After terrorists attacked the offices of Charlie Hebdo earlier this month, a group of European Union ministers executed a more covert attack on freedom of expression around the world. They issued a statement calling on Internet companies to be more proactive about monitoring, reporting, and removing “material that aims to incite hatred and terror.” British Prime Minister David Cameron seems to be on the same page, announcing last week that he wants to ban encrypted online messaging services.
The latest calls in Europe for increased censorship and surveillance are part of a broader problem: governments of all types use terror and crime (including everything from child exploitation to copyright violations) as an excuse to pressure Internet companies to monitor and control user behavior in ways that can lead to violations of Internet users’ rights.
We’ve described the extent of this problem in a new UNESCO report, Fostering Freedom Online: The Role of Internet Intermediaries, which takes a detailed look at how legal, regulatory, and commercial frameworks help or hinder Internet companies’ ability to respect users’ free expression online. Authors Rebecca MacKinnon, Elonnai Hickok, Allon Bar, and Hae-in Lim worked with an international team of researchers to examine 11 different companies operating across the world, highlighting power struggles that shape who controls the flow of information online and how content gets restricted. We conclude that governments and companies need to rethink behaviors that are infringing upon the rights of Internet users.
A lot of this thinking builds on the UN Guiding Principles on Business and Human Rights, which says governments have the primary duty to protect human rights, including freedom of expression and the right to privacy (which itself is considered a prerequisite for freedom of expression). All companies, including those that operate Internet platforms and services, also have a responsibility to respect those rights. The report takes stock of how companies are doing in this regard, and how governments either help or hinder companies from upholding their human rights responsibilities.
We found two broad categories of problems:
- Governments are making it hard for companies to respect users’ free expression rights. While some of the most egregious examples are found in China, Russia, and the other usual authoritarian suspects, the problem exists to varying degrees across the gamut of political systems and cultural contexts. Laws, government policies, and regulations – even those enacted by well-meaning public servants seeking to address genuine problems of crime, terror, and child protection – not only erode free expression rights online but also cause companies to carry out censorship and surveillance, affecting speech that should be protected and respected under human rights law.
A major culprit is law that holds companies legally responsible – liable – for what their users say and do. While countries like China have long blacklists of words and phrases that companies like the Chinese search engine Baidu must delete if they want to stay in business, censorship can still be heavy in some democracies. Facebook received more government requests to censor content in India than in any other country where it makes an effort to operate (Facebook is blocked in China).
- Companies are not transparent enough about how they restrict content and collect or share user data. Despite the clear problems that governments cause, companies are not doing enough to minimize users’ freedom of expression from being unduly restricted when they comply with government demands or enforce their own terms of service. Companies also need to be more transparent about how these actions affect users’ ability to express themselves or access information – as well as clarify who has access to users’ personal information and under what circumstances.
A growing number of companies in North America and Europe have started to issue transparency reports with data about the number of government requests they receive and how many they comply with. But many companies report more extensively on user data requests than on censorship requests, and many do not report any information about requests for content restriction or how they comply.
For example, Vodafone started to report last year about the law enforcement requests it receives for user data and bulk surveillance. But it is not transparent about content removals, including its role in a voluntary scheme in the UK to protect children from age-inappropriate content. In mid-2014 the non-profit Open Rights Group found that the system blocked adults from accessing content that included an article about postpartum depression and the blog of a Syrian commentator. Also, while companies like Twitter report extensively on content restrictions in response to legally binding external requests, they provide no information about content being removed to enforce their private “Twitter rules.”
To be sure, we’re not arguing that people should be free to do anything they want online regardless of consequences. Rather, it’s critical that restriction of speech or interference in peoples’ privacy should be “necessary and proportionate,” based on clear legal authority to address a specific threat or crime, and should be as narrowly tailored as possible. Accountability mechanisms are key.
What, then, are the next steps for governments and companies? Here are a few of our recommendations for governments and companies moving forward:
- Laws and regulations affecting online speech must undergo due diligence to ensure they are compatible with international human rights norms.
- Policies at the national, regional, and international level that affect online speech need to be developed jointly by representatives of all affected stakeholder groups (such as industry, civil society groups, and technical experts).
- Transparency about censorship is just as important as transparency about surveillance. Transparency from governments and companies about how their censorship and content restriction processes work, in addition to public reporting about the amount and nature of content being restricted, is essential to prevent abuses and improve accountability.
- Companies that “self-regulate” by using private terms of service to restrict content that the law does not forbid, or which comply with extra-legal blacklists generated by non-governmental groups, must be transparent with the public about what is being restricted, under what circumstances, by whose authority.
- Governments and companies need to set up effective mechanisms for people to report abuses and grievances, as well as processes through which aggrieved parties can obtain redress.
Our current project, Ranking Digital Rights, plans to hold companies accountable. While organizations such as Freedom House and the World Wide Web Foundation annually rank governments on how well they protect Internet users’ rights, we are in the process of developing a parallel methodology to measure and compare companies’ respect for users’ rights around the world. The first public ranking is scheduled for launch in late 2015.
Priya Kumar is a Program Associate with New America’s Ranking Digital Rights project. Rebecca MacKinnon directs the Ranking Digital Rights project at the New America. This piece was originally published in New America’s digital magazine, The Weekly Wonk. Sign up to get it delivered to your inbox each Thursday here, and follow @New America on Twitter.