1 travel guide to the digital world: Internet Policy and Governance for Human Rights Defenders Becky Hogge
2 Published in London 2014 by Global Partners Digital This work is licensed under Creative Commons, Attribution-NonCommercial-ShareAlike
3 travel guide to the digital world: Internet Policy and Governance for Human Rights Defenders Becky Hogge
5 The same rights that people have offline must also be protected online United Nations Human Rights Council resolution, 2012
6 6 The internet is the defining technology of our age. Sometimes gradually, sometimes dramatically, it is shifting power relationships in every aspect of our lives, from commerce to politics, from education to art. With these shifts come new opportunities in the field of human rights, but also new threats. The internet empowers people by placing the means to access and disseminate information directly in their hands. The internet empowers people by placing the means to access and disseminate information directly in their hands. It grants even those with only a modest level of technical skill the ability to bypass state censorship. Where once the power to communicate with a wide audience was monopolised by elites, the internet allows ordinary people to raise their voices against injustice, incompetence and ignorance. It presents all of us with new ways to organise ourselves, to make a difference in our communities and in our societies. It paves the way for new digital services with the potential to put prosperity in the hands of the world s poorest. And it has the capacity to offer the socially marginalised, the physically disabled, the visually impaired and many other disadvantaged groups new channels of communication and expression, free from intolerance or impediment.
7 7 The internet provides opportunities for advancing human development and human rights. Already, we can see the possibilities. In Kenya, citizens used and their mobile phones to send messages about political violence they had witnessed. These messages were gathered together on a website Ushahidi (testimony) that was able to present a picture of levels of violence during the post-election crisis. In Tunisia, as thousands of people took to the streets to protest against the economic and human rights hardships suffered under a decades-old regime, activists shared details of police movements and of demonstrations on Facebook and Twitter, and posted videos live from the streets to YouTube and DailyMotion videos that Al Jazeera beamed back onto Tunisia s television sets, stoking the revolution and spreading the news around the world. In Saudi Arabia, thousands of people signed an online petition calling for an end to the kingdom s ban on women driving, with dozens of women using YouTube to post videos of themselves violating the ban on a designated Day of Women Driving, intended to put pressure on the authorities to address the issue. Although the internet provides opportunities for human development and the advancement of human rights, it brings threats with it, too. With new forms of expression come new forms of censorship and surveillance. What s more, as communications technology spreads, uneven patterns of adoption amplify already-existing inequalities. The same features that make the internet a great way to disseminate information and rally individuals around a collective cause can also make it a great way to spread disinformation and polarise people. The fact that the computers that power the internet are able, by their very nature, to retain near-perfect records of all the online activity of all of their users means that personal privacy is fundamentally at risk as we move into the digital age.
8 8 It has never been easier for the state to locate and identify an activist who uses digital communications technology to organise and, once they are so located, to spy on, record and suppress their activities. Dissidents in Egypt have given accounts of being confronted with their own private text messages during interrogation sessions under the Mubarak regime. Statesponsored hacking attacks against independent news media and human rights groups have been reported in Tunisia, Russia, China, Vietnam, Burma, Mexico, Israel, Egypt and Iran. In 2012, the United Nations recognised the huge impact of digital technology on human rights and resolved that The same rights that people have offline must also be protected online. This resolution reflects a hope for the future, not the present state of affairs, and this hope cannot be realised without action on the part of human rights defenders who understand the internet and the opportunities and threats it presents. Privacy is fundamentally at risk as we move into the digital age. Understanding and addressing how the underlying structure of the internet, and the way it is operated and governed, affect the rights of its users is a new field a field from which human rights expertise is currently lacking. Instead, powerful interests mainly governments and big businesses are being permitted to shape our digital future in key debates, treaties and deals that are happening now. Those civil society groups that are involved in these debates are fighting an unequal fight, and desperately need the diversity and depth that the human rights community brings with it. The digital rights they are defending will be rights on which we all come to rely, even those of us who think the internet has little to do with our day-to-day work now. It is time for human rights defenders from the offline world to familiarise themselves with the internet, and prepare to defend human rights online.
11 11 An Overview Of This Guide To people who are used to defending human rights in the real world a place geeks often refer to as IRL (In Real Life) or AFK (Away From Keyboard) the internet can seem like a foreign language. The aim of this guide, then, resembles that of any good travel guide: to introduce newcomers to the history, workings and culture of the virtual world and help them find the features most relevant to their concerns. It is much easier to enjoy a trip abroad when you understand a bit about your destination and speak some of the local language, and it is impossible to defend human rights online successfully without a basic understanding of the history of the internet and how it works. The next chapter is a short introduction to what the internet is (and what it is not). Chapter Two contains a brief history of the internet, its technical development, use and governance. Chapter Three explains the different technologies that power the internet, and the actors behind them. Chapter Four introduces the various groups and institutions that either have or want a stake in internet governance, and are therefore poised to influence the future of human rights online. Chapter Five outlines the major human rights issues to look out for in the new digital world, and Chapter Six examines possible futures for networked digital communications, and their human rights implications. You will find many technical terms as you read, but do not be put off by them. This guide is aimed at a non-technical audience, so where technical terms are included, these are in bold print and are explained in the extensive glossary at the end of the guide. By the time you have finished reading this guide, although you may not yet be referring to the non-virtual world using three-letter acronyms, you will be able to speak a little bit of geek yourself.
12 Contents Chapter 1: Wait, where am I? What The Internet Is And Is Not Chapter 2: How did we get here? A Short History Of The Internet 20 Development 20 Adoption 20 Uses 21 Governance 21 Chapter 3: Are you sure this thing s working properly? Understanding The Internet 28 The layer model The physical layer The code layer The application layer The content layer Chapter 4: Can I speak to the manager? Internet Governance State-level governance Corporations 51 Users and digital civil society 52 Technical governance 53 The United Nations Country groupings 58
13 Chapter 5: What a human rights issue looks like now: A Spotter s Guide 62 Censorship Case study: a step too far? China s Green Dam 64 Case study: Arab secularists on Facebook 66 Surveillance Case study: Finfisher 69 The global digital divide Harmful content Case study: the Internet Watch Foundation and Cleanfeed 72 Chapter 6: Stop this thing, I want to get off! A Changing World 76 Weaponisation of cyberspace 76 Internet Balkanisation 76 Case study: Stuxnet 77 Internet of things 78 Big data 79 Glossary 80 Acknowledgements 89
15 chapter 1 Wait, where am I? What The Internet Is And Is Not
16 16 What The Internet Is And Is Not The internet is made up of millions of computers across the world, all connected to one another and sharing information. People talk about downloading things from the internet or going onto the internet or online to check facts or fetch s. What they re really doing is using the internet to download information onto their computer from some other computer somewhere on the internet. The internet is made up of millions of computers across the world, all connected to one another and sharing information. The internet has been called a world of ends and an end-to-end network, because on the internet the stuff that matters, the smart stuff, happens at the end points, at the computers that connect to it. The computers that connect to the internet are constantly generating, storing and sharing information. Computers here doesn t just mean the laptop in your bag right now. It could mean the 180,000 computer servers, currently running in Pineville, Oregon, that make up Facebook; it could mean the smartphones in the pockets of 41% of Nigerians. One day soon, it might mean your refrigerator, your car or even your bath (see chapter 6 for more on the internet of things).
17 17 And information here doesn t just mean bus timetables or research reports. Information means absolutely anything that can be translated into the computer s language of ones and zeros. That could be videos shot and uploaded live from a protest in Istanbul, or pictures of cats, or the voices of people who live halfway across the world from their families, using Skype to catch up. It could be software updates, or malicious computer viruses. Or it could be a shaky camera recording of the latest Bollywood movie, being shared illicitly using peer-to-peer file-sharing. Some types of computer: laptop, computer server, smartphone. The internet s end-to-end structure arises from the fact that, unlike the communications networks that came before it, the internet was not designed with one particular type of communication in mind. The communications protocols that allow the computers that make up the internet to connect to one another are designed to run on almost any type of physical infrastructure and to carry any type of digital information. It is this design that has made the internet so scalable and flexible, and allowed innovation online to flourish.
19 chapter 2 How did we get here? A Short History Of The Internet
20 20 A Short History Of The Internet Many of the internet s peculiarities today are traceable to its history. Development The origins of the internet lie in research carried out during the 1960s, much of it funded by the United States Department of Defense, which sought to build resilient communications infrastructure using computer networks. This research led to the development of many different packet-switching computer networks across the United States and Europe. As these different networks flourished, ideas about joining them together were put forward. The TCP/IP protocol (see Chapter 3), which allows this inter-networking, was gradually adopted and an elementary, global network of networks the internet was born. Adoption At first, the internet was used mainly by academic institutions, although hobbyists could use early modems and personal computers to log on via the telephone network. During the 1990s people started adopting the internet at a rapid pace that has not slowed since: at the beginning of the decade, about 313,000 computers were connected to the internet; by 2000 that figure was over 93 million. Today, 2.5 billion people more than one third of the world s population have access to the internet.
21 21 Uses dominated the internet for a long time after the first was sent in During the 1980s, online forums, such as Usenet, and bulletin board systems (BBS) became widely used. During the 1990s, the worldwide web led to a huge increase in the amount of information available to non-technical people via the internet; this decade also saw the rise of e-commerce. Peer-to-peer filesharing, social media, video and voice-over-ip all blossomed online during the 2000s, despite the dotcom bust early in the decade saw the first of many mass online disclosures of state secrets; these may ultimately contribute to defining the 2010s as the decade during which the internet became a major political force. Governance Early internet pioneers defended the internet as a place that defied state-level regulation because of its global nature, but since the early 1990s, states and their legal systems have enacted new laws and adapted old ones to attempt to regulate internet activity. At an international level, states and civil society have looked to the United Nations (UN) to address internet governance issues and to influence the development of the globally networked world, through the UN-sponsored World Summits on the Information Society (WSIS) in 2003 and 2005, which in turn gave rise to the Internet Governance Forum (IGF). Away from the scrutiny of civil society, multilateral trade negotiations and meetings of the International Telecommunications Union (ITU) also provide settings in which corporations and governments attempt to form internet policy.
22 Timeline: development and use 1977: The Apple II computer is launched. 1977: Dennis Hayes and Dale Hetherington invent the modem. 1974: (December) Vint Cerf publishes an internetworking proposal, which contains the first recorded use of the word internet. 1973: accounts for 75% of the traffic on ARPANET. 1972: France begins research on the CYCLADES packet switching network : Ray Tomlinson sends the first : (29 October) Computers in Stanford and Los Angeles connect across the ARPANET packet-switching network for the first time. 1988: US National Science Foundation invests heavily in internet infrastructure. 1984: The creation of the Domain Name System. 1984: The WELL Bulletin Board System is established : The Usenet computer network communications system is established.
23 1999: The launch of the Blogger blogging platform. 1998: Google search engine is launched. 1995: Launch of ebay and Amazon. 1993: The launch of the popular Mosaic web browser. 1990: Tim Berners-Lee proposes the worldwide web. 2004: The launch of Facebook. 2003: Skype is launched. 2006: The launch of Twitter. 2006: Google buys YouTube. 2005: The launch of YouTube. 2003: Google buys Blogger : The launch of Wikipedia. 2000: The Dotcom bubble bursts : Edward Snowden, a former employee of the Central Intelligence Agency, leaks thousands of classified documents detailing the extensive internet surveillance activities of the USA, the UK and their allied governments. 2012: Mass online protests prevent the passing of the Stop Online Piracy Act (SOPA) in the USA. 2010: WikiLeaks releases the Collateral Murder video, followed by the Afghan and Iraq War Logs and US Diplomatic cables.
24 Timeline: governance 1998: The Internet Corporation for Assigned Names and Numbers (ICANN) is established to take over the duties of the Internet Assigned Numbers Authority from the US Department of Defense. 1998: China begins its Golden Shield Project, popularly known as The Great Firewall of China. 1998: The US enacts the Digital Millennium Copyright Act (DMCA), including provisions for intermediary liability. 1996: (December) World Intellectual Property Organization (WIPO) members adopt two Internet Treaties, designed to strengthen intellectual property laws for the digital age. 1996: (February 8 ) John Perry Barlow writes the Declaration of the Independence of Cyberspace. 1993: John Gilmore tells Time magazine, The internet interprets censorship as damage and routes around it. 1992: The Internet Society is founded to provide leadership on internet-related issues and a corporate home for the IETF : The Internet Engineering Task Force (IETF ) holds its first meeting : France adopts its HADOPI law, which includes notice and disconnection provisions. 2008: The Open Net Initiative s (ONI) survey of global internet censorship states: Technical filtering does occur in other parts of the world, but in a more limited fashion. 2006: The first meeting of the Internet Governance Forum (IGF) takes place. 2005: The Second World Summit on the Information Society (WSIS 2005) is held. 2003: The First World Summit on the Information Society (WSIS 2003) is held. 2000: The European Parliament adopts its E-Commerce Directive, which includes provisions for intermediary liability.
25 : (December) Failed attempt by some International Telecommunications Union (ITU) members to bring aspects of internet governance under its control. 2011: The India, Brazil and South Africa Dialogue (IBSA) calls for greater UN involvement in internet governance. 2011: The Dutch government launches a Freedom Online Coalition of 21 countries. 2010: The Internet Governance Forum s (IGF) mandate is renewed until : The ONI s survey of global internet censorship begins: Internet censorship is becoming a global norm.
27 chapter 3 Are you sure this thing s working properly? Understanding The Internet
28 28 Understanding The Internet The internet is designed to run on almost any type of physical infrastructure and carry any type of information. This design has made the internet scalable and flexible, and allowed innovation online to flourish. Having a basic grasp of how the internet works will help anyone new to defending human rights online understand more clearly the different actors and threats they encounter. The layer model One way to understand how the internet works is to think of it as a series of layers. The physical layer, at the bottom of the stack, contains the hardware components computers, routers, switches, etc. that underpin the internet. On top of this is the code layer (a series of software layers, often called the protocol stack, or TCP/IP), which defines the way applications (the third layer up) and their content (the top layer) are transported around the network. Each of these layers works independently of the others: for example, what the physical layer is made up of be it copper wire, optical fibre or radio signals has no bearing on what type of content voice, music, text, code it can carry. It is this independence, together with the rigorous standardisation of the various protocols in the TCP/IP protocol stack (see The code layer section, below), that characterises the internet and makes it so successful as a scalable network.
29 29 The internet is designed to run on almost any type of physical infrastructure and to carry any type of information. This design has made the internet scalable and flexible, and allowed innovation online to flourish. For example, when you write an (content layer) using Microsoft Outlook (application layer), and hit send, the information is encoded with a series of protocols (code layer) that will shape how and where it is transported. Much as the postman does not need to look inside an envelope to ascertain where a letter needs to go, so the routers and switches (physical layer) that make up the local and global networks across which your travels need only look at the information encoded in the protocols specific to them. The same is true of a conversation (content layer) taking place over Skype (application layer), that is encoded and divided into packets (code layer) and routed around a global network (physical layer) of, among other things, the computers of other Skype users. Although the way the internet works may be hard to grasp at first, it is important for human rights activists to have a basic understanding of it. Threats to human rights may occur in any one of these layers. Each layer is shaped by a different set of actors.
30 30 What Is It? Examples Who Shapes It? What s At Stake? Content Layer Information we access and share online Text and images, data, video, voice, code, music Users, from media and advertising companies to individuals Hate speech; disinformation; copyright infringement; criminalisation of legitimate expression; defamation Application Layer Software that helps us access and share that information Web browser, client, social networking platform, search engine Google, Facebook; Twitter; free software developers; individuals Censorship through website blocking and traffic filtering; surveillance; malware Code Layer Communications protocols that allow any type of information to travel across any type of physical infrastructure Internet Protocol (IP); Hypertext Transfer Protocol (HTTP); Domain Name System (DNS) IETF; ICANN Censorship through DNS seizure Physical Layer Network nodes connected by network connections Computer, smartphone, server, switch, router, optical fibre, mobile phone base station Network operators; internet service providers (ISPs); internet exchange points (IXPs) Censorship through blocking and filtering; surveillance; net neutrality; the digital divide
31 31 The physical layer What is it? The word internet derives from inter-networking (see Chapter 2): joining several different packet-switching communications networks together. The internet can therefore be understood as a network of networks. At its physical layer, this means the internet is made of the same stuff that communications networks are made of: network nodes, connected to each other by various network connections. A network node could be a computer or computer server, but it could also be a piece of networking hardware, such as a switch (which links and routes network traffic between hosts on a local network), a router (which routes traffic between different networks), or a firewall (which controls access to computer servers for the purpose of network security). A network connection is something that connects these nodes together somehow. It could be wireless, such as wifi, 3G or satellite, or it could be a physical (fixed line) link between nodes, such as the copper wire typical of the first telephone networks, the coaxial cable typical of cable television in the US, or optical fibre cables that use pulses of light to transmit data at super-fast speeds. Who shapes it? Because the internet is a network of networks, the physical layer is controlled by lots of different network operators and internet service providers. They provide their customers with access to the entire internet by coming to arrangements with one another, either financial or in-kind, to exchange network access. In-kind arrangements (also called peering agreements) are executed at internet exchange points (IXPs).
32 32 The physical layer is controlled by lots of different network operators and internet service providers who have a great deal of power over the data we transmit across their networks. Network operators generally have close ties with the state. The largest fixed line network operators are either state-owned, or in the process of some kind of privatisation and/or market deregulation and consequently have a historic link to their governments. Wireless network operators also have close relationships with the state because their access to wireless frequencies (spectrum) is state-regulated. What s at stake? Network operators have a great deal of power over the data we transmit across their networks. They are under significant economic and political pressure to exercise that power, despite the existence of certain legal safeguards (see box on page opposite). The cost of investment in new physical infrastructure means network operators will underinvest in areas that are not seen to provide sufficient return, leading to a digital divide (See Chapter 5) between those with fast access and those with slow, or no, internet access. Pressure to maximise profits from existing infrastructure has left many network operators keen to experiment with new business models that, for example, offer different online services premium access to their customers, threatening the end-to-end principle and net neutrality.
33 33 Regulation and network operators Network operators and website hosts are generally granted immunity from prosecution for the content that travels across their wires, provided they make efforts, when requested, to block, or remove from their servers, content found or alleged to be illegal or infringing. In several regions, including the USA and Europe, this arrangement is codified in law and referred to as intermediary liability. Market regulation mechanisms and increasingly statutes (in Chile, Brazil and the Netherlands) also control how much network operators are permitted to interfere with the internet traffic they carry for their own business purposes, in order to preserve the principle of net neutrality, the fundamental design principle of the internet as an end-to-end network (see Chapter 1). As powerful players with close ties to governments, network operators can horse trade with regulators on these two principles of intermediary liability and net neutrality; for example, by offering the state greater control over internet traffic in exchange for less state control over their own business-related traffic management. Network operators often find themselves the target of political, legislative or judicial campaigns to filter, or block access to certain types of content (child sexual abuse images, inflammatory and copyright-infringing content, or material deemed seditious or indecent). Network operators are also under legal and extra-legal pressure to monitor their users communications for the purpose of state surveillance. Both censorship and surveillance are accomplished using deep packet inspection technologies, probes that operate in the code layer (see next section), going beyond the communications protocols necessary for merely routing data and into the actual content of data packets.
34 34 The Code layer What is it? The code layer, also called the protocol stack, defines how the internet works. Protocols are technical standards a bit like call and response patterns designed to enable communications across a network. The different protocols in the protocol stack each enable a different aspect of communication across the internet, from how data is split into packets for transmission, and reassembled again, to how data packets are routed around the network. Together, the protocols in the protocol stack allow the internet to run on almost any type of physical infrastructure and carry any type of information. The protocol stack includes the communications protocols that allow network nodes to locate one another on the internet. The most common of these communications protocols is the Internet Protocol (IP). Together, the protocols in the protocol stack allow the internet to run on almost any type of physical infrastructure and carry any type of information. Who shapes it? The technical standards that make up the code layer are overseen by the Internet Engineering Taskforce (IETF), an association of experts with no formal membership structure. At the IETF, communications protocols are developed, defined and standardised by specialist working groups, with an open invitation for anyone to participate. For more on the IETF, see Chapter 4.
35 35 The remits of the IETF and ICANN are focussed squarely on technical good governance. The Internet Protocol (IP) relies on there being a large volume of unique numeric IP addresses. The maintenance of the IP address system is overseen by the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit private organisation constituted in the state of California. ICANN also oversees the management of top level domains and of the root name servers that operate the Domain Name System the vital reference system that translates numeric IP addresses into human-readable names, and that is often likened to the telephone directory of the internet. For more on ICANN, see Chapter 4. What s at stake? Both ICANN and the IETF (through its parent organisation, the Internet Society) have their headquarters in the United States, and this has been the subject of significant international tension since the mid-2000s. However, since the remits of the IETF and ICANN are focussed squarely on technical good governance, this tension is best understood as symbolic: it represents a more generalised anxiety about US power on the internet, not least through the dominance of US corporations.
36 36 The Domain Name System has been exposed as a point of censorship in recent years. ICANN delegates the operation of top level domains (.org;.de;.co.uk, etc.) to registries that work with registrars to sell domain names (like mywebsite.co.uk ) to end users. Recently, government agencies, most notably the United States Immigration and Customs Enforcement agency, have acted to seize domains, by presenting their registrars with court orders to redirect (to US government servers) any traffic to websites they believe are trading in illegal or infringing information. The application layer 1 What is it? The application layer is made up of software that allows users to interact over the internet. It includes applications large and small, from the browsers (such as Internet Explorer, Firefox, Safari, Chrome), search engines (Google, Bing) and social networking platforms (Twitter, Facebook) of the worldwide web, to clients such as Outlook and Thunderbird and Voice-Over-IP packages (Skype). 1 Note that in technical circles one of the components of the protocol stack (in the code layer) is also called the application layer. Here, we are talking about something different, namely any type of software (application) that helps users to interact via the internet.