[IRP] FW: [liberationtech] GNI in the news and it's not looking hot

Michael Gurstein gurstein
Wed Mar 9 13:53:40 EET 2011

For those who haven't seen it, I think this group might find this discussion
of interest.
-----Original Message-----
From: liberationtech-bounces at lists.stanford.edu
[mailto:liberationtech-bounces at lists.stanford.edu] On Behalf Of Brett
Sent: Tuesday, March 08, 2011 5:09 PM
To: Rebecca MacKinnon
Cc: Liberation Technologies
Subject: Re: [liberationtech] GNI in the news and it's not looking hot


I'm really pleased to see this thread. There's no doubt that the human
rights implications of (especially proprietary) ICT remain largely
unaudited, and their corporate makers are rarely held accountable. As the
human rights implications of technology expand, this is a situation that has
to change. Right now, the idea that technology could be used to imprison,
track, surveil, or otherwise endanger users has not entered the corporate
thought process of many companies. At the same time, there are some
companies that are fully aware of these risks, and actively have chosen to
put profits over rights and sell technology that has actively supported
repressive regimes. Of course, there are yet other platforms that have found
themselves, reluctantly or otherwise, at the very centre of political
revolutions and human rights defense. 


In this space, the GNI has the potential to play an important role - but its
got to start delivering. While not a formal member of the GNI, we've been on
"the other side of the table" with the 3 GNI corporate members and
participated in a few productive GNI conference calls. As Rebecca notes, the
GNI provides a channel of communication between corporations and civil
society. This is useful both in terms of aiding corporations in navigating
situations where human rights are at risk and creating a forum for civil
society actors to share ideas about how to avoid these situations in the
future. As an example of the latter, the GNI has hosted a number of calls on
the topic of account intrusion and wrongful account deactivation and content

But the question now comes down to 'real world' impact - what has happened
with those discussions?

Like Jacob, I was also at the Soul of the New Machine conference where the
GNI was launched, and I felt like I was sitting in on the reading of an hour
and half long corporate press release. It set an unfortunate tone. In the
two years since then, the GNI has not done enough, its inability to gain new
members is troubling, and its silence on several key issues has been worse.


I don't think however that the GNI is beyond repair. Some thoughts on what
the GNI could do better in the future include: 1) Make sure that the company
audits coming up are rigorous, public and accountable 2) Recruit members
from across the ICT ecosystem (not just large corporates - we need them too
- but smaller and diverse corporations as well); 3) Release more
comprehensive reports like this one about the freedom of expression and
privacy risks across
eport.pdf> the ICT sector (which is well worth a read) and 4) Publicly
communicate their activities so that standards are being set in a sector
that is sorely missing them.

However, civil society cannot just idly sit by and hope that corporations
(both those in and out of the GNI) align their practices and policies with
the values that we would want them to uphold. Like other sectors (eg
extractive industries) we need an unyielding civil society that places human
rights fairly and squarely on the agenda of corporations. Access has
launched a few campaigns in this vein calling for accountability and policy
change from Facebook
<https://www.accessnow.org/page/s/Facebook-Unfriend-The-Dictators> ,
Vodafone <https://www.accessnow.org/page/s/vodafone-bloody-handsets> , Yahoo
<https://www.accessnow.org/page/s/ProtectOurPrivacy> , and other major
corporates. I think dovetailing nicely with Shava's initiative, we're
putting together an ISP Freedom of Speech Index which will crowd source and
critique online service providors and mobile operator's terms of service
policies and beyond.

As civil society, we all need to step up to the plate and work to educate,
advise, and monitor the corporations which work in this sector, because they
won't and can't do it by themselves. To further this conversation, we are
convening a conference about ICT and human rights in the summer, where
corporations, civil society, and academics can come together to discuss
these issues. E-mail me off-list if you'd like to be involved in the process
of organizing this event. 

Thanks again for this important discussion. 


Brett Solomon
www.accessnow.org <http://www.accessnow.org/> 

-- (Disclosure: Access receives funding from Google, a member of the GNI) 

On Tue, Mar 8, 2011 at 5:45 PM, Rebecca MacKinnon
<rebecca.mackinnon at gmail.com> wrote:

Hey there Jake,

As you know I'm on the GNI board and have been involved with it from the
beginning. Everything I'm about to write represents nobody else's opinion
but my own.  

I will leave it to GNI corporate participants named in your e-mail to
respond to your critiques or not as they see fit. Video of the panel you
mentioned can be found here:

You have put your finger on the obvious fact that GNI is not a high bar. As
you rightly point out, the fact that so many companies can't even be
bothered to meet GNI standards and commit publicly to a few baseline
principles on free expression and privacy is patently outrageous. 

I agree that if large numbers of companies were to join GNI, many of the
problems you and I and others on this list are concerned about are going to
be far from solved. The need for viable non-commercial, user-friendly,
decentralized and distributed alternatives to commercial platforms and
networks is critical. The need for more aggressive activism of all kinds is
urgent. More public awareness-raising is urgent. Efforts like Shava's
nascent privacy icon project are important and necessary. There needs to be
better and more intelligent public policy coming from nations that call
themselves democracies. I could go on and on about all of the things that
are urgently needed.  We need a massive ecosystem of efforts. But I do not
agree that GNI is a "corporate-washing joke." 

Based on my own involvement with the organization over the past few years,
while I think that GNI is only one step forward, and like all
multi-stakeholder initiatives involves compromise, I nonetheless do believe
that it's a step in the right direction.  I do believe that the world's most
politically vulnerable Internet and mobile users will be better off if
Internet and telecoms companies join GNI than if they don't. If GNI prevents
even one person going to jail and having their life ruined, or enables even
one more activist group to get its message out at a critical moment when it
otherwise would have been foiled, then to me that is worth it even though it
falls short of how things ought to be in the ideal world.

Here are a few ways I think GNI has made a difference:
- While none of the GNI member companies are perfect and some are doing
better than others, the human rights assessments that they've started to do
as GNI members has helped member companies avoid some screwups which we'll
never know about because they never happened. Yahoo, for instance, after
conducting a human rights assessment decided to run its Vietnamese service
out of Singapore in order to avoid being complicit in jailing dissidents as
it was in China.
- Most companies have little or no in-house human rights expertise. GNI
membership gives companies a channel through which to seek advice from human
rights groups before making decisions about certain details of certain
products and services, or deciding how to manage problems that crop up. I
assure you, this channel is used with great regularity in ways the human
rights groups would not want to be involved with if they didn't think they
were making a real difference for real people. For example: while there are
plenty of issues with Microsoft, I think that their ties to the human rights
community through GNI enabled them to respond to the mess they found
themselves in in Russia more intelligently and helpfully than they would
have if the same thing had happened before they joined GNI. [1]
-  GNI has gotten at least some investors to start including free expression
and privacy in their ethical investing criteria. Before 2005 the investment
community screened companies for labor, environment, sustainability etc, but
not for free expression and privacy. In fact it hadn't occurred to the
"ethical investing" community that this was an issue. They're learning fast
now and a growing number are starting to include free expression and privacy
in their investment criteria. While we've seen from the environmental and
sustainability movements that it can take a long time to influence entire
industries in this way, over time the criteria of ethical investors can make
a difference in how companies impact the lives of human beings all over the
- The GNI principles take the Universal Declaration of Human Rights and a
body of other international human rights law and articulate how those
pre-internet concepts should be upheld by Internet and telecommunications
business. [2] Beyond GNI, investors, civil society, policymakers, and even
non-GNI companies are starting to use the principles in a range of contexts
that I believe are meaningful though hard to quantify at this stage.

GNI is one organism in a very young and fragile ecosystem of groups and
coalitions trying to defend and protect civil liberties and human rights in
digital spaces. As with the environmental movement and other movements, this
cause is going to require a much more robust ecosystem of diverse efforts
over many years in order to ensure that the net momentum is in a more
forward than backward direction. In the environmental movement, some
organizations and initiatives have seen value in working with corporations
or governments or both to achieve baby steps forward. Others are opposed to
compromise and insist on radical alternatives as the only course. All points
on the spectrum need to exist in order to make any progress at all. 

Members of this ecosystem certainly need to be able to handle - and should
welcome - criticism of one another, along with major philosophical
disagreements. However I hope that we can all fundamentally respect each
others' shared intentions and goals. 


[1] http://www.nytimes.com/2010/12/06/world/europe/06russia.html
[2] http://www.globalnetworkinitiative.org/principles/index.php

Rebecca MacKinnon
Schwartz Senior Fellow, New America Foundation
Co-founder, GlobalVoicesOnline.org
Cell: +1-617-939-3493
E-mail: rebecca.mackinnon at gmail.com

Twitter: @rmack

On Mar 8, 2011, at 12:09 AM, Jacob Appelbaum wrote:

On 03/07/2011 11:50 AM, Katrin Verclas wrote:


GNI is frankly, a giant corporate {privacy,security,human rights,
etc}-washing joke. The people involved who really care essentially have
an impossible task. The only reason GNI has any credit at all is because
of Google's presence in the group. Google should leave the group and
refuse to work with people who put corporate profits before human rights
issues. Proactive action is more important than claiming to actually
make an impact.

My memory is a bit fuzzy but I recall that I attended a conference in
Berkeley a few years ago by the name of the Soul of the New Machine. At
this conference, I attended a GNI "discussion" with the audience. It was
a heavily moderated, written discussion format and it was utterly
worthless. All of my questions were rejected by the question card moderator.

Microsoft argued against anonymity on the internet; they were spreading
lies about how the creators of the internet didn't realize how bad
anonymity would be for everyone. A few weeks prior, I'd asked Vint Cerf,
one of the creators of the internet, about anonymity online and he
certainly didn't sound like a clueless guy unaware of the anonymity
situation on the internet. He even stated that it shouldn't change,
merely that we should also support strong authentication when it's
desired. Microsoft's shill had no idea about this perspective because he
was paid to push a pro-identity agenda to increase corporate profit and
state control is the main selling point. Absolutely disgusting.

Yahoo! had a lawyer who argued that the treatment of Oiwan Lam's case[0]
by Flickr/Yahoo! was reasonable. He refused to write her a letter of
support when I requested it of him; he argued that writing a letter
"would not scale" and the same lawyer even told me how the photographer
(!) was happy with this resolution from Flickr/Yahoo!. A great irony was
that the lawyer of course had no idea that _I_ was the photographer and
clearly I was not actually happy as he suggested. It's weird when
someone lies directly to your face about how you feel but it's
satisfying when they realize what's actually happening. In that
schadenfreude kind of way, of course. This lawyer from Yahoo! promised
to get back to me and to this day, I've never heard a thing from them
again. I don't believe that Oiwan ever got any support from Yahoo! or
Flickr. I certainly never received an appology from that lawyer for his
comments. Pretty much what I expected all along but it was sad to have
this confirmation.

Yahoo!'s lawyers said nothing about their methods for preventing another
Shi Tao case[1] from re-occurring. Considering the fact that they are
basically unable to deploy SSL/TLS, I'm unsurprised by the rest of their
policies. Lots of good people at Yahoo! are tainted by this kind of
behavior. They have a lot of talented engineers and people who care
about things that matter - I once wondered why they fail so badly at
this kind of thing. Some years later, I worked with some ex-Yahoo!
middle manager types and my questions were answered. Profit over people
seems to be a guiding corporate principle with only a few exceptions.

Google had a representative who explained that they were fighting a bad
internet identity law in South Korea and attempting to resolve it in a
privacy protecting manner. Until they were able to provide a user
protecting solution, they shut down the service in question. The service
was the South Korean Youtube site and the law was about registration of
usernames to real Korean state issued IDs.

I was impressed by Google's approach and I wondered why they'd taint
themselves by being anywhere near Yahoo! or Microsoft on human rights
issues. Google is far from perfect but they were really on message in a
believable way.

Of course, I'm sure things have changed a lot and these companies are
all doing much better now. Their respective leaked law enforcement
wiretapping guides[2][3][4] seem to indicate otherwise but I'm sure
that's just an oversight. It's a wonder that Facebook and other
companies haven't joined up!

The fact that other groups aren't joining only seems to underscore how
bad things have become across the entire board. Things are probably not
friendly to users when a company can't even agree on the GNI principles!

I look forward to their next self-issued press release that
congratulates GNI for being such a stand up bunch of corporations taking
pro-active action. Oh also, I look forward to more secret settlements
for those "Gotcha" moments that accidentally slip past the rigorous
external auditing processes.

All the best,

[0] http://boingboing.net/2007/07/11/hong_kong_the_flickr.html
[1] http://en.wikipedia.org/wiki/Shi_Tao#Arrest_and_imprisonment
[2] http://cryptome.org/isp-spy/yahoo-spy.pdf
[4] http://cryptome.org/isp-spy/google-spy.pdf
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:


If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily

You will need the user name and password you receive from the list moderator
in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:


If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily

You will need the user name and password you receive from the list moderator
in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.internetrightsandprinciples.org/pipermail/irp-internetrightsandprinciples.org/attachments/20110309/8709a6b1/attachment-0001.htm>

More information about the IRP mailing list