Surveilling the Stockholm Internet Forum 2013

Are liberty and security contradictory terms, or can they coexist? Was Benjamin Franklin right when he said, back in 1775: “They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety”? Can surveillance be consistent with a free and open society?

These are profound questions. Speaking at this year’s Stockholm Internet Forum (SIF), Carl Bildt, Swedish Minister for Foreign Affairs, remarked that freedom and security are “two sides of the same coin”. He argued that surveillance does not limit freedom of expression because of the due process required in its application. Over the next two days this assertion was robustly disputed.

The Forum debated the fact that despite a resolution by the UN Human Rights Council affirming the promotion, protection and enjoyment of human rights on the Internet, particularly freedom of expression, governments are increasingly restricting and undermining freedoms online by expanding surveillance in the name of security.

The organisers of SIF work hard to ensure diverse participation from many countries. Bloggers and activists from all over the world - including Ethiopia, Cote D’Ivoire, Uganda, Egypt, and Tunisia - told stories of facing the consequences of exercising their right to freedom of expression online. One participant pointed out that every country has freedom of expression in their constitution in some form, but what about freedom after the expression?

Being able to freely express views online without being censored does not guarantee freedom of expression if one is harassed or arrested after making her voice heard. This fear of retaliation contributes to a ‘chilling effect’ on freedom of expression. Governments are increasingly finding that instilling this fear through mass-surveillance can be an effective tool of repression. In the closing session of the conference, renowned Cuban blogger Yoani Sánchez spoke of the isolation caused by a governmental campaign to ruin her reputation as worse than being arrested and imprisoned.

Civil society organisations over the past year have worked to highlight the potential human rights impacts associated with intrusive surveillance techniques, in particular facilitated by equipment and software tools invented, developed and sold by private companies. One such product, ‘FinFisher Suite’, made by British-based company Gamma International, offers a range of intrusion and monitoring capabilities.

Privacy International recently filed a complaint with the UK OECD National Contact Point regarding the sale of ‘FinFisher’ to Bahrain on the grounds the sale of the technology violates OECD guidelines.

A report by Citizen Lab details the capabilities of Finfisher and reveals 36 countries where the surveillance software is utilised. These include the feature ‘Finspy’, which is alleged to have been used to target activists in Bahrain, capable of recording communications, such as email, and live surveillance by switching on a computer’s webcam and microphone. This report inspired Pakistan-based human rights organisation Bytes For All (one of the countries found to have a Finfisher server) to deliver a petition to the High Court of Pakistan asking that Finfisher software be disabled as it violates the privacy of Pakistani citizens and is unconstitutional.

Increasing government surveillance is especially poignant for countries in transition such as Egypt, Myanmar and Tunisia. What will happen to the intrusive surveillance technology infrastructure already installed and utilised by previous repressive regimes, once a more democratic government takes over? Equally important, how can telecommunications companies entering new markets like Myanmar avoid past mistakes, and ensure the technology they sell does not have unintended consequences?

Lessons of dismantling potentially harmful infrastructure, although from different fields, may be useful in developing a path forward. For example, the break up of the Soviet Union in 1991 led to concerns over what would happen to the estimated 27,000 Soviet nuclear weapons. Fears at the time were widespread that leaders of the newly formed countries could obtain or use launch codes for the vast Soviet arsenal. Through an internationally sponsored programme, Kazakhstan, Belarus and the Ukraine volunteered to disable their nuclear weapons. The programme was supervised and was one of the more remarkable, peaceful outcomes of this nature on such a scale.

Is there a possibility something similar could be done for surveillance technology as countries emerge from repressive regimes? One problem is that many countries, including democracies, also utilise the same technology and products, sometimes made in their own countries, particularly in Europe. (But the parallel with nuclear weapons holds). Tempting as it is for some to divide countries between “good” and “bad”, participants at SIF disputed such simplistic analysis, which assumed it was acceptable for ‘good’ countries to use the surveillance technology, but not the ‘bad’ countries. One participant poignantly reminded us that the next billion people to join the Internet will not come from countries with the ‘due process’ that Bildt referred to as the precondition by which surveillance does not limit freedom of expression, but from countries that place limits on this right.

Establishing export controls on dual-use technologies, or disabling aspects of technology that can have sinister uses, can be a complicated affair. Dismantling surveillance infrastructure would need a global accord, if it is to be meaningful.

So what should business do today? As more and more people become connected, it is important for responsible businesses who have made a commitment to respect human rights to work to ensure the next billion users do not suffer in the way some brave SIF participants have at the hands of their technology.

IHRB is working with the University of Washington School of Law to research and unpack these difficult questions. We aim to research the nature of requests by governments to telecommunication companies for surveillance equipment and pinpoint where a company’s point of leverage might be to mitigate risk. As well as investigating potential technical solutions, we will apply international human rights standards to strengthen companies’ due diligence as set out in the UN Guiding Principles on Business and Human Rights. We aim to use this research to highlight the growing trend of government surveillance and the urgent need to restore balance between freedom and security.