Discovery News: Etherized

Yesterday, a large and diverse group of big tech companies, human rights groups, academic institutions and socially responsible investment firms announced the launch of something called the Global Network Initiative (GNI). Supported by the heavyweight troika of Yahoo, Google and Microsoft (not to mention Human Rights Watch), the GNI is first and foremost a code of conduct, a first step in creating a set of best practices that tech companies can follow to avoid becoming complicit in Internet censorship, and to protect user privacy. I heard rumblings of this sort of thing while reporting on Yahoo's recent problems with turning over user information to the Chinese government; that information led to the arrest and imprisonment of two Yahoo users in China. See here and here for background. And while Yahoo bore the brunt of Congressional criticism (the late Rep. Tom Lantos called Yahoo CEO Jerry Yang a "moral pygmy" during a Congressional hearing), let's not forget that China asked Microsoft to shut down blogs critical of Beijing, and insisted that Google filter search engine results. And those two companies complied, seemingly without much hesitation.

The whole idea of the GNI, which is a completely voluntary organization (one participant has called it "a coalition of the willing"), is to give tech companies that sign on a road map when it comes to dicey situations. It enshrines big principles such as freedom of expression, user privacy, and transparency. But it also tries to provide concrete ways that companies can implement the principles into their business practices. During a conference call yesterday, Michael Samway, VP and Deputy General Counsel at Yahoo said:

"We're talking about fusing business decisions with human rights analysis, so that we can think about business issues looking through a human rights lens. Additional steps would include conduting a human rights assessment before entering into new markets, and employee training around human rights issues."

Critics of the plan say that it has no teeth, that the GNI doesn't give specific enough steps for companies to follow. They also worry that there is no real enforcement mechanism to ensure that companies remain compliant. Those who have signed onto the plan, though, contend that it's a process, not a finished set of rules, and that the practicalities will be ironed out over the next few years.

In the past, the Big Three have always used this out when asked tough questions about doing business in countries that engage in Internet censorship: "Hey, to do business in these countries, we have to abide by the laws of the land." The GNI, it's hoped, will provide companies with a collective mechanism for ditching that excuse.

Of course, Yahoo and Google and Microsoft are big players. But what about companies like Cisco, which provides alot of the hardware that countries use to filter the Internet? What about all those smaller companies that supply filtering software to Tunisia and Saudi Arabia?

This morning, I interviewed Colin Maclay, acting executive director of the Berkman Center for Internet and Society at Harvard Law School. Berkman was heavily involved in the drafting of the GNI principles, and will work on the implementation and enforcement moving forward. He told me:

Many of these other companies are either not acknowledging their role in censorship or surveillance, or are not doing so publicly at least. [GNI's] tent is big. We would love to include any of those companies who are committed to making progress in these areas. But I don't want them here if they're not committed. If they're looking for fig leaf, they're looking in the wrong place.

(Graphic from Wikimedia Commons)

As you ready yourself for tonight's final debate between Barack Obama and John McCain, I'd like to draw your attention to...wait for it...the Presidential election in Azerbaijan. Azeris went to the polls today to, well, give the incumbent Ilham Aliyev (son of the previous leader) yet another term in office. Expect a landslide; all of the major opposition groups boycotted the election. But one candidate didn't. Take a gander at Shiraslan Qurbanov, straight out of the Azeri heartland, according to his bio. My Azeri is a bit rusty, but I'm assured that the slogan reads, "The People's Candidate." Uncle Shiraslan, as he's known, just happens to be 70 years old today...on election day of all days. Again, according to his official bio.

But don't let Shiraslan's age fool you. The man seems to be an online whizkid. He's got lots of Azeris on his email list, not to mention his own slick website, his own Facebook page, and his own channel on YouTube. No wonder the younger generation is excited about Shiraslan's candidacy, no?

Bakhtiyar Hajiyev is the "political director" of Shiraslan's campaign. He told me in an interview today that "young Azeris are looking for new faces, new actors in Azerbaijani politics. Shiraslan is a very positive politician." Hajiyev pointed out as plusses not only his candidate's rejection of negative campaigning, but also his strong foreign policy.

Sounds too good to be true, right?

"It sounds like a paradox, but the only real opposition candidate in this election...is a virtual candidate," says Hajiyev.

Yep. Shiraslan only exists online. Hajiyev, who is a student at the Harvard Kennedy School of Government, worked with some other Azeri expats to create their own opposition candidate. At first, real opposition groups in Azerbaijan laughed Shiraslan off as a joke. But when they saw the success the virtual candidate was acheiving, they quickly started web sites and YouTube channels for their own, real candidates.

"We want to send a message that if there is no platform to discuss and reach people offline, you can at least try online. You can reach some voters, and create momentum," Hajiyev told me.

As for Shiraslan, no, he's not actually on the ballot. A cell phone text message campaign today urged those disinclined to vote to head to the polls, and scrawl Shiraslan's name across the ballot. Sure, that negates the ballot under Azeri law, but at least, the thinking goes, you might actually feel like voting.

And if all else fails, you can enjoy the Shiraslan rap. I'm pretty sure you can learn some useful Azeri swear words in here...but don't quote me on that.

Right. So, in what would have been a shameless and vain attempt to drive readers to this site by putting the word "porn" in the title of this post, I almost wrote about this little item today. But as interesting as the idea might be that web searchers are more interested in finding social networking sites than pornography, I believe I've found a slightly geekier, but much worthier story to send your way.

The OpenNet Initiative does some incredibly interesting work in the area of internet censorship. In short, ONI is trying to find out what kind of web content countries around the world are blocking, and how they're blocking it. Whenever I have a story dealing with net censorship, ONI is the first place I go for in-depth analysis, and a reality check.

From ONI's website today (Props to Afromusing for forwarding this to me) comes news that a Tunisian blogger and journalist named Ziad El Heni has filed a lawsuit against the country's Internet Agency. Why? Because the Agency blocked Facebook recently, without giving any reason. The Tunisian President even intervened in the case, asking access to Facebook to be restored.

But El Heni's got a beef, and he's asking for $5,000 in damages.

What's the big deal, you might ask? Well, first of all, blogging in Tunisia can be a dicey business. And speaking out against government censorship can earn you jail time, harrassment, or worse. So, El Heni's move to sue Tunisia's Internet Agency is no small matter.

But it's the reasoning behind the lawsuit that's got the geek in me so interested in this story. Simply put, El Heni's suing the agency for lying to him about the technical reason given for the block. When he tried to access Facebook, he got a 404 (Not Found) error message. El Heni argues that he should have gotten a 403 (Forbidden) message instead. The ONI website explains:

In an interesting technical argument he said that the the agency mislead him by serving the message 404 (Not Found) error message instead of the 403 message (Access Forbidden), which the agency serves to users who attempt to access banned sites. This action of misleading (Not Found vs. Forbidden) caused him material as well as punitive damages, he said.

The 404 message or Not Found error message is a standard response code which means that the user connected to the site, Facebook in this case, but the site, Facebook, could not find what was requested. The 403 (Forbidden) message, however means that the user was able to communicate with the site, Facebook, but the server forbids him/her from accessing the site.

It may seem like a meaningless distinction to a blogger in a country with relatively free Internet access, but to someone like El Heni, in a country like Tunisia, this is a distinction worth fighting for.

As he told the Magharebia website: "To the government, the closing or blocking of a website may be a simple technical operation based on its legitimate authority, but in this case it is a crime...More importantly, it is proof that the government doesn't respect me as a citizen. When the government doesn't respect its citizens, it raises doubts and questions over its legitimacy."

(Image taken from Ziad El Heni's blog)

This is a juicy little story that I've been watching for awhile, mostly because of the reporting/blogging I've been doing on Yahoo!'s involvement in turning over user information to Chinese authorities...information that got two web dissidents thrown in prison.

Research in Motion (RIM), the Canadian outfit that brings you the addictive BlackBerry device, naturally wants to tap into the burgeoning market for its products in India.  No problem, says the Indian government, as long as you give us (the Indian Department of Telecom, the Home Ministry, and the security agencies) the right to snoop on messages sent using the devices.  Why is the Indian government leery?  Because it fears  that criminals and terrorists might use the devices to communicate, plot and plan. 

RIM's not so sure it wants to go down that road.  After all, one of the selling points of the devices is that users' messages are safe and secure from prying eyes. 

RIM and the Indian government have been trying to find solutions.   The heart of the issue is this -- the servers that store the BlackBerry data for Indian users aren't in India.  They're in Canada.  And that means the Indian authorities can't lawfully intercept them.  Indian officials have suggested RIM move servers to India, or at least let local service providers keep a mirror image of the data on local servers. 

RIM is not crazy about that idea.  There were some reports in the Indian press that RIM had agreed to give over the encryption keys needed to read the data to Indian authorities, as long as the Indian government took responsibility for any breach of privacy suffered by individual users.

But now, the Canadian company has announced it doesn't allow any third party -- even itself -- to read information sent over the network.  According to The Times of India, the company said: "The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability of Research in Motion (RIM) or any third party to read encrypted information under any circumstances."

I ran this by Jonathan Zittrain, Professor of Internet Governance and Regulation at the Oxford Internet Institute, and author of a new book called: "The Future of the Internet and How to Stop It."  When I last interviewed Jonathan, he mentioned the BlackBerry/India feud as an example of how mobile devices are quickly becoming the new battleground for government censorship and surveillance.

Here's his reaction to RIM's latest announcement, sent via regular old email:

RIM's business interests align broadly with consumer privacy here.  But the ball is back in the government's court, and they could certainly demand that RIM rework the way the Blackberry functions so that indeed it is tappable.  Devices that are naturally controllable by their vendors, including after purchase, can be reprogrammed at government behest in ways that allow for further rounds in this tug-of-war.

Indian officials have, in the past, threatened to shut down BlackBerry access entirely in the country.  Currently, there are a little more than 100,000 BlackBerry users in the country.

Photo courtesy of Research in Motion