[liberationtech] GNI in the news and it's not looking hot

Wed Mar 9 09:37:52 PST 2011

Thanks for your kind words Jake. :-)

Certainly, there are a lot of serious issues that GNI isnt going to solve on
its own and can't solve. Which is why I say a lot of other efforts are
needed by many other orgs. There are a range of issues concerning CALEA (and
particularly what has come to be known as CALEA II, which would extend
wiretapping requirements to networks and platforms) on which many GNI
members are actually engaging and pushing back (some publicly and some less
publicly) but they're doing it mainly in other fora. Many GNI members
including EFF are pushing companies on security and broader architectural
issues you raise. All three GNI companies are involved with the CDT's
Digital Due Process inititative to change the ECPA law which currently
allows excessively easy law enforcement access to data in the cloud.  GNI
isn't a frequent statement-making organization right now for a number of
reasons, one being that it is a multi-stakeholder organization which means
that there has to achieve consensus from all stakeholder groups for each
statement; secondly its mission is not to duplicate the advocacy work done
by its member orgs such as CDT and EFF and others; and thirdly it currently
only has one staff member - and her main priority has to be membership
recruitment at this stage. Admittedly GNI not doing a great job at
communicating with the public or even with core civil society communities.
There are lots of issues that will be hard to solve without more staff which
requires better funding. But I still think it's better that GNI exists than
not. It's a startup organization that is still getting its feet and needs to
be given a chance to find its footing and prove itself.  I hope people will
give it a chance.

On the accountability mechanisms and assessment process you can find more
information here:
http://www.globalnetworkinitiative.org/governanceframework/index.php

with more details on the assessment process in the governance charter here:
http://www.globalnetworkinitiative.org/charter/index.php

Socially responsible investment firms that are currently members of GNI are:

http://www.calvert.com/
http://www.bostoncommonasset.com/
http://www.domini.com/
http://trilliuminvest.com/
http://www.folksam.se/
http://www.fandc.com/

Best,
Rebecca

On Tue, Mar 8, 2011 at 3:39 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:

> On 03/08/2011 08:45 AM, Rebecca MacKinnon wrote:
> > Hey there Jake,
> >
> > As you know I'm on the GNI board and have been involved with it from
> > the beginning. Everything I'm about to write represents nobody else's
> > opinion but my own.
> >
>
> You're one of the people that I thought of when I thought of a person
> with an impossible job. You clearly care and your heart is in the right
> place.
>
> > I will leave it to GNI corporate participants named in your e-mail to
> > respond to your critiques or not as they see fit. Video of the panel
> > you mentioned can be found here:
> > http://fora.tv/2009/05/04/Corporate_Responsibility_and_Complicity
> >
>
> Most of my experience after the fact was not on camera as my questions
> were not accepted during the panel.
>
> > You have put your finger on the obvious fact that GNI is not a high
> > bar. As you rightly point out, the fact that so many companies can't
> > even be bothered to meet GNI standards and commit publicly to a few
> > baseline principles on free expression and privacy is patently
> > outrageous.
> >
>
> Agreed. I think that there is a key thing to realize here - many company
> may exceed the GNI standards but they're just not pushing an agenda of
> joining the GNI or publicizing it.
>
> > I agree that if large numbers of companies were to join GNI, many of
> > the problems you and I and others on this list are concerned about
> > are going to be far from solved. The need for viable non-commercial,
> > user-friendly, decentralized and distributed alternatives to
> > commercial platforms and networks is critical. The need for more
> > aggressive activism of all kinds is urgent. More public
> > awareness-raising is urgent. Efforts like Shava's nascent privacy
> > icon project are important and necessary. There needs to be better
> > and more intelligent public policy coming from nations that call
> > themselves democracies. I could go on and on about all of the things
> > that are urgently needed.  We need a massive ecosystem of efforts.
>
> I think we're in total agreement here.
>
> > But I do not agree that GNI is a "corporate-washing joke."
> >
>
> I know that you feel hopeful about GNI.
>
> > Based on my own involvement with the organization over the past few
> > years, while I think that GNI is only one step forward, and like all
> > multi-stakeholder initiatives involves compromise, I nonetheless do
> > believe that it's a step in the right direction.  I do believe that
> > the world's most politically vulnerable Internet and mobile users
> > will be better off if Internet and telecoms companies join GNI than
> > if they don't. If GNI prevents even one person going to jail and
> > having their life ruined, or enables even one more activist group to
> > get its message out at a critical moment when it otherwise would have
> > been foiled, then to me that is worth it even though it falls short
> > of how things ought to be in the ideal world.
> >
>
> I'm not convinced. I agree that it will good if people aren't jailed but
> it's not as simple as you propose.
>
> How many people will be jailed by these same corporations for following
> CALEA laws in the USA? Will people choose their services because they're
> respecting human rights and are part of the GNI only to fall afoul of
> the so called lawful interception systems?
>
> None of these companies appears to be fighting against interception in
> the USA. The GNI does not seem to encourage companies to resist CALEA or
> to work for better laws.
>
> So - overall, what's the gain? The gain is a brand boost without a clear
> metric for reduction of actual human suffering across the board.
>
> Only Google appears to have done something in this department with their
> transparency reports[0] but its still far from great.
>
> > Here are a few ways I think GNI has made a difference: - While none
> > of the GNI member companies are perfect and some are doing better
> > than others, the human rights assessments that they've started to do
> > as GNI members has helped member companies avoid some screwups which
> > we'll never know about because they never happened.
>
> That's an interesting issue - how do we measure things that never happen?
>
> > Yahoo, for
> > instance, after conducting a human rights assessment decided to run
> > its Vietnamese service out of Singapore in order to avoid being
> > complicit in jailing dissidents as it was in China.
>
> Why not change the nature of the services offered to make it impossible
> to jail people in whatever country is desiring of this?
>
> We need fundamental changes to the structure of services offered.
> Jurisdiction hopping is a cute law hack but I sincerely doubt it's going
> to work for much longer.
>
> In any case, it's not like the Vietnamese government can't compromise a
> Yahoo! mail account - they don't need Yahoo!'s help directly, they just
> need Yahoo! to continue down the path of the security status quo.
>
> We know that this happens in Vietnam - the keyboard driver backdoor[1]
> written about by Ethan a few years ago explores this issue.
>
> - Most companies
> > have little or no in-house human rights expertise. GNI membership
> > gives companies a channel through which to seek advice from human
> > rights groups before making decisions about certain details of
> > certain products and services, or deciding how to manage problems
> > that crop up. I assure you, this channel is used with great
> > regularity in ways the human rights groups would not want to be
> > involved with if they didn't think they were making a real difference
> > for real people.
>
> In my experience, I'd agree. Many companies lack human rights expertise
> and this does sound like it might be a good channel for discussion.
>
> > For example: while there are plenty of issues with
> > Microsoft, I think that their ties to the human rights community
> > through GNI enabled them to respond to the mess they found themselves
> > in in Russia more intelligently and helpfully than they would have if
> > the same thing had happened before they joined GNI. [1] -
>
> This is a difficult topic for me. I do not feel entirely informed on the
> issue. It's good to hear that GNI may have impacted Microsoft's decision
> making process and that shouldn't be discounted.
>
> It seems that Microsoft entrenched themselves deeper while perhaps
> adequately thwarting a specific tactic of government repression. I am
> entirely unclear on the actual level of success here and I have no idea
> how one may measure long term impact of this kind of action.
>
> Now people in Russian NGOs are safe from licensing issues but the
> Russian authorities may use Microsoft forensic tools[2] to attack them.
>
> That's a strange trade off and I don't really understand a metric to
> measure progress for events of this nature. I'd be curious to see how
> GNI wants to value these kinds of trades. Is this like carbon credits?
> human justice credits perhaps?
>
> >  GNI has
> > gotten at least some investors to start including free expression and
> > privacy in their ethical investing criteria. Before 2005 the
> > investment community screened companies for labor, environment,
> > sustainability etc, but not for free expression and privacy. In fact
> > it hadn't occurred to the "ethical investing" community that this was
> > an issue. They're learning fast now and a growing number are starting
> > to include free expression and privacy in their investment criteria.
>
> That's a great idea - how do they measure that? What investment firms do
> this in public today?
>
> > While we've seen from the environmental and sustainability movements
> > that it can take a long time to influence entire industries in this
> > way, over time the criteria of ethical investors can make a
> > difference in how companies impact the lives of human beings all over
> > the world. - The GNI principles take the Universal Declaration of
> > Human Rights and a body of other international human rights law and
> > articulate how those pre-internet concepts should be upheld by
> > Internet and telecommunications business. [2] Beyond GNI, investors,
> > civil society, policymakers, and even non-GNI companies are starting
> > to use the principles in a range of contexts that I believe are
> > meaningful though hard to quantify at this stage.
> >
>
> Which of the GNI are opposing CALEA, National Security Letters, sealed
> court orders, and taking governments to task for their abuses?
>
> Which corporations in the GNI are fighting against the abuses that
> exploit user trust in corporate systems to harm users across the board?
>
> Which corporations are building, funding, fielding or improving systems
> that make those kinds of orders impossible to execute without informing
> the user directly?
>
> > GNI is one organism in a very young and fragile ecosystem of groups
> > and coalitions trying to defend and protect civil liberties and human
> > rights in digital spaces. As with the environmental movement and
> > other movements, this cause is going to require a much more robust
> > ecosystem of diverse efforts over many years in order to ensure that
> > the net momentum is in a more forward than backward direction. In the
> > environmental movement, some organizations and initiatives have seen
> > value in working with corporations or governments or both to achieve
> > baby steps forward. Others are opposed to compromise and insist on
> > radical alternatives as the only course. All points on the spectrum
> > need to exist in order to make any progress at all.
> >
>
> I agree that we need many points of resistance and many voices for change.
>
> This does not change that I think those leaked spying guides are
> indicative of a major failure of GNI. For one - why did those guides
> have to be leaked in the first place? How about some transparency that
> is really available to everyday users at risk?
>
> Additionally, those guides indicate that these companies still build
> systems that are unable to stand up to someone with basic access. This
> does not bode well for targeted hacking such as the Aurora attacks as
> the actual technical core isn't solid. It is rumored that the Aurora
> attackers had access to legal intercept equipment - so that's probably a
> pretty bad deal if true.
>
> It doesn't help that the policy and public rhetoric of most corporations
> isn't much better.
>
> Essentially all of this amounts to security, privacy, and support of so
> called human rights by policy, rather than by technology design.
>
> > Members of this ecosystem certainly need to be able to handle - and
> > should welcome - criticism of one another, along with major
> > philosophical disagreements. However I hope that we can all
> > fundamentally respect each others' shared intentions and goals.
> >
>
> I respect your work on this issue.
>
> It should be stressed that corporations aren't people and I hold them to
> a much higher standard.
>
> California should have revoked Yahoo!'s corporate charter when they let
> Shi Tao rot in jail. It almost doesn't matter what efforts they made
> after the fact with Dr. Rice on her trip to China; the damage was
> already done.
>
> I'm glad to know that they gave his wife an undisclosed sum of money.
> I'm sad to hear that he'll lose ten years of his life because Yahoo!
> didn't consider that their logging might impact people negatively. What
> have they changed about this? What press release implores other
> companies to never fall into this trap again?
>
> All the best,
> Jake
>
> [0] http://www.google.com/transparencyreport/governmentrequests/
> [1]
>
> http://www.ethanzuckerman.com/blog/2010/04/01/is-vietnam-conducting-surveillance-via-malware/
> [2]
> http://en.wikipedia.org/wiki/Computer_Online_Forensic_Evidence_Extractor
>

-- 
Rebecca MacKinnon
Schwartz Senior Fellow, New America Foundation
Co-founder, GlobalVoicesOnline.org
Cell: +1-617-939-3493
E-mail: rebecca.mackinnon at gmail.com
Blog: RConversation.blogs.com
Twitter: @rmack <http://twitter.com/rmack>
Facebook: facebook.com/rmackinnon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110309/36ba52d9/attachment.html>