EFF Challenges Secret Government Order to Shut Down Media Websites

The International Telecommunication Union (ITU) will hold the World Conference on International Telecommunications (WCIT-12) in December in Dubai, an all-important treaty-writing event where ITU Member States will discuss the proposed revisions to the International Telecommunication Regulations (ITR). The ITU is a United Nations agency responsible for international telecom regulation, a bureaucratic, slow-moving, closed regulatory organization that issues treaty-level provisions for international telecommunication networks and services. The ITR, a legally binding international treaty signed by 178 countries, defines the boundaries of ITU’s regulatory authority and provides "general principles" on international telecommunications. The ITR represents one of four ITU treaties that were adopted in 1998 and came into force in 1990. However, media reports indicate that some proposed amendments to the ITR—a negotiation that is already well underway—could potentially expand the ITU’s mandate to encompass the Internet.

In similar fashion to the secrecy surrounding ACTA and TPP, the ITR proposals are being negotiated in secret, with high barriers preventing access to any negotiating document. While aspiring to be a venue for Internet policy-making, the ITU does not appear to be very open to the idea of allowing all stakeholders (including civil society) to participate. The framework under which the ITU operates does not allow for any form of open participation. Mere access to documents and decision-makers is sold by the ITU to corporate “associate” members at prohibitively high rates. Indeed, the ITU’s business model appears to depend on revenue generation from those seeking to ‘participate’ in its policy-making processes. This revenue-based principle of policy-making is deeply troubling in and of itself, as the objective of policy making should be to reach the best possible outcome.

Release the documents

The ITU should urgently lift restrictions on sharing the preparatory materials and ITR amendments, and release the documents. The current preparatory process lacks the transparency, openness of process, and inclusiveness of all relevant stakeholders that is the hallmark of Internet policy-making. A truly multi-stakeholder participation model requires equal footing for each relevant stakeholders including civil society, the private sector, the technical community, and participating governments. These principles are the minimum that one could expect following commitments made at the World Summit on Information Society (WSIS). The ITU Secretary-General Dr. Hamadoun I. Touré reiterated these commitments last year at the Internet Governance Forum in Kenya:

In its own words, the "ITU remains firmly committed to the WSIS process," and it considers itself to have "made considerable progress in many areas in advancing the implementation of the WSIS outcomes."

And in practice? Not likely. This is why EFF, European Digital Rights, CIPPIC and CDT and a coalition of civil society organizations from around the world are demanding that the ITU Secretary General, the  WCIT-12 Council Working Group, and ITU Member States open up the WCIT-12 and the Council working group negotiations, by immediately releasing all the preparatory materials and Treaty proposals. If it affects the digital rights of citizens across the globe, the public needs to know what is going on and deserves to have a say. The Council Working Group is responsible for the preparatory work towards WCIT-12, setting the agenda for and consolidating input from participating governments and Sector Members.

We demand full and meaningful participation for civil society in its own right, and without cost, at the Council Working Group meetings and the WCIT on equal footing with all other stakeholders, including participating governments. A transparent, open process that is inclusive of civil society at every stage is crucial to creating sound policy.

Respect the multi-stakeholder process

Civil society has good reason to be concerned regarding an expanded ITU policy-making role. To begin with, the institution does not appear to have high regard for the distributed multi-stakeholder decision making model that has been integral to the development of an innovative, successful and open Internet. In spite of commitments at WSIS to ensure Internet policy is based on input from all relevant stakeholders, the ITU has consistently put the interests of one stakeholder—Governments—above all others. This is discouraging, as some government interests are inconsistent with an open, innovative network. Indeed, the conditions which have made the Internet the powerful tool it is today emerged in an environment where the interests of all stakeholders are given equal footing, and existing Internet policy-making institutions at least aspire, with varying success, to emulate this equal footing. This formula is enshrined in the Tunis Agenda, which was committed to at WSIS in 2005:

83. Building an inclusive development-oriented Information Society will require unremitting multi-stakeholder effort. We thus commit ourselves to remain fully engaged—nationally, regionally and internationally—to ensure sustainable implementation and follow-up of the outcomes and commitments reached during the WSIS process and its Geneva and Tunis phases of the Summit. Taking into account the multifaceted nature of building the Information Society, effective cooperation among governments, private sector, civil society and the United Nations and other international organizations, according to their different roles and responsibilities and leveraging on their expertise, is essential.

84. Governments and other stakeholders should identify those areas where further effort and resources are required, and jointly identify, and where appropriate develop, implementation strategies, mechanisms and processes for WSIS outcomes at international, regional, national and local levels, paying particular attention to people and groups that are still marginalized in their access to, and utilization of, ICTs.

Indeed, the ITU’s current vision of Internet policy-making is less one of distributed decision-making, and more one of ‘taking control.’ For example, in an interview conducted last June with ITU Secretary General Hamadoun Touré, Russian Prime Minister Vladimir Putin raised the suggestion that the union might take control of the Internet: “We are thankful to you for the ideas that you have proposed for discussion,” Putin told Touré in that conversation. “One of them is establishing international control over the Internet using the monitoring and supervisory capabilities of the International Telecommunication Union (ITU).”

Perhaps of greater concern are views espoused by the ITU regarding the nature of the Internet. Yesterday, at the World Summit of Information Society Forum, Mr. Alexander Ntoko, head of the Corporate Strategy Division of the ITU, explained the proposals made during the preparatory process for the WCIT, outlining a broad set of topics that can seriously impact people's rights. The categories include "security," "interoperability" and "quality of services," and the possibility that ITU recommendations and regulations will be not only binding on the world’s nations, but enforced.

In this sense, it is somewhat concerning that the ITU appears to draw its inspiration for Internet reform from the earliest days of the network. For example, earlier this year, Ntoko zeroed in on online anonymity, which EFF has fought to protect in the past. Citing the early days of ARPAnet, when the Internet consisted of a number of academic institutions who could identify each other by IP address, Ntoko has expressed his view regarding the anonymous nature of the Internet as: "[it] wasn't always that way, and shouldn't be in the future."

Rights to online expression are unlikely to fare much better than privacy under an ITU model. During last year’s IGF in Kenya, a voluntary code of conduct was issued to further restrict free expression online. A group of nations (including China, the Russian Federation, Tajikistan and Uzbekistan) released a Resolution for the UN General Assembly titled, “International Code of Conduct for Information Security.”  The Code seems to be designed to preserve and protect national powers in information and communication. In it, governments pledge to curb “the dissemination of information that incites terrorism, secessionism or extremism or that undermines other countries’ political, economic and social stability, as well as their spiritual and cultural environment.” This overly broad provision accords any state the right to censor or block international communications, for almost any reason.

Promote openness and transparency

Currently, there are several organizations dealing with Internet Policy at the global and regional level. The Committee of Ministers of the Council of Europe issued guidance on Internet governance in a Declaration on Internet Governance Principles. It emphasizes the need for openness and transparency:

Multi-stakeholder governance

The development and implementation of Internet governance arrangements should ensure, in an open, transparent and accountable manner, the full participation of governments, the private sector, civil society, the technical community and users, taking into account their specific roles and responsibilities. The development of international Internet-related public policies and Internet governance arrangements should enable full and equal participation of all stakeholders from all countries.

Responsibilities of states

States have rights and responsibilities with regard to international Internet-related public policy issues. In the exercise of their sovereignty rights, states should, subject to international law, refrain from any action that would directly or indirectly harm persons or entities outside of their territorial jurisdiction. Furthermore, any national decision or action amounting to a restriction of fundamental rights should comply with international obligations and in particular be based on law, be necessary in a democratic society and fully respect the principles of proportionality and the right of independent appeal, surrounded by appropriate legal and due process safeguards.

Decentralised management

The decentralised nature of the responsibility for the day-to-day management of the Internet should be preserved. The bodies responsible for the technical and management aspects of the Internet, as well as the private sector should retain their leading role in technical and operational matters while ensuring transparency and being accountable to the global community for those actions which have an impact on public policy.

There are some factors in place that may insulate strong democracies such as the United States from the more harmful elements of the ITU proposal. As with all international policy-making venues, ITU outputs will not become law until enacted domestically by member states such as the United States, Canada o Sweden. This means that any ITU policies antithetical to a free and democratic society might not make it into domestic law.  Central to this will be the legitimacy of the institution, and the United States government, for example, has already stated that the ITU’s lack of adherence to multi-stakeholder principles is deeply problematic and a barrier to the institution’s legitimacy.

In spite of this, a closed and expanded ITU policy-making role remains a threat to an already fragile public interest. Several governments have continuously sought to launder unpopular measures through international intergovernmental venues that would subvert democratic Internet principles or hard-won international human rights law protections. The Council of Europe’s Cybercrime Treaty is a good example of policy laundering at an international level. Similarly, multi-lateral or pluri-lateral agreements, like ACTA and TPP, are a way to bypass national and global inter-governmental institutions that are more transparent and open to civil society participation as well as democratic checks and balances.

The ITU proposal will establish an ongoing source of international policy that does not have the interests and rights of Internet users in mind. Further, unlike other venues which recognize the importance of ongoing flexibility in Internet policy-making, the ITRs are a treaty, legally binding on its signatories. While the ITU’s refusal to commit to a multi-stakeholder model may act to safeguard strong democracies such as the United States, Europe and Canada from its more harmful policy outputs, countries with weaker internal democratic protections will find it more difficult to provide such insulation. Even countries with well-entrenched safeguards for human rights may be tempted to adopt laws that conflict with human rights where these align with powerful domestic interests, as was demonstrated by recent attempts to pass SOPA/PIPA and CISPA in the United States.

We urge the ITU Secretary General et al to ensure that the outcomes of the WCIT and its preparatory process truly represent the common interests of all who hold a stake in the future of our information society. If your government is a member of ITU, demand transparency and tell them to open the process and disclose the WCIT preparatory documents and Treaty amendments. 

According to a recent investigation by the Swedish news show Uppdrag Granskning, Sweden’s telecommunications giant Teliasonera is the latest Western country revealed to be colluding with authoritarian regimes by selling them high-tech surveillance gear to spy on its citizens. Teliasonera has allegedly enabled the governments of Belarus, Uzbekistan, Azerbaijan, Tajikistan, Georgia and Kazakhstan to spy on journalists, union leaders, and members of the political opposition. One Teliasonera whistle-blower told the reporters, “The Arab Spring prompted the regimes to tighten their surveillance. ... There’s no limit to how much wiretapping is done, none at all.”

The investigative report, titled “Black Boxes,” in reference to the black boxes Teliasonera allowed police and security services to install in their operation centers--which granted them the unrestricted capability to monitor all communications—including Internet traffic, phone calls, location data from cell phones, and text messages—in real-time. This has caused concern among Swedish citizens and Teliasonera shareholders, who had previously been assuaged by assurances from the telecommunications company that they follow the law in the countries in which they are operating. After a meeting with Peter Norman, Sweden’s Minister of Financial Markets, the chairman of Teliasonera’s board of directors issued a statement, announcing that they had launched “an action programme for handling issues related to protection of privacy and freedom of expression in non-democratic countries, in a better and more transparent way.”

Teliasonera’s declaration of good intentions may be too little too late after the damning evidence of abuse compiled by Uppdrag Granskning. Documents obtained by their investigators showed an Azerbaijani had his phone tapped after he published a piece about being beaten at the hands of government security agents while covering a story. The report also found that black-box surveillance was used in Belarus to track down, arrest, and prosecute protesters who attended an anti-government protest rally following the 2010 Belarusian presidential election. One Azerbaijani citizen says he was interrogated solely due to the fact that he voted for the Armenian representative in the 2009 Eurovision song contest.

In the post-Soviet state of Georgia, these recent revelations have prompted the Georgian Young Lawyers Association (GYLA) to challenge indiscriminate wiretapping in their country, alleging that far from complying with local statutes, Teliasonera was breaking Georgian law.

GYLA points out that the Georgian criminal code and constitution protect personal information such as private phone calls. Police must obtain a court order before they can listen in to a citizen’s private phone conversations. GYLA attorney Maya Khutsishvili says that companies can only provide private information about a person to investigative bodies based on such a court order—and that a court’s ruling must indicate why the investigative body needs to listen to a specific person or receive other kinds of personal information.

EFF believes that for Western countries providing telecommunications equipment or services, merely complying with the law is insufficient. Authoritarian regimes can interpret the law in ways that justify unlimited spying on journalists and political dissidents. Or, as is the case in Georgia, the laws on the books are not enforced—unrestricted surveillance is the order of the day. If tech companies want to avoid being repression’s little helper, they must know their customer and refrain from cooperating with governments that they believe will use their technology to facilitate human rights violations.

A series of events in the last two weeks have set the stage for how surveillance drones will be operated by local law enforcement in the United States and how citizens can demand privacy protections as domestic use escalates.

As EFF has previously reported, Congress passed a bill in February mandating the FAA must open national airspace to drones, despite the extensive and unprecedented civil liberties dangers they pose to every American. The FAA, in new rules announced on Monday, made the authorization procedure easier, stating they have “streamlined the process” for “public agencies”—which includes local law enforcement—to legally operate drones in U.S. skies.

We know that dozens of law enforcement agencies already have drones, based on information from EFF’s Freedom of Information Act lawsuit over the FAA’s initial refusal to release the list of authorizations. And one of the biggest cities with a police department on the list was Seattle.

It turned out Seattle’s city council—which oversees the police department—was just as surprised as many citizens to see Seattle Police Department’s name on the list. The city council learned about the drones through a reporter asking questions related to EFF’s lawsuit, not through official channels. After front page stories in the Seattle Times and an official apology from the Seattle police department, Seattle is now the first city to consider privacy safeguards for drone use by law enforcement.

The ACLU of Washington has asked the city council to pass a legally binding ordinance detailing “what kind of information can be collected, who can collect it, how the information can be used, and how long it can be kept,” along with “an auditing process to make sure the policies are followed.”  The Seattle Times agreed. In an editorial written on May 6, the city’s largest paper urged city council to adopt “usage restrictions, image-retention limits, and regular audits and reviews of drones as a law-enforcement tool.”

Seattle’s Police Department has already pledged drones would not be used for surveillance, and only “for situations like crime scene photography, missing person searches, and barricaded person scenarios.” They’ve also indicated they would work with the FAA to develop privacy policies. But as the Seattle Times noted, privacy safeguards must be implemented by binding ordinance, “not by policy nods, promises and good intentions.”

In a similar incident just yesterday, after the Shelby County Tennessee sheriff’s office requested two drones as part of a $400,000 Homeland Security grant, the Shelby county commission questioned the Sheriff’s Office on how they would be using the drone and asked them to draw up privacy guidelines. The sheriff’s office promptly withdrew its request for drones. But encouragingly, the commission is still pushing the sheriff’s office for privacy policies. As the Memphis Daily News reported, “several commissioners said they might still pursue setting some guidelines on the use of such surveillance through a memorandum of understanding with the sheriff’s office.”

Responding to an EFF public records request, Miami-Dade County also released information about its drones earlier this week, which it bought using a grant from the Justice Department (DOJ).

The FAA itself estimates that there may be as many as 30,000 drones in the US by the year 2020, and with the loosened restrictions coupled with the Department of Homeland Security and DOJ issuing grants for local police forces to buy drones, it’s imperative that local governments act swiftly to ban surveillance drones outright or institute robust safeguards for their citizens. Americans cannot afford to wait for the FAA or Congress to act.

Does your local police department own and operate a drone? Check out our interactive map here to find out.

EFF would also like your help. In the coming days, we’re going to announce a crowd-sourcing campaign aimed at finding out as much information as possible on each law enforcement agency’s use of drones and how citizens can voice their concerns to their local governments. Right now, if you have any information on how your local law enforcement plans to use drones, email dronesinfo@eff.org. You can get this information by calling your local police department.

And stay tuned for more, as we plan on announcing a detailed campaign soon.

Civil Society Seeks Access to Planning Documents for Secret Negotiations Around Internet Regulation

An upcoming treaty renegotiation process could prove to have dire implications for digital civil rights. As we have explained, the World Conference on International Telecommunications – "WCIT" for short, pronounced “wicket” by insiders – will be held in Dubai this coming December, and preparations for this important treaty-writing conference are in full swing. The forum is being organized by a secretive United Nations agency called the International Telecommunication Union (ITU).

The fear that’s been bouncing around the blogosphere amid civil society organizations this week is that the WCIT could be used to push through expansion of the ITU’s mandate beyond telecommunications, to encompass the Internet. 

This does not bode well for the future of the Internet.

At the WCIT, member states will hash out revisions to a set of regulations that make up a treaty called the International Telecommunication Regulations, or ITRs. Some proposed revisions to the ITRs have already been made, but they haven’t been made public. This renegotiation process could prove to have a serious impact on online civil liberties – yet the talks are being held in secret, without adequate input from the organizations that represent the public interest.

If negotiations continue down this path, we could end up with a treaty that allows for greater governmental control over the Internet.  

That’s why EFF and 30+ civil society organizations issued a letter May 17 demanding that the ITU ends its secrecy. We are calling for the immediate release of all the documents describing preparations for WCIT and proposed ITR revisions. Since it’s prohibitively expensive to obtain the planning documents that are being drafted in advance of the WCIT, it’s impossible for most public interest participants to review them and weigh in with informed opinions.

Joe McNamee, Advocacy Coordinator, European Digital Rights (EDRi), a coalition of 32 privacy and civil rights organisations based in Europe, told EFF:

Beyond the creaking bureaucracy, the undemocratic procedures and the fact that the ITU effectively sells access to decision-makers through exorbitant corporate membership fees, the single biggest practical problem with the ITU is that it moves extremely slowly and cannot readily remedy any mistakes that it makes. Any damaging policy adopted under this process will burden global freedom of communications for years to come.

Jérémie Zimmermann, co-founder and spokesperson of citizen advocacy group La Quadrature du Net, told EFF:

“This trend by governments to increasingly use trade agreements and treaties to try to control a free, open and universal Internet is alarming. Citizens must take action and expose their governments' roles in these negotiations, in order to protect the networked public sphere that we all share as a common good.”

The secrecy surrounding these talks brings to mind the closed-door negotiations that civil society has condemned throughout negotiations of ACTA and the TPP, as Milton Mueller of the Internet Governance Project pointed out in a recent blog. Mueller noted that ACTA was negotiated in secret to appease the copyright and intellectual property lobbies, but this tactic ultimately backfired because “the closed process … gave the resulting treaty a lack of legitimacy,” triggering organized opposition.

It’s time for ITU to respect the multi-stakeholder process and let the sun shine in. All restrictions on sharing the preparatory materials and proposed ITR amendments should be lifted, and the documents should be released and subjected to public scrutiny.

We demand transparency, and call upon the ITU to open the process and disclose the WCIT preparatory documents and treaty proposals.  The public should not be kept in the dark.

Letter from Civil Society

Civil society organizations and academics are invited to join this call to address deficiencies in the WCIT process. For more information, contact signon@cdt.org.

17 May 2012

To Secretary-General Dr. Hamadoun Touré, the Council Working Group to Prepare for the WCIT-12, and ITU Member States:

The undersigned human rights advocates, academics, freedom of expression groups, and civil society organizations write to express our desire to participate in the preparatory process undertaken for the World Conference on International Telecommunications (WCIT).  The current preparatory process lacks the transparency, openness of process, and inclusiveness of all relevant stakeholders that are imperative under commitments made at the World Summit on Information Society (WSIS).  We ask that the Secretary-General, the Council Working Group, and Member States work to resolve these process deficiencies in several concrete ways.  

The continued success of the information society depends on the full, equal, and meaningful participation of civil society stakeholders (along side the private sector, the academic and technical community, and governments) in the management of information and communications technology, including both technical and public policy issues.  Indeed, WSIS outcome documents recognize the need for a multi-stakeholder approach in technical management and policy decision-making for ICTs.   The Tunis Agenda for the Information Society urges international organizations “to ensure that all stakeholders, particularly from developing countries, have the opportunity to participate in policy decision-making … and to promote and facilitate such participation.”   And such participation depends on transparency and openness of process at every stage of substantive and procedural dialogue.  

Yet there has been scant participation by civil society in the Council Working Group’s preparatory process for the WCIT so far, even as media reports indicate that some Member States have proposed amending the International Telecommunication Regulations to address issues that could impact the exercise of human rights in the digital age, including freedom of expression, access to information, and privacy rights.  Under the current process, civil society participation is severely limited by restrictions on sharing of preparatory documents, high barriers for ITU membership (including cost), and lack of mechanisms for remote participation in preparatory meetings.  

As an important step towards fulfilling WSIS commitments for building a more inclusive information society, the undersigned request that the Secretary-General, the Council Working Group, and Member States:

• Remove restrictions on the sharing of WCIT documents and release all preparatory materials, including the Council Working Group’s final report, consolidated reports from all preparatory activity, and proposed revisions to the International Telecommunication Regulations; 
• Open the preparatory process to meaningful participation by civil society in its own right and without cost at Council Working Group meetings and the WCIT itself, providing formal speaking opportunities and according civil society views an equal weight as those of other stakeholders.  Facilitate remote participation to the extent possible; and
• For Member States, open public processes at the national level to solicit input on proposed amendments to the International Telecommunication Regulations from all relevant stakeholders, including civil society, and release individual proposals for public debate.  

We welcome Secretary-General Touré’s commitment to creating a more inclusive information society and ensuring equitable access to ICT around the world.  Collectively and individually, the undersigned human rights advocates, academics, freedom of expression groups, and civil society organizations work to fulfill this vision through a range of national and global institutions and we call for the same opportunity to engage at the WCIT, consistent with WSIS commitments.  We urge you to ensure the outcomes of the WCIT and its preparatory process truly represent the common interests of all who have a stake in the future of our information society.  

Sincerely,

Under a new policy announced today, Twitter will be suggesting accounts for Twitter users to follow based on data collected from an individual’s browsing habits on websites that have embedded Twitter buttons. While this is sure to garner scrutiny from the press and public, Twitter is also taking a pioneering step toward respecting users’ privacy choices: it has committed to respecting Do Not Track -- a simple browser setting users can turn on to tell website they don’t want to be tracked. Often framed as a signal from users to behavioral advertisers, Do Not Track isn’t actually about ads we see online; it’s about user control over tracking of our web usage that could be used to build an intimate portrait of our online lives. Twitter is showing an inventive way that websites other than behavioral advertisers can respect Do Not Track. We’re heartened to see this forward-thinking approach and hope other sites with embedded widgets will follow suit.

If you haven’t done so already, this is a great reminder to turn on Do Not Track; Twitter has a tutorial for doing this on different browsers.

Here’s how the suggested accounts will work under the new Twitter privacy policy: when you browse around the Internet to pages with embedded Twitter share buttons1, Twitter is able to collect a certain amount of information about you through a unique browser cookie. Then when you sign up for or log into Twitter, the site will be able to suggest that you follow the accounts of individuals who are popular among others who visited the same sites as you. Twitter calls this “tailoring” your Twitter experience based on your web browsing.

For example, many of those who visit BoingBoing.net likely follow the account of @doctorow, the digital-rights-loving BoingBoing founder Cory Doctorow. If you sign up for Twitter and you’ve got a browser cookie from Twitter showing that you recently visited BoingBoing, you might see @doctorow listed as a suggested user even before you’ve started interacting with Twitter. Twitter will be relying on data collected about your browsing habits within the last 10 days (after 10 days, they start discarding data). When you start a Twitter account, you’ll have the option to turn off the tailored suggestions. Unchecking this box won’t just stop the suggestions from appearing – it’ll actually remove the unique cookie that Twitter uses to track your browsing habits and show you tailored user suggestions.2

Established Twitter users may find suggested users under the "Who To Follow" sections of Home and Discover. Just like with new users, established users can uncheck the “tailor” Twitter box in their account settings to stop the data collection about their web browsing.

Do Not Track makes this a lot simpler – no messing with account settings or unchecking any boxes to keep your privacy. If you’ve got Do Not Track selected in your browser settings, then Twitter assumes you just don’t want them collecting details of your online browsing habits in an identifiable way. Users who have turned on Do Not Track will find, upon signing up for Twitter, that the “tailor Twitter” button is unchecked by default. Similarly, established users who had Do Not Track already enabled in the days before the new policy took effect will also find the account personalization turned off by default. Users who enable Do Not Track must change their privacy settings if they want the “tailored” Twitter experience.

As with Facebook, Twitter also treats users differently depending on whether or not they are logged out. If you’re a Twitter user wanting to protect your browsing privacy, then remember to log out when you leave the site so that Twitter won't associate your online browsing habits with your Twitter account.

There’s sure to be a lot of discussion about Twitter’s decision to use data collected through social widgets for increased site personalization. If nothing else, this is a good opportunity for everyone to reconsider the nature of our highly trackable online lives, where corporations we do and don’t have relationships with can vacuum up highly sensitive data about what we do on the web and even a savvy user can’t win the arms race against online tracking. This is exactly the promise of Do Not Track: to make it easy for everyday Internet users to clearly indicate a preference not to be tracked around the web, whether it’s by a social network or an advertiser or another data-hungry corporate entity. 

We’ve previously examined Facebook’s practices when it comes to collecting browsing data on users and urged it to respect the Do Not Track flag. So, in the wake of Twitter’s decision to respect Do Not Track, we’re calling on other social networking sites to start respecting user choice as well. The time has come for websites to start listening to users when it comes to privacy, and there’s no easier way for a user to tell companies “Don’t track me” than to turn on Do Not Track.

Get started now by checking out the tutorial Twitter created for turning on Do Not Track.

• 1. Eff.org has Twitter icons that allow visitors to share content from our site on Twitter but we have chosen not to embed Twitter code on our site, so visiting eff.org will not result in data about your visit going to Twitter.
• 2. Note: this doesn’t mean Twitter will stop collecting all data on you. They’ll still be able to collect aggregate data about your browsing habits for analytics and security, but they won’t set a cookie and they won’t use data to suggest users to you or tailoring your Twitter experience.

Fifty leading U.S. legal scholars cast fresh doubt on the constitutionality of the Anti-Counterfeiting Trade Agreement in an open letter to the Senate Finance Committee today. (Press Release). At issue is whether the Office of the United States Trade Representative (USTR) had authority to enter into the controversial IP enforcement agreement on behalf of the United States when the Deputy U.S. Trade Ambassador signed ACTA in October 2011. The law professors say no, and call on the Senators to “exercise your constitutional responsibility to ensure that the Anti-Counterfeiting Trade Agreement (ACTA) is submitted to the Senate for approval as an Article II treaty, or to the Congress as an ex-post Congressional-Executive Agreement.”  

We, too, have wondered about the USTR’s authority to enter into this agreement. That’s why we made a request under the U.S. Freedom of Information Act to the State Department in February for key documents that set out the State Department’s analysis of the constitutional basis for ACTA – the “Circular 175” memorandum, and the accompanying Memorandum of Law.

As the State Department’s website states, the Circular 175 procedure is the way that the State Department “seeks to confirm that the making of treaties and other international agreements by the United States is carried out within constitutional and other legal limitations, with due consideration of the agreement's foreign policy implications, and with appropriate involvement by the State Department.”  Circular 175 memoranda must be accompanied by a Memorandum of Law prepared by the Office of the Legal Advisor in the State Department, which generally includes a discussion of the appropriate legal analysis underlying implementation of the treaty at issue.

The State Department is required to prepare these documents for all treaties and other international instruments that bind the United States as a matter of international law under 22 CFR Part 181.  No agencies can conclude an international agreement in the name of the United States without first consulting with the State Department, and the determination of whether an agreement is an international agreement for this purpose must be made by the Office of the Legal Advisor to the State Department.

We have now received the State Department’s response. It’s short:  the State Department has not created a Circular 175 memorandum and accompanying Memorandum of Law for ACTA:

“Based on the subject matter of your request, we consulted with subject matter experts in the Office of the Legal Advisor. These officials advised us that no Circular 175 Memorandum or Memorandum of Law were ever issued for the Anti-Counterfeiting Trade Agreement. The officials also told us that USTR has lead within the U.S. Government for this issue.”

This suggests that ACTA was not submitted to the normal State Department review process to determine its constitutionality before it was signed by the Deputy Trade Ambassador.

Since the State Department’s Legal Office must decide whether a proposed instrument is an “international agreement” for this process, it’s possible that the State Department was consulted but decided that ACTA was not an “international agreement”.  If so, where is the Memorandum explaining why ACTA should not be considered an “international agreement” despite all appearances to the contrary?

Given that, the FOIA response appears to confirm what we’ve long suspected – that USTR was acting on a folly when it negotiated and signed ACTA, in the absence of Trade Promotion Authority which had expired on July 1, 2007, and without consulting the US government agency that is entrusted with ensuring that international agreements abide by appropriate constitutional process.

It is important to understand that the way that ACTA was negotiated and subsequently signed by the USTR raises fundamental questions about the separation of powers set out in the U.S. Constitution. ACTA deals with powers over subject matter – intellectual property and foreign trade –that the Constitution’s Article I gives exclusively to Congress. Specifically, there are three ways that the U.S. can bind itself to international agreements dealing with Article 1 subject matter. First, an agreement can be ratified under the Treaty Clause, which requires a vote by two-thirds of the Senate. Second, Congress can pass a law that authorizes the negotiation of an international agreement (ex ante authorization). Third, Congress can approve an agreement that has been negotiated by the Executive Branch after the fact, or “ex post”, by passing the agreement, subject to amendment, through both houses of Congress and having the President sign it into law. These agreements are known as ex-post Congressional-Executive Agreements.

As we’ve reported before, during the ACTA negotiations, the USTR consistently maintained that it was a Sole Executive Agreement dealing with matters delegated to the President and, on that basis, did not need Congressional review and approval. Then, in a surprising about-face, the Executive changed its explanation of the constitutional basis for ACTA in March 2012. In a letter responding to a request from the Chair of the Senate Finance Committee's Trade Subcommittee, Senator Wyden, on March 6, the Legal Advisor to the State Department, Howard Koh, implied that Congress had authorized the Executive to negotiate ACTA in response to the 2008 Prioritizing Resources and Organization for Intellectual Property Act (PRO-IP Act).  On March 7, the U.S. Trade Ambassador followed that line, and testified in a Senate hearing that ACTA was negotiated with the authorization of Congress, quoting directly from Koh’s letter.

As we noted at the time, it seemed implausible that Congressional authorization was granted in legislation that was enacted the year after ACTA negotiations were announced, on October 23, 2007. In addition, as the legal scholars’ letter notes, the provision cited in the State Department Legal Advisor’s letter – section 8113(a)(6) of the PRO-IP Act  – does not actually direct the USTR to negotiate an international agreement, let alone one with ACTA’s far-reaching characteristics. ACTA requires creation of an unelected ACTA Committee that has the final say on ACTA implementation in U.S. law, ousting any role for Congress. If Congress had intended to grant ex ante authorization to the USTR to negotiate an international agreement that would limit Congress’ role and impede its ability to legislate, it seems more likely that it would have chosen to do so expressly.

The legal scholars conclude that:

“..the Administration currently lacks a means to constitutionally enter ACTA without ex post Congressional approval. The present issue reaches far beyond the topical matters covered by ACTA, into the fundamental Constitutional issue of separation of powers. If Congress allows the executive to claim that ACTA was authorized by language that clearly does not authorize the agreement, it will be ceding unprecedented power to the executive."

We agree.

The legal scholars also call on the members of the Senate Finance Committee to act, noting that:

“Remedying this state of affairs is uniquely within Congress’s province. Congress, and specifically the Senate as the Constitutionally recognized chamber with responsibilities for the approval of treaties, should secure from the administration a public pledge to send ACTA to the Senate as a treaty, or to the Congress as an ex-post Congressional-executive Agreement. Absent a pledge to this effect, we encourage the Committee to hold hearings and to pass legislation that would prevent the United States from binding itself to ACTA without express Congressional consent.”

Now it’s up to the members of the Senate Finance Committee to rectify this unconstitutional power grab by an unaccountable Executive Branch agency, and protect the fundamental separation of powers embodied in the U.S. Constitution.

Meanwhile, the process of ratifying ACTA has noticeably slowed down in the rest of the world.  As Sean Flynn from American University’s Program on Information Justice and the Public Interest notes, the fresh doubt about ACTA’s constitutionality under U.S. law is “one component of the larger context casting increasing doubt that ACTA can ever go into force.” In recent months we’ve witnessed growing concerns about ACTA’s impact that have led to delays in the signing and ratification of ACTA in the EU, Switzerland, Mexico, Australia, and New Zealand. Let's hope that the members of the Senate Finance Committee heed the law professors' call to action and ensure that the U.S. undertakes the same rigorous public process that is underway in other countries.

~

For more about the broader implications of the constitutional problems with ACTA, check out this insightful op-ed from Margot Kaminski, Executive Director of the Information Society Project at Yale Law School.

Iran Continues March Towards “Halal Internet”

This past weekend, Iran’s minister of telecommunications announced that domestic institutions including banks, telecom companies, insurance firms, and universities are now prohibited from dealing with emails that do not come from an “.ir” domain name. This means that customers who use foreign email clients such as Gmail, Yahoo!, and Hotmail will have to switch to domestic Iranian accounts, which are subject to Iranian legal jurisdiction.

While the announcement suggests that the use of foreign email clients leaves Iranian data vulnerable security breaches, the forced move to domestic email services makes it easier for the government to monitor its own citizens. The Telecommunications Ministry insists “that the crackdown is an attempt to ensure confidential information is safe” from foreign email providers who allegedly collect user data, making them insecure for Iranian institutional use.

The foreign email ban is the latest development in what is widely thought to be a transition towards a “Halal” Iranian Internet. The Iranian Telecommunications Ministry has denied “shutting off the Internet” for its residents, but what differentiates this email limitation from previous ones such as the restriction on secure (HTTPS) traffic is its overt nature.

Ustream Adds Russian-Language Option In Response to Crippling DDoS Attack

Livestreaming website Ustream.tv received a massive distributed denial of service (DDoS) attack on the morning of May 9 that reportedly targeted the prominent user “reggamortis1,” a Russian citizen journalist who covers opposition protests and rallies, and is associated with Occupy Moscow. The attack rendered Ustream unavailable for about 10 hours—and the reggamortis1 channel continued to be inaccessible for several hours afterwards.

This most recent attack is consistent with other DDoS attacks launched at Russian opposition websites and social networks, but it is difficult to prove a direct link between these attacks and the Kremlin. In interviews following the episode, UStream’s CEO Brad Hunstable revealed that two similar attacks have previously taken the site offline for around 9 hours each time.

UStream has become an international household name among activists, as citizen journalists use it to cover protests in places as far flung as Oakland and Tunisia. Immediately after the attack, Ustream underscored its commitment to freedom of expression in Russia by adding a Russian-language option to the website.

Brazilian Paper Uses Trademark Law to Silence Parody Website

Falha de São Paulo, a parody website of the major Brazilian newspaper Folha de São Paulo, has been engaged in an ongoing legal struggle with its object of its satire. In September 2010, Folha filed a lawsuit against the Falha website for “moral damages” to its reputation as a news organization. Folha also sought financial compensation for Falha’s mimicry of their layout and copy-editing. This case resulted in a “tie” for both parties: Falha’s domain remained frozen for unauthorized use of Folha’s intellectual property, but the rest of the suit was dropped in accordance with existing Brazilian legal precedent.

Falha is now suing Folha in return, in order to unfreeze its domain: falhadespaulo.com.br. A new injunction from Folha against the domain name registrar Regirstro.br led to the current website freeze. Folha describes its position as an intellectual property issue, rather than one of freedom of expression, by claiming that critical bloggers cannot use domain names or logos resembling its own. On the other hand, Falha’s appeal responds that other Brazilian websites continue to use logos and copy similar to those of Folha.

Intellectual property claims have often been invoked to curtail free expression, not just in the Brazil, but in the United States. In 2008, the EFF represented the activist duo The Yes Men when the South African diamond conglomerate De Beers, the target of a critical fake ad on an online spoof of the New York Times, sued the website’s domain name registrar for trademark infringement. Meanwhile, The Brazilian blogosphere has been strongly supportive of Falha’s cause as they continue to take on the country’s largest newspaper.

Indian Government Demands VoIP Interception Capability In the Next Month

Indian government has ordered Internet service providers to provide a way to intercept and identify the end user on unregistered VoIP calls within the next month. Currently, ISPs do not have to keep track of real-time user data, which, according to the government, exacerbates security risks in a world of proliferating VoIP service providers who use varying connection frequencies.

India’s decree is steeped in national security rhetoric: The government is targeting its request towards ISPs in the states of Jammu and Kashmir, a move based on allegations that members of Lashker-e-Taiba, a Pakistani Islamist organization that supports the integration of these states with Pakistan, frequently communicate through VoIP. This move is part of the ongoing erosion of civil liberties in India, a trend that includes Internet censorship of religious and political content and the collection of biometric data for India’s national ID program, which raises considerable privacy and security concerns.

Ayatollah Ali Khameni Victim of Iran’s Internet Censorship

Iran’s Ayatollah Ali Khameni has become the latest victim of Iran's Internet censorship regime. Indeed, the keywords that Khameni chose for the fatwa announcement last week against anti-filtering tools led to his own decree being blocked along with the Iranian websites where it was published.

In response to this Kafkaesque turn of events, the conservative opposition website Tabnak wrote:

“The filtering of a [religious] order is so ugly for the executive [branch] that it can bring into question the whole philosophy of filtering.”

Currently, the Iranian Ministry of Telecommunications is choosing ignore these questions while looking for ways to improve its filtering and censorship systems. Khameni’s announcement has serious press freedom implications for journalists in the country who often need access to blocked websites.

The U.S. content industry will try anything to preserve its profit margin and power over the creative content market at the expense of the Internet. They will use any tactic that circumvents democratic processes to make new rules for the Internet that favor their interests and not the interests of Internet users or the technical community that actually builds the Internet as we know it. The Trans-Pacific Partnership (TPP) is yet another example of these tactics.

The TPP is a secretive plurilateral1 agreement that includes provisions dealing with intellectual property, including online copyright enforcement, anti-circumvention measures, and Internet intermediary liability. Due to the secrecy of the negotiations, we do not know what is in the current version of the TPP’s IP chapter; the general public has only seen a leaked February 2011 version of the U.S. IP chapter proposal [pdf]. Based on the one-sided nature of the groups directly involved, and the content of what has already leaked, we should all be concerned about the prospect of the TPP including provisions that will harm online expression, privacy and innovation on the Internet.

TPP rally outside the Dallas Intercontinental Hotel where negotiaitons are taking place

There has been a big push to raise global awareness of the TPP as the latest round of negotiations kicked off last week. Public Citizen released a parodic video criticizing the secrecy surrounding the process. On Saturday, more than 500 hundred people held a rally and marched to the Dallas Intercontinental Hotel where negotiations are underway behind closed doors. People gathered there to explain their concerns with the leaked TPP provision on Internet freedom, access to educational materials, access to affordable medicines and national sovereignty over public health policy, and impacts on labor and the environment.

Culture jamming activist group, The Yes Men, staged a fake award ceremony for U.S. Trade Representative Ron Kirk following his keynote address at Friday evening’s official reception. Dressed as business stakeholders, two actors awarded the USTR negotiators the “2012 Corporate Power Tool Award” for negotiating the TPP despite what the U.S. public thinks, and invited Ambassador Kirk to the stage to accept the award on behalf of the USTR. Activists scattered throughout the reception began to chant “TPP” and dance, before security staff escorted them all off the premises. Activists also installed “TPP TP” throughout the hotel’s bathrooms, which had alternative definitions of “TPP” printed on toilet paper.

(Image credit: Flickr user TX Corporate Power Partnership)

The U.S. joined the TPP negotiations in 2010. Since then, many countries who have hosted negotiation rounds have organized a stakeholder forum alongside the formal negotiations, providing civil society with a useful opportunity to present their views of the agreement to the assembled TPP country negotiators in one session.

This time around though, there was no official stakeholder forum. Stakeholders who registered to attend were instead given the opportunity to register to stand at a table for several hours at a “Stakeholder Direct Engagement Event” on Saturday, whereby they could explain their concerns to negotiators and other stakeholders present. This was an optional event for the TPP negotiators on their half-day off from negotiations.

Since the official planned event was scarcely sufficient to make a significant impact, Public Knowledge and American University’s Program on Information Justice and Intellectual Property co-hosted a side event for negotiators to learn about the threats of harsh copyright enforcement. The panel included EFF’s International IP Director, Gwen Hinze, who spoke about the unbalanced outcomes non-U.S. Internet users and innovators would face if the current version of the IP chapter were passed. While the event was well-attended, civil society were ultimately forced to bear all the costs to put on this event.

Last week, 32 legal scholars sent a letter to the office of the USTR demanding transparency in the process. Including the release of the text and demand for real participation from civil society, they demanded the immediate release of “reports on US positions and proposals on intellectual property matters that are currently given only to Industry Trade Advisory Committee members under confidentiality agreements.” This is key because there is nothing that could justify the withholding of such reports that simply outline the U.S. position on intellectual property from the public. This is especially true given the fact that the U.S. government’s proposals could impede Congress from engaging in domestic legal reform of legislation regulating IP.

The USTR sent them a preliminary response the following day. Ambassador Kirk essentially blew them off, claiming that they have taken “extraordinary efforts” to have the whole negotiation process inclusive of civil society and the public. In the letter, he compared the level of transparency to Free Trade Agreements (FTAs) meetings, which indeed have always been top secret and therefore offer a laughably low bar of comparison.

International venues such as the World Intellectual Property Organization (WIPO) already exist to address issues regarding the Internet and intellectual property. Like ACTA, TPP is being negotiated as a plurilateral agreement with a handful of like-minded countries outside of the checks and balances of such multilateral institutions. The U.S. Trade Representative's office recognizes that it could never obtain international agreement from the 182 member countries of WIPO to many of the proposals in TPP. Initiatives like the TPP allow the content industry to work within privileged channels of communication with the USTR to skirt open democratic processes that would likely prevent them from getting the IP regulations of their dreams.

The content industry can and will continue to buy and lie to get their way to an agreement that protects their interests, and what they want more than anything is for us to remain passively ignorant. If we do, they will continue to negotiate plurilateral agreements like TPP, ACTA, and the failed Free Trade Area of the Americas Agreement. These agreements will unquestionably chill online expression, prevent access to knowledge, and impede our freedom to innovate. The way to fight back is to make our voice heard: to demand an open transparent process that allows everyone, from experts to civil society members, to analyze, question, and probe any initiatives to regulate the Internet. The secrecy must be stopped once and for all.

Click here to take action. Tell Congress that you refuse any more backroom deals to regulate the Internet.

Use the hashtag #TPP and #TPPA to keep talking and raising awareness on the agreement on Twitter.

• 1. A plurilateral agreement is an agreement between more than two countries, but not a great many, since that would make it a multilateral agreement.

Documents just released by US Immigration & Customs Enforcement (ICE) in response to one of EFF’s Freedom of Information Act requests show that DHS is considering collecting DNA from kids ages 14 and up—and is exploring expanding its regulations to allow collection from kids younger than that.

The proposal appears to be working its way through DHS in the wake of regulations from the Department of Justice that require all federal agencies—including DHS and its components such as ICE—to collect DNA from individuals arrested for federal crimes as well as “from non-United States persons who are detained under the authority of the United States,” whether or not they have been involved in criminal activity.  While the law specifically exempts a few classes of “aliens,” the documents we received show DHS may start DNA collection from anyone it fingerprints.  Currently, that’s any child over 14 who’s detained, but we also found records that show ICE could lower that age even more.

DHS estimates that as many as 1 million people who are subject to administrative detention or arrest annually could now be subject to DNA collection.  But it’s important to note that many of these people are not involved in criminal activity.  Collecting DNA from anyone detained by the government for any number of non-criminal reasons—especially juveniles—seems to be yet another step on the slippery slope to collecting DNA from everyone in the United States, no matter their status.

ICE is the first component within DHS to collect DNA under the new DOJ regulations. ICE’s Homeland Security Investigations (HSI) offices in San Diego, St. Paul, and San Juan, Puerto Rico are part of a 6-month pilot program to test out the new procedures and were set to start collecting DNA around July 2010. After the pilot program, the rest of HSI’s offices (more than 200 throughout the US and abroad) will start collecting DNA and presumably all other DHS components will follow suit shortly thereafter.

When the DOJ expanded its DNA collection regulations in 2009, it specifically required agencies to collect DNA from all populations they fingerprint. DHS regulations allow the agency to collect biometrics from aliens coming into the US who are 14 and older, so DHS can currently collect DNA from kids this age as well. However, the agency may also be considering collecting biometrics from kids younger than 14. A slide presentation from March 2011, titled “Working Group on Expanding the Biometric Age Range” notes that some DHS programs are already collecting biometrics from kids younger than 14 and proposes expanding the age range for more DHS entities (including ICE). Because of the DOJ regulations, this would mean that DHS could collect DNA even from very young kids.

It turns out that DHS is not the first federal or even state agency to collect DNA from juveniles. The records ICE released show that the US Marshals are required to collect DNA from juveniles whenever the Marshals collect fingerprints. And the Drug Enforcement Agency’s (DEA) internal regulations make clear that “Both adults and juveniles who are fingerprinted are subject to DNA sample collection.” Its agents may also collect DNA from non-United States persons who are merely detained (not formally arrested). And according to the Council for Responsible Genetics, twenty-eight states already collect DNA from juvenile offenders, as well.

However, a DNA collection program run by DHS feels very different because it could affect so many people who have no involvement with the criminal justice system. EFF has strongly criticized warrantless DNA collection in criminal contexts, as we’ve discussed here, here and here. The DOJ argues that collecting DNA from all people arrested and non-US persons detained will allow it to find and identify more criminals, solve more crimes, and “prevent and deter subsequent criminal conduct.” but it is hard to see how that argument couldn’t be extended to apply with equal force to mandated DNA collection from everyone.

DNA reveals an extraordinary amount of private information about you, including family background, medical history, predisposition for disease, and possibly even behavioral tendencies and sexual orientation. Once the federal government collects a DNA sample—no matter which agency does the collection—the sample is sent to the FBI for storage, and the extracted profile is incorporated into the FBI’s massive CODIS database, which already contains over 10.5 million “offender” profiles. It is next to impossible to have your DNA expunged from the database once it’s already in there, and once it’s in CODIS it is subject to repeated warrantless searches from all levels of state and federal law enforcement.

For the short term, DHS’s DNA collection program may be quite limited. ICE has redacted most concrete information about the timetable for implementation, but it is not clear that DHS has begun collecting any DNA. The documents ICE released indicate some agency infighting between the DOJ (which requires the DNA collection) and DHS (which considers this requirement to be an expensive unfunded mandate), and it is not clear if the two agencies have yet worked this out.

DHS also appears to recognize the political costs of collecting DNA from people outside the criminal justice system. In a March 22, 2010 letter from DHS Secretary Napolitano to Attorney General Holder, Napolitano sought an exemption to DNA collection from juveniles under 18. Hidden text within one of the documents1 recognizes that collecting DNA from juveniles could increase “ICE's exposure to criticism” and notes:

[t]here is a high likelihood that ICE would face litigation and other opposition from community and nongovernmental organizations (NGOs) if ICE were to sample all juvenile detainees.

Further, it appears DHS is trying to avoid publicizing the roll out. Hidden text on another page of the documents notes that “OCR and OPA [ICE's Office of Congressional Relations and Office of Public Affairs] intend to respond to inquiries, rather than making announcements of the DNA sampling pilot program.”

DHS’s stalling is good for privacy in the short run. However, given the hard line the DOJ has taken in past court cases challenging DNA collection, the expansion of DNA collection from an ever-broader array of Americans and immigrants appears imminent.

Follow these links to view all the documents we received from ICE:

- ICE DNA Collection Documents - pages 1-92

- ICE DNA Collection Documents - pages 93-201

- ICE DNA Collection Documents - pages 202-297

- ICE DNA Collection Documents - pages 298-353

• 1. While the second and third pages of this document look blank, there is actually text hidden within the blank sections. If you download the pdf file and open it in Acrobat or another pdf reader, you should be able to select the text and then copy and paste it into a new document to view it.

On April 18, the Global Network Initiative (GNI) released its annual report documenting third-party assessments conducted in 2011 and 2012 for GNI’s three founding corporate participants: Google, Yahoo! and Microsoft. GNI was formed to bring major Internet companies together with human rights organizations to improve practices around human rights, privacy and freedom of expression on the Internet. In the past year, GNI expanded to include two more corporate participants—Evoca and Websense—and Facebook has recently joined the organization as an observing member. GNI has also added seven new non-corporate members—NGOs and investors from all over the world.

Phase I of GNI’s long-term strategy for improving free speech and human rights policies consisted of self-reporting by the companies. Phase II took the much more meaningful step of recruiting independent assessors to crack open company records and “determine whether the companies had the systems, policies and procedures in place to support the implementation of the Principles within their organization,” according to the report.

Those principles—which establish guidelines on freedom of expression, privacy, responsible decision-making, multi-stakeholder collaboration, accountability and transparency—can be found here.

“For the first time, third-party assessors received unprecedented access to these ICT sector companies to assess their policies and processes,” the annual report explains, referring to information and communication technology companies. However, this unprecedented access apparently will not result in the public release of any new information about company practices, since the assessors’ reports were redacted before the full GNI board was allowed to review them.

Since the assessors were only meant to conduct “an initial set of assessments” and “not audits or attestations,” according to the report, no real conclusive opinions were formed around company practices—and the tech firms were given the opportunity to handpick their own independent assessors, based on criteria set forth by GNI.

GNI's report concluded that the three participating companies (Google, Yahoo!, and Microsoft):

• Have processes in place for reviewing government requests relating to freedom of expression and privacy

• Practice senior-level oversight of these issues

• Are engaged in conducting human rights impact assessments

• Communicate with staff on human rights issues

• Strive to apply GNI Principles to relationships with their partners, suppliers and distributors where they have operational control.

GNI’s report describes the development of an assessment process as “challenging,” and goes on to detail issues that emerged during the third-party assessments relating to companies’ unwillingness to divulge certain kinds of information:

One issue that had already been identified in GNI’s Governance Charter was the recognition that companies may be prevented from disclosing certain information by law, or may choose not to disclose information in order to preserve attorney-client privilege or protect trade secrets. Having met with the assessors and reviewed the reports, GNI’s Board concluded that despite these challenges the assessments were rigorous and credible.

While the “challenging” assessment process and vague report conclusions may leave something to be desired, GNI’s goal of strengthening tech company standards in these areas is laudable, and the initiative represents an opportunity to significantly raise the bar for leading tech titans whose business dealings put them into contact with governments throughout the globe that run the gamut from democratic to authoritarian.

However, GNI’s relatively slow pace of progress suggests that it is only part of the solution. Change requires a mix of grassroots activism —like the successful campaign spearheaded by Pakistan’s Bolo Bhi to secure commitments from Silicon Valley firms not to bid on the Pakistani government’s request for Internet-censoring software—in addition to formalized partnerships with major companies and nonprofit organizations.

EFF also conducted its own survey of Internet companies’ privacy practices with our ongoing Who Has Your Back? campaign, which focuses on the steps companies take to protect user data from government and law enforcement agencies.

Efforts to improve international standards on free speech, human rights, and privacy among major Internet companies are now more important than ever, especially given revelations that prominent tech companies have been quietly peddling surveillance software to governments with deplorable human rights track records.

And while the process is not perfect, the tech giants participating in GNI deserve credit for willing to open their books in order to improve their policies in partnership with human rights advocates. Later this year, GNI will begin Phase III of its assessments, which will produce a report on how the organizations Principles are being applied to real world cases its corporate members.