John Palfrey

I’m at the Berkman Center feverishly trying to finish testimony for the Congressional Human Rights Caucus hearing tomorow in DC.  I’m just starting to consider Microsoft’s announcement of its new policy on blogging, censorship and surveillance. 

At a minimum, I am pleased to see the transparency of their decision-making, the commitment to a process internally before replying to a state’s request for information, the commitment to making content blocked in one state accessible in other states, the commitment to transparency to users about what’s being blocked, and the clear message that this is not just about China.  Perhaps most of all, their call for a broad-based dialogue on how to manage this problem is right on, in my view.

Here are the operative segments, cut-and-pasted from the announcement:

“* Explicit standards for protecting content access: Microsoft will remove access to blog content only when it receives a legally binding notice from the government indicating that the material violates local laws, or if the content violates MSN’s terms of use.

* Maintaining global access: Microsoft will remove access to content only in the country issuing the order. When blog content is blocked due to restrictions based on local laws, the rest of the world will continue to have access. This is a new capability Microsoft is implementing in the MSN Spaces infrastructure.

* Transparent user notification: When local laws require the company to block access to certain content, Microsoft will ensure that users know why that content was blocked, by notifying them that access has been limited due to a government restriction.”

Will a policy of this sort make any difference?  Well, it’s surely just a first step, but I think it is a positive step.  So much will become clear if we ever find out how Microsoft acts when pushed on matters by a repressive regime.  Will these policies render Microsoft’s stance more protective of civil liberties — in appropriate contexts — than that of another company, perhaps one based in that regime?  Entirely possible, but so much turns on the application of the policy on the ground when trouble starts.

* * *

Not specific to this announcement, but prompted in part by puzzling over it: one theme that I think ought to emerge is the distinction between various contexts.  Microsoft’s announcement is somewhat helpful in this parsing process, though of course does not provide all the answers. 

Start with the presumption (though I know one might take issue with this starting point) that a United States company is competing in the marketplace of another state that has an extensive filtering and surveillance regime in place.  (For examples, see the OpenNet Initiative’s country studies.)  Consider whether we think the ethics are, or may be, different in the following scenarios, when a US company:

1) blocks access to content published by a citizen of another state at the explicit request of that other state,

  a) which blocking disallows the content to be viewed by another citizen of that state

  b) which blocking disallows the content to be viewed by those requesting to see it from states other than the home state of the author (such as the United States);

2) blocks access to content published by a citizen of another state at the implicit request (i.e., “you should generally block things of this nature”) of that other state

  a) which blocking disallows the content to be viewed by another citizen of that state

  b) which blocking disallows the content to be viewed by those requesting to see it from states other than the home state of the author (such as the United States);

3) turns over information about the user of an online service, pursuant to a specific legal notice from another state, when

  a) that user is the citizen of another state,

  b) that user is the citizen of the United States but acting in the other state; 

4)  turns over information about the user of an online service, pursuant to an informal request from another state, when

  a) that user is the citizen of another state,

  b) that user is the citizen of the United States but acting in the other state; 

[Does it matter whether the user’s alleged infraction was one that was a crime in the United States, or whether the information is sought because of political speech by that user that would plainly be protected under US law?  Whether the state needs the information to save a life, or to carry out a preventive law enforcement act?  How can the US company know?  What about when the request is to support research on a general policy issue, such as the US DOJ’s request for search engine data, apparently without user-specific data, in the COPA matter?] 

5) develops general-use technology that is used in the filtering and surveillance practices of another state; or,

6) develops specific-use filtering and surveillance technologies that are used in such regimes in other states.

There are no doubt many other permutations, but these seem to me to be starting points for parsing out the thorny ethical problems buried here.

We at the OpenNet Initiative have built a search-compare tool
to show what results you get on google.cn as compared to
google.com.   Be sure to try out “human rights” and some of the other  sample searches we’ve got up there.  (Special credits to Nart Villeneuve and Boris Anthony.)

We are enormously grateful to our friends at the MacArthur Foundation for their support, in the form of a $3 million grant, of our next four years on the OpenNet Initiative in its study of filtering and surveillance online.

Alois Stutzer and Bruno S. Frey (University of Zurich) have a new paper out in the Review of Law & Economics called “Making International Organizations More Democratic.”  Likely of interest to the watchers of ICANN, WSIS, and related institutionsin the Internet space (what I think of as the NetDialogue crowd!).

The abstract: “World governance today is characterized by international
organizations lacking democratic legitimacy and control by the citizens
they claim to represent. They are also criticized for being
inefficient. This leads to violent protests and to NGOs having great
influence. To address these problems, we propose international
governance based on the democratic idea of citizen participation: All
citizens of the member countries of international organizations have
the potential right to participate in the decision-making of
international organizations via initiatives, referendums and recalls.
In order to reduce transaction costs, a representative group of
citizens is randomly selected who can actually exercise their
participation rights.” 

Provocative, anyway, and worth hearing them out.

Today, we are announcing a new project — StopBadware.org
– at the Berkman Center, in partnership with the Oxford Internet
Institute and our unpaid special advisors at Consumer Reports Web
Watch.  This is an active research initiative that collects data
and stories from consumers in a  publicly-accessible
clearinghouse, sets forth a series of guidelines for what constitutes
“badware” in our view, and will involve our publication of an ongoing
series of reports about downloadable applications that violate these
guidelines.  We are fortunate to have the support of Google, Sun,
and Lenovo, as well as an exceptional 8-member working group and world-class advisory board.

This project is very much intended as a complement to the many other
good efforts underway to stem the tide of badware, like the work of
TrustE, the AntiSpyware Coalition, researcher Ben Edelman, and many
others in the public and private sectors. 

David Berlind has a great piece
based in large measure on an interview with Jonathan Zittrain about the
law enforcement/privacy/tech company flap kicked off by DOJ’s measures
to get Google to comply with their order to turn over search
data. 

Berlind sets it in the right frame, I think, which is not a simple
request for a single set of information to solve a given case or to
stop a crime from happening but rather in the larger context of the
role of technology companies vis-a-vis states in carrying out law
enforcement activities:

“In the bigger picture though (and on the heels of the domestic spying
issue), the warrant for search data, particularly when there isn’t an
investigation into a specific case of wrongdoing, raises more questions
about how far the Feds can and will go when it comes to mining domestic
sources of information that many (including Google, apparently) believe
to be off-limits to the government.  Most US-based Internet users,
for example, use the Internet on the assumption that a record of their
behavior (whether it includes personally identifiable information or
not) won’t fall into government hands.

“Perhaps the most obvious question is ‘where does it end?’  Does
compliance with the DOJ’s request set an ugly precedent that paves the
way for the Feds to comeback for a mile once they’ve taken an inch?
Even if the data that Yahoo, Microsoft, and AOL turned over to the Feds
was uncompromising in terms of privacy, with no particular criminal
investigation taking place, what happens when the Feds see something
they don’t like? Can they just come back for more and take it? Not to
be alarmist or extreme here, but is China — where Yahoo and Microsoft
(also this) have already had anti-democratic run-ins with that nation’s
government — on the other end of the spectrum along which
domestic Internet surveillance policies are shifting and how far along
that spectrum of chilling effects will the US shift?”

(Before reading what Berlind/JZ said, I did an interview with Red Herring on the same topic.)

There’s a remarkable and worthwhile thread forming over at Shelley Powers’ Burningbird blog after her post on RSS and copyright. 
I don’t agree with everything written there, but it’s a fascinating
back-and-forth, and features two posts (at least) from Denise Howell,
which alone makes it worth the read.  It strikes me as just the
kind of sorting process that we need to go through, to get opinions
about these norms aired and understood.

Gregory Lamb of the Christian Science Monitor has a great, forward-looking piece on the future of RSS:

“Mike Richwalsky has an online helper who keeps him informed. It tells
him when his friends post new items on their websites or new photos to
sites like Flickr. It advises him on what Netflix movies he might want
to rent and gives him the latest scoop on his favorite sports team, the
Pittsburgh Steelers. It also alerts him if his name, or that of
Allegheny College, where he works as a Web administrator, is mentioned
online. It’s even ready to signal him if an online merchandiser gets a
hard-to-find Xbox 360 game console in stock.

His helper is an RSS aggregator. RSS stands for Really Simple
Syndication, and its purpose is in fact really simple: ‘Feed’ the user
information every time a weblog, news source, or a selected website has
been updated with new information.”

Susan Mernit, a wonderful analyst of all things Web 2.0, writes,
in a thoughtful post responsive to the flap over RSS and copyright:
“But it seems to be what Palfrey has not yet addressed–which makes
sense considering this company is so new–is that many of the players
entering into the bundled space recognize they have to give more back
to their creative sources than just a little traffic or a thank you.
… Without some share in the revenue, it’s not right to make $$ from
anything more than a headline and a digest, unless the blogger has
specifically given permission for a great depth to be published off
site.”

No better time than the present to address it.  I don’t have an
answer, by any means, but it seems like a terrific question, one
well-worthy of discussion.  I should note that I don’t think of
this as a “legal” issue (those are addressed in an all-too-long post
yesterday).  But I think it’s a critical issue from the
perspective of developing this ecosystem based on syndicated
content. 

I wonder if what Susan points to is an emerging consensus, which would
help clarify the community’s views and the norm around aggregation (we
could call them the “Mernit Principles”):

1) If a for-profit company a) aggregates RSS headlines and digests of feeds only
(presumably there’s a norm around what is appropriate “digesting”, but presume for these purposes it’s
something well short of a full feed, consistent across all sources
aggregated); b) provides an easy mechanism for those who wish to opt-out to opt-out; and c) observes all licenses
and other stated preferences of those who offer feeds, then it’s OK to make money on the
aggregated content with ads served alongside the content in some
fashion.  (Perhaps My Yahoo! is a — presumably very profitable –
example of such a
model, or something along these lines, as My Yahoo! seems to render
just headlines from the RSS feeds I’ve got loaded in there.)  It
reminds me of what Dave said back in December about how to make money online.

2) If a for-profit company aggregates full RSS feeds and makes money
from the aggregation, it’s not enough to give the source of the feeds
some links back or a hat-tip or similar kinds of  non-cash remuneration.  If full RSS feeds are included in
the aggregated content, then some form of revenue-sharing needs to be
worked out to repatriate cash to the people creating the
works.   Such a model might be what Gather.com
and others seem to be suggesting as the way forward (”It just seems
fair that we share our advertising revenue with you based on the
quality and popularity of the content you contribute on Gather.”) 
Such a model could make sense in the way that eBay and Google have made
sense: serving as public online platforms on which other people could make a bit of
money, while ensuring that the platform providers got enough, say, to go public
and render the founders billionaires.

Does that sound right? 

(A broken record, I know, but my disclosures apply here big-time, as with other posts over the past two days.)

Mikel.org has a post
that is right on — where Top10 Sources or anyone else makes a mistake
in republishing an RSS feed that is subject to a (cc) license, it
should fix that mistake fast.  (It’s possible, of course, for
someone to give license to do something beyond what the (cc) license
says, so there may be other facts in play here; but the core point
remains.)  The human-and-technical system may be fallible, and/but
things that slip through the cracks of the policy should be corrected promptly.  Michael also notes that Top10 Sources
itself should have an outbound (cc) license, especially to Share-Alike,
where Top10 Sources has the right to do so.  Again, that’s right,
and should (will!) be fixed. 

(Update: with thanks to Michael for
pointing it out, and to the Top10 Sources team for quick turnaround,
the changes have been made to the site.)