«

»

It’s time for companies to become champions of rights and build a new accord with the public

Screen Shot 2013-08-06 at 23.49.16

 

By Simon Davies

To one extent or another all companies that provide online services have become outsourced agents of government. Their vast archives of personal data are a cost-effective resource for security and law enforcement agencies which often require little more than basic paperwork to secure the target information.

To one extent or another all companies that provide online services have become outsourced agents of government.

Companies will tell you that they treat such demands by government very seriously. They invoke a “rigorous” procedure to ensure that the requesting agency is acting under lawful authority and that the request is made in the proper manner.

In reality – unless the request is a precedent – most companies merely work from template procedures to ensure that all boxes are ticked. This has the advantage of creating a more harmonised process, but does little to advance the cause of privacy or of free expression.

Companies complain of the pressure of dealing with requests from dozens of countries with constantly changing legal systems, but public trust is not served by the lack of information about the precise processes used to decide on requests. The process is opaque at best, despite the recent disclosure by some companies such as Microsoft of the numbers of requests they agree to.

Many thousands of disclosures to agencies are concluded in this way. On rare occasion companies will refuse a request if they believe an agency is pushing the limits of its authority, but to do so invites a potentially serious problem – particularly if that company employs local staff who could be prosecuted. The same dynamics apply where government agencies demand the removal of online content.

In essence, the vast majority of requests are agreed to if the requesting agency is a “lawful authority” which has the power under law to make that request. This is the default position regardless of whether the authority is acting in a way that contravenes the highest test of international human rights protections.

This “lawful authority” process is fundamentally flawed. Even in the US, which boasts a perhaps better than average level of accountability of authorities, it has become clear that the procedures for demanding access to private data have become rubber-stamping operations that sometimes circumvent overriding legal and constitutional protections. This corrupted process puts the companies in an impossible position: they have to either comply with a demand that they feel is disproportionate – even if legal – or they defy an order and risk serious consequences. 

it has become clear that the procedures for demanding access to private data have become rubber-stamping operations that sometimes circumvent overriding legal and constitutional protections.

Such is the case for example in Pakistan, where recent court disclosures show how Facebook has chosen to form a censorship arrangement with an unaccountable and often autocratic government agency, or risk being disconnected entirely from local access – a fate which has already been exacted on YouTube.

In that case the Pakistan Telecommunications Authority (PTA) does indeed have legal authority to demand the shutting down of content which it regards as inappropriate or offensive, but it acts with no specific direction or definition from the Parliament. Still, it is the legal authority and can do as it wishes. Facebook must either agree to its demands or face prohibition.

Whether Facebook and other companies should take a stand for privacy and free expression is a matter I’ll come to shortly, however the impasse becomes even more stark where there is a claim of direct violation of law.

Here’s a question to all companies operating online services: how are you going to respond when a Russian police agency either demands personal information on gay activists, or presents a takedown request of pages that promote gay issues?

This isn’t a hypothetical question. Russia recently passed a law that criminalises promotion of homosexuality – which is in effect a prohibition on any mention or discussion of gay issues. With an election on the horizon it is inevitable that agencies will feel the need to engage the new law.

In this case – and in the face of any reasonable ethical scrutiny – the “lawful authority” model would entirely collapse . If companies agree to such requests from Russia they would violate the core principles of human rights. If they don’t comply, it becomes clear their model is based on a frame of reference beyond  the stated respect for local law and culture that companies promote so vigorously.

it’s time for companies to show some courage and engage moral leadership at a global level. If that is condemned as ethical imperialism, so be it.

Having spoken to some of the people responsible for the operational side of content censorship and disclosures I’m aware that this is a massively complex issue that doesn’t have a a convenient “one size fits all” solution. However if companies want to match their public claim to respect for privacy and online freedoms they must raise their game. Companies must become protectors and activists rather than government stooges. That sad era of their past has come and gone.

Respecting local law and lawful authority means supporting regimes that criminalise political activity, discriminate against women and minorities, institutionalise corruption and violate the fundamental rights of local people. The new Russian law stands as testament to this reality.

It would be wrong for companies to apply an arbitrary framework for these decisions. Deciding to comply with the PTA because of the real risk of an outright ban in Pakistan, but defy Russian authorities on the basis that a national ban would be unlikely there would sacrifice principle for pragmatism.

No, it’s time for companies to show some courage and engage moral leadership at a global level. If that is condemned as ethical imperialism, so be it. 74 countries have adopted the International Covenant on Civil and Political Rights – and that is exactly what online companies should do.

Rights organisations are way ahead of companies on this issue. Last month more than 150 groups signed onto an declaration on international principles for communications surveillance. That document goes part of the way to a possible solution.

However beyond the mere support for such documents companies need to abandon a business-centred framework that protects advertising revenues above human rights.