FINISHED COPY
NINTH ANNUAL MEETING OF THE
INTERNET GOVERNANCE FORUM 2014
ISTANBUL, TURKEY
"CONNECTING CONTINENTS FOR ENHANCED
MULTI-STAKEHOLDER INTERNET GOVERNANCE"
03 SEPTEMBER 2014
09:00
WS 188
TRANSPARENCY REPORTING AS A TOOL FOR INTERNET GOVERNANCE
***
This is the output of the real-time captioning taken during the IGF 2014 Istanbul, Turkey, meetings. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.
***
>> KEVIN BANKSTON: All right, I think we are going to get started. Welcome to those in the room, you're in Istanbul and those watching online; this is workshop 188, transparency reporting as a tool of Internet Governance in workshop room 4. I'm Kevin Bankston. We are a civil society organisation that works through an interdisciplinary blend of policy advocacy development and field engagement to support stronger and more open communities. One issue we have been researching quite a bit at OIT is transparency reporting by Internet companies. These reports are a relatively new phenomena that did not exist five years ago. Google was the first to issue a report on the demands for user data and content take down that it receives in 2010. A handful of companies but the practice exploded after the revelations of last year and now several dozen companies from small to large, from US to international, from Internet companies to phone companies have begun issuing reports. Today we are going to be talking about the past, present and future of transparency reporting both by companies and by governments, how they have or haven't been useful as a tool for accountable and how they may improve in the future. Panelists will introduce themselves and offer perspectives for about five minutes apiece. We will then spend 15 minutes on moderated questions and discussion directed by me and the remaining time for questions in the room and those participating remotely. The first panelist will be Google's Marc Crandall; he's going to talk about why Google has been issuing a wide variety of transparency reports and the challenges doing so. Hi, focus.
>> MARC CRANDALL: Hi, folks. I've been with Google about eight years. That's right. We have been doing transparency reports for a number of years now, probably sins 2010. And the type of information we provide in the transparency report has grown steadily over the years so today I would say we probably disclose broadly six categories of information. We talk about of course user data requests which are requests by government agencies for information about our users, user requests. We also disclose information about government removal requests which are requests from government agencies to remove content that's publicly available. Remember this is very different than information about our users. This is information they would like the see removed completely. We also subset of that we talk about copyright removal requests which is another type of removal action which are requests made by copyright owners in reporting organisations that represent them asking us to move material from research results that allegedly infringe on the copyright.
The fourth aspect is traffic. We show traffic history patterns to our services in different countries and that's very helpful, that's insightful, because when there's a break in the pattern the graphs we provide visualize disruptions in that free flow of information, whether it's a government blockage or even a cut cable. And then another element of information we provide is safe browsing. I don't know how many folks tried to visit a remember sight linked from search results and have been provided with a warning that the site contains malware or spam. This is call safe browsing so we provide data about how many users see malware and then phishing warnings and how quickly web masters clean their sites or otherwise would get reinfected by malware. And that's updated weekly.
Another point is safer e‑mail which is data about how much e‑mail is sent between Google and external providers are encrypted e‑mail. All of those we provide as part of a transparency report and that's an expansion of earlier reports. So but that's what we have got now.
>> KEVIN BANKSTON: Can you talk a little bit about why Google is issuing these reports and what benefits you have or haven't gotten?
>> MARC CRANDALL: I think that more transparency leads to better Internet regulation. This is extremely beneficial information for the users of the Internet because they can see how laws play out on the ground and how they actually affect the providers. So the data allows us to judge whether existing laws are relevant and effective and if they enhance or otherwise erode these fundamental freedoms. Also using this data can hold policy makers accountable for the laws they enact and how those laws are enforced. Again this can be beneficial for everyone.
>> KEVIN BANKSTON: I can speak to just as an advocate myself, the Google reports and reports from other companies has been helpful in the context of trying to update our electronic privacy act to information as well as trying to update our national security surveillance laws in the wake of the Snowden revelations but it's also use in changing the behavior of companies. You mentioned the safe e‑mail report that actually shows based on the surfers that communicate with G‑mail servers. And many e‑mail providers including until recently Comcast did not encrypt this material and yet after the transparency report was issued by Google, and the companies that were not encrypting were named and publicized you began to see more companies encrypting their data links and thus increasing security overall. A fun example there. But our next speaker is going to be Susan Morgan from the global network initiative.
>> SUSAN MORGAN: Thanks, Kevin. I'll just say a little ‑‑ oh. Is that better? I'll just say a little bit about GNI first. We are a Multistakeholder company and we are focusing very much on the issue of what companies can do when they get requests from governments that might impact the freedom of expression and privacy rights of their users. We have created over a period of about two years, going back to 2006, 2007; a set of principles and guidelines based on international human rights standards to set out the ways in which companies can respond. That can be from making sure that the company is thinking about the free expression and privacy rights of their users from the very start in terms of product development, in terms of markets they go into, and also to very practical things in terms of when you get a request, what can you do, how can you narrow the scope of the request, so those are some sort of examples of the types of things that are in our principles and our guidelines. We also have an assessment process for companies that are members of GNI and we do learning and advocacy work with the about 40 organisations from around the world, that are now members of GNI. I'm going to talk about three things, the first is why is transparency reporting important. It's probably as Kevin mentioned it's probably worth noting that transparency reporting is something that is a really kind of new phenomena. So as I say, GNI's principles and guidelines were written around 2007, 2008, and don't actually talk about transparency reporting specifically. We talk in our principles and guidelines very much about the importance of communicating with users.
I think that transparency reporting is one of the elements that's developed over the last few years that's been a way in which companies with communicate with users. It's only part of the story clearly in that it gives very sort of broad sort of specific data and information and clearly there's a need for users to be informed when specific issues just relating to them happen. But I think it's an example of the way in which sort of issues around transparency with users have really developed over the last few years. And then in terms of the sort of importance, also, for wider society, there's importance of having informed public debate which is based on sort of facts and knowledge of what is really happening. The company reports that have come out have played a critical role in terms of highlighting the number of requests in particular jurisdictions. We have got anecdotal evidence that is helpful for society and countries who are trying to advocate for change when there's additional data out there that wasn't out there before.
So that's the first point in terms of why transparency reporting is important. I think the second point is about it's not just about company reporting. There's been an awful lot of focus on company reporting over the last few years but I think we shouldn't miss the very important part that governments can play in terms of being transparent about their own laws and practices. There are three key reasons why governments have a pretty unique role to play. The first is that they are the ones who can publish the laws, the legal interpretations and the oversight mechanisms within their particular countries. The second is that I think they could have potentially a unique role in records to reporting on the unique number of users affected. We will probably get into some of the detail around the difficulties of working out how many users are affected later on in the panel.
I think the governments are probably got potentially unique role there. And I think finally, they set the parameters within which companies can report. If anyone has seen the report from earlier on this year that did a very good job of explaining in the 29 jurisdictions that it covered just how difficult it was in a number of countries to work out what they could legally report on. And that is something that clearly governments have a role to do in terms of making it clear for companies in terms of what they can say and what it isn't possible to say. So I think there's some government reporting on these issues. I think certainly the UK government in its lawful inception report talks about some of these issues.
I think there's some limited reporting on why it's happening in the US. Certainly there's reporting to parliament in Canada and in the Netherlands. So it's happening to some extent but I think it's sporadic. But I sort of point you towards the recent report from the UN high commission on privacy in the digital age which I think is one of the reports that's really started to talk about the importance of transparency from governments. And then just briefly I'm going to talk about the emergence of transparency reporting as best practice and GNI's role. So I think the trend is kind of evolved incredibly quickly. Kevin, you've given a few examples of the types of companies that are now reporting. And I think we shouldn't be too hard on ourselves in terms of a lot of the meetings and conversations that I go to people are talk about the terrible inconsistency, there's a lot of information we don't have. We should remember that five years ago no one was doing this so we are in a really early part of the stage. There's clearly a lot of work still to do but we have kind of come a long way in a few years. And in terms of sort of GNI's role in the work we are folk focusing on so we are delighted to have been asked to join the freedom online coalition working group on privacy and transparency. The first meeting is happening today. So we are very much hoping that that will be one of the places in this sort of coming months and years where there will be a constructive and useful conversation about the role of government reporting and we look forward to being part of some of the initiatives that are looking at this sort of consolidation of company reporting as well so thanks.
>> KEVIN BANKSTON: Thank you, Susan. I want to reiterate what Susan was talking about in the importance of government there's the transparency reporting realm both in terms of the need for more and better reporting by governments but also the government's role in determining what companies are allowed to say and what they're allowed to report on. Post Snowden this has been a huge issue in the United States where pretty unprecedentedly broad coalition of companies and Civil Society including Google, including GNI, including international Human Rights organisations have been concertedly pressing for the US government to allow companies to publish more information about the national security related requests they receive while also pressing for the government to public my data itself. I’d like to introduce Patrik Hiselius.
>> PATRIK HISELIUS: Thank you, Kevin. My name is Patrik Hiselius. And today I also represent the industry dialogue, the initiative which launched March last year in an initiative to respect freedom of expression and privacy in the telecommunications sector. TeliaSonera is present in 20 countries. And as Kevin mentioned we published our transparency report a couple of weeks ago starting with our home countries so not covering all of our countries but we have included firm company commitment to add additional countries as we go. So our next report will be on really in January next year adding an additional five countries. I will speak about mainly three things today; one is the industry dialogue due on transparency reporting.
Secondly some words about our ‑‑ my company's own transparency report. And thirdly about reporting on what we call major events. So closing down of networks and services, et cetera. So first on the industry dialogue due on transparency reporting and here please note I cannot speak on behalf of single other companies, that should be noted. So the industry dialogue view is that first we have included aspects of transparency in our guiding principles which are available on the net in I believe seven different languages. And we have committed to report on progress of implementing our principles yearly. We have also committed to report what we call major events. I mentioned shut downs of full services, networks, et cetera.
And we have also committed as a group to compile information on national legislation and regulation that covered this area that we are covering at this workshop today. So what we also do in the industry dialogue is of course we listen to each other and learn from each other, although actual transparency reporting of figures as such is not part explicitly of our guiding principles. Of course as this issue has emerged we have very strong ongoing shared learning within the industry dialogue and as you know some months ago (?) published a report. And I will say that industry dialogue members will have different levels of transparency reporting in consultation with their respective stakeholders. In this context we should also note what the industry dialogue consists of both operates and vendors. And vendors have other approach to these issues. A single operator, single tele‑co only has a partial view on the extent of surveillance. The companies can help in this debate and help with their figures. So some words on TeliaSonera's transparency report published August 22, available on TeliaSonera.com of course. And the first report contains figures of Sweden and Finland and also text on major events throughout TeliaSonera group present in some 20 countries. We will add in January, Denmark, Estonia, Nepal, Norway and Spain. Our priority is to protect the privacy of our customers. But governments in all countries by law decided by parliaments have the right to demand information about our customers. First we encourage governments to be transparent about these laws and the extent of the surveillance but we have decided to contribute to such transparency so in essence we want to make sure our customers know that the states take access to their data and to what extent.
I can go in later maybe during the panel on why it's difficult to compare different countries, because that's often I see what happens as soon as a report is published such as our, Sweden and Finland, people start comparing the amount of requests in Finland and Sweden. That's very difficult and maybe we can go into that later. So some words on reporting on major events.
TeliaSonera and also the industry dialogue in its guiding principles has the aim to be transparent on a major event when it occurs. So when there is a new law in Kazakhstan or if there's a new law in Turkey or any other country which has a large impact on freedom of expression, if possible we have agreed and committed to be transparent on that. If it's not possible, if it's a take‑down of a site or a service or something, national law will state that this is illegal to be transparent about this so what TeliaSonera has decided to do is to report on a more general level so within our transparency report it will find that we write that in our operations there have been some ten major requests during the first half of 2014, we write about these requests what they're all about and our point of challenge, what we have done to ask for clarification where we have tried to be transparent et cetera. So we write about it on a more general level so we don't put our employees locally at risk. And we don't break the national law.
However, we have been also able to be specific in some cases. There was closure of Russian TV in Lithuania and we had when this occurred we had news items on TeliaSonera.com. We have a news item on this new law in Kazakhstan and we have been very open in Sweden on our point of challenge against the European data retention directive. One more thing, there's another type of transparency which has not been discussed in the contexts of workshops like this before and that is that when companies have defined their point of challenge in the industry dialogue guiding principles or in own company policies, this of course is then followed up when we meet with government representatives. So TeliaSonera has face‑to‑face meetings with ministers and others in Georgia, Uzbekistan, and explained our view on real time access for information, et cetera. And this we have also published on our home page. This set of meetings. So we let our customers know to what extent we follow our commitments in our policies.
So I think I'll stop there and I hope we will get into the difficulties in comparing figures. Thank you, Kevin.
>> KEVIN BANKSTON: Thank you. I have to say that the flood of telecom companies that have begun issuing reports in the past year or so has been quite a great development. Prior to Snowden the only one I knew of in the US was Credo (phonetic) that was issued in a report. Now we have Verizon, and maybe some more. I think that as Patrik mentions it's important not only to have good quantitative data about government requests and the like but having strong qualitative data explaining the state of the law and the types of restrictions on the companies and the difficulties they face is important. There's a comprehensive large legal appendix that tries to describe the legal situation in companies where Vodafone operates. Laws that govern what the company can say about access to data. Coming out of the Vodafone report was a lot of countries have direct unchecked access to its network, something those countries don't want to be revealed and Vodafone was brave in admitting. Also Patrik makes clear there's been a lot of focus on privacy related transparency reporting since Snowden because the Snowden scandals a surveillance scandal. Next up I had like Wendy Seltzer to talk more about the kinds of transparency that can help us. Wendy?
>> WENDY SELTZER: Thank you, very much, Kevin. I'm Wendy Seltzer. I'm on this panel in my capacity as founder of the Chilling Effects clearing house project organised out of the Berkman Centre at Harvard in collaboration with the electronic frontier foundation and a number of law school clinics. Chilling Effects clearing house is database of online content removal requests. We started it in 2001 expecting to get mostly individual self‑reporting of cease and desist notices, take down complaints that individuals got from something they posted online. We quickly found that lots of these demands were being sent to Internet intermediaries, search engines and blog hosts and other sorts of content hosts as those emerged. Twitter didn't exist in 2001 but as we grew as a database we started to get submissions of take‑down demands in bulk from companies who received them and wanted to be able to be transparent about what was and wasn't appearing on their services and why. So Chilling Effects now features submissions from individuals and from companies including Google, Twitter, the wiki media foundation, Ditub (phonetic), Internet service providers. And through the posting of the legal complaints that they have received we now have more than 200,000 individual complaints there showing the demands for removal of more than 100 million URLs, individual pieces of content that are no longer available to search or browse. And that number is growing by leaps and bounds.
Year over year there's an increase by an order of magnitude in the demands for content removal. Some of these based on various aspects of national law by far the largest number of complaints are those under copyright invoking the US digital Millennium copyright act which encourages providers to remove materials or links to materials on a compliant of alleged copyright infringement. And some of these are valid complaints and the removal of the material is legitimate and the publishing of the complaint allows researchers to verify that, to see that in fact materials were claimed to be infringing were removed promptly. Other complaints were pushing the boundaries of copyright law or worse, just abusing the copyright law because it's quite convenient to be able to take down the postings of a competitor by asserting that the language is too similar. Of course competitors who are talking about the same language, or to take down criticism. There's the story of a tumbler called Escher Girls where a critic of comic book art posted all sorts of fantastic positions of women in totally improbable appearances to criticize the depiction of women in comic media. One of the artists of these comics send a complaint saying these were his copyrighted materials being posted and tumbler's first response was to remove the material because under the US digital Millennium copyright act they get an immunity from liability, they're encouraged to do that.
But by posting the complaint that she received, this user was able to draw attention not only to the artist and his depiction of women but to the misuse of copyright law because under the US fair use law it's a clear exception to copyright to post images or other copyrighted material for the purpose of criticism. The best way of criticizing an artist's depiction of women is to show how that artist depicts women. So that's just one example of the sorts of things that Chilling Effects includes. We also have complaints under other areas of the law claims of Twitter sends to Chilling Effects the requests for country‑based removal of content. Many complaints under Turkish law there in the database. Twitter, while it is asked to remove the tweets or the tweet streams or Twitter users is at least able to publish the complaints that it’s received to show users why it is that they may not be able to see the material they were looking for. So that's where I think that kind of transparency feeds into governance because we see that out of the Internet experience is shaped by the law and by government enforcement of the law but also by private enforcement and also by the private choices of intermediaries acting upon the pressures of both government and private law enforcement.
And all of these shape our experiences of the Internet, our view of the world through the Internet, and our view of the legal and policy environment. So the Chilling Effects clearing house aims to make all of these kinds of governance more transparent and more visible to the public, to the populous that is affected by these various regulations. And then in turn to introduce means of oversight because only by seeing the way the laws are being applied and the way the laws are affecting our experience are we as public as members of voting public able to express our views both to our governments and to the companies we depend on as intermediaries to express ourselves.
So that public review of what is being removed, why, allows the public to raise news articles, allows journalists to investigate and to bring to light instances like the Escher girl's complaint, instances where copyright holders over reaching. Instances where private individuals may be making demands for removal or that are unjustified. We are currently seeing, for example, the expansion of right to be forgotten across the EU, the right to remove links from search engines that portray you in a light that's maybe out of data and against the way you currently want to be seen on the Internet. But if that is applied through intermediaries, if Google and other search engines are told to remove links, how is the public to know whether that's being applied only to remove things that are out of date or irrelevant, or also to remove things that are current but disparaging or dissatisfying to the person about whom they're reported. If a recent criminal tries to remove links to his recent crimes in order continue perpetrating those frauds, certainly the public would like to remember and not forget that.
We are looking into ways that we can help to encourage academic research on the subject without violating the laws and without exposing the private information of people who do under EU law have the right to remove information. So Chilling Effects and its database help to provide this governance, help to provide this public accountability of varying kinds of law enforcement. And it's been used in more than 30 legal and academic articles just in the United States, more in other countries. It's used by journalists, by policy makers. And we are currently in the process of working even harder to internationalize both the team that works on the Chilling Effects clearing house, through the Berkman Centre and its network of centres that reach well outside the United States to work with legal analysts in other countries and even potentially to share the responsibility for the database and collection of content. And then we are just that very moment in the process of transitioning our infrastructure, the database that we built in 2001 has scaled pretty well throughout the years but we are upgrading it to make it far more searchable and easier for those who submit and search to use to generate their own slices of transparency reports so that we can use this data effectively to look at the various places that content may be requested to be removed and the ways that reflects the broader view of the Internet.
>> KEVIN BANKSTON: Thank you, Wendy. I recommend that you visit chillingeffects.org that the Escher girl's example is the top story now. And it's also another good example of how qualitative information about how content take down works online is very important. But returning to the realm of the quantitative, Ryan Budish is going to talk about the difficulties of reporting the numbers about government requests for information in particular.
>> RYAN BUDISH: Thank you, Kevin, my name is Ryan Budish and I'm a fellow at the Berkman Centre at Harvard University. We began to look at this issue of transparency reporting a little over a year ago when at that point it was still primarily Google and Twitter and a handful of other companies. And the question at that time that we really wanted to start investigating was we wanted to identify some of the emergent and best practices specifically with regards to requests for user data.
And as part of that we conducted interviews with a bunch of companies both ones that at that point had already released transparency reports as well as those that were on the fence about it and were debating it in order to try to figure out what were the challenges that they faced, how did they make the decisions they made, how did they address the challenges that they face and figure out their general approaches. And then moving forward in particularly now as more and more companies have started to release reports and we have seen what is really an incredible ecosystem really of transparency reports and the reason why is because there's a great diversity of reporting which is both great because there is innovation but it also means that there's ‑‑ it becomes very difficult to compare cross reports.
So one of the questions that we wanted to start thinking about was could we help develop some best practices or identify the best practices that were coming out in existing reports and offer some kind of framework that might help companies that wanted to start releasing transparency reports do that in an easier way. And then also improve the consistency across reports both new and existing in order to increase the value of those reports. So as part of our research we identified both some benefits of transparency reporting as well as some of the challenges, particularly when it comes to some of the numerical accounting issues that Kevin mentioned.
So some of the benefits, and we have talked up here already about the role in policy making and all of that, but when you talk to a lot of these companies, that may be one of the issues that they think about when they decide whether to release a report or not, but it's actually there's a wide variety of benefits that have either motivated companies in the first place or they discovered after the fact. And one of perhaps the most interesting of those benefits is that transparency reporting itself has led to better compliance practices at many companies. We talked to one company that before they started doing their transparency report they were essentially responding, keeping track of government requests for user data in an e‑mail in box in one country and were using totally different method in a different country and there was very little coordination between offices. And it was the fact that they knew that they were going to be putting out a document that was going to have to have consistent numbers in it that they were going to have to stand behind a document is what motivated them to invest the up‑front resources in changing the way they handled the incoming government requests. And in turn this actually made responding to requests overall easier and simpler in terms of an efficiency process so it lowered their overall costs in the long run for handling these requests but it also made them more consistent worldwide in what they pushed back against and what they did not. And so it generally actually just improved the quality of their compliance. And so that was a sort of surprising finding from our work.
And another sort of benefit that companies identified motivation for doing this is that it's actually competition, that many of them see this is a differentiating factor and that's part of what led to this sort of growth and differences in reports because companies are to some extent trying to one up each other and so when you look over a timeline, the initial report were very sort of bare bones and now some of the companies that have been doing this for years, their report covers a multitude of things with great detail and then you see some of the newer companies that are jumping into this, you know, like Vodafone and TeliaSonera and these Verizon report. So the quality of reporting in general has gone up as companies have been competing on these things. So there's been a lot of interesting benefits beyond just the policy issue that we talked about earlier here. But there's really sort of four big challenges that I think are largely intentioned when you start to look at the numbers themselves in the reports.
The first is that we want these reports to be useful for events like this, for opportunities, for policy making, and in order to do that you often need a level of granularity that does not exist in a lot of the reports that we see. For instance, a lot of the reports have been released by US companies and they have treated the international requests that they have received in very, very different ways. So some do a very good job of breaking down requests by countries, others lump all international requests into one bucket and do a very nice job describing the US requests they get. And some ‑‑ I'm sorry international requests in overall. So there's just a wide variety of how companies approach the level of granularity which then in turn makes it more difficult to use it in situations particularly in international settings like this where you really want to be able to make a case that isn't just about the United States. The second sort of challenge is that you want transparency reports, if you want more companies to be doing it, it needs to be easy for non‑lawyers. A lot of startups, you know, have 1 or 2 at most lawyers if they have any. And so the people who are going to be creating the reports are not lawyers. If you want more detail, oftentimes if you talk to people they will say well we really want retrospective versus protective.
We want warrants, subpoenas, court orders all these things broken out but then you start getting into legal terminology that a lot of people at companies would say I don't understand what this means. And so that's a big challenge for creating reports. Then a third challenge is something that Patrik mentioned which is how do you make them comparable across both countries and companies? And so the company's one is particularly difficult because companies have very different services. So the requests that they're going to get will be different. A company that is largely a public communication service is going to get very different requests from a cell phone carrier that has where they can tap phones or do cell tower dumps or get GPS, whatever. Very different kinds of requests.
The second piece of that is that companies have very different relationships with law enforcement agencies. So some companies oftentimes they are repeat players with law enforcement agencies. And so they may end up having understandings with law enforcement that law enforcement wouldn't ask for certain things because that company wouldn't in fact give them. So their transparency report looks very different because they didn't get requests for things because the law enforcement agency didn't ask for them in the first place. Whereas another company may not have that relationship with law enforcement so they get a lot of those requests. So it can be very hard to compare without understanding the different relationships that the companies of with law enforcement.
And the final challenge is you need transparency reports for the average person to understand. This is proven to be quite difficult in part because oftentimes when these reports come out, a journalist looking for a good story picks out the largest number in the report and says company X turned over user data which oftentimes is both not really accurate to the story what the transparency report is trying to tell but then also doesn't really help the average person understand what the report is actually saying. So those are some of the challenges we have seen with the numbers.
>> KEVIN BANKSTON: Speaking of average people not that anyone in this room is average, how many of you actually look at a transparency report? Good. How many found them useful in some way or another?
Oh, most of you, that's heartening, it great. Well our next speaker, Juliana, is going to talk about whether and how transparency reporting has been useful in the Brazilian policy context.
>> JULIANA: So I'm Juliana, I'm the Executive Director of the institute of technology and society from Brazil. I like to make three quick points about this issue in Brazil because otherwise Pranesh wouldn't have any time to speak. The first one will be the legal, the second is the lesson we learn from transparency reports and the third is the opportunities we find in transparency reports. In Brazil we have the (?) I think you heard of it because we are many Brazilians here, we have been talking about that for the past six years. But it's really interesting because it's I think our Internet bill of rights and it took is six years to enter complex negotiations with politicians in Brazil and now it's approved. So I think since the way Microsoft was so transparent because we had many open consultations with the Internet. Transparencies also a principal in Microsoft. Another things is establishes for the Brazilian governments so we have a paragraph that says governments should promote transparency in the Internet so I think it's really interesting because Internet and transparency is something somehow connected in our country.
We also have in Brazil access to information law, there's a law that regulates the right of access to public information. It was already in our constitution but it wasn't regulated before but now we have this access to information law. But on the other hand I would say that we have an election law in Brazil and this law regulates ‑‑ confined to a three‑month period and there are restrictions on how where political advertising can appear. This law also specifically protects political candidates. So in Brazil we have elections this year so things might be ‑‑ we have a really complex relations this year so things will affect Internet as well.
Finally in Brazil defamation is a crime. If we consider these four laws we consider in Brazil we promote at the same time transparency, but also we limit how information about politics moves around the country, both online and off line mediums. So with this context what do some of these reports inform us? So, for example, Google transparency report from 2012 show that Brazil tops the list of countries that regularly removed digital content. So most requests for content removal was related to political critique. I think it's pretty serious our situation in Brazil about this. So plenty of the requests had to do with defamation which comprised about 2/5 of overall requests. It's really interesting at the same year a judge in Brazil has ordered the arrest of Google's president after it failed to take down information. So it became huge in 2012 in Brazil. We have elections in 2011 and 2012. 2012 was estate elections. 2011 we had presidential elections so I don't know what is going to happen in our country this year because we have a really tough election for presidential elections this year.
But I can clearly some see opportunities and I think these transparency reports can help us. So (?) Defines intermediary liabilities. So I think if we study better those transparency reports, we can as researchers and activists see how they're being implemented and how courts understand them. So I think it's going to be really interesting for us. Also Snowden's revelations last year were a huge thing in Brazil because the president was really worried about surveillance in Brazil and spy talk was really popular last year. Everyone was talking about NSA and spies. We don't have a well‑known intelligence system ‑‑ not that we don't have it, I don't know, but that's not a common talk in Brazil. People worry more about those indicators. They are also important too for policy makers, academics and researchers. People researching that much those transparency reports but I think there is also an opportunity there and as Ryan said, we have to make ‑‑ we have an opportunity to make them easier and to build narratives around transparency reports because they can show us really rich indicators about the use of indicators and how courts and politicians see the Internets as well.
>> KEVIN BANKSTON: Thank you, Juliana. Content take down I expect will also be a big part of what Pranesh has to say and I expect we will go to audience questions rather than me asking anymore questions.
>> PRANESH PRAKASH: Thanks. My name is Pranesh Prakash. I'm a policy director at the Centre for Internet and society. And I'm also an access to knowledge fellow with the Yale Information Society project. CIS is policy research organisation and it's primarily from that capacity that I'll be talking about transparency reports. Google was pushing hard on the issue of transparency. It's not just transparency in the form of transparency reporting but a larger form of transparency in terms of transparency to users and to investors. I'll briefly quote a few instances of where transparency reporting has been of use and not been of use in India and then go into a few comments. In response to a question by a member of parliament there was information revealed about the number of phone taps that were happening. This figure was almost directly contradicted seemed to be too small when compared with the information revealed by the telecom company in its filings before the Supreme Court of India in a separate surveillance related case. We don't know who to believe. There might be a possible explanation for how both are correct reliance, for instance, might be taking into consideration requests they get from state level agencies, the union might have been reporting only about union level information. But this just goes to show the need for companies to be releasing information of this sort and not just relying on a single government explanation of a particular number as the gospel truth on something like phone tapping. Google, their transparency reports have been played up in the media quite a bit. In fact, very interestingly a couple of years ago when there was a great deal of age station about governmental censorship in India, just while that was happening Google released one of their transparency reports and it contained a large number of requests for government criticism.
Now, this on television the minister who was responsible for communications and IT was ask asked about this and he said on live television that Google was lying. He checked with his bureaucrats and they said had they had not sent any requests from his office for take down ever governmental criticism. I can't verify one or the other has an independent researcher. Google does something great which is sometimes when they provide the numbers they also provide instances, flavor. Now if they actually provided much more of that flavor and greater amount of detail, that would allow independent researchers like myself to actually say who is correct on that matter? Maybe the minister is also being truthful about it. I right now can't tell because neither party is providing enough information on this matter, and there's no actual way of going out and finding out from every single police station in India and the hundreds of thousands of requests whether or not they sent to Google. That kind of information would be really useful. FACEBOOK, on the other hand, has revealed information that India has been the country which has in its most recent report has requested the greatest number of content removal except it doesn't tell me what kind of content removal or provide any categorization which would be really helpful. It was government criticism which would be unjustified under the Indian constitution for removal.
One other case I'll just mention, some small ISP in India revealed the list of websites that they have been required by the government to block. This has happened only recently but this practice still has not spread to larger ISPs. To take reliance as an example again which is India's one of the largest telecom companies, one of their servers was hacked a while ago and a list of all the websites that reliance blocked was released and this shows that reliance is blocking websites that others were not blocking. The government had not requested them to block because I had independently filed the right information request with the government to find out all they had asked ISPs to block and I had gotten a response.
And if we have a ‑‑ and then reliance it seems actually stopped blocking those websites which they weren't required to block after it happened but the day I tried it as soon as the leak happened those sites were blocked from reliance connections so that leak seems quite genuine to me. This kind of information unfortunately might not come out in a transparency report because it's not aggregate data and even if companies are providing detailed information they might not incriminate themselves, they might not tell us that they're blocking websites that governments ‑‑ that are about criticism of their own company that the government hasn't even asked them to block. So there are limitations to transparency reports of that sort and situations where aggregate reports just wouldn't tell where you need much more detailed information. In terms of user data requests, of course we can't get into very much detail but I think in terms of content removal we must. And this leads me to my last point which is about the idea of invisible censorship. Traditionally the largest form of censorship that we have is governmental censorship and that can be fought because you know that it's happening. If due process is being followed, then you see processes happening in court, you see an executive order having been filed, if there's a right information regime you can file for information from the government for it, et cetera. And when things are banned and a book is banned there's no official publication about it. And you can laugh, you can have parodies, you can have counter speak, you can circumvent the censorship. But when you don't even know that censorship is happening that's much more difficult and that is the largest domain of censorship nowadays I would say where the largest means of communications all the private platforms that are being operated by including some of the companies on this table, actually allow for aren't publishers them self.
They also allow others to request removal of that content yet I haven't seen any transparency report about user requested content removal except I must recommend Google on this, with respect to information on copyrights. So and that leads me to my last point which is that if a government is instituting a notice and take‑down system or something of that sort, as for instance, India has, South Africa has, and these are providing the backing of law so if you received a notice then you have a legal obligation or at least a legal incentive if you don't want the lose your protection as an intermediary to remove the content. If a country is actually putting doing something of that sort they should put in time a government‑operated Chilling Effects clearing house. They should be notified immediately automatically when a user request is received by a company under that law. And I will like to see a lot more of this. So when government does that I would like so to see governments running it or I would like to see aggregate data, otherwise this entire large space of what seems to be invisible censorship is just essentially a black hole. Thanks, I'll leave time for questions, I hope.
>> KEVIN BANKSTON: Thank you, Pranesh. So this is one big gap in transparency reporting which is voluntary take down buys the platforms. I'd like to move on to questions, some of the question ‑‑ I'd be curious about views about other features of transparency reporting other folks have questions about. Then we will move to remote participants. Is see Rebecca Mc Kinnen has her hand up. Is there a microphone?
>> AUDIENCE: Thanks. This is really I think useful overview of all the different facets. I wanted to pick up on some of what Pranesh was talking about. And one of the things I've been hearing a lot talking to different companies, and talking to others, is that when a government goes to a company and is perhaps considering making a request that hasn't yet made the request or figured out how to make the request, if it's a request pertaining to content against the terms of service or the community guidelines it's my understanding that a number of companies handle this in a different way than they handle official government take‑down requests. They instruct the government whether it's national or local government or whoever, agency, to just use the standard form that any user, any Internet user could use to complain about violations of the comment guidelines or terms of service so that these requests aren't then recorded by the company as government requests, they're just going in the cue as kind of Internet user reports on terms of service violations.
Yet we do know that sometimes countries are ‑‑ governments are encouraged to use this channel. It's not clear to what extent those requests get special attention compared to random Internet users. And those requests are not of course being reflected in the government requests data for take‑downs in transparency reporting. Of course as Pranesh pointed out the take‑downs that are part of reports on terms of service community guidelines violations are not part of the transparency reporting system. And so I would love to hear people's perspective because I've asked companies why can't you include some of this other private enforcement information in your transparency reports? And they cite a number of difficulties, some which I'm sympathetic about like our spam requests. I can see there's a lot of challenges but I would like to hear perspectives on terms of service violation and community guidelines violation and take‑downs as part of private enforcement, what would an ideal approach look like? What should we be asking companies to do on their private in terms of being more transparent in a useful way that will build more accountability on private enforcement, what are the first steps that need to be taken, what should that look like?
>> KEVIN BANKSTON: Who wants to briefly address that question?
>> AUDIENCE: I don't know the answer so I'm looking for ideas, here.
>> KEVIN BANKSTON: Please, Patrik.
>> AUDIENCD: Thank you. If I may ‑‑
>> KEVIN BANKSTON: We are going to have a response to the question.
>> AUDIENCE: I'm Charles; I'm actually a legislator in Hong Kong. What I've been doing in a couple of for the last couple of years has been that I ask my own government to reveal their own request for user data and removal requests and so on and they have actually complied with my requests for the past two years. And detailing at least to the extent of which department has been asking how many questions and what they are. My question is whether or not you've tried to do similar things in your country in asking your government or your legislators to help get that kind of information from your government. And second the interesting thing I found out is even though my government has been willing to at least give me some answers my local Internet and telecom companies are not doing the same. I believe maybe there isn't enough user request or sentiments to ask for that. But I would be interested in knowing other than talking about the big global companies; what about other local more local companies in India and other countries whether or not they ignore it. Have they been ‑‑ what kind of incentive are there to drive them to do their own transparency reports? Thank you.
>> KEVIN BANKSTON: So if we can first address Rebecca's question first.
>> Yes. Thank you. I mean my proposition is that there needs to be a clear and distinct separation between entities within the company so one entity dealing with surveillance requests from authorities and one abuse department which has user requests. But it's an interesting angle and requests from governments should of course not come into the abuse and should not be handled there. That needs to be checked everywhere and by ever company. To the second request as Susan and Kevin chairing here mentioned transparency reporting is quite new and evolving. So of course best practices evolving and the larger companies are leading the way and of course we would want additional companies to join this work. But it should be governments giving this report.
>> KEVIN BANKSTON: Please. And then Susan.
>> Very quick response to Rebecca, what should first steps look like. Well the IGF is supposed to be a forum for policy dialogue. Here could well be a place where you become upon standardized ways of reporting what Rebecca is saying that people actually take back home best practices, et cetera, that Ryan and Kevin have been working on and more details that Rebecca wants to see including your project. Take it back home and actually do it. What else is the use of the idea otherwise if this doesn't happen? So that would be a good first step. Actually having panels like this and people whoever is interested talking to us, to all of us, after we step off here and us actually doing stuff. And should I also address Charles's question?
>> KEVIN BANKSTON: Please.
>> And this kind of goes also to bolster Rebecca's point which is in India there is one particular section for the government to tell intermediaries to block content. That has very restricted very small set of reasons for what the government can actually use them. On the other hand there's the more general provision that the government recently introduced which anyone can use, not just the government, which anyone can file a complaint under which is with a much larger list of reasons, much larger list of things that are essentially banned in India including things like copyright infringement and things that are harmful to children, quote, unquote, et cetera. Since anyone can use this, it doesn't prohibit government officers from using it either. So now earlier I was actually able to write a request to the government saying what all requests have you sent? I was able to get a limited, small list that they had actually sent. Now that's nearly impossible because they don't have to identify themselves as government while sending the requests under the new provision and there's no way of me finding out from any other party, ISPs don't respond to any of my questions. Other companies don't ‑‑ private companies don't respond to any of my requests. When I point this out to the government they basically say tell the companies to be more transparent. There's nothing in the law that actually prevents that. So it's not a situation that is easily escapable. And there's no Indian company, no South African company or anything that actually publishes transparency reports. I'll just say that it should not be seen as activism that these companies are engaging it but it should be seen as basic fundamental duties they owe to their companies and investors that they are actually performing. I think that change in mindset is something we should be able to get at rather than trying to get companies to somehow be more activists. Most of them are risk‑aversed, they wouldn't. But trying to change the frame of the debate I think is necessary.
>> KEVIN BANKSTON: Susan and if we can fit one last question and an answer to that and if there's time, one more.
>> SUSAN MORGAN: So just a couple of thoughts. Rebecca to your point, it seems to me what we want as a minimum is accurate reporting. Accurate figures. So if different mechanisms are being used, different ways of reporting need to be found. So I think conversation around that are would be a good first step.
In terms of the incentives for companies to report, I think the role of the investor's community shouldn't be underplayed. If companies are publicly listed, certainly in the US, though it's a very active campaign by a group of investors prior to AT&T and Verizon after the Snowden investigation, I think the roles that companies can play in terms of companies being more transparent is one way of looking at it. I think it's also worth looking at for the larger companies that are already reporting, if they are covering a large number of markets or active in a large number of markets is there other things they can do in local markets that can help smaller companies or companies who are locally based. Two ideas.
>> KEVIN BANKSTON: Thank you. Ma'am?
>> AUDIENCE: Can you hear me? Katrina from Association of Progressive Communication. I want to build on trance passenger to years and user reporting because one of the gaps in this regard is transparency for the men who have been victim of the violence against women online and we have done recently studied to assess to what extent social networks, YouTube, Twitter recognize against violence to women on their platform. One of the challenges we have been dealing with was a lack of information starting from the point that you don't have a clue about who is actually working in these companies and dealing with that area of work. And there is no available data on the types and numbers of reports received from users, and also how these reports are dealt with, who is dealing with these reports on the staff, what is their training and language skills? It's very critical for women to report if they're coming from non‑English countries. So this is just my point.
>> KEVIN BANKSTON: I'll take that as a statement and not a question but an important one. And so in this gentleman with his hand raised, I think is probably going to be have to be our last question. Ma'am, right over there. But we also will be available after the panel if you would like to say hello. Yes, sir.
>> When we listen to the audience and check the transparency reports ‑‑ can you speak a little more directly into the microphone?
>> Of course. You come from private party. So when we listen to the panel and check the transparency reports of the last few years we can see that India, Brazil and Turkey, the three rapidly emerging countries have been topping the list of the transparency reports in that they ask for the most content removals. Are these transparency reports actually going to change the government's approach to content removal and censorship and is prosperity going to have moral and ethical approach to free speech?
>> KEVIN BANKSTON: Who wants to speak to this one? Pranesh?
>> PRANESH PRAKASH: No, but they will provide the basis to change. Transparency doesn't equal accountable or less surveillance but it provides you the basis to actually make those claims to see what is justified. India has a population of 1 billion, of course it going to make more requests than a country with less population, with less content online so we to have keep all that in perspective. Transparency by itself doesn't do anything. It's a tool to be used for accountable, for rule of law to be followed, et cetera.
>> KEVIN BANKSTON: On that inspirational note, thank you ‑‑ oh, Juliana? Sure. Please.
>> I have something light to add. In our transparency report with regards to take‑downs we also have a small section in our FAQ on fake government requests we received published. It's very interesting to fake requests we received. You might want to take a look at that.
>> KEVIN BANKSTON: Thank you all for taking the time and coming here at 9:00 in the morning. Thank you for being engaged and listening to this excellent panel and thank to you the panelists. Thank you, very much.
(Applause)
***
This is the output of the real-time captioning taken during the IGF 2014 Istanbul, Turkey, meetings. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.
***