Welcome to the United Nations | Department of Economic and Social Affairs

FINISHED COPY

NINTH ANNUAL MEETING OF THE

INTERNET GOVERNANCE FORUM 2014

ISTANBUL, TURKEY

"CONNECTING CONTINENTS FOR ENHANCED

MULTI‑STAKEHOLDER INTERNET GOVERNANCE"

 

05 SEPTEMBER 2014

09:00

WS 126

 

FOSTERING RESPECT BY COMPANIES for INTERNET USERS' RIGHTS

 

 

***

The following is the output of the real‑time captioning taken during the IGF 2014 Istanbul, Turkey, meetings.  Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record. 

***

 

>> MODERATOR: We'll wait a few more minutes for people to show up.

We'll wait for a little bit, a few minutes before we start.  So a few more people hopefully will show up.  9:00 on the final day. 

Nice to meet you. 

By today, they should know where this is, it is just ‑‑ it is early.  It is early.  The last day.

>> There is at least one person following you remotely.

>> MODERATOR: He can get a lot of time for remote participation. 

Okay.  So let's get started. 

Welcome to the morning session on the last day in a difficult room to get to, Fostering Respect by Companies for Internet Users' Rights, and it is organized by the Rio Institute for Technology and Society.

And in today's world, Internet products and services occupy a large part of people's daily lives and the intermediary role of these venders.  It is very different than the traditional products and services providers for their interaction with customers and regulatory with the governments around the world, increasing awareness for privacy, security means, there is a falling out of trust between the users and increasing attempts by governments to try to regulate. 

Now, many of us do believe that a constructive way ‑‑ more constructive way to foster Human Rights is to create mechanisms that allows these intermediaries to act in a constructive way as to enhance the trust across the global Internet. 

Now just before we start, I just want to say a few things about myself, how I come into this discussion. 

I'm Charles Mok.  I started an earlier Internet ISP in Hong Kong in the mid-1990s.  We acted as an intermediary before it was called by that name.  Later on I sort of moved on to the Civil Society side by starting the Hong Kong chapter, getting involved with the regional at‑large organisation of ICANN for Asia Pacific until two years ago when I was elected as a member of the legislature in Hong Kong.  I have a foot in the government as well. 

I have seen this ‑‑ these issues from different perspectives.  Two years ago, in fact, I started to ask my government to provide a transparency in terms of personal data requests and requests to ISPs and as far as the nature of the requests.  I actually get my government to answer me for two years in a row.

I actually had lesser luck when I come to the local and regional Internet companies despite the facts that global players after the Snowden affairs, regulations.  They seem to have taken on to produce their transparency reports one after another.  So I have always been interested in figuring out how and what it takes to incentivize them to be more transparent, to respect more users' rights. 

Today we have speakers from different organisations including Civil Society, trying to come up with initiatives to standardize the way that corporate accountability as related to Internet user rights can be implemented and companies were experienced in dealing with user rights on the frontline, and speakers from government as well for their perspective.  I will introduce the speakers and their titles briefly one by one when I get to them.  Because we have a very large panel of speakers I will have to limit ‑‑ try to limit the speaking times to 4 minutes because if I say 5, you will overrun anyway.

(Laughter).

>> MODERATOR: That's what we agreed on a couple of days ago.  We'll see what we can do.

Before the order, I have ‑‑ we had a bit of discussion before the start of the panel to figure out what order we should have our speakers speak in.  Our decision is that we probably would want a Civil Society actor to try to frame the discussion in a broader way, to start off the discussion, and then followed by some people on the private sector and then government. 

Now so with that, we'll start with Cynthia Wong who speaks from human Rights Watch.

>> CYNTHIA WONG: Thank you very much. 

It is working.  Yeah.

Thank you, Charles, for that introduction.

So just in a way of background, I'm the Internet researcher at Human Rights Watch and I sit in the business and Human Rights division there.  Our division focuses on documenting corporate abuses of Human Rights in a number of industries including the Internet industry obviously, the ICT industry, but Telecom, oil and gas, mining, a number of others.  We have been doing this work for almost 20 years.

In that range of experiences, we can safely say it is the rare company who actually adopts Human Rights standards from a purely altruistic place, goodness of their heart.  That's not what corporations are.

In the course of our work we have identified several components we think are necessary to foster deeper respect for Human Rights in the corporate sector at large.  From the outset, I do want to state our goal here is ‑‑ it really is to prevent Human Rights harm from happening and address the harms that have already happened.  I don't think this is just an NGO goal, but a shared goal among many stakeholders including many companies and investors and the like.

What are the components we have identified?  First, external scrutiny of corporate behavior.  This can take many forms, for us this takes the form of research that documents Human Rights harm that is linked to corporate behavior and not just about the harm, but actually identifying the nexus between that harm and the companies' actual operations so we can figure out how to actually address the harm in practice.  So that's the first one.

Second is external standard setting.  This means that we really need an external standard against which you can actually measure a company's behavior over time, benchmark, matrix to understand whether there is ‑‑ they are respecting Human Rights and where the gaps are.  Again, this can take many forms, one of the primary examples in the space is, of course, the John Ruggy framework and U.N. Guiding Principles on Businesses and Human Rights.  It is also sector‑specific initiatives like the global network, principals on free expression and privacy which Susan will speak about, and also the individual rights initiative which is setting their matrix for measuring corporate responsibility in the tech sector.

I think to be most effective any set of external norms have to be based on international standards that have wide acceptance.  So I think in the case of all the initiatives I just mentioned the international Human Rights frame does provide that basis.

The third component we identify and promote in our work is independent verification of company Human Rights policies and some grievance mechanism.  The days in which companies say don't worry, we have a Human Rights policy, doing the right thing, full stop, those days are over.  It is not enough to say trust us, we're doing the right thing.  I think any company these days has a few paragraphs in their annual report that talks about the Human Rights policies or charitable giving practices, but without external verification how can we know if the companies are implementing Human Rights policies and practices and if they're effective.  We do think that's an important component.

I'll note ‑‑ Susan will talk about this ‑‑ for the tech sector, they do provide that external verification because companies who join do sign up for independence assessment. 

The fourth component I would identify is a process to identify best practices when it comes to corporate behavior of Human Rights.  Identify this separately from external standard setting because it goes beyond simply minimum standards.  It is about looking at, say, an industry as a whole, ICT sector as a whole, looking at the challenges, risks their facing and what companies are doing the best to address the Human Rights harm that could flow from the business.  This is important not only to reward those companies who are doing well in this sector, but also to provide a path forward for those companies who may be lagging behind, not doing so well with meeting their responsibilities or for whom the issues are new and they need a roadmap for how to begin to address new issues. 

The final component I would identify is really about State actors.  It really is about the duty of States to regulate corporate behavior.  There are a lot of responsible companies out there who are thinking very hard about how to address their Human Rights responsibilities, but we all know there is a lot of companies out there that simply don't care.  That when presented with a document or report, it documents the harm flowing from the business they dismiss it out of hand.  So that's why the corporate action alone will never fully address the problem of corporate abuses of Human Rights.  There is a clear role for States to enforce these external Human Rights standards through law and regulation by setting minimum standards that all companies must meet.  I think that the States do this in many forms, for example, through mandatory reporting requirements, even export control regimes when it comes to export of duel use surveillance technologies, for example, but more can be done in this vein and there is thinking about that. 

I will stop there.  I hope I didn't go over.

>> MODERATOR: Thank you.

After that, let's move on to look at a couple of specific cases from the corporate side. 

First of all, let's start with Ebole Okobi, with Facebook.  Thank you.

>> EBELE OKOBI:  Good morning.  I know it is early, good morning.  It is the last day. 

I kind of would like to frame my comments in the following manner: I think that you talked about shared responsibilities.  Of course, it is a shared responsibility.  Just like it is wrong to presume all private sector is evil, it is wrong to presume that the non‑profit sector, that it is ‑‑ the non‑private sector is good. 

What's crucial is to have governments from the Internet‑sector side, it is important to have governments on the table, the security agencies on the table because that's where ‑‑ that's where a lot of these conversations happen.  The contention discussions happen in terms of demands which can restrain what we think of as open Internet.  It is crucial to make sure we have important government participation and participation of the security agencies in this discussion for them to get sensitized as to the standard we're talking about.  That's kind of my opening thoughts on this. 

In terms of what we as a company do, what Facebook does: You talked about transparency report, our transparency report actually started before the regulations happened.  Every company I think eventually will embrace this as a default standard, and it can happen triggered by an event or happen as part of a company's own journey.  It certainly happened in our own case that it was not event specific, but we were talking about this for a long time.  Eventually we did start with our transparency report way back in ‑‑ early ‑‑ late 2012, 2013, that was the first transparency report.  Every six months we issue this transparency report.  We're very close to releasing another one.

The fact about our report is that even if you receive a demand, even if it is a single demand from any country, there is no minimum threshold, we will put that in a transparency report, doesn't matter if it is a government as you have raised a demand for one or hundreds or thousands, that will get documented in the Facebook transparency report.  We have done that consistently.  We also introduced in the last transparency report the ranges of the content to take-down requests which has been received by Facebook, and we have made disclosures as to why those pieces of content were taken down and, of course, there is a separate section dealing with user information, wherein certain cases it has been complied in certain cases, others, there have not. 

Second point which I wanted to talk about, responding specifically to the revelations and the entire discussion on surveillance and the role of governments and security agencies: Facebook participated in an industry effort which was launched soon after reform government surveillance.  You can look that up on the site.  Basically it talked about five fundamental principles in terms of how this needs to be looked at or addressed by governments, and in an open letter to the president and Congress urging them to reform government surveillance.  The entire trust of those ‑‑ of those principles were that government exercise the powers of surveillance has to be bound and narrowly defined.  So it came out very strong, the statements against surveillance, mass.  It has to be subject to oversight and, therefore, we call upon all governments to also publish their own transparency reports.  You know, they're making all these demands but they don't hold themselves up to a certain standard in terms of publishing their own transparency report.  Kind of becomes very difficult to operate in that environment. 

We really took forward that conversation to the highest levels as industry, as a private sector to take up this position, that this needs to be on the agenda.  The current mode of doing things was just not right.

In terms of sector‑specific initiatives: We have been actively involved, and I'm sure we'll talk more about industry standards which we all are participating in and working together.  I kind of would like to end my summary with this point, governments and security agencies need to be firmly a part of this discussion.  They also have to have a shared role and shared responsibility matrix, and that would either take form of course of external scrutiny is part of it.  But we want them to take ownership and drive change and drive reforms within their own system.  And for that, having their own transparency report is a good mechanism to put in a database of what is the interventions that they're making, legitimate, non‑legitimate ‑‑ there is legitimate cases of cybercrime, in no case that should continue.  There is cases and there is over‑reach.  This would help identify some of the areas of over‑reach, what they are. 

Thank you.

>> MODERATOR: Thank you.  Thank you.

Next we move to Ihab Osman, CEO of Sudatel Telecom, and he's from Sudan.

>> IHAB OSMAN: Good morning, thank you, Charles.  I would like to approach respect for Human Rights from a private sector point of view, from a slightly different point of view to encourage it. 

If we're going to encourage private sector and companies to respect Human Rights, we need to concentrate on two elements.  There is one, actual policies, procedures, and documented activities of companies.  These could be encouraged by a number of things that we have spoken about, for example, things like ranking digital rights, having external standards put in place whether by governments or Civil Society or some agreed upon set of standards on what that behavior should look like.

Also corporations and private businesses are driven by people.  A lot of times behavior of senior executives have a direct impact on the level of compliance or respect of Human Rights.  I think we need to focus also on how to encourage the positive behavior from these senior managers and executives, and also maybe to have items to discourage the bad behavior.  It is two sides.

I work with the U.N. Global Compact.  We have an offshoot from the U.N. Global Compact, something called Business for Peace.  I sit on that board.  What we're trying to do in Business for Peace is essentially encourage those positive behaviors from corporations when it comes to dealing with its customers and users and have essentially the right to do the right thing, quote, unquote. 

Another component to that ‑‑ so we looked at this will encourage corporations, but we then looked at the way to encourage individuals in corporations to do the right thing.  There is an organisation based in Oslo, Norway, Business for Peace, and that's looking at this side.  This foundation, it gives annual awards every year that we're trying to build it to almost be the kind of like the Nobel Prize for business and it is, again, to individuals in organisations that essentially do the right thing.  There is the selection committee, it is made of all Nobel Peace Laureates that do the selection.

This is a way we look at ‑‑ because ‑‑ you know, as Cynthia said, there is no ‑‑ people don't necessarily always do ‑‑ you know, do the right thing.  You have to find ways to encourage the right behavior.  There are people out there that are doing the right thing.  They're setting the standards for their industry or for their geography.  It becomes on how can we expand the best practices to the rest of the industry or to other geographies.  We believe that by things like ranking digital rights, the different certain societies that are putting tremendous pressure on corporations to do the right thing and to also celebrate the right thing.  I think we need to have a good ‑‑ examples out there for corporations, and then we put it as best practices that needs to be set by the rest of the industry and geography, and we need to do the same for business leaders and executives.

Thank you.

>> MODERATOR: Thank you.

Next, let's move to an actor in the private sector, Moez Chakchouk from the Tunisian Internet Agency.  You have to explain the relationship with government and as the company for your organisation.

Thank you.

>> MOEZ CHAKCHOUK: It used to be an agency.  It used to be an Internet agency.  The government was controlling the agency when it was created.  It was to be the censorship machine for the regime and the agency that wanted to surveil all of the equipments during the regime.  What I want to highlight for this panel, it is that this agency now, it is ‑‑ it became ‑‑ it is now a NISP, an Internet service provider, and IGN, the domain servicers, the manager or registry.

The way that we did that, it is because we ‑‑ it is abusing Human Rights during the regime.  It made us in a difficult situation at that time.  I remember after the revolution the first thing I was asked about, asked to abolish the ITI and to completely destroy all that we have done during the regime.  It was something very important, because if you want to protect Human Rights that means that you could develop your activities, if you abuse them, you might be in a difficult situation and for a private company, for any company acting in the Internet, to be completely abolish it or destroy. 

So for us, the way we did it, it is just not easy.  As was said earlier, she said that we have people saying now we're doing the right things, trust us.  We cannot say this.  It is ‑‑ you know, for real, we have censor, we have abused Human Rights, online Human Rights, we need to do actions.  Actions were required to do it, and to do that and also to explain that we are moving forward and we really are changing.  Change needs to be highlighted in every day, not just during a period of time or saying, okay, we changed now.  We're doing the right things,

Our engineers that used to monitor the way you do any censorship now, they're acting for the development, so on.  What we need now.  It is what we just did, trying to keep the same ‑‑ how to say?  ‑‑ the same rhythm of doing things. 

So first thing, we need to be transparent.  Anything we do, we talk about.  Anything we do bad, we also talk about.  It is not just doing good things we talk.  We need to talk about everything, good or bad.  Second, it is important that we try because we have very good relationships with the government.  Of course, the government is one of the ‑‑ of the shareholders of the company.  This also pushed us or encouraged us to be much more effective to do things from the inside. 

For example, we encourage Tunisia to be a member of the Freedom Online Coalition and we hosted that conference.  It was a good step to show to the community, to people that we have changed, and we're acting really in the other side. 

Also we engaged, as I mentioned, with Civil Society.  You know, Tunisia, they're not aware of their privacy, and of course, now you talk about it, it is an affair and all of the leaks, so on, but at the time, after the revolution, people are only aware of the importance of the sense of the Internet.  Now they feel that they're concerned also with the other agency that the government created recently, later, the agency that will do the monitoring which is called the agency, Technical Communication Agency.

Our job as a company, of course, is to provide Internet services to many customers and to manage the DNAs, so on, to do new projects with the partners, but it is important to engage with the community in showing them that we're respecting the Human Rights.  This is a real enabler for the development. 

The last thing I want to mention about is about how to reengage also with the community by creating a lab which is an open innovation lab in the same place where the censorship machine used to be operated.  It is symbolic.  We have put the equipment there so people can come to see what the equipment that used to be censoring the Internet, and this is something that's symbolic.  Of course, it is nothing for the company, it is not costing a lot of money.  It is just opening the doors to people to come, to work with us, to use the equipment.  This is very, very symbolic, and this is something that we ‑‑ I encourage government and companies to do much more on this issues

Thank you

>> MODERATOR: Thank you.  That was very interesting, you know, the idea of having a museum for censorship and the changing of roles, so changing from the private sector.

Let's move on to our next speaker, Allon Bar, one of our organizers, Ranking Digital Rights.

>> ALLON BAR: Thank you. 

Good morning everyone.

I want to explain a bit about what we have done and what with can do to encourage companies to improve how their respect of Human Rights.  We recognize that companies constantly face choices in how they, for example, deal with government requests for user data, how to deal with private requests to take down content, how to enforce in terms of service, setting up the privacy policies, et cetera.  The choices that companies make in those moments are choices that have a real impact on people's Human Rights.  Particularly the freedom of expression, right to privacy. 

So we come in this wider ecosystem of a link between business and Human Rights and technology companies and Human Rights that comprise also of the other stakeholders here at the table, and what we try to do is we want to ‑‑ our objective is that in to set very clear standards that companies can adhere to that give succinct, precise ideas of what the best behavior is that they should follow and we also assess how they perform looking at the standards.  So that the measurement of the way companies perform will result the ranking which will list the major ICT companies on how to perform on these two specific Human Rights I mentioned, privacy and freedom of expression. 

The idea of a ranking is something that's been in place for other business sectors and for other purposes.  For example, there are rankings of how companies do on labor standards, supply chain issue, sustainability issue, but a global ranking on tech companies on ‑‑ for freedom of expression of privacy, it is something new.  We want to reach different stakeholders with this information that we have produced with this ranking.  First of all, companies themselves that want to know how they're actually doing in protecting rights of the users, companies that want to mitigate the Human Rights risks of their users and are facing requests from their customers that want to have their information protected.  Also users themselves that want to reach them, they're making constant choices of certain services that you choose, companies that they go with.  They want to know which company is more likely than others to protect their rights.  Civil Society groups are organized, advocacy campaigns on these issues, but don't necessarily have the data to substantiate that with clear idea of how a company is performing.  There are also ethical investor and social responsible investors making decisions on what companies to invest in, and we want to help them, help inform them and how the company is doing.  Governments are making policy on business and Human Rights spheres and we help them with the data to substantiate the policies. 

In order to get that, we started ‑‑ a year and a half ago we put together a methodology, 43 indicators, questions we ask of how the company is performing.  With these indicators, you have on your table in front of you a handout with a link to the website, so I encourage you to look there.  We list the indicators.  There you can see what are the things that we're assessing of companies.

We will do a pilot based on the indicators that will be finalized in coming months.  We'll do a pilot in the coming month, and at the end of the pilot we will look at the methodology we need for the production of a final ranking next year.  In 2015 we'll do a ranking of 40 to 50 companies in the ICT sector, specifically looking in this first phase at Internet companies and telecommunication companies.  In 2016 we'll add to the annual ranking, the manufacturers, equipment manufacturer, software producers and to basically have an annual global ranking of the ICT sector of the major companies within the ICT sector and showing how they perform on the right to privacy and the right for freedom of expression.

I look forward to discussion and to hearing your thoughts.

Thank you.

>> MODERATOR: Thank you, Allon.

Let's move on right away to the other organisation, another Civil Society actor, from the Rio Institute for Technology and Society, Carlos Affonso Souza.

>> CARLOS AFFONSO SOUZA: Thank you.  Good morning.

A quick comment here is coming from a Civil Society perspective on an experience ‑‑ a recent experience we had in Brazil, just to see what lessons can we take out ‑‑ after this experience.

I believe most of you know that Brazil has just approved this Internet Bill of Rights for the government.  It is within a certain framework for Internet rights within Brazil.  This process has been going on for seven years now.

The legislation itself stayed for three years in the Congress, and before that we had some campaigns on this initiative and we had almost two years of online consultations through the Internet to get to the actual text of this legislation.

To talk a bit on the issues, that this specific law represents to us, to think of how companies and private sector reacted to this enterprise, there is always this idea and we see it all the time, and in conversations with private actors, the doubt about the regulation itself because ‑‑ this Internet Bill of Rights is hard law in Brazil, a federal law.  It means that it is below the Brazil Constitution, and a judge can enforce every single provision of this legislation in a specific case any time.  So this Bill of Law started as ‑‑ it was very much focused on principles and a couple of provisions that ended up being enacted ‑‑ getting into a bit more details in some very fundamental Human Rights aspects. 

The first concern that we saw in the private sector was it was a good idea to regulate Internets or to regulate the relations that you have through the Internet or not.  We saw that there is, of course, a natural ‑‑ I wouldn't say fear, but definitely a resistance to the idea of having a hard law to be the one point or the entry point for you to set the standards for the behavior of companies in a specific country.  In which way it is even possible for a hard law to set the standards in a very good way that would lead the way that would lead the path for the forthcoming legislations and the forthcoming regulations.  First concern that we saw in private sectors that they expressed in Brazil, is this the better way, best way for us to deal with online rights in the country? 

At the same time I think by almost after two years of discussion, it was quite clear that the option of having a hard law, it was something important for the companies itself.  It would give them legal certainty on what can they do, what ‑‑ in what ‑‑ they ‑‑ what they definitely cannot do.  Not only to have a law talking about online rights in Brazil was good for users, but definitely for companies themselves.  It was important to have legal certainty, especially because that was the very first piece of legislation that was being enacted in Brazil on those topics.

We see the same discussion was the data protection legislation that hopefully one day will be issued in Brazil, and we see the discussion going on.  Some private sectors react, saying maybe ‑‑ what could be better for us, to live in the scenario in which there is some doubts on how far can we go on using this data, on having this data, or better to have a hard law on that as well as we had with the Internet Bill of Rights, which we will have ‑‑ just to give you two examples, then I finish the first remarks here.

Of course, there are some topics in which Civil Society and the business sector can agree on in the moment in which you are crafting a hard law such as the Internet Bill of Rights in Brazil.  One point that ended up creating some of the agreement on both sectors was the discussion on freedom of expression and how to create safeguards for the ISPs inside of this legislation in a way in which we create in Brazil something similar to the communications, the 230 provisions.  That would create a safeguard for the ISPs to operate, saying they only will be held liable if they fail to comply with a judicial order. so that would take away from the ISPs, the burden of analyzing every single notification that they receive, and maybe be liable if they end up not complying with this in every single notification that they do receive.  That was a somewhat agreement on business sector and civil society on that point.  That that would be the way forward to regulate this balance between rights that could be infringed such as owner, privacy, right of image, and creating healthy environment for freedom of expression.

Just to finish:  There are areas of disagreement, and maybe privacy would be one area of disagreement.

We have in the final text of the legislation a very large provision on privacy and data protection in Brazil.  There is no specific data protection law in Brazil, but this has a lot to do with privacy and we have a number of rights, Article 7, that are connected to privacy and the protection in one area of disagreement ‑‑ it is in Brazil nowadays ‑‑ to treat private data, you need prior and expressed consent of the user which is something that we see nowadays.  Now that this was implemented, concern in the private sector, how that will happen, how that will be enforced in the future especially with Internet of things and in other things that could be done in the future.  How this prior, expressed consent is enforceable would end up being developed in the near future

Those are my first remarks on the experience.  Thank you for that

>> MODERATOR: Thank you. 

It is interesting for other jurisdictions to look at the example of Brazil, having the Bill of Rights.  Probably, of course, it has to do with the legislative and Constitution frameworks of different countries so they may deal with it in different ways whether by such a bill or separate legislation.

Anyway, we'll move on to the next speaker from the governments perspective, and we will have Stephen Lowe from the U.K. government, head of the Freedom of Expression Team, I didn't know ‑‑ you said that you had two jobs.  How nice would it be if these two jobs can really be merged into one.  Business and freedom of expression, so that they can be one job.

>> STEPHEN LOWE: Thank you. 

It would be nice if it came with two salaries.  They don't.

(Laughter)

>> STEPHEN LOWE: It is nice for me to speak here. 

As you say, I cover two areas of Human Rights policies.  We have six priorities in the U.K. for our Human Rights work.  My two are business and Human Rights and freedom of expression.  They don't often overlap as much as we thought when we put them together.  So it is nice to have occasions like this when they do come together.

In terms of business and Human Rights work, obviously the U.K. has been in the forefront of this internationally as far as governments are concerned.  Yesterday was the anniversary of our first year since we launched our national action plan on business and Human Rights, which was the first plan of its kind to set out really the obligations the government had in helping business to respect Human Rights and meet its responsibilities.  It is a very short framework document and we are committed to reviewing it again next year, a short time scale for something of that type.

Whenever we have looked at focusing our work, in other business of Human Rights contexts, it is ‑‑ the ICT sectors come up as a priority area, one of the areas to concentrate on.  Which coming into this as a Human Rights, it seems to be obvious.  You tend to think of Human Rights impacting particularly, you look at extracting industries, you look at retail industries and production industries rather than ICT. 

One of the challenges I think in the ICT sector, you have ‑‑ it is a supply chain.  You look at the risks, the Human Rights impact, the supply chain is almost reversed.  When you're looking at a ‑‑ someone that's producing an item of clothing, someone making a t‑shirt, you're looking at where they get the materials from, the rights of their workers, the supply chain that gets to the product.  When they sell that product you don't ‑‑ then their interest finishes in a sense.  Someone takes the t‑shirt, uses it then for Human Rights abuse. 

In ICT you have a short supply chain.  You produce the product, especially if you're talking about applications, software, but your Human Rights impacts can be after you've ‑‑ after you've supplied your good.  That makes it very challenging for companies I think.

One of the things we have been working at as part of our ‑‑ we have 20 commitments.  A nice round number, we have 20 commitments.  One around the ICT sector, one thing that we have been working on with private sector and with Civil Society is developing guidance which helps companies to assess their Human Rights impacts and to do due diligence about new markets, new products.  We hope to launch that very soon.  Hoping it will be this month, certainly able to ‑‑ more generally we work closely with business around a due diligence approach and a risk assessment approach.  That's through things like our overseas business risk service which advises companies going in new sectors, on new markets on what the risks are.  Throughout our network of posts around the world we're able to advise companies on the particular risk of their market.

I'll finish fairly quickly.  Having two jobs, two areas, trying to get that into 4 minutes is a challenge. 

If I can pick up on some things talked about already: We have talked about companies.  We tend to think of companies in an ‑‑ almost as a personality, whether they are evil or altruistic, and you forget that the company is made up of people and people operate in the same way or have the same values whether in a company or in an NGO or in government.  I think we have to be careful about being too broad brushed in our approaches to that. 

I think one of the things that came to use today, talks of standards, external standards setting, verification, all of this comes back to credibility and risk management I think.  It is the big driver for companies.  I think it is around protecting their product and risk and if you have ‑‑ if you promote external verification, external standards, you have two impacts from that.  One is to promote the level playing field, to enable companies to understand their obligations, to operate in a way that is consistent with their competitors.  That's a concern for industry.  The other is to give it credibility.  A company that regulates itself and assesses itself will never have the credibility that an external verification system will have. 

I'll leave it there and happy to come back.

>> MODERATOR: Thank you.

Finally, let's move on to Susan Morgan from GNI, Global Network Initiative, and wrapping up the views of different angles,

Susan, please.

>> SUSAN MORGAN: Thank you, Charles.

This is an initiative that started really about five years ago.  I was ‑‑ it was launched five years ago.  It was in the standard setting model for protecting and respecting free expression and privacy rights of users around the world, users of technology.  We bring together technology companies, Human Rights groups, investors, academics

And I think I have the unenviable task as the eighth speaker of trying to find things that haven't been covered already.  I'm going to just talk a bit about a few examples from a ‑‑ from our work's perspective, to give some sort of color to how companies can protect free expression and privacy, and the things we have learned through our work over the last five years.

The first thing I talk about, I think in terms of what companies can practically do is to commit to how they're going to respond to requests that they receive from governments.  So from a GNI perspective we created a set of principles and guidelines based on Human Rights standards which are in the public domain and they really cover two things: They look at the sort of policies and systems and processes and procedural steps that companies can put in place to think about free expression and privacy in the course of how they do their business.  You know, if you're going into a new market, what's the due diligence that you should take?  The carrying out of Human Rights impact assessments, the making sure that you have an escalation team in place or process in place so that if a request comes in that looks, you know ‑‑ that looks like you could have a particularly serious impact.  Like for example, a request for a network shutdown, something of that order, that there is a mechanism in place for decisions to be made within the company.  That's the first set of issues that GNI's principles cover. 

The second is very, very specific about what do you do when you get a government request?  If the first one is about thinking about free expression, privacy and the course of how you do your business and mitigating risks as you find them, the second is about ‑‑ you will inevitably receive some government requests.  So what do you do when you receive those requests?  It is very, very specific things about making sure that the request is narrowly interpreted, that it follows due process in the country. 

So some practical things:  The fact that companies who are members of GNI make that commitment publicly to our principles and that the principles are public in themselves, it is important.  Certainly we know from conversations that we have had with our member companies sometimes it can be really helpful for a company when having a conversation with a government to kind of take hold of the GNI principles saying we have signed up to this publicly.  When they're being asked to do something it is one of the ways in which they can push back if a government request is overbroad, saying we have this public commitment to meet this standard.

The second thing I would say, it is pattern for companies to agree to be assessed ‑‑ it is important ‑‑ or verification of whether they meet the verifications of the commitments that they made.  I think this is important ‑‑ certainly from a GNI perspective it is important for credibility, for the credibility of the work that we do.  I think it is important for the non‑companies at the table to have a mechanism to ensure that the companies that are in GNI are living up to their commitments, but I think it is also important from an external perspective.  It gives people who are outside of GNI, you know, users around the world, they can see whether from the view of ‑‑ whether the companies are meeting the commitments they have made.  In terms of kind of trust building, as I say, not only for the initiative but for what the companies are doing.  It is an important step.

The third thing I would say about what companies can do ‑‑ I think this is sometimes hard ‑‑ which is to agree to work with others on the issues they're facing.  So certainly within GNI we know that on the sort of learning parts of the work that we do, the kind of trusted relationships that we have within GNI, they're really important in setting the groundwork for enabling the companies, the non‑companies around the table to have frank conversations about whether it is particular issues that are in the media or about a specific company. 

The Snowden revelations of the last 18 months or so, whether it is sort of specific trends that members raise, like things from content take-down issues, major liability, to have that sort of forum in which we would describe as a kind of safe space where companies can work with other groups with different expertise to help build best practice and look at company responses to government requests, we think that's an important aspect of what we do.

Then I think the final thing I would talk about ‑‑ I think this has been covered ‑‑ but a couple of examples from a GNI perspective, the laws and regulations under which businesses operate are set by government.  Coming together with other stakeholders to advocate the change in the policy and regulatory environment is a really important thing that companies can do to try to foster the Protection of Country Rights.  I just ‑‑ I would highlight, we talked about this, the importance of government transparency, their own practices and certainly from a GNI perspective, at the moment, engaging with a number of governments to advocate for government transparency reporting particularly around the surveillance, content take-down practices. 

Those are the four things that I would highlight as committing to a set of principles and guidelines that are public, agreeing to be assessed, sort of actively participating in sort of shared learning with other stakeholders to build best practice and then finally, sort of working to advocate for change in the regulatory and legal environment.

Charles, I'll hand it back to you.

>> MODERATOR: Thank you.  We have heard from all of our eight speakers.

It seems like there is at least a consensus that this is an issue that companies would have to deal with, at least for the ones that are here.  We cannot say for the ones that are not here in this discussion.

That's always my question, you know, how to get the other actors, the other private companies, private sectors, the rest of it to come in.  On the Civil Society side, obviously many organisations are trying to do different things, to try to set up standards, initiatives, to try to bring more private companies into the table.  Admittedly, these efforts are probably still in early stages, and there seems to be an agreement that the government has to take a role, but then, of course, I would also want to comment that seemed to be based on an assumption that government would know what to do.  Know what are the right things to do.  The right things for the Internet, for users, not necessarily for itself.  Sometimes that is a huge assumption for many parts of the world and their governments. 

Anyway, there may be a lot of questions and maybe comments from many of you.  We'll take some.  Then also noting whether there may be some remote participants who may have a question.

First of all, over here, please.

Thank you.

>> Hello.  I'm from Denmark. 

Thank you for a very, very interesting presentations. 

I have a lot of questions but I'll start with Facebook and GNI: Do you see other issues when it comes to Human Rights which has not to do with government surveillance?  For example, GNI, you could be more transparent about how you ‑‑ how the company, the location data, I would love to hear about that as a user, Facebook, you live on dealing with our privacy, maybe you could define what is privacy to you?  Other people seem to think that you cannot be private at Facebook.  Your own dealing with data would be of great interest, not only how you deal with government surveillance.

>> MODERATOR: Okay.  Susan and ‑‑ Susan.

>> SUSAN MORGAN: GNI was set up specifically to look at how companies deal with company requests.  So the consumer privacy angle is something that's outside of the scope of what GNI does.  We're very specifically about what do you do when you get a request from a government.

>> EBELE OKOBI:  In terms of our privacy practices, we have sort of provided the detail of that on our site, on privacy principles.  What is called to us, what you sign upon, it is the model, you know what you're signing for.  And as users, we are sort of expecting that we have made the disclosure, how the data will be used. 

As a company, we're pushing disclosure in terms of data handling practices are.  We think that's an appropriate mechanism to put that out so that people know what they're signing in for. 

Accountability: You control the data, right?  Accountability, we're holding our self-accountable by putting out the data handling practice, and putting our auditors in control ‑‑ we have made the transition from calling our monthly active users for monthly active people.  We recognize that people are at the center of this.  Also the reason we do that, also it is about bringing in a lot of internal consultation changes that these are real people we're talking about.  There is that representation within the company. 

Also, that disclosure of these practices through ‑‑ in our terms of use, in our privacy principals, I don't know if you have seen today we're running this ‑‑ and we did a newsroom post also where we basically said do a privacy check‑up.  Basically, you know, all users can go to account settings and review what they signed up for.  I think we're putting more users more and more in control in making them aware and giving them tools and nudging them to look at have you reviewed your settings, et cetera. 

It is a constant journey, and we're having conversations with privacy advocate and getting that input into the way we work.

Thank you.

>> When it comes to companies and the use of data, I come from a part of the world where most citizens would be most afraid of their government.  Their handling of the data because some practical or some really nasty things could happen to you based on how the government sees what you're doing online or in other business activities. 

After the Snowden revelation, okay, a similar thing could be happening in what we call law‑abiding governments.  However, I will say impacts on the average citizen in these countries is still negligible.  You're not going to be thrown into jail or arrested or something arbitrarily.  You still have some sort of recourse to develop.  In these societies I would be more worried about the companies and their access to data. 

None of us read that long, you know, terms of service.  Maybe as part of ranking digital rights, something, we come up with some sort of a standard that in bold, simple sentences tell me what's going to happen to my data, how it will be sold, because we know that there is nothing such as free‑out.  If it is free, it means I'm paying with it with my personal data that's being sold.  So what effect?  I think this is an area that will impact us more and more. 

Yes, companies could say that they're disclosing it, but they're disclosing it in such a manner in service terms that practically nobody looks at it.  Most average users are really not aware of these practices.  We need to come up with some better way of educating the average user of what happens with their data especially when using free apps.

>> MODERATOR: Cynthia, you would like to add a point?

>> CYNTHIA WONG: I think we have to do a lot more work on ‑‑ we care about data protection, it is a fundamental right.  We care about it because the more data that companies have about us, the more that's available to governments to collect as well.  I think that needs to be examined a little more.

>> In addition to that, what's important to look at ‑‑ I know one group that's examining that, the types of laws that are there, are they intermediary liability laws that are there which create a whole ‑‑ which really puts the companies in they don't want to be in this position, but to arbitrate to the demands they receive.  And also some of the laws which are there, they're just overbroad, giving a lot of ham to law enforcement agencies.  Companies are actually pushing back on that. 

If you look at the transparency report of each platform that will show that there is a substantial amount of pushback on requests that get into the areas of speech and many areas of crimes.  As we talked about, there are some cases that those should not be dealt with appropriately and with due process there.

Is a pushback on this request, the demands getting into the areas of speech.  For example, in India, very recently the Internet and Mobile Association ‑‑ which is an industry association of all Internet ‑‑ it has filed a petition in the Supreme Court challenging the laws of India.  I think on a lot of these questions there is an opportunity to work together to reform a lot of these overbroad, over‑arching laws.  The governments always want control, but starting to make sure that the definitions of the provisions are rule based, appropriate, not overbroad, it is very important.  That's an area I think that really needs to be examined.

>> MODERATOR: The gentlemen in the middle?

>> Thank you. 

I thought you made a great observation with shared responsibility among the companies, governments, Civil Society and security services.  It seems that a great deal of the problems that everybody complains about are, in fact, they emanate from governments and security services.  How does one ‑‑ is it realistic to expect that there can ever be a panel like this with two more chairs for representatives of government and security services to discuss how they ‑‑ their responsibility?  It seems that part of the difficulty we're facing is that they will not engage in discussion, or at least certainly will not engage in any public discussion. And what future is there for any serious multistakeholder progress on these fronts if a key stakeholder will not participate?

>> MODERATOR: Can you also quickly introduce yourself?

>> I'm Andrew Bridges, from San Francisco.

>> MODERATOR: Thank you.

Anybody else?

>> I completely agree, that's the missing part. If they're not in the room, the conversation is not going to be completed.

You can share some perspective, you have gone around the world for two years.  In our region, you had the law enforcement officials participating, people from government participating in a closed door meeting, where Civil Society, it was there, private sector was there, government was there, and it was interesting to hear their perspective also where ‑‑ particularly from their perspective,

The region we are, it is a difficult region.  There is legitimate concerns of regional security. Same thing in the region which we are sitting here in Middle East, Africa, ISIS blowing up, a lot of activities happening.  They're expressing their concerns in which they have in terms of ‑‑ on those kinds of crime.  It is nobody's case ‑‑ it is not even Civil Society ‑‑ that people should die because of terrorist activities, but the main thing that that we're ‑‑ that we're concerned about this.  This is a new animal and they're using traditional tools to deal with this.

I don't want to put anyone on the spot.  You may have some perspectives to share from the research which you have done?

>> MODERATOR: Yes.  Any other panelists that may have something to add after Bergin?

>> Thank you.

>> I'm the director of the Internet and Jurisdiction Project. 

I think what Andrew was raising is a very valid question.  We're placed in a situation where in too many cases the different actors do not speak enough with each other.  I have seen a tremendous evolution in the last few years first by fostering the debate and the dialogue between the Civil Society groups and the companies which usually were at odds with one another.  There is a general need to transform the problems that people have with one another and problems they have in common.  One of the challenges that they all have in common, governments, including law enforcement actors, Civil Society, and the private sector, it is that there is no common shared norms and procedures

To pick what Susan was mentioning, to organize the interaction between this triangle at the national level is the national framework, and it is difficult to manage as was mentioned.  Very different situations regarding the behavior of governments and so on.  The fundamental problem and why we address this at the Internet Governance Forum at a global level is the interaction that is increasingly going between the actors across borders.  The fact that one country is completely irrelevant in another country, but nonetheless, some laws of the international country, it needs to apply. Much when you talk to law enforcement agencies, as was mentioned in the Internet Jurisdiction Project, there is a direct involvement of governmental representatives from the different ministries including foreign affairs, ministries of justice.  One element that's interesting is to have the participation of actors from police, from Interpol, Europe‑poll.  In particular, when you talk to these people without betraying the various roles, when you talk to actual law enforcement people, I can tell you how frustrated they are to see the whole debate about surveillance where basically things are accessible to certain types of actors through those means whereas on a daily basis when they need cooperation at the international level they're completely unable to have a right cooperation even with the requests justified, so on. 

The big challenge ‑‑ thank you to Anke.  Carlos is also aware of the process ‑‑ we have heard that we have been doing, the last two years, is to facilitate between all of the actors, to develop a framework for procedures.  The principles, for instance, that the GNI developed on the substance level are one element.  What we're doing is basically helping to establish a sort of harmonization of procedures and norms and criteria that allow the submission, the formatting of requests of transborder requests for domain, access to user data.  Formatting of the requests, and procedures for dispute management and ‑‑ sorry.  And identification of how the work flow of decision making is being done inside of companies.

I fully agree with Andrew and the dialogue involving the law enforcement agencies is an extremely important element.

>> MODERATOR: Yes.  Actually you have something to add, and then Susan and Carlos.

>> MOEZ CHAKCHOUK: I wanted to highlight, I have had the experience ‑‑ when I'm in charge of ITI, those people are not ‑‑ they love to talk about activities and how it is important to ‑‑ it is important, all of those issues.  The problem is they're coming from a world where these new ‑‑ they don't think they need to be open to the society.  They don't think this is relevant for them to talk to private sector or to other government officials too.  They're really in a closet world.  I think that we need a lot to do in this field.  All those people, what they need, is just to find a very efficient mechanism.  It is not just talking about reforms, they don't care about that.  All they need, they have ‑‑ all they need, they have the way to solve their problem, they want to be quickly solving problems quickly.  Talking to these people, it is about how to implement, how to solve the problems efficiently. 

What is important to mention ‑‑ we need, of course, to encourage the government around the world.  Through the global government, you have many ideas on those issues.  We have to implement something efficient.  If you want to take part of this, you need to make ‑‑ you need to be more involved with the debate, including law enforcement people, the judges, all of those people that work on these things.

>> SUSAN MORGAN: Just three reflections really. 

The first one: We have tried a number of times to have conversations with law enforcement and with various agencies, and it is incredibly hard to get them in the same room.  Totally agree with you on that. 

I was thinking from a company perspective, for GNI, what we look for from our member companies is consistency with the sort of policies and practices that the companies have and the way in which they're implemented in the business.  It strikes me that what we have at the moment exposed in some governments is inconsistency between what's going on domestically and what's said internationally.  So I think, you know, the challenge is how do you get that kind of consistency in a coordinated approach.  Which obviously, as I said, is very much what we look for from member companies of GNI. 

The final point would be that I hope that the Snowden revelations of the last 18 months make it kind of force ‑‑ kind of force the debate.  But my fear is that it's almost the most difficult time to try and have the debate.  I think, you know, agencies around the world will be on the defensive about what's been revealed, and sometimes that's harder to bring people to the table at that time.

>> Very quickly, maybe one dimension important to highlight from the comments on laws that may ‑‑ that may trigger or hinder the ‑‑ on how they can respect user rights, the companies can, is the whole idea that targets mostly U.S.‑based companies, which is since you have those globally rendered services and apps that can be downloaded like everywhere in the world, services that everyone in the world can use, you're not only exporting tools and apps and services but also exporting legal concepts, standards, procedures, understandings on how a specific fundamental right, or if I may say Human Rights, may be interpreted here and there, and that can create a challenge for legislatures and judges as well.  We see that debate with the standard of the freedom of expression in the U.S. being higher than other countries.  When you use a certain tool, when you download a certain app, you're not only using the technology itself but you have gone into the technology, the legal concepts, the legal standards that would be enabled by the app provider. That's important to take into account

>> Actually, I have a point I want to respond to, what Susan said about the difficulty of getting law enforcement in a room. 

I don't know whether other friends have tried in their jurisdictions, I, myself in my role as a legislature, I have been able to get them in the same room.  I wonder whether or not you have seek the help in your countries and so on, different countries, of politicians and legislatures.  At least they sort of have ‑‑ whether they're on the ruling side, opposition side, at least they probably have a role to play, some sort of power if there is any, to at least try to facilitate a discussion.  At least in my case, we have been able to get the police to try to come up with at least a standardized form for the service providers to handle the data requests and removable requests and so on.  I wonder whether that's also something that's been tried in other countries and to what level of successor not.

Any other speaker or any other questions from our audience?  Any from our remote ‑‑ no, not yet.

Let me allow this lady over here to ask the question first and then we'll come back to you.

>> AUDIENCE: Good morning.  I'm from the Philippines. 

It is good listening to the discussions on how private companies can also get the principles of Human Rights.  I wish you could also help us to reach out to local telecoms, local ISPs in our own countries so that they can also be encouraged to sign this principles. 

Same time, my other point is that we're talking about this guiding principle on Human Rights for the freedom of expression, speech, but I wish you would also consider asking companies, private companies to look at ‑‑ to sign the U.N. Women Empowerment Principle, not just in terms of gender fairness in companies but to also look into empowerment in their own businesses in the market and also into the communities. 

Thank you.

>> MODERATOR: Because of time, let's try to get this gentleman to ask his question, and then we can try to wrap up and let all of the speakers try to answer the questions.

>> AUDIENCE: Thank you. 

Actually answering your question, whether someone had experience in talking to law enforcement and politics regarding the surveillance, I believe it was Cynthia at the beginning of the panel that said it is important for a company to have a policy based on which then the company representatives can act. 

For my company, a Telco, we're working based on the industry dialogue guiding principles and our own principles on how to protect freedom of expression, privacy, based on that, on those principles, our management travels throughout the geographies that we're present and meets with high‑level representatives, ministers, et cetera, and actually raise in some of these countries for the first time the issues of freedom of expression and privacy and our point of view which have been established in this policy.

>> Good.  Good.  Thank you.

>> MODERATOR: Okay.  Let's see.  The question before that, how do get some of the local countries to get in the act.  I don't know, Susan, Allon, particularly, do you have anything to say about that?  Allon?  Any of the other speakers?

>> ALLON BAR: The idea of having local companies to engage with these principles ‑‑ I'm sorry.  I can't see you entirely.

In the Philippines in particular ‑‑ I'm glad you bring it up.  It is important that we're not only looking at the big companies that deal with these issues, but that we engage with local companies.  For example, we have tried to do with rights, right when we set out the standards of which companies should adhere to, that too these are standards that all companies around the world should be able to adhere to.  I would encourage you to look at the methodology, indicators, to perhaps see if you can apply that in the local context so that the ‑‑ Philippines in Southeast Asia, they have, for example, set up an assessment of companies that are operating in Thailand to look at some specific issues with regards to how they secure the data of their customers, and I'm very much hoping that something like that could also be set up and could benefit now the Philippines.

Thank you.

>> Just quickly saying, we want to engage for sure.  If you believe it is important to do all of those things, that we want to encage on those ‑‑ for example, to publish the transparency report, I had the experience, I wanted to publish something, the first transparency report for 2013 but there was a lot of pressure, the government giving a lot of pressure to avoid.  It is ‑‑ they think it is related to national security.  This is ‑‑ this could be how to say in ‑‑ not in ‑‑ access to the information law that we have after the revolution.  So, it is really difficult sometimes to engage and we need to decrease the pressure on companies on those issues.

>> Of course, in my ‑‑ well, in my country, but not my jurisdiction, they actually look at this as state secrets in China.  You cannot even say anything about this sort of data.  They cannot be reviewed.

Susan.

>> SUSAN MORGAN: Thank you for that question. 

I think in the longer term, GNI would very much hope to have members, company members from a local context and from a much broader geographic region than the regions we have had right now.

I also wonder if there's a role in the local context for the investor community to help to raise the issues with companies and to begin that conversation around expression and privacy.

>> MODERATOR: Maybe we have time for one last question, if there are any?  Comments from ‑‑

>> AUDIENCE: Just a quick comment on what Moez Chakchouk was mentioning.  He's right on the desire of efficiency.  It is not to contradict, but there is a dimension that's the counterpart which is due process.  The tension is the combination of finding something that's not the current situation where you have either something that's efficient, but so informal there is no due process or something that's so vigorous in due process but it is totally inefficient.  The key challenge is to combine the level of efficiency and due process,

In that regard, you mentioned very important element, it is the notion of standardized formats for making those requests so there is interoperability and understanding of the language that both parties are speaking.

>> MODERATOR: Thank you. 

Why don't we let our speakers have a very short, quick wrap‑up of what their thoughts may be going forward from now until the next IGF or the time forward in your particular view.  We're talking this issue of respecting ‑‑ companies to respect Internet Users' Rights, anyone want to give final thoughts?

>> I just wanted to, again, reinforce this point ‑‑ I will pick up on the ranking on digital rights, exercise which Allon you're driving. 

I think it is useful to look at the state of laws across the world.  That's where it is a genesis of these overbroad requests.  If one thing is fine to rank what companies are doing, but whether it is telecommunications whether tied by their licensing conditions or just companies who have to sort of then make sure that they are ‑‑ that they end up getting into fights with various national governments because there is an interacting of the national legislation and international standards and this huge tension between the two.  I'm just thinking that ranking additional rights could be a place which also looks at this gap analysis, plus also use the ranking as a mechanism to put the spotlight on the role of governments and their legislative function in terms of creating just bad laws.  I think not enough has been said on that.  Maybe if the ranking exercise could be expanded to cover that as well it will be a good thing to do.  Just to respond very quickly to that, yes, definitely the legal political environment of where companies operate is very important and definitely influences how they can perform in the ranking.  It is only going to be part of the narrative in explaining why perhaps companies have been held back by the operating environment within which they function.  We will not do a ranking of governments as such.  There are other organisations out there that do such things, the World Foundation, Freedom House, et cetera, and ultimately what we assess is how companies perform within all jurisdictions in which you operate. 

Just to add as my final remark, I'm glad we heard about the key influence of the government policies, practices on what they have on how companies operate.  I hope in looking forward to IGF, the next year, that we can encourage companies to be more transparent on what they do to empower their own terms of service, their own privacy policies, because while we have seen a lot more transparency from companies ‑‑ there is a wonderful step forward, an important step forward ‑‑ one aspect so far that's been largely missing is more transparency on the enforcement of their terms of services, their takedowns, et cetera. 

Thank you.

>> I like Allon's last point a lot.  To be pragmatic, I think we need to almost split the conversation about respecting Human Rights of users into two areas.  The areas that are totally related to companies' behaviors and things that are directly under their control.  And I think this is the area where we can make the most progress very quickly because with the right pressure on companies that could happen. 

The second area, of course, which is related to governments, and that's a far more difficult and challenging issue, and we will probably be unfortunately talking about it for the next ‑‑ you know, for our lifetime.  We can put more pressure on companies, getting more tangible results from companies very quickly.

>> MODERATOR: I feel we're in a theater and the lights are coming on.

Steven, then ‑‑

>> STEPHEN LOWE:  I think we have had an interesting discussion around the nature of privacy.  That's a debate that I think is going to carry on.  Our understandings of privacy probably have changed over the course of a generation, that's largely driven by the Internet.  I focused earlier very much on the resistance to companies, I thought that was the focus of the panel.  But if we talk about the government, surveillance and the law enforcement agencies, I think there was an important point made earlier about the way we treat privacy in different political environments, and I think privacy becoming a currency almost for ‑‑ you value your privacy depending on what you think the privacy will be used for.  If you sign, take the terms and conditions box for an app, whatever, you're actually not that worried, whereas in other political circumstances you may be worried because your privacy carried more significance there. 

I think we have got an ongoing debate with our law enforcement agencies, various agencies, who are naturally not transparent organisations.  It is not going with their culture.  They exist to promote Human Rights, and it is my job to make sure that they're consistent with the Human Rights. 

And within the U.K. we have got a review now of our data retention laws and that's running up until 2016 and we'll be open, Civil Society participation and companies participation and an open discussion.  I think you have made a distinction between getting into the details of the type of information that you're looking at and the systems for gathering it and the oversight mechanisms.  The rule of law ‑‑ and I'm very keen to have that discussion around rule of law, oversight, et cetera, keen for the other governments to do that same sort of thing.

>> MODERATOR: Cynthia?

>> CYNTHIA WONG: I agree we have to look at laws making it more difficult for companies to be responsible when it comes to rights.  Laws that are forcing companies to assist with surveillance.  That's key. 

At the same time I think companies need to own up to their own efforts to oppose regulation of their conduct.  We have already talked about data protection efforts.  I think we have seen efforts from companies to oppose data protection regulations which would protect user rights.  Also things like net neutrality, due diligence, companies are opposing these laws and they have to own up to that.

Finally, the last thing I would say, you know, we join the GNI to get better insight into the companies who join, their behavior, their records on Human Rights.  There is a huge universe of companies out there that have never engaged with the GNI, never really engaged in issues like this on the Human Rights responsibilities.  I think we need to broaden the tent a bit, especially outside of say the U.S. and Europe, and look at a broader range of companies and start to ask what are they doing to safeguard the rights of their own customers.

>> SUSAN MORGAN: There is a tension between making progress right now, the issues are so urgent, and the reality, the fact that we're really at the very beginning stages of the debates on free expression, privacy I think, you know, the roles of governments, the roles of business.  Certainly I would say over the next few years a much kind of wider set of an ecosystem developing will put pressure and focus attention not only on companies but on governments.  I would expect that to be sort of reflected in the future IGF talks.

>> MODERATOR: Carlos?

>> CARLOS AFFONSO SOUZA: Quickly, interesting to look in the future how the different alternatives on fostering respect for user rights will develop.  Looking into the hard law perspective, soft law alternatives, research projects such as the ranking of rights, really interesting to see how those process also develop.  Especially interrelationship between technology and law, especially to see how Human Rights can be protected even by the design of app, software and devices.  The new smartphone cannot be a Human Rights infringing device in design of the law and the device.  It will be interesting to see how this develops.

>> MODERATOR: Thank you. 

Seems like at the end of our discussion it seems almost like we're becoming ‑‑ this has become a discussion of Fostering Respect by Government for Internet Users' Rights, and that's an important factor, a prerequisite for the companies to respect the Internet Users' Rights. 

Thank you for the panelists.  Let's give them a big hand for our ‑‑ for all of you.

Thank you.

***

This is the output of the real-time captioning taken during the IGF 2014 Istanbul, Turkey, meetings.  Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record. 

 

***