What is fragmenting the Internet 2: Comments at Ditchley Conference, November 2016, Oxford, UK

by | Dec 3, 2016 | Free Speech, Open Blog, Privacy | 0 comments

Another argument in favor of MLAT reform in the name of de-fragmenting the Internet is that it will ease the pressure for data localization. The argument goes like this: non-U.S. governments, not happy that most of their subjects’ data are outside their reach of surveillance in the U.S. soil behind the clunky bar of MLAT, will want to do exactly what Chinese are doing: barring overseas-based services from the domestic market and mandating data localization.  Firstly, it is hard to believe that any government will do data localization just to have better access on its citizens’ data stored overseas.  It is for censorship purposes that they want localization, not for surveillance purposes.  Changing MLAT so that the foreign government can better access the U.S.-based data will not change their incentives.  Secondly, look at what happened with Snowden revelations. European fear of U.S. surveillance led to ECJ’s Schrems decision, which voided the EU-US safe harbor agreement and is threatening the global data flow.  It is more surveillance that fragments the Internet.  MLAT reform bypassing the approval of the government over the locus of the data will enhance significantly the worlds’ governments’ ability for cross-border surveillance.

There is yet a third phenomenon that people denounce as “creating an alternative Internet”, namely, China building networks in Africa using their network equipment which has remote surveillance capabilities in favor of Chinese law enforcement (so-called ‘backdoors’). However, the risk is exaggerated:  The hardware is the same. It is manipulation of the software through which inter-continental surveillance can be done. However, the software gets updated many many times all under the control of the local telcos after the equipment leaves the control of the Chinese network builders. Even if there were backdoors built in the software, African telcos can easily update them out of the equipment. Yes, there is the risk that African law enforcement may make pernicious use of the backdoors and we should be very vigilant against such risk. However, barring evidence of such foul play, it is hard to call it building another Internet when their network still follows the same TCP/IP standard.

The reason that African countries are using Chinese network equipment is because they are cheaper. They need to build the network to give access to their people. These are the next billion people waiting to be connected. If at all, we should by all means encourage people to build the physical layer whether they are using the Chinese equipment or not. Whatever foul play happens above the physical layer, i.e., backdoors, should be responded to at that higher layer.  Commenting badly on the building of the physical layer just because they may use it for crimes or surveillance at a higher layer goes against the end-to-end thinking that underlies the contemporary Internet governance.   Worse, it is kicking away the ladder if it comes from developed countries’ commentators.

If you really want to protect the global nature of the Internet, we should keep MLAT as it is and we should geo-block content takedowns.  We’d better protect user privacy whereveer our users are whatever their nationalities are, which means we should not give it up to the foreign law enforcement just because some foreign judges approved. We are holding the users’ data and whoever wants to get the data we are holding, it has to be approved by some officials who have political responsibility and mutual accountability with us.

The same argument can be made for censorship.  We’d better protect user postings wherever your users are, which means we should not take down material to the extent that such takedown is required either by the users’ country law or by our own country’s law. Sure, there is difference between takedown and data access, data access should be authorized by both our law and our users’ law. For takedown, yes, one authorization will be sufficient BUT just as you have privacy implication on user data, you also have free speech implication on user posting whichever your users are. For us to take down user posting globally, it has to be approved by the court that has political relationship with we. If it is approved by a foreign judge, you have duty to protect residual free speech interest of the author vis-a-vis our users in other parts of the world. The only thing we can do is to take it down in the areas where it is illegal.


Submit a Comment

Your email address will not be published. Required fields are marked *