Open Networks, Closed Regimes

The original wiki page

Problem to be solved

US-based internet services are used by citizens of every regime in the world. Western-based internet companies operate these services in many countries where governments routinely request or demand sensitive information about their citizens. How should high-level officers respond when their companies receive requests to turn over information which violate privacy and anonymity expectations? How can citizens, NGOs, and government actors influence the way these companies respond?

Precis

The idea of the internet service provider as a border-defying government-regulation-free jurisdiction was already dying in the 1990s, but the large-scale movement of internet services into regimes without free speech protections has raised serious concerns about managing cross-border privacy standards over the last five years. From Yahoo! turning over pro-democracy Chinese bloggers to the Chinese government, to Saudi Arabia tracking porn downloaders by pulling ISP records, to South Korea trying to arrest anonymous government critics, the problems are widespread and not restricted only to regimes that Americans are used to thinking of as "repressive." The globalization of internet services raises difficult questions: What requests for information are invasive? What kind of deference is due to local sovereignty? How can the competing demands best be balanced? How can the relevant stakeholders work toward achieving a proper balance?

The Story So Far

Several weeks ago, our class read John Perry Barlow’s Declaration of Independence of Cyberspace (this refers to the readings for an earlier class. It's probably not essential to assign it; this summary is plenty for our purposes.), written in 1996, in which he addresses the nations of the world and “declare[s] the global social space we are building to be naturally independent of the tyrannies you seek to impose on us.” For Barlow, perhaps the most important innovation of cyberspace was its ability to act as a great leveler: “We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth. We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.” As these lines imply, the key to this brave new world of Barlow’s was the possibility of anonymity (or pseudonymity): real-world barriers placed by normative biases or governmental controls could be hurdled by individuals joining online communities to express their provocative thoughts. Secure in the knowledge that their identities were divorced from their real-world selves, citizens of every nation could create the first truly free global marketplace of ideas.

From well before Barlow’s Declaration, this idea of the Internet as an enabler of the anonymous expression of ideas was a well-established meme in the popular conception of the Internet, from Peter Steiner’s famous New Yorker cartoon to the aphorism that “The net treats censorship as a defect and routes around it.” This quote comes from John Gilmore And just as quickly, people started to raise questions about whether a completely uncontrolled discourse was desirable – Larry Lessig famously told the story (see p. 102-106) of one anonymous student who single-handedly shut down Lessig’s first online classroom bulletin board by attacking his classmates with unstinting vitriol. The techno-libertarians remained adamant that online communities would develop mechanisms to cope with such problems, and that the benefits of being able to create a discussion area open to all comers – more freedom under repressive regimes, more frank discussion for every individual – would outweigh any drawbacks.

However, the accuracy of the idea that the Internet need not respect terrestrial law was soon called into doubt. Tim Wu and Jack Goldsmith document (see Chapter 1) the 2000 case in which Yahoo! attempted to resist a takedown request from the French government. After activists discovered Nazi merchandise for sale on a Yahoo! site, they appealed to the government to enforce the laws banning such material from being sold in France. Yahoo! protested that there was no way for it to identify traffic coming from France, and that to enforce the French laws would ultimately mean enforcing the lowest common denominator of all international law in all locations. However, having lost their case in the French courts in the face of expert testimony, and facing fines of 100,000 francs per day against their new French division, the company caved and admitted that IP addresses could be used to tell from what country a visitor came. This was a blow to the notion that the Internet was inherently resistant to national laws, but it was also a blow to the idea that users of the Internet were all faceless numbers – it soon became very clear that the companies that individuals did business with on the Internet knew plenty about their users, both in the form of information submitted by those users and in the form of other incidental data.

Once those two facts were combined, it became clear that online service providers doing business internationally were vulnerable to economic threats if they failed to comply with local legal regimes by turning over nominally anonymous users. This acquired early public salience in 2004, when the Chinese government discovered that someone with a Yahoo! email account had forwarded to a US-based pro-democracy blogger an internal Communist party message warning of potential unrest which might arise from discussion of the fifteenth anniversary of the Tiananmen Square protests. China demanded that the company turn over any records relating to the disclosure of its state secrets, and Yahoo! complied without question. Chinese journalist Shi Tao was ultimately arrested and sentenced to ten years in prison. After the role played by Yahoo! was disclosed, the company became the subject of global outrage, castigated by pro-free-speech nonprofits and hauled before Congress to account for its actions. As of 2009, Shi Tao remains imprisoned. However, Yahoo! was merely the most visible of the companies involved in such disclosures – Amnesty International reports that many of the largest international online service providers were implicated at the time and continue to wrestle with these issues.

In recent years, similar cases have cropped up all over the world, from Africa to Asia to the Middle East, and even some American companies have taken part in using the disclosure-friendly laws of other countries to track down derogatory speakers. Many of these countries describe themselves as protecting themselves from the dangerous consequences of free speech: in January, South Korea arrested a blogger whose acerbic postings about government bureaucrats had supposedly undermined the population’s faith in the government’s ability to manage the global financial crisis. These governments say that free speech is always at war with social stability, as it was in Lessig’s classroom, and that they and Americans simply disagree on where the line must be drawn. At the same time, pro-democracy activists say that American companies and the American government aren’t doing enough work insisting upon the universality of American values.

The most salient legislative response has been the Global Online Freedom Act (GOFA), proposed by Representative Chris Smith (R-NJ). GOFA would require the State Department to track internet-restricting countries and then forbid US corporations from a) storing users’ personal data within the borders of those countries or b) turning over any personally identifiable information to law enforcement within those countries without first seeking the permission of the US Department of Justice. Many pro-free-speech non-profits have praised the GOFA bill as an “advance for online free expression.” Commentators have also suggested, however, that it is unworkable in practice, and would in effect require US companies to cease doing meaningful business within such countries.

Some corporations have pushed instead for a non-government-driven multi-stakeholder plan of action. Several of the largest American online service providers, including Microsoft, Google, and Yahoo!, have joined forces with the Berkman Center to develop the Global Network Initiative (GNI). The GNI lays out a set of universal principles to be referenced when making difficult human rights decisions; it then gives implementation guidance to boards considering those principles on a case-by-case basis as requests for users' data come in. Some of the Congressional critics of these companies have been mollified by the evident progress. At the same time, some legal scholars and privacy specialists (see Rotenberg quote "It's good that companies are paying more attention to the need to safeguard fundamental rights on the Internet, but this proposal lacks specific recommendations and fails to address key concerns about the surveillance and censorship of Internet users") say the GNI is not widely enough accepted or equipped with severe enough penalties to make a serious difference.

Meanwhile, countries wary of indiscriminate speech have started to look at alternatives of their own. This past year, the International Telecommunications Union (ITU), a specialized agency of the United Nations that deals with the regulation of international telecommunications issues, opened up a study group on Question 6-17 (Q6/17). The Q6/17 group was chartered at the request of a state-owned Chinese telecommunications firm to investigate the feasibility link to .doc of retrofitting the internet with Internet Protocol (IP) traceback technology. IP packets, the individual "envelopes" used to send information across the internet, are difficult, if not impossible, to follow back from their destination to their source. IP traceback technology would use new software and hardware to retrofit tracing mechanisms onto the internet as built, so as to make it easier to find the sender of a given message. The proponents of Q6/17 suggest that it could be used to make it more difficult to remotely infect computers with viruses or make anonymous threats online. Privacy specialists, however, suspect that the major purpose is to crack down on unwanted speech.

Required Readings

Early brainstorming on this topic

Additional Readings

(Some of these and additional readings will be broken down by simulation group)

Audio:

• http://rconversation.blogs.com/rconversation/2008/07/on-the-media-in.html (Episode of On The Media w/ Rebecca MacKinnon)

Video

• http://www.youtube.com/watch?v=PMorzIBHmrA (Conversation about GNI on CSPAN w/ Michael Samway and Julien Sanchez)

Text

“Just the Facts” Reporting

• http://news.bbc.co.uk/2/hi/technology/7696356.stm

• http://www.nytimes.com/2008/10/28/technology/internet/28privacy.html?_r=1&oref=slogin

Critiques

• http://writ.news.findlaw.com/ramasastry/20081212.html (Anita Ramasastry, Associate Professor at University of Washington School of Law)

• http://www.rsf.org/article.php3?id_article=29117 (Reporters without Borders, an NGO that was part of the talks but didn’t sign onto the GNI at the end)

• http://www.eff.org/files/filenode/gni/signon_letter.txt (Electronic Frontier Foundation, an NGO that was part of the talks and did sign onto the GNI at the end)

• http://www.thenation.com/doc/20060313/mackinnon (Rebecca MacKinnon, writing in The Nation before the GNI existed, discusses four companies' culpability and diagnoses a major flaw with GOFA)

Links

http://blogs.wsj.com/chinajournal/2008/10/28/parsing-the-google-yahoo-microsoft-global-network-initiative/

http://www.nytimes.com/2008/11/30/magazine/30google-t.html?_r=1&adxnnl=1&partner=permalink&exprod=permalink&adxnnlx=1229749063-T7qNc5xv9ZLDiLcjc8AZxQ&pagewanted=print

http://blog.wired.com/27bstroke6/2008/04/republican-hous.html

http://rconversation.blogs.com/rconversation/2007/01/google_yahoo_mi.html

http://www.circleid.com/posts/print/20081028_global_network_initiative/

http://www.guardian.co.uk/technology/2008/oct/30/amnesty-global-network-initiative

http://www.economist.com/world/asia/displaystory.cfm?story_id=12783609

http://www.huffingtonpost.com/michael-a-santoro-and-wendy-goldberg/chinese-internet-censorsh_b_156212.html

http://news.cnet.com/8301-13578_3-10040152-38.html (Declan McCullagh of CNet News on Q6/17, including links to several leaked ITU documents)

How Administered

A little less than a week before class

We emailed each group directly:

Dear [Group Members],

For the Anonymity and Privacy class this coming week, we're going to run things slightly differently. The class will be divided into six groups, and each group will be given an identity as a participant in the ongoing global battle over anonymous speech online, as well as a series of unique readings giving some specialized background. Then, in class, we'll introduce some general background and then have an exercise involving both y'all and our guest. See the last page of the attachment for your readings. (You're a little smaller than the other groups; don't worry, your job will mostly be to make trouble.)

Cheers, Joshua, Conor, and Dan

Each Group received its own attached set of readings (linked immediately below):

Group 1 Group 2 Group 3 Group 4 Group 5 Group 6

The day of class

We showed up early and set up the room. We placed most of the classroom's tables against the wall, and placed the chairs just inside of them, to make sure there was a big "public" space in the middle of the room for the second half of the class. (Here's a room plan, which didn't work out exactly as pictured here, but the idea is what counts)

Plan

We started the class with a Power Point presentation that reviewed the basic outline of the class (to refresh students who might have only skimmed the reading).

+ Clip

When that was finished, we hosted a conversation between two stakeholders (Colin MacClay of the Berkman Center and Andrew McLaughlin from Google).

+ Clip

Once everyone was caught up to speed on the tensions they'd have to navigate in the simulation, Josh explained the simulation to all class participants.

+ Clip

At the end of the simulation, the groups gave in their final proposals:

+ Proposals

Our judge, the Berkman Center's Colin MacClay, gave his feedback on the proposals.

+ Clip

After class, we gave all of the participants an opportunity to vote on the proposals:

Reactions and suggestions

Evaluation of the class

Role of technology

Additional suggestions for future classes

Note to self: Joe, Miriam, Mark, Jon Fildes, Elana, Melissa