless justifiable to the message -- like on the grounds of extreme violence, cruelty to animals, or explicit sexuality. But because of Pharos' concern for human rights abuses, it must expect that many legitimate videos may include violence, foul language, and sexuality in the context of abuse. The Board will draw up a general rule upon which legitimate versus illegitimate content can be distinguished. Their public guidelines about submissions may resemble CNN I-Report's -- general and user-friendly -- but privately they can hold detailed discussions about particular videos that may walk the line between appropriate and obscene.

In its guiding principles, the Board must also spell out how to approach videos that have been sent anonymously and cannot be verified. Pharos' general policy is that it will accept any content sent to it, and will only publish content related to human rights. The goal is to have a quick turn-around, so that all submissions, after being evaluated and scrubbed clean, will be posted and distributed immediately. Pharos can have a badge system (like CNN's I-Report) that declares whether the video has been verified as accurate and reliable by Pharos standards. A video without a badge will be understood as not necessarily real or trustworthy.

If the content arrives from an unknown source, Pharos must be concerned that it has been edited to misrepresent reality or is an outright forgery. We recognize that there has been a history of forged abuses, including with videos of abuses that have been manufactured to give the appearance of an abuse when there has not been one. We are aware that competing groups, particularly in long-standing conflicts, use allegations of human rights abuse as tools to promote their political agenda, rather than strictly to protect human rights principles. We do not want to be drawn into such disputes, if it is possible.

The Board, relying on its own knowledge and its network of contacts, will have to make the difficult calls whether to publish videos that are suspected of being edited or forged. Other human rights organizations must make similar determinations in whether to publish accounts of abuse, that may have been exaggerated or falsified. Pharos can borrow their insights into how to maker responsible choices on questionable content.

The Implementation Team

The Implementation Team -- made up of a Tech Team and a Content one -- will work according to the directives established by the Board. It will be responsible for ensuring the site operates smoothly, that the content is protected, and that it is distributed promptly and fully to the appropriate publishers. If Pharos hosts content on its own site, the team will ensure that the media is presented in a timely and usable manner.

The Tech team will be charged with matters of security and stability. They will maintain the website, and scrub each video of all identifiable content and metadata.

Pharos may be besieged with videos at certain times (like, if there is a high-profile crisis going on) and it should be built not to crash during an intense spurt of activity. The site may also be subject to DDOS attacks, or other attempted take-downs.[1] The tech team must devise a strategy -- whether it involves mirroring, hosting with a major company, or otherwise -- to insulate Pharos from such attacks. Pharos should be reliably available, particularly in the face of attacks from those actors who do not want a certain video to be seen, and during times of crisis when more users want to upload and to view human rights media.

Security of the content must also be a priority of the Tech Team. If Pharos retains unscrubbed versions of the content it receives -- the videos with distinguishing features still visible, or with metadata attached -- they must be protected from any possible intrusion. Pharos must be able to guarantee its promise to uploaders that no one will ever be able to trace the video back to them. If Pharos keeps any logs of the videos have been submitted, like how they arrived or when they did, these logs should receive similarly high levels of security. We expect that Pharos may want to preserve logs and unscrubbed media for the sake of future investigations or historical documentation. If, for instance, the author and the subject of the video decide to go on the record, and wish to be identified in the video, Pharos should be able to provide them a copy of their media that has not been obscured. The original, untouched media could be useful to them as evidence, and Pharos can act as the media's safekeeper when the user's own hardware may be taken or wiped clean.

Pharos' public key encryption

If Pharos decides to offer uploaders a public key encryption service, then the Tech Team will have to ensure the absolute security of its encryption process. The private key it uses to decrypt the submitted files will have to be guarded so that no technological or human infiltration is possible. We expect the Tech team to hire out a private security firm that can ensure the utmost security is possible.

The Content Team will focus more on soliciting media, determining whether it fits the mission, and publishing it as widely and fully as possible. They will use the Board's guiding principles as the basis for their decisions about whether a submission is appropriate for Pharos. They can approach the Board if a video is particularly challenging. We expect that the principles will be a sufficient guide for most submissions, and that the team will only have to approach the Board in rare occurrences of a particularly controversial or confusing submission.

Content distribution

The Content Team will be responsible for distributing the media to as many sources as possible. They may also provide contextual information alongside the actual file -- with any information that they can verify about where it was created, at what time, and under what circumstances. They will not reveal anything that could identify how they received the video or who is involved in it. They will decide which videos are 'Pharos certified', according to the standards set by the board, and which videos don't receive the badge.

Pharos, via both the Content Team and the Board, will cultivate a network of human rights organizations, journalists and academics worldwide, upon whom it can rely when trying to evaluate a video. If the Content Team needs to learn more about the circumstances in which the video was produced, they can call upon this network for general information about the context. If a video is suspect, they may also contact this network to try to determine more about its reliability.

The network will also be useful in soliciting videos. They can distribute their public key via these organizations, which may produce human rights media on their own, or which may be the local contact points for people who are not activists, but have ended up with documentation of abuse on their hardware. These local organizations can instruct people on how to submit their media securely, directing them to Pharos and with guidance on using public keys, Tor, or other methods that will ensure some security.

A Wider Network

Pharos need not consist solely of a well-protected office in a Western country. Though this may be its headquarters, the organization could include a worldwide network of localized publishers. Taking the model of human rights organizations, there could be regional or continental Pharos Hubs, all connected loosely to a central body. The local versions could have more translation and language support tailored to the area, and it could have distribution networks that are focused less on US news media, and more on local media. The Board of Directors could include members from each of the Pharos Hubs.

A less centralized system would help insure that Pharos does not make decisions that are divorced from local realities. Local hubs will be more attuned to which videos may be forgeries or editing; they will also be able to contextualize videos and provide consumers with fuller explanations of why the abuse occurred and what response would be best.

There could be two main problems with a more dispersed Pharos. First, local offices may be more biased about the content submissions. Because the employees will be more directly invested in the region, they may not publish any video that they consider could harm their political party or movement. A centralized Pharos organization would be more separate from local realities (and though that makes them less knowledgeable about the context of a video) it makes them less biased in deciding which content to distribute.

Second, local Pharos operations will be more liable to security attacks or governmental requests. If they are working in a country that does not have strong protections on freedom of expression, their site may be blocked or their employees may be subject to prosecution for their work. Moreover, their offices, records, and stored content may be infiltrated or subpoenaed. It will be harder to guarantee uploaders security if the office itself is not immune to attack or investigations. If they use public-private key encryption systems, the key may be more easily compromised as well.

The ideal would be for Pharos to be balanced between a centralized, Western-based office and a worldwide network that can offer more local support and contextualization. Security concerns may be the overriding ones. Pharos must be able to guarantee its uploaders absolute anonymity, and protect its own employees from prosecution or attack. If the organization could maintain this high level of security while still partnering with organizations worldwide, and perhaps even delegating some decision-making and hosting to them, that would ensure that Pharos is better attuned to situations on the ground and protected from forged content.

References

  1. See, e.g., the Berkman Center's December 2010 report on DDOS attacks directed against human rights groups Berkman Center's Interactive DDOS Report