4 Nov 2013 | Digital Freedom, News
We can partially blame gerrymandering for the current gridlock in the U.S. Congress. By shaping the electoral map to create politically safe spaces, we have generated a fractious body that often clashes rather than collaborates, limiting our chances of resolving the country’s toughest challenges. Unfortunately, revelations about the global reach of American security surveillance programs under the National Security Agency (NSA) are leading some to propose what amounts to gerrymandering for the internet in order to route around NSA spying. This will shackle the internet, inherently change its technical infrastructure, throttle innovation, and likely lead to far more dangerous privacy violations around the globe.
Nations are rightly upset that the communications of their citizens are swept up in the National Security Agency’s pervasive surveillance dragnet. There is no question the United States has overreached and violated human rights in its collection of communications information on innocent people around the globe; however, the solution to this problem should not, and truly cannot, be data localization mandates that restrict data storage and flow.
The calls for greater localization of data are not new, but the recent efforts of Brazil’s President, Dilma Rouseff, to protect Brazilians from NSA spying reflected the view of many countries suddenly faced with a new threat to the privacy of the communications of their citizens. Rouseff has been an advocate for internet freedom, so undoubtedly her proposal is well intentioned, though the potential unintended repercussions are alarming.
First, it’s important to consider the technical reasons why data location requirements are a really bad idea. The Internet developed in a widely organic manner, creating a network that allowed data to flow from all corners of the world – regardless of political boundaries, residing everywhere and nowhere at the same time. This has helped increase the resilience of the internet and it has promoted significant efficiencies in data flow. As is, the network routes around damage, and data can be wherever it best makes sense and take an optimal route for delivery.
Data localization mandates would turn the internet on its head. Instead of a unified internet, we would have a fractured internet that may or may not work seamlessly. We would instead see districts of communications that cater to specific needs and interests – essentially we would see Internet gerrymandering at its finest. Countries and regions would develop localized regulations and rules for the internet to benefit them in theory, and would certainly aim to disadvantage competitors. The potential for serious winners and losers is huge. Certainly the hope for an internet that promotes global equality would be lost.
Data localization may only be a first step. Countries seeking to keep data out of the United States or that want to exert more control over the internet may also mandate restrictions on how data flows and how it is routed. This is not far-fetched. Countries such as Russia, the United Arab Emirates, and China have already proposed this at last year’s World Conference on International Telecommunications.
As internet traffic begins to demand more bandwidth, especially as we witness more real-time multimedia applications, efficient routing is essential to advance new internet services. High capacity applications like Apple’s FaceTime may slow to the painful crawl reminiscent of the dial-up days of the internet.
This only begins to illustrate the challenges internet innovators would face, but big established players like Facebook, Google and Microsoft, would potentially have the resources to abide by localization mandates – of course, only if the business case supports working in particular locales. Some countries with local storage rules may be bypassed altogether. For small or emerging businesses, data localization requirements would be a greater challenge. It would build barriers to markets and shut off channels for innovation. Few emerging businesses could afford to locate servers in every new market, and if local data server requirements become ubiquitous, it will be businesses in emerging markets that are most disadvantaged. The reality for developing nations is that protectionist measures such as data localization will further isolate local business from the global market, depriving them of the advantages for growth that are provided by the borderless internet.
Most important though, is the potential for fundamental harm to human rights due to data localization mandates. We recognize that this is a difficult argument to accept in the wake of the revelations about NSA surveillance, but data localization requirements are a double-edged sword. It is important to remember that human rights and civil liberties groups have long been opposed to data localization requirements because if used inappropriately, such requirements can become powerful tools of control, intimidation and oppression.
When companies were under intense criticism for turning over the data of Chinese activists to China, internet freedom activists were united in theirs calls to keep user data out of the country. When Yahoo! entered the Vietnamese market, it placed its servers out of the country in order to better protect the rights of its Vietnamese users. And the dust up between the governments of the United Arab Emirates, Saudi Arabia, India, and Indonesia, among others, demanding local servers for storage of BlackBerry messages in order to ensure legal accountability and meet national security concerns, was met with widespread condemnation. Now with democratic governments such as Brazil and some in Europe touting data localization as a response to American surveillance revelations, these oppressive regimes have new, albeit inadvertent, allies. While some countries will in fact store, use and protect data responsibly, the validation of data localization will unquestionably lead to many regimes abusing it to silence critics and spy on citizens. Beyond this, data server localization requirements are unlikely to prevent the NSA from accessing the data. U.S. companies and those with a U.S. presence will be compelled to meet NSA orders, and there appear to be NSA access points around the world.
Data localization is a proposed solution that is distracting from the important work needed to improve the Internet’s core infrastructural elements to make it more secure, resilient and accessible to all. This work includes expanding the number of routes, such as more undersea cables and fiber runs, and exchange points, so that much more of the world has convenient and fast Internet access. If less data is routed through the U.S., let it be for the right reason: that it makes the Internet stronger and more accessible for people worldwide. We also need to work to develop better Internet standards that provide usable privacy and security by default, and encourage broad adoption.
Protecting privacy rights in an era of transborder surveillance won’t be solved by ring fencing the Internet. It requires countries, including the U.S., to commit to the exceedingly tough work of coming to the negotiating table to work out agreements that set standards on surveillance practices and provide protections for the rights of privacy and free expression for people. Germany and France have just called for just such an agreement with the U.S. This is the right way forward.
In the U.S., we must reform our surveillance laws, adopt a warrant requirement for stored email and other digital data, and implement a consumer privacy law. The standards for government access to online data in all countries must likewise be raised. These measures are of course much more difficult in the short run that than data localization requirements, but they are forward-looking, long-term solutions that can advance a free and open internet that benefits us all.
Joseph Lorenzo Hall, Chief Technologist at Center for Democracy and Technology, co-authored this piece with Leslie Harris.
This article was originally posted on 4 Nov 2013 at indexoncensorship.org
25 Oct 2013 | Digital Freedom
Last year’s Internet Governance Forum in Baku, Azerbaijan proved controversial due to the choice of host. This year’s event, in Bali, Indonesia was bound to be contentious, after Edward Snowden’s leaks on the US’s PRISM programme. PRISM and TEMPORA (the UK system of mass surveillance) were a lightening rod for general discontent from activists who feel an increasing sense of ill ease over the state of internet freedom. Many of the sessions were bad-tempered affairs with civil society rounding on the perceived complacency of government officials from democracies who refused to state their opposition to mass state surveillance in clear enough terms.
At an event hosted by the Global Network Initiative, Index on Censorship, andPakistan’s Centre for Social and Policy Analysis, a US government official was heckled by the audience when he attempted to justify PRISM as an anti-terrorism measure. Of particular concern for delegates was a sense that PRISM is now being used by less democratic and authoritarian states to justify their own surveillance systems. The Chinese were quick to point out the ‘double standards’ of the US at this workshop, following it with appalling doublespeak to gloss over their poor domestic record on human rights violations. A point I challenged them on in no uncertain terms.
Participants in the workshop from across the globe from Pakistan to South Africa stated their concern that a race to the bottom is beginning with new surveillance capacities being debated in countries such as Russia, New Zealand and the UK. Other areas of concern at the workshop included the increasing use of filters at ISP level (in particular in Indonesia where a significant number of ISPs are adopting filtering) and the pressure now felt by Telcos from states who are imposing burdensome requirements to filter content. One worrying prospect is that the ITU will succumb to a push to ensure Telcos do not distribute ‘blasphemous’ content which could lead to the full Balkanisation of the internet.
Although the outlook is bleak, civil society is pushing back at corporations and governments. Bytes for All in Pakistan has done impressive work in chronicling censored online content. A number of coalitions strengthened at the IGF with closer co-operation between international NGOs to take on mass state surveillance. This weekend, a number of US NGOs will rally in Washington DC against the PRISM programme with thousands expected to take to the streets. Index on Censorship’s #DontSpyOnMe petition of 7,000 signatures was this week sent to Lithuanian President Dalia Grybauskaitė, who currently hold the Presidency of the Council of the EU, and Herman van Rompuy, President of the European Council. The EU heeded our calls to discuss mass surveillance at the Council of Ministers meeting – a big success. The pressure on corporations is being felt too, Telcos came under particular fire for their willingness to install surveillance equipment in their networks. Yet, many are beginning to speak publicly over the pressures they feel from states and the need for transparency so their users are at least aware of the surveillance they may be subject to and so can adjust their behaviour accordingly. Meanwhile, Google launched new tools to illustrate the threats the internet faces. The Digital Attack Map is a realtime website displays DDOS attacks and where they originate from – useful in tracking attacks on civil society websites from state-run or criminal botnets. Google also launched a project to provide free, secure web hosting for internet activists under attack.
One of the strengths of the IGF is the broadness of the workshop programme. From the challenges felt by the disabled online, minority rights online, through to bridging the ‘digital divide’ between the rich and poor both internationally and internally within even wealthier countries, the IGF covered a significant amount of ground. Yet, one of the big challenges to the IGF is how to engage a wider section of civil society. While the IGF was better attended by delegates from South-East Asia, fewer delegates from Europe and the Middle East were visible during this IGF. This remains a challenge to the organisers, with too much interaction from those physically present at the conference and too little from the many remote participants, many of whom couldn’t afford the air fare to Bali but have much to contribute. Bridging this divide will be important in the future.
The tone of this IGF was set by the Snowden revelations. The US and other Western democracies were on the back foot, in stark contrast to their confident promotion of net freedom in Baku. Without openess, increased transparency and an end to mass surveillance it’s hard to see how they will regain their moral authority, leaving a huge vacuum at the heart of these debates. A vacuum that others – in particular China – are willing to fill. The battle to keep the multistakeholder, open internet free from top-down state interference is on-going. The IGF should give once confident advocates of net freedom serious pause for thought.
25 Oct 2013 | Asia and Pacific, Digital Freedom, India, News
Just days before the United Nation’s led Internet Governance Forum in Indonesia, India, held its own – and first of its kind – conference on cyber governance and cyber security.
With the support of the National Security Council Secretariat of the Government of India, the two-day conference was organized by private think-tank Observer Research Foundation and industry body, Federation of Indian Chambers of Commerce and Industry, (FICCI). Speakers were from a host of countries including Estonia, Germany, Belgium, Australia, Russia, Israel, and of course, India.
It was ironic, that in a post-Snowden world, buried under allegations of the extent of the NSA’s spying, US officials were unable to attend the conference due to their government’s shutdown. Instead, other views took center stage, and India also visibly demonstrated the various positions its stakeholders take around the questions of governance and security.
Right at the kickoff, India’s Minister for Communications and Technology, Kapil Sibal, challenged the question of sovereignty and jurisdiction in cyberspace. “If there is a cyber space violation and the subject matter is India because it impacts India, then India should have jurisdiction. For example, if I have an embassy in New York, then anything that happens in that embassy is Indian territory and there applies Indian Law.”
India has, over the last few years, flirted with the idea of an UN-lead internet governance structure, and subsequently backed away from it. Minister Sibal said that India believes in “complete freedom of the internet”, however, at the same time needs to acknowledge that along with cyber freedoms come cyber gangsters, and the state and its citizens need to be protected from them.
India, with its 860 million mobile subscriptions (although, the numbers of users would be lower than this figure) is looking more and more to the internet as a delivery platform of socio-economic programs and a tool to boost the economy. That the internet can raise GDP by 10% is a much favored figure for those who promote the internet for economic reasons. The fact is that as the remaining unconnected population of India begins to acquire net connections through desktops and smart phones, the government is increasingly looking at security and surveillance over the internet as a necessary and inevitable route. This also means that the government needs to rely on industry to help them with this gigantic task.
The possible synergy between businesses and government in India was a central theme for discussion; as industry bodies asked the government to invest in training more cyber security specialists and also start moving towards uniform security standards and protocols. In fact, Indian industry most certainly wants to be relived of the financial burden of training personnel, and to an extent, investment in security R&D, and is keen to partner with the government to achieve both ends. Indian industry is often in the news because it appears almost universally under prepared for cyber attacks, both from within the country and externally. Suggestions of a government-led cyber awareness program were made as well, with calls to allocate funds for these exercises in the budget.
However, as has been the case in India, the real source of friction still lies between civil society and the government over the question of surveillance and monitoring. In a session entitled ‘Privacy and National Security’; perhaps the only India-centric panel of the entire conference, the debate became overheated. The panel consisted of a senior police officer involved in surveillance, India’s director-general of CERT (Computer Emergency Response Team), a representative from the mobile industry and a privacy expert. The government official was pushed by civil society members and journalists to explain the workings of the Central Monitoring System, still very opaque to the public, and later the official definition of privacy. He did neither. Unsurprisingly, India is yet to really define what privacy is, leading to simultaneous furor in the room and twitter (#cyfy13) about why this hasn’t been done as yet.
The sense in the room was that surveillance, while necessary to protect citizens, is only really effective when it is conducted in a targeted manner. Mass surveillance leads to self-censorship and is, in the end, counter productive. The other bone of contention was the question of identity, with the government making arguments that verifiable cyber identity is a possible solution to cyber crime. However, other participants found the issue troubling, as anonymity is necessary for a number of reasons, including as we have seen around the world, political dissent.
Finally, panelists discussed how best to inculcate a multistakeholder approach when legislating the internet. It was pointed out more than once that the internet was a product of private enterprise, made on open standards and principles, but now governments are attempting to control this resource. However, while public calls for multistakeholderism were made for many reasons; human rights, protection of privacy and even to benefit business in the long run (as they would not risk being caught up in lengthy court cases in the future if they took civil society on board from the start), there was still an elephant in the room. Offline, many official participants wondered why Chatham House Rules were not observed, or why there were no closed-door meetings only for government officials. It was clear that much of the weighty – and honest – discussions still don’t involve the public. Perhaps not where the question of governance is, but certainly when the question of security is.
Ultimately, there are two broad outcomes of this conference. The first is that India has indicated its willingness to start shouldering discussions to do with the global cyberspace. The other is, as India’s National Security Advisor put it, — ““India has a national cybersecurity policy not a national cybersecurity strategy.” This is certainly a start to building a consensus for that strategy.
This article was posted at indexoncensorship.org on 25 Oct 2013.
23 Oct 2013 | News, Pakistan, Religion and Culture
It’s been over two weeks now that Rana Tanveer, a reporter in Lahore at the English daily, Express Tribune, has not gone to work.
Early this month, he received a one-page letter, in the Urdu language, terming him an apostate and accusing him of writing in favour of Ahmadis and Christians.
“It warned me to stop writing ‘against’ Islam and seek ‘forgiveness’ from God,” he said over the phone from his home in the Punjab province.
It further warned him that if he did not desist, he would be killed — since that is the punishment of a person declared an apostate.
“I can’t work like this; no reporter can, if he cannot roam about freely,” said Tanveer.
Initially, he did not take the letter too seriously, but a week after he received the letter, he felt he was being followed on a motorbike. “It’s a scary experience,” he conceded, adding: “I made a few turns just to be sure that this was not a figment of my imagination, but the man on the motorbike persisted. I knew then that this was no joke and I had to do something.”
His seniors at work advised him to at least file a complaint with the police, which he did, but he did not name anyone “due to security reasons”.
“My editor told me to keep a low profile and not to report on minority issues for a while, and if I had to, it would go without by byline,” said the journalist.
Farahnaz Zahidi, features editor in the same paper as Tanveer’s feels very strongly about one’s byline being taken away. “As a journalist, perhaps the biggest satisfaction in this otherwise perilous and often under-paid profession is one’s by-line; it also lends credibility.”
However, she added, by shooting the messenger, society loses out. “The right to information is threatened when media persons threatened.”
Tanveer finds a plethora of minority rights abuses strewn around his city but says few journalists feel inclined to take up these issues.
“Mine seems to be a lone battle,” he said. “I am often scorned by my colleagues for reporting ‘chooras’ (derogatory term used for Christians, also among the poorest sections of society and consigned to menial janitorial jobs) and ‘Qadianis’ (also a derogatory name for those belonging to the Ahmadi faith, declared non-Muslims by state in 1974),” he said.
But it’s not indifference to these rights issue alone that keeps journalists from reporting on them. Senior journalist and communication expert, Babar Ayaz, says it is also quite dangerous to write about “the victimisation of Ahmadis, Christians or Hindus”.
Nevertheless, he added: “Journalists have to write what is right. Threats and killings are hazards of this job living in an increasingly intolerant society.”
He remembered when he wrote a piece on the attack on the massacre of Ahmadis in Lahore [in May 2010], he received a couple “abusive phone calls”. He also received some angry messages on a chapter in his book titled: What’s Wrong With Pakistan? The book, which was published in August criticises Islamic laws in Pakistan.
“But we are small fry,” said Ayaz. “When Nawaz Sharif expressed condolence on the killings of ‘our Ahmadis bhais [brothers]’ some mullahs said that by calling them ‘bhai’ he had committed a sin. The extremists have no logic but they have muscle power,” he added.
According to Aamer Mahmood, who heads the press section of the Ahmadiyya Jammat, and is in regular touch with several journalists: “The fear among them is palpable. While many empathise with us for the way our rights are trampled, they say their hands are tied. Some are scared of the wrath of the extremists; others fear they will lose their jobs.”
“It is indeed becoming more dangerous to write on these issues, in any language,” agreed Kamila Hyat, a rights activist and former editor of English daily The News. “I believe that while sections of the English language press remain relatively liberal, more and more are succumbing to the bias and intolerance we see everywhere,” she pointed out.
“The manner in which the ‘agenda’ for news is set, notably by the electronic media, also shoves minority issues to the sidelines, and intolerant mindsets exist everywhere — even among the educated,” she said.
With seven journalists having lost their lives since January this year, according to the 2013 Impunity Index report by the Committee to Protect Journalists (CJP), just last year, Pakistan which was ranked tenth, has moved two spots up at eighth position for the worst place for the press. Further, it has been declared more dangerous than Russia, Brazil, Nigeria and India.
According to the CJP, 28 Pakistani journalists have been murdered since 1992 in connection with their work, 27 of whom were killed with impunity. The deaths of 24 additional killed during the same period cannot be confirmed as “targeted.”
“Doing journalism in Pakistan is not easy, which is ranked the third most dangerous country for reporting after Syria and Egypt,” observes Mazhar Abbas, former secretary general of the Pakistan Federal Union of Journalists, a formidable voice fighting for the rights of journalists. While journalists continue reporting despite threats particularly those working in the Federally Administered Tribal Area (FATA), Balochistan and even in the southern port city of Karachi, Abbas said, reporters from the Punjab province seemed comparatively safer.
But not anymore, it seems.
Abbas said every threat should be taken seriously. “The letter to Tanveer could be an individual act or from a group. The government and administration need to probe this matter and find out about the person who sent this letter in the first place. Journalists reporting on sensitive issues should do so responsibly; their reports should be factually correct with minimum expression that can lead to stoking up controversy.”
This article was originally posted on 23 Oct 2013 at indexoncensorship.org
