Message to Congress: How not to kill the Internet when fighting terror

This week, I testified at a hearing titled The Evolution of Terrorist Propaganda: The Paris Attack and Social Media convened by the House Foreign Affairs Committee’s Subcommittee on Terrorism, Nonproliferation, and Trade. My remarks focused on how not to destroy Internet users’ right to freedom of expression and privacy. Below is my five-minute oral testimony as delivered, with links added. A pdf of my more detailed written testimony, along testimony of all other speakers can be found here. Video is here.

How do we fight terrorism and violent extremism in the Internet age while not undermining the core principles and freedoms of democratic and open societies?

Terrorists are not the only people who are using social media powerfully and effectively. Yesterday I returned from the Philippines where I participated in a conference of bloggers, activists, and citizen journalists from all over the world. People who believe in freedom of expression, the open Internet, and multicultural tolerance. Many people connected to this community face serious threats of censorship and imprisonment when they write about subjects or advocate policy positions that their governments find threatening. In countries like Ethiopia, Russia, Turkey, Egypt, Morocco, China and elsewhere some have even been charged under broad anti-terror laws that are habitually used as tools to keep incumbent regimes in power.

In response to the tragic massacre in Paris, the French government has called for UN member states to work together on an international legal framework that would place greater responsibility on social networks and other Internet platforms for terrorist use of their services. In addressing the problem of terrorist use of social networking platforms, the United States should adhere to the following principles:

First, multi-stakeholder policymaking. The US opposes UN control over Internet governance because many UN member states advocate policies that would make the Internet much less free and open. Instead the US supports a multi-stakeholder approach that includes industry, civil society, and the technical community alongside governments in setting policies and technical standards that ensure that the Internet functions globally. In constructing global responses to terrorist use of the Internet we need a multi-stakeholder approach for the same reasons.

Second, any national level laws, regulations, or policies aimed at regulating or policing online activities should undergo a human rights risk assessment process to identify potential negative repercussions for freedom of expression, assembly and privacy. Governments need to be transparent with the public about the nature and volume of requests being made to companies. Companies need to be able to uphold core principles of freedom of expression and privacy, grounded in international human rights standards. Several major US-based Internet companies have made commitments to uphold these rights as members of the multi-stakeholder Global Network Initiative. Guidelines for implementing these commitments include: narrowly interpreting government demands to restrict content or grant access to user data or communications; challenging government requests that lack a clear user basis; transparency with users about the types of government requests received and the extent to which the company complies; restricting compliance to the online domains over which the requesting government actually has jurisdiction.

Third, liability for Internet intermediaries including social networks for users’ behavior must be kept limited. Research conducted around the world by human rights experts and legal scholars shows clear evidence that when companies are held liable for users’ speech and activity, violations of free expression and privacy can be expected to occur. Limited liability for Internet companies is an important prerequisite for keeping the Internet open and free.

Fourth, development and enforcement of companies’ Terms of Service and other forms of private policing must also undergo human rights risk assessments. Any new procedures developed by companies to eliminate terrorist activity from their platforms must be accompanied by engagement with key affected stakeholders and at-risk groups.

Fifth, in order to prevent abuse and maintain public support for the measures taken, governments as well as companies must provide effective, accessible channels for grievance and remedy for people whose rights to free expression, assembly, and privacy have been violated. Thank you for listening and I look forward to your questions.

The above recommendations were informed by my years of work on Internet free expression and privacy issues, the Global Network Initiative’s principles and implementation guidelines, standards for Internet and other ICT sector companies currently under development by the Ranking Digital Rights project, and a new report published by UNESCO titled Fostering Freedom Online: The Role of Internet Intermediaries.

In the Q&A session, in response to a question about why companies don’t do a better job of working with the government and others to take down terrorist speech, I tried to remind the committee that we have a bit of a trust deficit between Silicon Valley and the national security community these days. In the wake of Edward Snowden’s surveillance revelations, U.S. companies are already under fire for how NSA has used them for surveillance. The lack of trust, accountability and transparency about the relationship between Internet companies and the U.S. government is a barrier to constructive dialogue. If I’d had more time to comment, I would have suggested that an overhaul of this country’s surveillance laws might be a good place to start in building trust between companies, government, and Internet users. Calling for back doors and opposing encryption doesn’t help either.

A version of this post originally appeared on Rebecca MacKinnon’s blog.