Mister Chairman, Distinguished Members of the Caucus:
 
My name is John Palfrey.  Thank you for the leadership of this Caucus
in drawing attention to the relationship between the Internet and human
rights in China and for the opportunity to speak with you today. 
I am here today as a member of a team of researchers, called the OpenNet Initiative,
that has been conducting empirical testing of China’s Internet
filtering regime for the past several years and monitoring the
involvement of United States companies in that regime.  My
colleagues Ronald Deibert of the University of Toronto, Rafal
Rohozinski of the Advanced Network Research Group of the Cambridge
Security Program, University of Cambridge, and Jonathan Zittrain of the
University of Oxford and Harvard Law School, are also principal authors
of the OpenNet Initiative’s work.  We have also studied in depth
the filtering regimes of states in the Middle East, the former Soviet
republics, and parts of East Asia.  I am joined today by my
colleague Nart Villeneuve, the Director of Technical Research at the
Citizen Lab at the University of Toronto.  

Today the Caucus considers human rights with respect to the Internet in
China.  I applaud your efforts to shine a spotlight on this
important matter.  I hope that your efforts, and those of your
colleagues, will lead to new ways to work together to achieve our
common goal of global economic development that is consistent with the
values that we hold dear as Americans and as citizens of our
increasingly connected world.

While China seeks to grow its economy through use of new technologies,
the Chinese state’s actions suggest a deep fear of the sometimes
disruptive effects of free and open communications made possible by the
Internet – particularly on topics of human rights.  This fear has
led the Chinese government to create the world’s most sophisticated
Internet filtering regime.  One of the topics commonly blocked is
information related to human rights, including the website of the
respected NGO, Human Rights Watch.  

Increasingly, the Chinese state has turned to private companies that
control parts of the middle of the network to assist in its filtering
and surveillance practices.  These companies find themselves today
in an awkward, if not untenable, position on this issue of ethics and
human rights.  Individual companies can be isolated and pressured
by the filtering state and undercut by competitors willing to comply
with surveillance and filtering requests.  

United States technology companies, which have led the Internet
revolution from the start and have brought us many of its extraordinary
benefits, are now in the uncomfortable posture of helping to carry out
Internet filtering practices.  These companies also find
themselves under pressure to turn over sensitive personal information
to law enforcement officials, in circumstances where these companies
would not turn over the information here in the United States.

Private technology companies cannot today participate in these
marketplaces without consequences based upon their actions.  Human
rights are implicated.  Companies in this position have an
obligation to figure out what it means to act ethically when they are
doing business in a place like China.  They also have a
self-interest in having a common code of practice to which they can
point and rely upon in resisting abusive filtering and surveillance
requests.  The United States Congress is right to pay attention.

Despite what may seem to be a common set of problems, United States
technology companies should not be lumped into a single category when
it comes to their participation in Internet filtering and surveillance
practices.  Plainly, there are different issues at stake when a
company is making technology products that are designed to  carry
out filtering regimes in other countries around the world as compared
to a company that is making general-purpose technology that happens to
be used to filter or spy on Internet-based communications.  Surely
there are differences between the company that offers a limited online
service in China and collects no personally identifiable data as
compared to a company that not only collects large amounts of such data
but turns it over prior to a formal legal action.   Surely we
would distinguish between a company that folds at the first hint of
controversy and the company that draws lines in the sand and puts its
license to do business in that state in harm’s way.  There are
ethical lines to be drawn between various kinds of technology companies
that are doing business in China.  These lines will help to shape
what we believe to be good public policy on this matter.

In terms of how to move forward, there are several options.  

First, and most appealing as a next step, is for the United States
information technology industry, perhaps with other players from states
that face this problem, to work together to try to sort out a common
ethical pathway.  I, and some of my colleagues at the Berkman
Center at Harvard Law School, believe that we should explore the
development of a set of principles that would guide businesses that are
offering services in states that filter extensively and spy on Internet
conversations and give them a base of support for resisting abusive
surveillance and filtering requests.  

There are a number of things that United States technology companies
can do to make their actions more transparent to users, more protective
of civil liberties, and more accountable to all of us.  Yesterday,
Microsoft announced a policy with respect to content hosted on their
popular MSN Spaces blog software in China, which is very much a step in
the right direction.

The Chinese state’s filtering systems lack transparency in nearly every
sense.  In addition to limiting what Chinese citizens can come to
know about the censorship process, this lack of transparency
complicates the task of monitoring its filtering regime.  Most
important, this lack of transparency contributes mightily to the
climate of self-censorship.  Chinese officials very rarely admit
that the state censors Internet content.  Officials do not
disclose at any level of granularity what material it targets through
the filtering regime.  United States technology companies can help
on this transparency front by how they carry out their blocking.

Second, it may be the case that the Congress could develop a corollary
to the Foreign Corrupt Practices Act that would guide – and tie the
hands of – United States technology companies doing business under
these circumstances.  Such a step is risky on many levels and
should be taken only with great care, and only if our technology
industry is unable to work out the problem on its own.

Third, the United States ought to consider making this human rights
issue a matter of foreign trade policy or other forms of international
negotiation.  In the Internet context, the United States ought to
stop worrying about the future of the Internet Corporation for Assigned
Names and Numbers and should make Internet filtering and surveillance
the key Internet governance issue on the world stage.

The best outcome is not to ban the involvement of United States
technology companies in China outright.  The best outcome would be
for our technology companies to be able to compete in these
marketplaces – with their best-in-the-world offerings – without having
to compromise our values and without having to become complicit in
Internet censorship and surveillance.

In conclusion, we ought to see this issue not as a crisis, but rather
as an opportunity.  Internet technologies, developed by the likes
of Microsoft, Yahoo!, Google, Cisco, and many others, are doing
terrific things for democracy around the world.  At the same time,
the People’s Republic of China’s Internet filtering and surveillance
regime has the greatest effect on the freedom of expression, and on the
efforts of human rights workers, of any filtering regime throughout the
world.   

We need to come together to figure out how to ensure that these
companies and their technologies are indeed a force for greater
democratic participation, not pushing against it.  These companies
should be, and can be, the darlings of the human rights community for
what they can do for human rights in places like China.  It
doesn’t happen to be the case today, but I have no doubt that we can
get to that point through collaboration that is grounded in honesty,
openness, and transparency.

Written Statement of John G. Palfrey,
Jr., Clinical Professor of Law & Executive Director, Berkman Center
for Internet & Society, Harvard Law School at the Congressional
Human Rights Caucus Members’ Briefing on the subject of human rights
and the Internet in China, February 1, 2006.

I’m at the Berkman Center feverishly trying to finish testimony for the Congressional Human Rights Caucus hearing tomorow in DC.  I’m just starting to consider Microsoft’s announcement of its new policy on blogging, censorship and surveillance. 

At a minimum, I am pleased to see the transparency of their decision-making, the commitment to a process internally before replying to a state’s request for information, the commitment to making content blocked in one state accessible in other states, the commitment to transparency to users about what’s being blocked, and the clear message that this is not just about China.  Perhaps most of all, their call for a broad-based dialogue on how to manage this problem is right on, in my view.

Here are the operative segments, cut-and-pasted from the announcement:

“* Explicit standards for protecting content access: Microsoft will remove access to blog content only when it receives a legally binding notice from the government indicating that the material violates local laws, or if the content violates MSN’s terms of use.

* Maintaining global access: Microsoft will remove access to content only in the country issuing the order. When blog content is blocked due to restrictions based on local laws, the rest of the world will continue to have access. This is a new capability Microsoft is implementing in the MSN Spaces infrastructure.

* Transparent user notification: When local laws require the company to block access to certain content, Microsoft will ensure that users know why that content was blocked, by notifying them that access has been limited due to a government restriction.”

Will a policy of this sort make any difference?  Well, it’s surely just a first step, but I think it is a positive step.  So much will become clear if we ever find out how Microsoft acts when pushed on matters by a repressive regime.  Will these policies render Microsoft’s stance more protective of civil liberties — in appropriate contexts — than that of another company, perhaps one based in that regime?  Entirely possible, but so much turns on the application of the policy on the ground when trouble starts.

* * *

Not specific to this announcement, but prompted in part by puzzling over it: one theme that I think ought to emerge is the distinction between various contexts.  Microsoft’s announcement is somewhat helpful in this parsing process, though of course does not provide all the answers. 

Start with the presumption (though I know one might take issue with this starting point) that a United States company is competing in the marketplace of another state that has an extensive filtering and surveillance regime in place.  (For examples, see the OpenNet Initiative’s country studies.)  Consider whether we think the ethics are, or may be, different in the following scenarios, when a US company:

1) blocks access to content published by a citizen of another state at the explicit request of that other state,

  a) which blocking disallows the content to be viewed by another citizen of that state

  b) which blocking disallows the content to be viewed by those requesting to see it from states other than the home state of the author (such as the United States);

2) blocks access to content published by a citizen of another state at the implicit request (i.e., “you should generally block things of this nature”) of that other state

  a) which blocking disallows the content to be viewed by another citizen of that state

  b) which blocking disallows the content to be viewed by those requesting to see it from states other than the home state of the author (such as the United States);

3) turns over information about the user of an online service, pursuant to a specific legal notice from another state, when

  a) that user is the citizen of another state,

  b) that user is the citizen of the United States but acting in the other state; 

4)  turns over information about the user of an online service, pursuant to an informal request from another state, when

  a) that user is the citizen of another state,

  b) that user is the citizen of the United States but acting in the other state; 

[Does it matter whether the user’s alleged infraction was one that was a crime in the United States, or whether the information is sought because of political speech by that user that would plainly be protected under US law?  Whether the state needs the information to save a life, or to carry out a preventive law enforcement act?  How can the US company know?  What about when the request is to support research on a general policy issue, such as the US DOJ’s request for search engine data, apparently without user-specific data, in the COPA matter?] 

5) develops general-use technology that is used in the filtering and surveillance practices of another state; or,

6) develops specific-use filtering and surveillance technologies that are used in such regimes in other states.

There are no doubt many other permutations, but these seem to me to be starting points for parsing out the thorny ethical problems buried here.

We at the OpenNet Initiative have built a search-compare tool
to show what results you get on google.cn as compared to
google.com.   Be sure to try out “human rights” and some of the other  sample searches we’ve got up there.  (Special credits to Nart Villeneuve and Boris Anthony.)

We are enormously grateful to our friends at the MacArthur Foundation for their support, in the form of a $3 million grant, of our next four years on the OpenNet Initiative in its study of filtering and surveillance online.

Alois Stutzer and Bruno S. Frey (University of Zurich) have a new paper out in the Review of Law & Economics called “Making International Organizations More Democratic.”  Likely of interest to the watchers of ICANN, WSIS, and related institutionsin the Internet space (what I think of as the NetDialogue crowd!).

The abstract: “World governance today is characterized by international
organizations lacking democratic legitimacy and control by the citizens
they claim to represent. They are also criticized for being
inefficient. This leads to violent protests and to NGOs having great
influence. To address these problems, we propose international
governance based on the democratic idea of citizen participation: All
citizens of the member countries of international organizations have
the potential right to participate in the decision-making of
international organizations via initiatives, referendums and recalls.
In order to reduce transaction costs, a representative group of
citizens is randomly selected who can actually exercise their
participation rights.” 

Provocative, anyway, and worth hearing them out.

Today, we are announcing a new project — StopBadware.org
— at the Berkman Center, in partnership with the Oxford Internet
Institute and our unpaid special advisors at Consumer Reports Web
Watch.  This is an active research initiative that collects data
and stories from consumers in a  publicly-accessible
clearinghouse, sets forth a series of guidelines for what constitutes
“badware” in our view, and will involve our publication of an ongoing
series of reports about downloadable applications that violate these
guidelines.  We are fortunate to have the support of Google, Sun,
and Lenovo, as well as an exceptional 8-member working group and world-class advisory board.

This project is very much intended as a complement to the many other
good efforts underway to stem the tide of badware, like the work of
TrustE, the AntiSpyware Coalition, researcher Ben Edelman, and many
others in the public and private sectors. 

David Berlind has a great piece
based in large measure on an interview with Jonathan Zittrain about the
law enforcement/privacy/tech company flap kicked off by DOJ’s measures
to get Google to comply with their order to turn over search
data. 

Berlind sets it in the right frame, I think, which is not a simple
request for a single set of information to solve a given case or to
stop a crime from happening but rather in the larger context of the
role of technology companies vis-a-vis states in carrying out law
enforcement activities:

“In the bigger picture though (and on the heels of the domestic spying
issue), the warrant for search data, particularly when there isn’t an
investigation into a specific case of wrongdoing, raises more questions
about how far the Feds can and will go when it comes to mining domestic
sources of information that many (including Google, apparently) believe
to be off-limits to the government.  Most US-based Internet users,
for example, use the Internet on the assumption that a record of their
behavior (whether it includes personally identifiable information or
not) won’t fall into government hands.

“Perhaps the most obvious question is ‘where does it end?’  Does
compliance with the DOJ’s request set an ugly precedent that paves the
way for the Feds to comeback for a mile once they’ve taken an inch?
Even if the data that Yahoo, Microsoft, and AOL turned over to the Feds
was uncompromising in terms of privacy, with no particular criminal
investigation taking place, what happens when the Feds see something
they don’t like? Can they just come back for more and take it? Not to
be alarmist or extreme here, but is China — where Yahoo and Microsoft
(also this) have already had anti-democratic run-ins with that nation’s
government — on the other end of the spectrum along which
domestic Internet surveillance policies are shifting and how far along
that spectrum of chilling effects will the US shift?”

(Before reading what Berlind/JZ said, I did an interview with Red Herring on the same topic.)

There’s a remarkable and worthwhile thread forming over at Shelley Powers’ Burningbird blog after her post on RSS and copyright. 
I don’t agree with everything written there, but it’s a fascinating
back-and-forth, and features two posts (at least) from Denise Howell,
which alone makes it worth the read.  It strikes me as just the
kind of sorting process that we need to go through, to get opinions
about these norms aired and understood.

Gregory Lamb of the Christian Science Monitor has a great, forward-looking piece on the future of RSS:

“Mike Richwalsky has an online helper who keeps him informed. It tells
him when his friends post new items on their websites or new photos to
sites like Flickr. It advises him on what Netflix movies he might want
to rent and gives him the latest scoop on his favorite sports team, the
Pittsburgh Steelers. It also alerts him if his name, or that of
Allegheny College, where he works as a Web administrator, is mentioned
online. It’s even ready to signal him if an online merchandiser gets a
hard-to-find Xbox 360 game console in stock.

His helper is an RSS aggregator. RSS stands for Really Simple
Syndication, and its purpose is in fact really simple: ‘Feed’ the user
information every time a weblog, news source, or a selected website has
been updated with new information.”

Susan Mernit, a wonderful analyst of all things Web 2.0, writes,
in a thoughtful post responsive to the flap over RSS and copyright:
“But it seems to be what Palfrey has not yet addressed–which makes
sense considering this company is so new–is that many of the players
entering into the bundled space recognize they have to give more back
to their creative sources than just a little traffic or a thank you.
… Without some share in the revenue, it’s not right to make $$ from
anything more than a headline and a digest, unless the blogger has
specifically given permission for a great depth to be published off
site.”

No better time than the present to address it.  I don’t have an
answer, by any means, but it seems like a terrific question, one
well-worthy of discussion.  I should note that I don’t think of
this as a “legal” issue (those are addressed in an all-too-long post
yesterday).  But I think it’s a critical issue from the
perspective of developing this ecosystem based on syndicated
content. 

I wonder if what Susan points to is an emerging consensus, which would
help clarify the community’s views and the norm around aggregation (we
could call them the “Mernit Principles”):

1) If a for-profit company a) aggregates RSS headlines and digests of feeds only
(presumably there’s a norm around what is appropriate “digesting”, but presume for these purposes it’s
something well short of a full feed, consistent across all sources
aggregated); b) provides an easy mechanism for those who wish to opt-out to opt-out; and c) observes all licenses
and other stated preferences of those who offer feeds, then it’s OK to make money on the
aggregated content with ads served alongside the content in some
fashion.  (Perhaps My Yahoo! is a — presumably very profitable —
example of such a
model, or something along these lines, as My Yahoo! seems to render
just headlines from the RSS feeds I’ve got loaded in there.)  It
reminds me of what Dave said back in December about how to make money online.

2) If a for-profit company aggregates full RSS feeds and makes money
from the aggregation, it’s not enough to give the source of the feeds
some links back or a hat-tip or similar kinds of  non-cash remuneration.  If full RSS feeds are included in
the aggregated content, then some form of revenue-sharing needs to be
worked out to repatriate cash to the people creating the
works.   Such a model might be what Gather.com
and others seem to be suggesting as the way forward (“It just seems
fair that we share our advertising revenue with you based on the
quality and popularity of the content you contribute on Gather.”) 
Such a model could make sense in the way that eBay and Google have made
sense: serving as public online platforms on which other people could make a bit of
money, while ensuring that the platform providers got enough, say, to go public
and render the founders billionaires.

Does that sound right? 

(A broken record, I know, but my disclosures apply here big-time, as with other posts over the past two days.)