All posts by Stefan Geens

Resources update: July 2014

After checking every link on the resource pages, and culling all outdated information, I’ve now added these new resources onto the relevant pages:


Disconnect • Browser plugin to protect privacy while websurfing. For Chrome, Firefox and Safari.

Privacy Badger ª EFF’s browser add-on to protect privacy online. For Firefox and Chrome.

NoScript • Firefox extension for “whitelist based pre-emptive script blocking” to maximise secure browsing.

Martus • A free software technology tool designed to assist human rights organizations in collecting, safeguarding, organizing and disseminating information about human rights abuses.

Shodan • Search engine that lets you “find devices connected to the Internet, with criteria based on city, country, latitude/longitude, hostname, operating system and IP.” “The Google for hackers.” Now also with maps. @shodanhq


LEAP Encryption Access Project • Non-profit dedicated to developing secure communications tools. Currently developing an encrypted Internet proxy.

uProxy • “A browser extension that lets users share alternative more secure routes to the Internet. It’s like a personalized VPN service that you set up for yourself and your friends.” An open-source project.

The Locker Project • Building an open-source platform for personal data storage, with the owner able to control how this data is protected or shared. @lockerproject


Open Integrity Index • Database of digital tools, evaluated so that users can “make sophisticated decisions about the tools they use for privacy and communications, without requiring a high-level security engineering background.” @openintegrity

CrisisNET • “An Ushahidi initiative to build a platform for the world’s crisis data, giving journalists, data scientists, developers, and other makers fast, easy access to critical government, business, humanitarian, and crowdsourced information.”


Center for Media & Social Impact • An “innovation lab and research center that studies, designs, and showcases media for social impact,” based at the American University in Washington, DC. @CMSImpact

Open Knowledge Labs • A “community of civic hackers, data wranglers and ordinary citizens” focussed on “making things – whether that’s apps, insights or tools.” Part of the Open Knowledge Foundation Network.

Alliance for Affordable Internet (A4AI) • A “coalition of private sector, public sector, and civil society organizations who have come together to advance the shared aim of affordable access to both mobile and fixed-line Internet in developing countries.” @A4A_Internet

TechChange • Provides technology training for social change. Builds “online certificate courses to individuals and build customized courses and learning experiences for organizations.” @TechChange

Global Commission on Internet Governance • Launched by two independent global think tanks, the Centre for International Governance Innovation (CIGI) and Chatham House, this 2-year project aims to educate the wider public on the most effective ways to promote Internet access, while simultaneously championing the principles of freedom of expression and the free flow of ideas over the Internet. Chaired by Carl Bildt. @OurInternetGCIG

The Governance Lab @NYU • Aims to “design, implement, and study technology-enabled solutions that advance a collaborative, networked approach to reinvent institutions of governance. The GovLab aims to improve people’s lives by changing how we govern.” @TheGovLab

Set of Principles in Fair Use for Journalism • “A statement of principles to help journalists in the United States interpret the copyright doctrine of fair use.” By the Center for Media & Social Impact.

IETF Journal • “Aims to provides an easily understandable overview of what’s happening in the world of Internet standards, with a particular focus on the activities of the IETF Working Groups.” Published by the Internet Society.

Sweden should not be exempt from surveillance scrutiny

(This article was first published on The Local.)

This week, for a third straight year, Sweden is hosting the Stockholm Internet Forum, bringing together 450 activists, experts and business representatives from over 90 countries for two days of discussions on “how freedom and openness on the internet can promote economic and social development worldwide”. Sweden’s Ministry of Foreign Affairs, its aid agency Sida, and .SE, the foundation responsible for Sweden’s Internet infrastructure, are sponsoring the event.

A year ago, it still felt necessary to justify why Internet freedom would be a topic worthy of an international forum. Not anymore — Edward Snowden took care of that in a spectacular fashion just a few weeks after last year’s conference, with his revelations of mass surveillance, targeted intrusions and cryptographic sabotage by the US in ways that far exceeded a legal mandate or stated aim.

Since then, the global repercussions of Snowden’s whistleblowing have placed Internet freedom squarely in the sights of mainstream media. And the balance of the debate has shifted, from censorship to a focus on privacy and surveillance — topics where the west’s record has proven far spottier. After Snowden, it’s clearer than ever that a citizen’s right to access and express ideas online is not complete without the defence of an equally important corollary: The right to privacy.

The theme of this year’s Stockholm Internet Forum has adapted to this new state of affairs: It’s “Internet — privacy, transparency, surveillance and control.” But even so, the forum is at a crossroads: How well it navigates three distinct challenges in the next few days and months will decide whether or not it can transition into a sustainable annual institution: These are 1) shifting national priorities, 2) international relevance, and 3) Sweden’s ability to continue projecting soft power among the cyber-activist civil society crowd.

The first challenge is a very possible change of government this coming September. Stockholm Internet Forum is the brainchild of foreign minister Carl Bildt’s longtime adviser Olof Ehrenkrona, who has crafted many of Sweden’s digital human rights initiatives over the past several years, and to whom credit is due for recognising early that Internet freedom is a defining issue of our time. The forum too has gained much of its prominence from Bildt’s sustained investment of his substantial international political capital in this project, but also from the government’s willingness to spend generously on gathering a highly dispersed bunch of people in Stockholm each year.

So the question becomes whether the Stockholm Internet Forum can survive the departure of these two men from the political stage. Behind the scenes, the talented team organising the forum should be able to move this project on to an institutional footing, but a new left-of center government come September might decide the project is an initiative by the right-of-center alliance, and wash its hands of it.

This would be a pity, if indeed the forum serves a genuine function. SIF does not exist in a vacuum: A growing number of global initiatives crowd the Internet governance landscape: The UN-sanctioned Internet Governance Forum aims to bring together all the major stakeholders in Internet governance — governments, corporations and civil society representatives. At the European level, EuroDIG fulfils a similar function. Brazil’s NETmundial conference, inaugurated a month ago as a direct result of Snowden’s leaks, also aims to forward a multi-stakeholder model for Internet governance focused on human rights. Like-minded governments talk to each other at the Freedom Online Conference, while more hard-nosed international telecommunications regulations are negotiated at intermittent ITU conferences. Non-governmental organisations compare best practices at Personal Democracy Forum in New York or Access’s RightsCon, while hackers congregate at venues such as the Chaos Communications Congress or Defcon… And this is just a fragmentary list.

Is there still room for SIF? Yes, and the reason why is hinted at in its list of participants: No other conference is so assiduous in championing the inclusion of civil society groups from the developing world and from authoritarian contexts — groups which otherwise do not have the independent means to take part in multi-stakeholder meetings. At SIF, these groups are able to build their networks to connect with the more established Internet governance stakeholders, which are also invited.

This unique role in broadening the reach of the conversation also plays to one of Sweden’s classic strengths — its ability to build and nurture networks of actors with aligned goals, based on its status as a soft-power superpower.

But herein lies the third challenge: Can Sweden maintain this reputation as a defender of Internet freedom among cyber-activists in the wake of documents leaked late last year by Snowden that reveal its signals intelligence agency collaborated with the NSA on a targeted hacking project?

The story, in short: Sweden’s signals intelligence agency FRA joined the NSA and the UK’s GCHQ in testing a man-in-the middle attack which aims to install malware on targeted foreign computer systems. By law, the FRA is only allowed to passively listen to cross-border signals, after gaining permission from a special court. Although the FRA possibly did not contribute to the intrusion part of the operation (instead forwarding promising signals as triggers for the others to act on) that is at best a case of following the letter of the law in order to blatantly flaunt it in spirit, in the guise of a collaborative effort.

This leak underscores how Sweden, like many other countries, practices a multifaceted approach to statecraft — from projecting soft power for the purpose of promoting human rights online, to secret cyber-security and defence operations rooted in realpolitik. These activities clearly tend to work at cross-purposes. It is important for the credibility of SIF that the organizers acknowledge this. Where to draw that line is very much a recurring topic of discussion at SIF, and as hosts Sweden should not be exempt from that scrutiny.

It has not gone unremarked that neither Snowden nor Glenn Greenwald or Laura Poitras, the journalists who first broke the story, will be attending SIF. It is important that the organisers acknowledge their work, even at the risk of bringing up FRA’s activities. Fortunately, there are ample opportunities for third parties to do so: As moderator, BBC HARDtalk presenter Stephen Sackur will have free reign to get to the heart of the matter, while a participant-led “unconference” is also set to converge on this issue.

Ideally, Sweden’s government would use SIF as a platform to demonstrate its own improving commitment to Internet freedom — for example, by publicly reporting aggregated data about the number of surveillance requests that are granted to FRA. And last year, Bildt became the first foreign minister to endorse a subset of ethical principles proposed by NGOs to constrain state surveillance. This year, why not announce an independent audit to see how well Sweden is complying? These are the kinds of concrete steps that would reassure participants at SIF that Sweden is indeed a committed proponent of Internet freedom, beginning at home.

Did Sweden just sign up to principled Internet surveillance?

This article was first published on The Local.

This week in Seoul, while speaking at a ministerial-level conference on Internet governance issues, Sweden’s foreign minister Carl Bildt did a remarkable thing.

SeoulCyber2013 is the first high-level meeting on Internet governance since the summer, when Edward Snowden began revealing the extremes to which the US and other countries will go to surveil internet use, with scant regard for user privacy. Post-Snowden, these conferences can no longer ignore the fact that among the biggest threats to a thriving Internet are states’ own policies and actions, including those made by democracies in the absence of transparency and public oversight.

What the limits should be of state action in cyberspace is far from settled. At the Stockholm Internet Forum in May 2013, a coalition of civil society organizations first mooted a set of legal principles that would constrain state cyber-surveillance activities. In their view, to the extent that surveillance is necessary to protect the interests of a state’s citizens, it should be conducted in accordance with human rights law, protecting privacy and freedom of expression.

These principles, now 13 in number and listed on the Necessary & Proportionate campaign site, make for a remarkable document, because by signing it, the 280 sponsoring NGOs are explicitly conceding that surveillance can be a legitimate state activity, in certain cases trumping an individual’s right to privacy. Although the influential Electronic Frontier Foundation signed it, some of its activist members felt this conciliatory act was hard to swallow.

At first, the 13 principles did not seem to gain much traction with states. In Sweden, some members of the Internet policy establishment were privately dismissive of such initiatives — Sweden, they argued, had already had a vigorous and contentious parliamentary debate about surveillance which had resulted in the FRA (signals intelligence) law. Re-opening that particular can of worms just to adhere to a wish list of best practices was not a viable or desirable option. But this was a sentiment from the pre-Snowden era.

In September, the principles were submitted by NGOs to the United Nations Human Rights Council in Geneva, where they got a favorable hearing by UN human rights experts, including the Special Rapporteur Frank La Rue.

And now for that remarkable thing in Seoul. Bildt, near the end of his speech, proposed a set of principles to constrain state surveillance that mirrors most of the core principles enumerated by the NGOs. He called on state surveillance activities to abide by the legal principles of legality, legitimate aim, necessity and adequacy, proportionality, judicial authority, transparency and public oversight. (Do read the texts for a precise definition of each of these terms.)

Suddenly, Sweden is heading for common ground with NGOs in balancing the prerogatives of digital statecraft with the human rights of Internet users. The overlap is not complete — Bildt’s speech skips a number of additional principles proposed in the NGO document — but there is no doubt that this step amounts to tangible progress in getting these principles promoted to norms that states can aspire to, with Sweden being the first country (that I am aware of) to openly articulate this ambition.

Of course, the devil is in the details, and questions remain: Are there policy implications for the Swedish government in embracing these principles, or will the government maintain that Swedish law already conforms to all these norms? One example: The principle of transparency calls on states to, in Bildt’s words, “provide information on how the surveillance legislation works in practice.” The FRA law as it stands today only compels the signals intelligence agency to report back to the “relevant authorities”; the Swedish public most certainly does not get access to how it works “in practice”, not even to aggregate information on how often requests are made, or broadly to what end. Still, thinking creatively, it’s worth noting that there is nothing in the FRA law that prohibits the government from sharing aggregated information with the public.

Meanwhile, are the “missing” principles missing because they directly contradict current Swedish law? For example, is the principle of ensuring the integrity, security and privacy of communications systems, which would prohibit states from forcing Internet service providers to preemptively retain customers’ metadata, “missing” from Bildt’s list because it contravenes Sweden’s data retention law, passed in 2012 to put the country in line with European directives?

And amid press reports of Sweden frequently sharing intelligence with the NSA, will there be policy adjustments towards countries that do not share Sweden’s principles for ethical surveillance practices? In the same vein, it would be hypocritical of Sweden to uphold these principles if the FRA gets to circumvent them merely by outsourcing all ethically questionable intelligence gathering to a less scrupulous foreign ally.

Where do we go from here? By next year’s Stockholm Internet Forum, why not present the results of an independent audit assessing Sweden’s practical compliance with these principles? Let’s say Sweden scores a 6 out of 13. That would be enough to propel the country into first place in a one-country league table of all countries submitting themselves to such public scrutiny, and it would begin a process that the rest of the world can join to build a freer, more secure Internet for all.

Stockholm Internet Forum: The future of freedom on the internet is at stake

This article was first published on The Local as a general introduction to the net freedom issues being tacked at the 2013 Stockholm Internet Forum.

This week sees 450 policy-oriented technologists from 90 countries meet at the Stockholm Internet Forum, a two-day conference hosted by Sweden’s Ministry of Foreign Affairs, its aid agency Sida, and .SE, the foundation responsible for Sweden’s Internet infrastructure.

Experts from civil society, government and business will tackle “Internet freedom for global development” and its security implications. If this sounds like the typical capacity-building aid summit, it’s not — the stakes are in fact much higher. This forum is not (just) about promoting an inclusive and open Internet in the developing world; it is also about ensuring a free and secure Internet in Sweden. That’s because these days, laws in countries from halfway around the world can affect you directly via your browser. Consider:

  • Many of the best Internet companies are American, subject to US law. When you trust your email correspondence to Gmail or Facebook, it is US law that protects your privacy. Bad laws, like the proposed Cyber Intelligence Sharing and Protection Act (CISPA) currently stalled in the US Senate, would allow law enforcement agencies to access your data without a warrant.
  • Some countries, such as Russia, turn a blind eye to cyber criminals as long as they target users outside their jurisdictions, giving these gangs a safe haven from which to attack, scam and spam. Their presence also provides plausible deniability for state-sponsored cyber attacks and espionage, such as the 2007 attack on Estonia’s banking system.
  • China’s government requires backdoor access to the contents of popular Chinese messaging services like QQ, TOM-Skype and WeChat. Connect via Skype to a user in China and your private conversation will be an open book, no matter where you are.

Still, the primary victims of delinquent Internet governance policies are most often local users: China’s sophisticated online censorship system has made much of the global Internet off-limits to its citizens; South Korea’s real name registration policy makes it harder for whistleblowers and sources to stay anonymous online; Internet kill switches allow dictators to single-handedly drag their county back into the 80s.

Sometimes, European and American firms contribute to the problem by selling surveillance tools to authoritarian regimes. One such company, Gamma International, let its tools be used to spy on the political opposition in Egypt, Bahrain and Malaysia. In 2012 Belarus was caught spying on dissidents using equipment installed and maintained by Sweden’s own Teliasonera. Growing public intolerance for such practices is having an effect, at least in the west: This year, Teliasonera contritely signed on to industry-wide guidelines for defending freedom of expression and privacy.

These and many other examples over the past decade have prompted a movement towards global norms for Internet governance. It’s this process that the organizers of the Stockholm Internet Forum are trying to shape, by keeping human rights concerns at the center of the debate about Internet security. The core message is that Internet governance should ultimately serve the citizen-user, rather than the interests of states or corporations. And yet even liberal democracies sometimes get this wrong, drafting overbearing security laws that gut the Internet of the freedoms that make it worthwhile.

There have been some successes on the human rights front: In 2011 a United Nations report by the special rapporteur Frank La Rue delineated how human rights law applies to online notions of freedom and privacy; in 2012 Sweden and other nations sponsored a successful non-binding UN Human Rights Council resolution affirming “that the same rights that people have offline must also be protected online”. Of course, the same countries that prey on the rights of people offline tend to do so online, using the same excuses.

Today, the situation remains precarious. There are two strongly opposed visions for how best to proceed with Internet governance at the global level. The incumbent arrangement sees responsibilities shared among many actors — technical foundations, corporations, governments, civil society NGOs — none of which individually control the process. The main policy-setting forum for this multi-stakeholder model is the annual Internet Governance Forum, championed by civil society organizations for its inclusive nature, even if the Internet’s core technical policy body, ICANN, remains based in the US.

In the other camp is a slew of countries — predominantly from Africa and Asia — who feel that the current system is too western and, well, democratic. In their vision, Internet policy is the sovereign right of states, with centralized, top-down control within national borders and multilateral treaties governing connectivity globally. Prominent backers of this model are Russia, China, Tajikistan and Saudi Arabia; they recently began promoting the UN’s International Telecommunication Union as a state-centric policymaking body for the Internet. As a result, much of Europe and North America refused to sign the latest ITU regulatory agreement in December 2012; many more countries did sign, however. The Internet may yet balkanize.

The ball is now in the court of those attending the Stockholm Internet Forum, most of whom defend the multi-stakeholder model of governance. Ideas on the table include making the distributed governance model even more inclusive of Asian and African stakeholders, since that is where most of the world’s Internet users now reside. Another proposal is to recast security concerns as compatible with human rights, by redefining security from the perspective of the user. In this same vein, several NGOs have just proposed principles for Internet surveillance that would be compatible with human rights. The hope is to win over the fence sitters in this emerging global schism by convincing them that a freedom-centric Internet is the only path to a mature and developed global information society.

If the Internet freedom movement is to prevail, it needs more opportunities to debate strategy, generate ideas and strengthen its networks. The Stockholm Internet Forum may just make the difference.

Follow the conference live on May 22-23 via video and via the #sif13 hashtag on Twitter.

Resources update: May 2013

Under Institutions > The Internet and society:

The Stanford Center for Legal Informatics (CodeX) • Stanford University center working on “technologies ranging from initiatives that solve content licensing inefficiencies in today’s digital media markets, to initiatives that provide greater access to justice, and initiatives that increase transparency in public markets.”

Under Institutions > Development and ICT:

Open Aid Partnership • A World Bank mapping initiative for open data to improve strategic planning, transparency and accountability of aid projects. Collaborates with the International Aid Transparency Initiative (IATI) and the Open Government Partnership (OGP).

Under Institutions > Crisis management and ICT:

Humanitarian OpenStreetMap Team • HOT “acts as a bridge between the traditional humanitarian responders and the OpenStreetMap Community.” Activities include collecting data, coordinating the design of OSM tools, teaching data quality assurance, collaborating with data imagery providers, and OSM outreach.

Under Institutions > Net Freedom, civil rights, privacy:

Digital Rights Foundation • Pakistan-based advocacy NGO “focusing on ICTs to support human rights, democratic processes and digital governance.” @DigitalRightsPK

IFEX • Global network of advocacy organizations, coordinating the defense of free expression. @IFEX

Under Institutions > Activism:

Demand Progress • US-based grassroots campaign organizers with a focus on civil liberties, civil rights, and government reform, including in the digital domain. @demandprogress

The Internet Defense League • Distributed system that allows websites to display alerts related to Internet freedom campaigns. By Center for Rights and Fight for the Future.

Center for Rights • Advocacy group organizing web-based campaigns defending Internet Freedom.

Fight for the Future • Advocacy group organizing web-based campaigns defending Internet Freedom. @fightfortheftr

Under Institutions > Net freedom technology projects:

Abayima • non-profit founded in Uganda, working to create digital tools that “empower citizens when oppressive regimes use tech infrastructure against the public”. Creators of the Open Sim Kit mobile sim card hacking toolkit. @abayima

OpenITP • “Supports and incubates a collection of free and open source projects that enable anonymous, secure, reliable, and unrestricted communication on the Internet.” @Openitp

Commotion • “Open-source communication tool that uses mobile phones, computers, and other wireless devices to create decentralized mesh networks.”

Under Tools > Tools:

We Fight Censorship • Tools to securely submit, publish and shelter articles censored on the web, by Reporters Without Borders. @FightCensors_en

The Guardian Project • Provides a suite of secure open-source communciations apps for Android, including the Tor client Orbot, and the secure browser Orweb. @guardianproject

Flash Proxy • Experimental plugin-based proxy to ensure access to Tor when common bridge relays are blocked.

Cloudfogger • Encryption tool for securing cloud-based file systems like Dropbox. @Cloudfogger

BoxCryptor • Encryption tool for securing cloud-based file systems like Dropbox. @boxcryptor

Under Tools > Data:

Net Neutrality Map • Map tool to evaluate the net neutrality of ISPs in countries around the world.

FreeWeibo • Search tool for Sina Weibo that also returns censored content. @CensoredWeibo

HoneyMap • Real-time global map of cyber attacks captured by honeypots, by the Honeynet Project. @ProjectHoneynet

Under Tools > Online journals, book series, essay series, manuals, reference texts:

Internet rights are human rights • “A series of training modules concerned with the relationship between human rights, ICTs and the internet” commissioned by the Association for Progressive Communications (APC).

Resources update: September II

In no particular order:

The Public Voice • Coalition established by the Electronic Privacy Information Center (EPIC) “to promote public participation in decisions concerning the future of the Internet”. Seeks to increase the presence of NGOs at meetings across the globe. @thepublicvoice

Students for Free Culture • An “international, chapter-based student organization that promotes the public interest in intellectual property and telecommunications policy.”

Center for Studies on Freedom of Expression and Access to Information (CELE) at the University of Palermo, Buenos Aires • Research institution whose principal objective is “to produce reports that can be useful tools for those journalists, governmental institutions, and members of the private sector and civil society that are dedicated to the defense and promotion of these rights, especially in Latin America.” @CELEUP

BOLO BHI • Pakistan-based NGO “geared towards advocacy, policy and research in the areas of gender rights, government transparency, legislation, Internet freedom, digital security, privacy and empowerment”. @bolobhi

Free Press • US-based advocacy group out to “change media and technology policies, promote the public interest and strengthen democracy. Free Press advocates for universal and affordable Internet access, diverse media ownership, vibrant public media and quality journalism.” @freepress

Mideast Youth • Hacktivist launchpad for digital projects that “amplify diverse voices of dissent with a specific focus on access to information, free speech and minority rights.” Authors of CrowdVoice and @MideastYouth

Resources update: September

Here are the most recent additions to the resources section of, listed in no particular order:


Internet & Society Co:llaboratory • An “open think tank” initiated by Google Germany that engages in thematic initiatives lasting several months, bringing together experts to answer societal questions in the tech sphere. @IGcollaboratory

Media Access Project • US non-profit law firm and advocacy organization promoting the public interest before the FCC and US courts, “fighting for an open and diverse communications system that protects freedom of expression, promotes universal and equitable access to media outlets and telecommunications services, and encourages vibrant public discourse on critical issues facing our society.” @mediaaccess

Foundation for a Free Information Infrastructure • Global network of associations “dedicated to information about free and competitive software markets, genuine open standards and patent systems with lesser barriers to competition.” Publishes ACTA Blog. @FFII

govfresh • NGO works to “inspire government-citizen collaboration and build a more engaged democracy.” Tracks people and ideas “that are changing how government works.” @govfresh

IT For Change • Bengaluru, India-based NGO promoting the use of ICT in the global South for socio-economic change.

Internews • International NGO “whose mission is to empower local media worldwide” through training and advocacy. @Internews

Projects: • “A forum for international collaboration on efforts to improve access to parliamentary information and share experiences and good practices” among parliamentary monitoring organizations. Sponsored by Sunlight Foundation, Open Society Foundations, NDI among others.

KoBo Project • “Research expertise and open-source applications for mobile data collection” in conflict areas.

Project on Information Technology and Political Islam (PITPI) • “Investigating the politics of ICTs in Muslim societies, with special focus on political uses of digital media in MENA.” @p_ITPI

Spider • A Swedish resource center for ICT4D based at the Department of Computer and Systems Sciences (DSV) at Stockholm University. Primarily financed by the Swedish International Development Cooperation Agency (Sida). @spidercenter


International Law and the Internet • “A blog on why norms matter online” by Matthias Ketteman at the Institute of International Law at the University of Graz, who writers about Internet governance and human rights. @MCKettemann

loose wire blog • “Social Technology: The Future of Information.: By Singapore-based Reuters journalist Jeremy Wagstaff. @loosewire

Build it Kenny, and they will come… founder and FrontlineSMS developer Ken Banks’s blog, “where technology meets anthropology, conservation and development.”


Cyber-security: The vexed question of global rules • Published: January 30, 2012. By the Security & Defence Agenda, “a neutral platform for discussing defence and security policies”.

The Open Data Handbook • “Discusses the legal, social and technical aspects of open data,” aimed at those working with government data. A project by the Open Knowledge Foundation.


Safer Mobile • Tools, training and software to help activists and journalists “understand the security risks of mobile technology and use mobile tech more securely for their work.” @safermobile. Funded by Google, US State Dept. among others.

WCITLEAKS.ORG • “Bringing transparency to the ITU.” @WCITLeaks • “Bringing transparency to online censorship in China. Real time testing of blocked URLs and Baidu, Sina Weibo and Google search results from within China.” @GreatFireChina

Blocked on Weibo • Site “tracking the various words that are blocked on Sina Weibo to get a sense of where the boundaries of Chinese censorship and self-censorship lie.” By @jasonqng

FrontlineSMS • Open-source software to send and receive SMS messages over a mobile network, facilitating information access and social change in areas with low Internet penetration. @FrontlineSMS

The Software Freedom Law Center • Non-profit provides pro-bono legal services to developers of free and open-source software. Eben Moglen is Director-Counsel.

UN: Online expression == offline expression. Is that really a good idea?

I’m conflicted by the Sweden-initiated resolution (PDF, HTML) on “The promotion, protection and enjoyment of human rights on the Internet”, adopted in a consensus by the UN Human Rights Council on July 5, and subsequently portrayed in a NYT op-ed as a “victory for the Internet” by Sweden’s foreign minister Carl Bildt.

The main thrust of the resolution lies in its first article (the others and the preamble are more aspirational in nature):

The Human Rights Council, […]

1. Affirms that the same rights that people have offline must also be protected online, in particular freedom of expression, which is applicable regardless of frontiers and through any media of one’s choice, in accordance with articles 19 of the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights;

My ambivalence stems from this: The flip side to affirming the equivalence of online and offline rights is that it also affirms the equivalence of the limitations on those rights, as currently interpreted and implemented by national governments.

In practice, many countries fall far short of allowing their citizens the full exercise of their (offline) right to free expression as enumerated by the Universal Declaration of Human Rights and related texts. This shortfall is justified on the basis of national security concerns or cultural differences such as religious or national sensitivities or even especially draconian libel laws.

With this new resolution, such rationalizations can now be transposed wholesale into arguments for a likewise censoring of the Internet. Instead of preserving the freedom of the Internet, it could give authoritarians further legal cover to constrain it, allowing the entrenched justifications from meatspace to bleed into cyberspace.

This perspective on the resolution perhaps better explains why so many countries with a strict censorship regime were willing to adopt it. Turkey, with its persecution of journalists and writers and its periodic blocking of websites for alleged offenses against Ataturk, is even one of the seven co-sponsors of the resolution.

Why lament an explicit declaration of the equivalence of the offline with the online? Because the Internet has been and still is a disruptive force in favor of free expression, especially in places like Iran, Belarus and China, despite increasing technical and legal attempts to “nationalize” it, with varying degrees of success.

Such nationalization projects, of which the Great Chinese Firewall is the most advanced, aim to give authoritarian regimes renewed monopoly control over the flow of information among citizens — a monopoly once enjoyed in the offline world, but lost when the Internet came calling. This new resolution gives authoritarian regimes legal permission to bring such offline controls online.

In a best-case scenario, the resolution is ineffectual; even Cuba and China have signed on (with reservations). In the worst case, dubious justifications for offline controls on free expression made within the existing human rights frameworks will now be applied online. Much better (and therefore unlikely to succeed) would have been a resolution which:

1. Affirms that the same rights that people have online must also be protected offline, …

Internet freedom in Sweden — a primer

Sweden ramps up a major foreign policy initiative this week when it hosts the inaugural Stockholm Internet Forum, bringing together 300 technologists, activists and scholars from around the world to brainstorm “Internet freedom for global development”. By linking net freedom to social development, Sweden becomes one of a handful of countries for which defending the rights of Internet users beyond its borders is now an explicit foreign policy goal.

Underlying this policy of promoting Internet freedom abroad lies the assumption that there is Internet freedom within. So just how free are people emailing in Umeå, linking in Linköping or downloading in Dalarna? From a policy perspective, is the set of laws regulating Internet use inside Sweden worth emulating abroad?

To answer these questions, it helps to to look at six facets of Internet freedom that have come to loom large as ever-greater parts of our lives are lived online: Connectivity, transparency, censorship, surveillance, privacy and copyright. How does Sweden fare in each of these areas?

Sweden is one of the world’s best-connected countries, with around 90% of households having access to the Internet. It was also one of the earliest countries to see a majority of its population online — by 2001 — in part because regulations promoting competition ensured shared access to Internet infrastructure, keeping prices far below the European average.

On the other hand, network operators are free to prioritize the different types of data they deliver to subscribers; there is no legal requirement to be “network neutral”, though most are, given the competitive landscape. Overall, argues Patrik Fältström, head of research at the Swedish Internet infrastructure organization Netnod, the result has been positive: “The access you get when you buy simple broadband access is more open than most other places on the planet,” he says.

One response to having so many Swedes online so quickly was to move government services there. In Sweden it has long been possible to file taxes online. Since 2003, Sweden has an e-government task force dedicated to delivering all government services — municipal, county and national — online. By 2008, it topped the UN’s global e-government readiness rankings.

Providing e-services is one thing; compelling government agencies to make their public datasets available online in free and open formats has proven far harder, despite a long tradition of making (analog) documents public. In part, this is due to vague directives that have let reluctant bureaucracies drag their feet.

Sweden thus lags behind “open government” leaders, notably the US and UK, and is alone among Scandinavian countries in not having a national open data portal. There are individual successes, such as the open data portal by Sweden’s international aid agency SIDA. Overall, still only one third of Swedish public data sources are available online in an open and free format.

In Sweden there is no law that compels Internet service providers (ISPs) to block access to sites. ISPs voluntarily collaborate with police to block a centralized list of sites trafficking in child sexual abuse.

And yet such a system is not ideal, argues Marcin de Kaminski, an Internet researcher at the department of Sociology of Law at Lund University. That’s because there is no transparency in how the blacklist is maintained. “There is no way to legally appeal a list entry, for instance,” he says, ” and there is no third-party control of what is actually blocked.”

The risk, then, is that an unregulated block list could end up being used as a political tool — perhaps not in Sweden, where trust in the police is high and there is widespread disdain for censorship — but in other countries looking to adopt the Swedish model of Internet regulation. “Even though the Swedish blocklist has these flaws,” says de Kaminski, “it is used as a role model in the European discussion about block lists.”

In 2008 Sweden’s parliament narrowly passed a law that lets its signals intelligence agency (FRA) monitor the content of all cross-border cable-based Internet traffic to combat “external threats” such as terrorism and organized crime — but only after obtaining court permission on a case-per-case basis, and upon the explicit request of government or defense agencies. In 2012 parliament broadly passed the “Data Retention Directive” (DLD) which compels ISPs to store the who, where, and when (but not the what) of online communication within Sweden for six months, in case law enforcement agencies come calling for their investigations with a court order.

The FRA law has proven controversial in Sweden; the DLD law not so much. One reason is that they both exist within a European context, where EU directives guide how national legislatures are meant to implement laws. While the DLD law implements a minimal version of the European Data Retention Directive of 2006, the FRA law goes beyond the directive’s scope by allowing the surveillance of content.

Sweden’s Data Inspection Board has long worked to ensure that personal information stays protected when handled by government agencies, businesses and people. The Internet has greatly transformed its role, which now includes combating cyberbullying and regulating use of cloud-based data storage. One complicating factor is that many of the services people use to share personal data — Facebook, Google — lie outside Sweden’s jurisdiction. Another is the natural tension between the right to privacy and the right to free expression and a free press, with that balance scrambled by the rise of blogs and semi-private publishing on social media platforms.

File sharing is popular in Sweden, especially among youth, even though much of it is illegal under Swedish copyright law. In an effort to enforce copyright protection online, parliament in 2009 broadly passed a law implementing the EU directive on intellectual property rights enforcement (IPRED). The law allows criminal prosecution and jail terms for heavy illegal file sharers, and compels ISPs to identify suspected offenders upon request by a court of law.

Unlike France, Sweden’s implementation of IPRED does not cut off Internet access for repeat offenders. Swedish courts have also ruled that the right to privacy of suspected occasional file sharers trumps the interests of copyright holders, curtailing IPRED’s scope to more serious cases. Sweden’s IPRED law is currently being challenged in the European Court of Justice for violating European personal integrity laws.

A more encompassing international treaty, the Anti-Counterfeiting Trade Agreement (ACTA) has been signed by EU member states but has not yet been ratified.

Both IPRED and ACTA are proving controversial, especially with Swedish youth. Sweden’s Pirate Party parlayed this popular discontent into its first ever European Parliament seats in 2009. Criticism comes in several flavors: Pirate Party supporters wants to overhaul the very notion of copyright, so that the online remix culture and other non-commercial uses of creative content are exempt from regulation. Says Rick Falkvinge, founder of the Pirate Party: “The civil liberties that our parents enjoyed offline must carry over into the online world.”

Others worry that the enforcement laws being implemented have their priorities wrong, or are too intrusive. Argues de Kaminski: “What we need to do is establish rights and principles of freedom concerning the Internet — so that we have a free, open and secure base to begin with. Then we can start to discuss the necessary exceptions.”

When it comes to assessing the FRA, DLD and IPRED laws, the block list and privacy protections, it is worth remembering that they operate within a specific Swedish context. Replicating these laws may not produce the same results in places that do not also have Sweden’s negligible corruption, high levels of trust in public institutions, and a culture of free expression — non-legislated norms. Internet Freedom in Sweden is determined by more than the sum of its legislative parts.

An edited version of this article is available on, for which it was commissioned.

Some questions for Twitter re censorship

Some outstanding questions regarding Twitter’s new country-specific censorship system:

  1. Mobile clients: Will Twitter’s mobile clients also get the ability to let the user manually choose their jurisdiction, just like they now can on the full browser client? Currently neither the mobile web client nor the phone apps let you. This matters because much (most?) tweeting is done from mobile devices, especially when people are busy bringing down dictators.
  2. Transparency: Twitter says it will promptly notify users if their content has been withheld, “unless we are legally prohibited from doing so.” It also says it will post requests to withhold content to the Chilling Effects website. Does that include all requests, or only those it is not prohibited from posting? Does Twitter anticipate operating in countries where it is illegal to make public the specifics of a takedown request in any jurisdiction?
  3. Country-withheld content: Here is my best guess at how the country-specific censorship system works, based on testing: Before the browser requests new tweets from Twitter’s server, it first checks a cookie to see if the country location setting has been manually overridden. If it has not, then Twitter geolocates the IP address of the browser and filters the resulting twitter feed for that jurisdiction before sending the tweets along to the client. If the country setting has been manually overridden, then the browser sends along the chosen country to the server, which proceeds to filter the feed for that country, rather than the geolocation IP address. Is this correct?
  4. Forms of censorship: Twitter states that sovereign jurisdictions can request the withholding of individual tweets and/or of entire accounts, and also writes that this withholding can only be reactive, in response to “a valid and applicable legal request.” The problem is, I can think of several scenarios where this might not be enough to avoid breaking local laws. For example:
  • France and Germany among others prohibit search engines within their jurisdiction from linking to specific sites they deem illegal. If Twitter is not going to use a block list to pre-emptively withhold tweets containing such links in these countries, will it be breaking the law?
  • If a tweet has been retweeted (natively, or by using RT, or by using quotes, or after a slight edit) by a number of users by the time a withholding request arrives which Twitter agrees to comply with, will there be an effort to remove these retweets in that jurisdiction? Might not the legal entity making the request reasonably expect these to all be one-and-the-same tweet?