All posts by Stefan Geens

Sweden should not be exempt from surveillance scrutiny

(This article was first published on The Local.)

This week, for a third straight year, Sweden is hosting the Stockholm Internet Forum, bringing together 450 activists, experts and business representatives from over 90 countries for two days of discussions on “how freedom and openness on the internet can promote economic and social development worldwide”. Sweden’s Ministry of Foreign Affairs, its aid agency Sida, and .SE, the foundation responsible for Sweden’s Internet infrastructure, are sponsoring the event.

A year ago, it still felt necessary to justify why Internet freedom would be a topic worthy of an international forum. Not anymore — Edward Snowden took care of that in a spectacular fashion just a few weeks after last year’s conference, with his revelations of mass surveillance, targeted intrusions and cryptographic sabotage by the US in ways that far exceeded a legal mandate or stated aim.

Since then, the global repercussions of Snowden’s whistleblowing have placed Internet freedom squarely in the sights of mainstream media. And the balance of the debate has shifted, from censorship to a focus on privacy and surveillance — topics where the west’s record has proven far spottier. After Snowden, it’s clearer than ever that a citizen’s right to access and express ideas online is not complete without the defence of an equally important corollary: The right to privacy.

The theme of this year’s Stockholm Internet Forum has adapted to this new state of affairs: It’s “Internet — privacy, transparency, surveillance and control.” But even so, the forum is at a crossroads: How well it navigates three distinct challenges in the next few days and months will decide whether or not it can transition into a sustainable annual institution: These are 1) shifting national priorities, 2) international relevance, and 3) Sweden’s ability to continue projecting soft power among the cyber-activist civil society crowd.

The first challenge is a very possible change of government this coming September. Stockholm Internet Forum is the brainchild of foreign minister Carl Bildt’s longtime adviser Olof Ehrenkrona, who has crafted many of Sweden’s digital human rights initiatives over the past several years, and to whom credit is due for recognising early that Internet freedom is a defining issue of our time. The forum too has gained much of its prominence from Bildt’s sustained investment of his substantial international political capital in this project, but also from the government’s willingness to spend generously on gathering a highly dispersed bunch of people in Stockholm each year.

So the question becomes whether the Stockholm Internet Forum can survive the departure of these two men from the political stage. Behind the scenes, the talented team organising the forum should be able to move this project on to an institutional footing, but a new left-of center government come September might decide the project is an initiative by the right-of-center alliance, and wash its hands of it.

This would be a pity, if indeed the forum serves a genuine function. SIF does not exist in a vacuum: A growing number of global initiatives crowd the Internet governance landscape: The UN-sanctioned Internet Governance Forum aims to bring together all the major stakeholders in Internet governance — governments, corporations and civil society representatives. At the European level, EuroDIG fulfils a similar function. Brazil’s NETmundial conference, inaugurated a month ago as a direct result of Snowden’s leaks, also aims to forward a multi-stakeholder model for Internet governance focused on human rights. Like-minded governments talk to each other at the Freedom Online Conference, while more hard-nosed international telecommunications regulations are negotiated at intermittent ITU conferences. Non-governmental organisations compare best practices at Personal Democracy Forum in New York or Access’s RightsCon, while hackers congregate at venues such as the Chaos Communications Congress or Defcon… And this is just a fragmentary list.

Is there still room for SIF? Yes, and the reason why is hinted at in its list of participants: No other conference is so assiduous in championing the inclusion of civil society groups from the developing world and from authoritarian contexts — groups which otherwise do not have the independent means to take part in multi-stakeholder meetings. At SIF, these groups are able to build their networks to connect with the more established Internet governance stakeholders, which are also invited.

This unique role in broadening the reach of the conversation also plays to one of Sweden’s classic strengths — its ability to build and nurture networks of actors with aligned goals, based on its status as a soft-power superpower.

But herein lies the third challenge: Can Sweden maintain this reputation as a defender of Internet freedom among cyber-activists in the wake of documents leaked late last year by Snowden that reveal its signals intelligence agency collaborated with the NSA on a targeted hacking project?

The story, in short: Sweden’s signals intelligence agency FRA joined the NSA and the UK’s GCHQ in testing a man-in-the middle attack which aims to install malware on targeted foreign computer systems. By law, the FRA is only allowed to passively listen to cross-border signals, after gaining permission from a special court. Although the FRA possibly did not contribute to the intrusion part of the operation (instead forwarding promising signals as triggers for the others to act on) that is at best a case of following the letter of the law in order to blatantly flaunt it in spirit, in the guise of a collaborative effort.

This leak underscores how Sweden, like many other countries, practices a multifaceted approach to statecraft — from projecting soft power for the purpose of promoting human rights online, to secret cyber-security and defence operations rooted in realpolitik. These activities clearly tend to work at cross-purposes. It is important for the credibility of SIF that the organizers acknowledge this. Where to draw that line is very much a recurring topic of discussion at SIF, and as hosts Sweden should not be exempt from that scrutiny.

It has not gone unremarked that neither Snowden nor Glenn Greenwald or Laura Poitras, the journalists who first broke the story, will be attending SIF. It is important that the organisers acknowledge their work, even at the risk of bringing up FRA’s activities. Fortunately, there are ample opportunities for third parties to do so: As moderator, BBC HARDtalk presenter Stephen Sackur will have free reign to get to the heart of the matter, while a participant-led “unconference” is also set to converge on this issue.

Ideally, Sweden’s government would use SIF as a platform to demonstrate its own improving commitment to Internet freedom — for example, by publicly reporting aggregated data about the number of surveillance requests that are granted to FRA. And last year, Bildt became the first foreign minister to endorse a subset of ethical principles proposed by NGOs to constrain state surveillance. This year, why not announce an independent audit to see how well Sweden is complying? These are the kinds of concrete steps that would reassure participants at SIF that Sweden is indeed a committed proponent of Internet freedom, beginning at home.

Did Sweden just sign up to principled Internet surveillance?

This article was first published on The Local.

This week in Seoul, while speaking at a ministerial-level conference on Internet governance issues, Sweden’s foreign minister Carl Bildt did a remarkable thing.

SeoulCyber2013 is the first high-level meeting on Internet governance since the summer, when Edward Snowden began revealing the extremes to which the US and other countries will go to surveil internet use, with scant regard for user privacy. Post-Snowden, these conferences can no longer ignore the fact that among the biggest threats to a thriving Internet are states’ own policies and actions, including those made by democracies in the absence of transparency and public oversight.

What the limits should be of state action in cyberspace is far from settled. At the Stockholm Internet Forum in May 2013, a coalition of civil society organizations first mooted a set of legal principles that would constrain state cyber-surveillance activities. In their view, to the extent that surveillance is necessary to protect the interests of a state’s citizens, it should be conducted in accordance with human rights law, protecting privacy and freedom of expression.

These principles, now 13 in number and listed on the Necessary & Proportionate campaign site, make for a remarkable document, because by signing it, the 280 sponsoring NGOs are explicitly conceding that surveillance can be a legitimate state activity, in certain cases trumping an individual’s right to privacy. Although the influential Electronic Frontier Foundation signed it, some of its activist members felt this conciliatory act was hard to swallow.

At first, the 13 principles did not seem to gain much traction with states. In Sweden, some members of the Internet policy establishment were privately dismissive of such initiatives — Sweden, they argued, had already had a vigorous and contentious parliamentary debate about surveillance which had resulted in the FRA (signals intelligence) law. Re-opening that particular can of worms just to adhere to a wish list of best practices was not a viable or desirable option. But this was a sentiment from the pre-Snowden era.

In September, the principles were submitted by NGOs to the United Nations Human Rights Council in Geneva, where they got a favorable hearing by UN human rights experts, including the Special Rapporteur Frank La Rue.

And now for that remarkable thing in Seoul. Bildt, near the end of his speech, proposed a set of principles to constrain state surveillance that mirrors most of the core principles enumerated by the NGOs. He called on state surveillance activities to abide by the legal principles of legality, legitimate aim, necessity and adequacy, proportionality, judicial authority, transparency and public oversight. (Do read the texts for a precise definition of each of these terms.)

Suddenly, Sweden is heading for common ground with NGOs in balancing the prerogatives of digital statecraft with the human rights of Internet users. The overlap is not complete — Bildt’s speech skips a number of additional principles proposed in the NGO document — but there is no doubt that this step amounts to tangible progress in getting these principles promoted to norms that states can aspire to, with Sweden being the first country (that I am aware of) to openly articulate this ambition.

Of course, the devil is in the details, and questions remain: Are there policy implications for the Swedish government in embracing these principles, or will the government maintain that Swedish law already conforms to all these norms? One example: The principle of transparency calls on states to, in Bildt’s words, “provide information on how the surveillance legislation works in practice.” The FRA law as it stands today only compels the signals intelligence agency to report back to the “relevant authorities”; the Swedish public most certainly does not get access to how it works “in practice”, not even to aggregate information on how often requests are made, or broadly to what end. Still, thinking creatively, it’s worth noting that there is nothing in the FRA law that prohibits the government from sharing aggregated information with the public.

Meanwhile, are the “missing” principles missing because they directly contradict current Swedish law? For example, is the principle of ensuring the integrity, security and privacy of communications systems, which would prohibit states from forcing Internet service providers to preemptively retain customers’ metadata, “missing” from Bildt’s list because it contravenes Sweden’s data retention law, passed in 2012 to put the country in line with European directives?

And amid press reports of Sweden frequently sharing intelligence with the NSA, will there be policy adjustments towards countries that do not share Sweden’s principles for ethical surveillance practices? In the same vein, it would be hypocritical of Sweden to uphold these principles if the FRA gets to circumvent them merely by outsourcing all ethically questionable intelligence gathering to a less scrupulous foreign ally.

Where do we go from here? By next year’s Stockholm Internet Forum, why not present the results of an independent audit assessing Sweden’s practical compliance with these principles? Let’s say Sweden scores a 6 out of 13. That would be enough to propel the country into first place in a one-country league table of all countries submitting themselves to such public scrutiny, and it would begin a process that the rest of the world can join to build a freer, more secure Internet for all.

Stockholm Internet Forum: The future of freedom on the internet is at stake

This article was first published on The Local as a general introduction to the net freedom issues being tacked at the 2013 Stockholm Internet Forum.

This week sees 450 policy-oriented technologists from 90 countries meet at the Stockholm Internet Forum, a two-day conference hosted by Sweden’s Ministry of Foreign Affairs, its aid agency Sida, and .SE, the foundation responsible for Sweden’s Internet infrastructure.

Experts from civil society, government and business will tackle “Internet freedom for global development” and its security implications. If this sounds like the typical capacity-building aid summit, it’s not — the stakes are in fact much higher. This forum is not (just) about promoting an inclusive and open Internet in the developing world; it is also about ensuring a free and secure Internet in Sweden. That’s because these days, laws in countries from halfway around the world can affect you directly via your browser. Consider:

  • Many of the best Internet companies are American, subject to US law. When you trust your email correspondence to Gmail or Facebook, it is US law that protects your privacy. Bad laws, like the proposed Cyber Intelligence Sharing and Protection Act (CISPA) currently stalled in the US Senate, would allow law enforcement agencies to access your data without a warrant.
  • Some countries, such as Russia, turn a blind eye to cyber criminals as long as they target users outside their jurisdictions, giving these gangs a safe haven from which to attack, scam and spam. Their presence also provides plausible deniability for state-sponsored cyber attacks and espionage, such as the 2007 attack on Estonia’s banking system.
  • China’s government requires backdoor access to the contents of popular Chinese messaging services like QQ, TOM-Skype and WeChat. Connect via Skype to a user in China and your private conversation will be an open book, no matter where you are.

Still, the primary victims of delinquent Internet governance policies are most often local users: China’s sophisticated online censorship system has made much of the global Internet off-limits to its citizens; South Korea’s real name registration policy makes it harder for whistleblowers and sources to stay anonymous online; Internet kill switches allow dictators to single-handedly drag their county back into the 80s.

Sometimes, European and American firms contribute to the problem by selling surveillance tools to authoritarian regimes. One such company, Gamma International, let its tools be used to spy on the political opposition in Egypt, Bahrain and Malaysia. In 2012 Belarus was caught spying on dissidents using equipment installed and maintained by Sweden’s own Teliasonera. Growing public intolerance for such practices is having an effect, at least in the west: This year, Teliasonera contritely signed on to industry-wide guidelines for defending freedom of expression and privacy.

These and many other examples over the past decade have prompted a movement towards global norms for Internet governance. It’s this process that the organizers of the Stockholm Internet Forum are trying to shape, by keeping human rights concerns at the center of the debate about Internet security. The core message is that Internet governance should ultimately serve the citizen-user, rather than the interests of states or corporations. And yet even liberal democracies sometimes get this wrong, drafting overbearing security laws that gut the Internet of the freedoms that make it worthwhile.

There have been some successes on the human rights front: In 2011 a United Nations report by the special rapporteur Frank La Rue delineated how human rights law applies to online notions of freedom and privacy; in 2012 Sweden and other nations sponsored a successful non-binding UN Human Rights Council resolution affirming “that the same rights that people have offline must also be protected online”. Of course, the same countries that prey on the rights of people offline tend to do so online, using the same excuses.

Today, the situation remains precarious. There are two strongly opposed visions for how best to proceed with Internet governance at the global level. The incumbent arrangement sees responsibilities shared among many actors — technical foundations, corporations, governments, civil society NGOs — none of which individually control the process. The main policy-setting forum for this multi-stakeholder model is the annual Internet Governance Forum, championed by civil society organizations for its inclusive nature, even if the Internet’s core technical policy body, ICANN, remains based in the US.

In the other camp is a slew of countries — predominantly from Africa and Asia — who feel that the current system is too western and, well, democratic. In their vision, Internet policy is the sovereign right of states, with centralized, top-down control within national borders and multilateral treaties governing connectivity globally. Prominent backers of this model are Russia, China, Tajikistan and Saudi Arabia; they recently began promoting the UN’s International Telecommunication Union as a state-centric policymaking body for the Internet. As a result, much of Europe and North America refused to sign the latest ITU regulatory agreement in December 2012; many more countries did sign, however. The Internet may yet balkanize.

The ball is now in the court of those attending the Stockholm Internet Forum, most of whom defend the multi-stakeholder model of governance. Ideas on the table include making the distributed governance model even more inclusive of Asian and African stakeholders, since that is where most of the world’s Internet users now reside. Another proposal is to recast security concerns as compatible with human rights, by redefining security from the perspective of the user. In this same vein, several NGOs have just proposed principles for Internet surveillance that would be compatible with human rights. The hope is to win over the fence sitters in this emerging global schism by convincing them that a freedom-centric Internet is the only path to a mature and developed global information society.

If the Internet freedom movement is to prevail, it needs more opportunities to debate strategy, generate ideas and strengthen its networks. The Stockholm Internet Forum may just make the difference.

Follow the conference live on May 22-23 via video and via the #sif13 hashtag on Twitter.

UN: Online expression == offline expression. Is that really a good idea?

I’m conflicted by the Sweden-initiated resolution (PDF, HTML) on “The promotion, protection and enjoyment of human rights on the Internet”, adopted in a consensus by the UN Human Rights Council on July 5, and subsequently portrayed in a NYT op-ed as a “victory for the Internet” by Sweden’s foreign minister Carl Bildt.

The main thrust of the resolution lies in its first article (the others and the preamble are more aspirational in nature):

The Human Rights Council, […]

1. Affirms that the same rights that people have offline must also be protected online, in particular freedom of expression, which is applicable regardless of frontiers and through any media of one’s choice, in accordance with articles 19 of the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights;

My ambivalence stems from this: The flip side to affirming the equivalence of online and offline rights is that it also affirms the equivalence of the limitations on those rights, as currently interpreted and implemented by national governments.

In practice, many countries fall far short of allowing their citizens the full exercise of their (offline) right to free expression as enumerated by the Universal Declaration of Human Rights and related texts. This shortfall is justified on the basis of national security concerns or cultural differences such as religious or national sensitivities or even especially draconian libel laws.

With this new resolution, such rationalizations can now be transposed wholesale into arguments for a likewise censoring of the Internet. Instead of preserving the freedom of the Internet, it could give authoritarians further legal cover to constrain it, allowing the entrenched justifications from meatspace to bleed into cyberspace.

This perspective on the resolution perhaps better explains why so many countries with a strict censorship regime were willing to adopt it. Turkey, with its persecution of journalists and writers and its periodic blocking of websites for alleged offenses against Ataturk, is even one of the seven co-sponsors of the resolution.

Why lament an explicit declaration of the equivalence of the offline with the online? Because the Internet has been and still is a disruptive force in favor of free expression, especially in places like Iran, Belarus and China, despite increasing technical and legal attempts to “nationalize” it, with varying degrees of success.

Such nationalization projects, of which the Great Chinese Firewall is the most advanced, aim to give authoritarian regimes renewed monopoly control over the flow of information among citizens — a monopoly once enjoyed in the offline world, but lost when the Internet came calling. This new resolution gives authoritarian regimes legal permission to bring such offline controls online.

In a best-case scenario, the resolution is ineffectual; even Cuba and China have signed on (with reservations). In the worst case, dubious justifications for offline controls on free expression made within the existing human rights frameworks will now be applied online. Much better (and therefore unlikely to succeed) would have been a resolution which:

1. Affirms that the same rights that people have online must also be protected offline, …

Internet freedom in Sweden — a primer

Sweden ramps up a major foreign policy initiative this week when it hosts the inaugural Stockholm Internet Forum, bringing together 300 technologists, activists and scholars from around the world to brainstorm “Internet freedom for global development”. By linking net freedom to social development, Sweden becomes one of a handful of countries for which defending the rights of Internet users beyond its borders is now an explicit foreign policy goal.

Underlying this policy of promoting Internet freedom abroad lies the assumption that there is Internet freedom within. So just how free are people emailing in Umeå, linking in Linköping or downloading in Dalarna? From a policy perspective, is the set of laws regulating Internet use inside Sweden worth emulating abroad?

To answer these questions, it helps to to look at six facets of Internet freedom that have come to loom large as ever-greater parts of our lives are lived online: Connectivity, transparency, censorship, surveillance, privacy and copyright. How does Sweden fare in each of these areas?

Connectivity
Sweden is one of the world’s best-connected countries, with around 90% of households having access to the Internet. It was also one of the earliest countries to see a majority of its population online — by 2001 — in part because regulations promoting competition ensured shared access to Internet infrastructure, keeping prices far below the European average.

On the other hand, network operators are free to prioritize the different types of data they deliver to subscribers; there is no legal requirement to be “network neutral”, though most are, given the competitive landscape. Overall, argues Patrik Fältström, head of research at the Swedish Internet infrastructure organization Netnod, the result has been positive: “The access you get when you buy simple broadband access is more open than most other places on the planet,” he says.

Transparency
One response to having so many Swedes online so quickly was to move government services there. In Sweden it has long been possible to file taxes online. Since 2003, Sweden has an e-government task force dedicated to delivering all government services — municipal, county and national — online. By 2008, it topped the UN’s global e-government readiness rankings.

Providing e-services is one thing; compelling government agencies to make their public datasets available online in free and open formats has proven far harder, despite a long tradition of making (analog) documents public. In part, this is due to vague directives that have let reluctant bureaucracies drag their feet.

Sweden thus lags behind “open government” leaders, notably the US and UK, and is alone among Scandinavian countries in not having a national open data portal. There are individual successes, such as the open data portal by Sweden’s international aid agency SIDA. Overall, still only one third of Swedish public data sources are available online in an open and free format.

Censorship
In Sweden there is no law that compels Internet service providers (ISPs) to block access to sites. ISPs voluntarily collaborate with police to block a centralized list of sites trafficking in child sexual abuse.

And yet such a system is not ideal, argues Marcin de Kaminski, an Internet researcher at the department of Sociology of Law at Lund University. That’s because there is no transparency in how the blacklist is maintained. “There is no way to legally appeal a list entry, for instance,” he says, ” and there is no third-party control of what is actually blocked.”

The risk, then, is that an unregulated block list could end up being used as a political tool — perhaps not in Sweden, where trust in the police is high and there is widespread disdain for censorship — but in other countries looking to adopt the Swedish model of Internet regulation. “Even though the Swedish blocklist has these flaws,” says de Kaminski, “it is used as a role model in the European discussion about block lists.”

Surveillance
In 2008 Sweden’s parliament narrowly passed a law that lets its signals intelligence agency (FRA) monitor the content of all cross-border cable-based Internet traffic to combat “external threats” such as terrorism and organized crime — but only after obtaining court permission on a case-per-case basis, and upon the explicit request of government or defense agencies. In 2012 parliament broadly passed the “Data Retention Directive” (DLD) which compels ISPs to store the who, where, and when (but not the what) of online communication within Sweden for six months, in case law enforcement agencies come calling for their investigations with a court order.

The FRA law has proven controversial in Sweden; the DLD law not so much. One reason is that they both exist within a European context, where EU directives guide how national legislatures are meant to implement laws. While the DLD law implements a minimal version of the European Data Retention Directive of 2006, the FRA law goes beyond the directive’s scope by allowing the surveillance of content.

Privacy
Sweden’s Data Inspection Board has long worked to ensure that personal information stays protected when handled by government agencies, businesses and people. The Internet has greatly transformed its role, which now includes combating cyberbullying and regulating use of cloud-based data storage. One complicating factor is that many of the services people use to share personal data — Facebook, Google — lie outside Sweden’s jurisdiction. Another is the natural tension between the right to privacy and the right to free expression and a free press, with that balance scrambled by the rise of blogs and semi-private publishing on social media platforms.

Copyright
File sharing is popular in Sweden, especially among youth, even though much of it is illegal under Swedish copyright law. In an effort to enforce copyright protection online, parliament in 2009 broadly passed a law implementing the EU directive on intellectual property rights enforcement (IPRED). The law allows criminal prosecution and jail terms for heavy illegal file sharers, and compels ISPs to identify suspected offenders upon request by a court of law.

Unlike France, Sweden’s implementation of IPRED does not cut off Internet access for repeat offenders. Swedish courts have also ruled that the right to privacy of suspected occasional file sharers trumps the interests of copyright holders, curtailing IPRED’s scope to more serious cases. Sweden’s IPRED law is currently being challenged in the European Court of Justice for violating European personal integrity laws.

A more encompassing international treaty, the Anti-Counterfeiting Trade Agreement (ACTA) has been signed by EU member states but has not yet been ratified.

Both IPRED and ACTA are proving controversial, especially with Swedish youth. Sweden’s Pirate Party parlayed this popular discontent into its first ever European Parliament seats in 2009. Criticism comes in several flavors: Pirate Party supporters wants to overhaul the very notion of copyright, so that the online remix culture and other non-commercial uses of creative content are exempt from regulation. Says Rick Falkvinge, founder of the Pirate Party: “The civil liberties that our parents enjoyed offline must carry over into the online world.”

Others worry that the enforcement laws being implemented have their priorities wrong, or are too intrusive. Argues de Kaminski: “What we need to do is establish rights and principles of freedom concerning the Internet — so that we have a free, open and secure base to begin with. Then we can start to discuss the necessary exceptions.”

Conclusion
When it comes to assessing the FRA, DLD and IPRED laws, the block list and privacy protections, it is worth remembering that they operate within a specific Swedish context. Replicating these laws may not produce the same results in places that do not also have Sweden’s negligible corruption, high levels of trust in public institutions, and a culture of free expression — non-legislated norms. Internet Freedom in Sweden is determined by more than the sum of its legislative parts.

An edited version of this article is available on Sweden.se, for which it was commissioned.

Some questions for Twitter re censorship

Some outstanding questions regarding Twitter’s new country-specific censorship system:

  1. Mobile clients: Will Twitter’s mobile clients also get the ability to let the user manually choose their jurisdiction, just like they now can on the full browser client? Currently neither the mobile web client nor the phone apps let you. This matters because much (most?) tweeting is done from mobile devices, especially when people are busy bringing down dictators.
  2. Transparency: Twitter says it will promptly notify users if their content has been withheld, “unless we are legally prohibited from doing so.” It also says it will post requests to withhold content to the Chilling Effects website. Does that include all requests, or only those it is not prohibited from posting? Does Twitter anticipate operating in countries where it is illegal to make public the specifics of a takedown request in any jurisdiction?
  3. Country-withheld content: Here is my best guess at how the country-specific censorship system works, based on testing: Before the browser requests new tweets from Twitter’s server, it first checks a cookie to see if the country location setting has been manually overridden. If it has not, then Twitter geolocates the IP address of the browser and filters the resulting twitter feed for that jurisdiction before sending the tweets along to the client. If the country setting has been manually overridden, then the browser sends along the chosen country to the server, which proceeds to filter the feed for that country, rather than the geolocation IP address. Is this correct?
  4. Forms of censorship: Twitter states that sovereign jurisdictions can request the withholding of individual tweets and/or of entire accounts, and also writes that this withholding can only be reactive, in response to “a valid and applicable legal request.” The problem is, I can think of several scenarios where this might not be enough to avoid breaking local laws. For example:
  • France and Germany among others prohibit search engines within their jurisdiction from linking to specific sites they deem illegal. If Twitter is not going to use a block list to pre-emptively withhold tweets containing such links in these countries, will it be breaking the law?
  • If a tweet has been retweeted (natively, or by using RT, or by using quotes, or after a slight edit) by a number of users by the time a withholding request arrives which Twitter agrees to comply with, will there be an effort to remove these retweets in that jurisdiction? Might not the legal entity making the request reasonably expect these to all be one-and-the-same tweet?

How to turn off Twitter’s censorship

It’s clear by now that Twitter’s new censorship regime is a pre-emptive move to keep the scope of censorship to within the jurisdictions of the legal authorities making the requests. This way, if Twitter is obliged by French law to remove a tweet deemed illegal in France, it will only be removed from French timelines — the rest of the world will continue to see it.

In its implementation, Twitter’s censorship system is very easy to circumvent by users — no doubt intentionally. I’ve played around with it using a virtual private network (VPN) to access my account from various countries in various setups; the workaround is trivial, albeit with a few twists.

Twitter’s own FAQ pages give two massive hints as to how to go about it:

  1. Which censorship regime your account will follow is decided by having Twitter geolocate your browser’s IP address to set your “initial country” in the settings.
  2. However, because Twitter might “misidentify” your country, Twitter says you get to manually override the chosen country in your Twitter account settings. Your choice is saved as a cookie in your browser. Twitter says it does not store this information on its servers.

Circumventing Twitter’s censorship is not as easy as choosing the “Worldwide” option from the dropdown menu of countries — a choice which you might assume places you outside any jurisdiction.

Choosing “Worldwide” has the opposite effect, in fact: Your censorship regime will automatically default to whatever jurisdiction your browser finds itself in. So if you choose “Worldwide” from a Swedish IP address, your country setting will immediately switch to Sweden. If you later move to an Egyptian IP address, the country setting will automatically switch to Egypt.

The “Worldwide” setting is Twitter’s default. If you haven’t changed your country manually in your account settings, this is how Twitter will choose your censorship regime. (If your IP address is not on the dropdown list of 59 countries, such as for Belgium, then the country is listed as “Worldwide” *.)

What if you are in the US, and want to ensure that your censorship regime stays American when you travel? Even though your country is listed as “United States” by default, that will change when you leave the US, unless you do this: Select any other country, save changes (and provide your password), then select the United States, and save changes. Even though the before and after settings will look exactly the same, you have now forced the browser to choose the US as your country, as opposed to whatever country you happen to be in.

But regardless of what country you happen to be in, why not choose one with best practices in free speech? A quick look at the Press Freedom Index shows that the Netherlands, Sweden and Switzerland are great choices. The governments of the Netherlands and Sweden in particular have been vocal in their defense of the net freedom agenda.

I’ve confirmed by using the same Twitter account on several browsers simultaneously across different IP addresses that the country setting for each browser is independent, saved locally in a cookie. This means you can have a second browser set to a different country, in case your default setting coughs up a censored tweet. It’s also a great way to compare and contrast censorship regimes.

In sum, circumventing Twitter’s censorship model is trivial, and I’m sure that’s not because Twitter is incompetent. What I do worry about is that this model is not robust against the future demands of censors. The wording of SOPA and PIPA, had they become law, could have been construed to classify the opt-out nature of Twitter’s censorship model as an enabler of piracy. And what about those Taliban tweets? If the US ever gets around to censoring those, it would certainly not be content with barring them just from the US; Twitter is a US company, and it can be compelled to act globally by US law.

While the newly introduced censorship model will allow Twitter to expand to countries like France and Germany, where historical baggage from World War II results in peculiar censorship regimes, or the UK, which has unique defamation laws, it is possible that new laws or future legal tests of Twitter’s approach will prohibit this censorship model. It’s great of Twitter to try, of course, but it makes Twitter’s expansion into new jurisdictions somewhat precarious, as the company may suddenly find itself faced with the grim choice of having to dismantle its opt-out censorship model in some jurisdictions, or pulling out operations from that country entirely.

Fortunately. Twitter is unlikely to ever set up shop in countries where revolutionaries are still fighting the good fight, and relying on Twitter to do so. In those countries, Twitter will not care about what the regime demands. They’ll just have to block Twitter wholesale, just as Iran, Vietnam and China currently do.

(* I suspect, but cannot prove absent a censored recent tweet to test with, that when Worldwide is selected for an IP address not from a listed country, the censorship regime defaults to that of the US. One reason I think this is the case is that only from a US IP address is it possible to select the “Worldwide” option from the dropdown menu and not have it switch automatically to the current jurisdiction, in this case “United States”. I think this is because the browser compares the two jurisdictions and sees they are the same, so does not bother to force the switch.)

On Twitter censorship: Don’t shoot the carrier pigeon

Twitter’s decision to enable country-level blocking of tweets is a rational response to an Internet that long ago ceased to be that utopian place beyond location. Companies who want to grow global amid the forked legal code of today’s Internet need to follow in Twitter’s footsteps.

It would be great if there were companies that did not want to grow global, who could offer a fortified service from a free speech haven and pay no attention to the thin-skinned legal codes of the world. Such an mission would be difficult to sustain, however: Twitter is not some abstract concept; it costs money to run. Free services need advertising-generated revenue; ads require local sales teams and/or local payment systems. This means local offices, and these are within reach of local laws. A Twitter service used by the world but not paid for by the world is unsustainable. (A hypothetical premium Twitter would have the same achilles heel: local payment systems.)

In terms of fine-tuning its censorship, Twitter is catching up to Google. Google has long had the ability to censor search results on a per-country basis. It also serves mutually exclusive map datasets to India and China, where it is illegal to publish country borders at odds with the official stance. Google does this because it is heavily invested in both countries — not just with sales teams, but with development teams too. Executives face real-world criminal charges for non-compliance, as Google found out in Italy.

A highly relevant question now is: Where should the limits of tolerance lie for Facebook, Twitter and Google when it comes to censorship? When does a country, in Twitter’s own words, “differ so much from our ideas that we will not be able to exist there.”? Let’s say we’re even understanding about Germany censoring Google search for Nazi propaganda and France for Nazi memorabilia. What about the case last week of the Indonesian who posted to Facebook that he did not believe in God, and was arrested for it? Should Facebook remove the post globally? Should it remove it only in Indonesia (something it cannot currently do)? I’d say no in both cases, but many Indonesians apparently prefer not to be confronted with expressions of non-belief in their midst. (The BBC reports the page in question has been taken down, but the group still seems to be up when visited from Sweden. Facebook is able to make entire pages unavailable to specific countries.)

Is this really a fight Facebook should fight alone? Should it be YouTube’s fight to serve videos deemed insulting to Ataturk in Turkey? If we demand Facebook and Twitter and Google exit these markets rather than collaborate with laws odious to our free-speech sensibilities, shouldn’t we demand that other businesses boycott the country in solidarity? And is that really feasible?

When to tolerate censorship, then? It depends. It depends on whether a country is on a trajectory towards more free speech. It depends on whether the local laws in question are created through a broad participatory process that gives them legitimacy. It depends on whether the content objected to is an expression of a fundamental human right, such as a sincerely held belief. More cynically, it depends on whether the company in question has business interests there, chasing a growing user base. (For Google in China, this complex calculation turned against collaboration when it became obvious speech was becoming less free, not more, despite its presence.)

Today’s announcement is a bid by Twitter to ensure that excessive censorship in one jurisdiction does not bleed over into other jurisdictions. In tandem with Google, this approach amounts to a new balance of power between national jurisdictions and the web’s native interest communities. We cannot assume it is a stable equilibrium, however. One risk is that the offer of country-level content blockage is not enough for a censorious regime. It may demand that content be removed globally, else face local legal jeopardy. This is not far-fetched — demands for the removal of military “secrets” from Google Earth make no sense if they can still be seen by everyone except those within a jurisdiction. (So far, with one exception, Google has resisted such requests. China certainly tried.) It is also illegal for Google to post any information about China’s censorship requests globally, as explained in its transparency report:

Another risk is that the outsourcing of censored tweets to chillingeffects.org is only a temporary solution in a long jurisdictional arms race. Censored tweets are currently listed on chillingeffects.org/twitter, where the offending tweet can be read in full, with link and all, thus:

Since Twitter promises to alert us anytime a tweet is blocked, the Streisand effect will likely ensure wide exposure for all content that ends up there. But SOPA and PIPA were phrased to criminalize precisely this kind of “enabling” of piracy by linking, with an added extra-jurisdictional twist: Companies with a US presence would not only be enjoined from directly linking to illegal content, they would also be enjoined from doing business with non-US companies linking to it. I fear non-US legal codes will innovate to mirror this extra-judicial demand, not just for copyrighted material but for all content deemed not in the national interest. China already does (see Google’s transparency report, above).

Finally, one interesting issue I’ve not seen explained by Twitter: The mechanics of this censorship. It sounds as if there will be a block list of links for each country. I assume that once a country demands a link be put on the list, all tweets containing that link will not be shown to Twitter users in that country. But what about tweets that do not contain a link but which merely contain speech objectionable to censors? Will there be a continuously updated list of blocked terms, as is done with Chinese microblogging tools? Or will each individual offending tweet need to be flagged by censors? If it’s the latter, then there is little worry, as the half-life of a tweet is far shorter than a censor’s reaction time. But that is why China sets its own far more onerous rules for those who want to play there.

What if a country with a conservative culture or oppressive regime does demand a list of blocked terms, ostensibly to prevent obscene or defamatory speech? I suspect (and hope) Twitter decides such countries “differ so much from our ideas that we will not be able to exist there.” Twitter could then serve a full uncensored feed to users in, say, Saudi Arabia or UAE or Pakistan; the onus would be on these countries to decide if they want to invest in unilateral blocking technology of the kind China uses for its Great Firewall. That is indeed the route Iran and Vietnam have taken, and which others may yet take as Internet censorship technology gets cheaper and easier to deploy. When that kind of Internet has broadly arrived, we’ll be in the next phase in the Internet censorship arms race.

Collaborative power: The case for Sweden

Two weeks ago in Stockholm, half a dozen technologists hunkered down for a whole-day workshop with Sweden’s foreign-facing government agencies (the usual suspects: The Swedish Institute, VisitSweden, the Swedish Trade Council and the Ministry of Foreign Affairs).

The assignment: Brainstorming the future of Sweden’s digital public diplomacy.

Part of my presentation looked at the evolving nature of the power wielded by states as societies get networked digitally, and how a new theoretical framework might be needed to explain what has been happening in the Middle East and elsewhere this year. Intriguingly, a recently proposed network-centric theory of power appears to favor Sweden’s open and collaborative nature as a multiplier of its influence globally.

Soft power and hard power

The now well-known notion of soft power as a success factor in international affairs was first introduced by the noted political theorist Joseph Nye as recently as 1990, just as the end of the Cold War broadened opportunities for states to pursue goals by means other than the coercive “hard power” embedded in military might and financial means. Soft power works not through coercion but through the attraction derived from positive perceptions of a nation’s cultural and social institutions; states will often attempt to manage such goodwill to shape preferences internationally so that they align with their own interests. (It’s called “nation branding” for a reason.)

Within this soft power/hard power conceptual framework, some states are clearly superpowers. The US has long been one in both dimensions, with military and financial supremacy as well as the lure of its world-beating universities, blockbuster movies, music industry and (until recently) openness to immigration. (Hard and soft power can work at cross-purposes, however: Nye in 2004 argued that the hard power expended on an elective war in Iraq was poisonous to America’s soft power.) Japan is a soft superpower but not a hard superpower. China is a hard superpower but not a soft superpower — its immense social and cultural capital is hobbled by an authoritarian state’s predilection for internal stability and a growing regional hegemony that breeds mistrust among its neighbors. Sweden’s small size and limited resources disbar it from superpower status in either realm, but it does manage to punch above its weight in the soft power stakes, not least because it often inhabits the positive extremes of global indices measuring innovation, economic equality, quality of life, creativity

Power in the networked century

In an oft-quoted article in Foreign Affairs from January 2009 (direct PDF download), Anne-Marie Slaughter — a professor of international affairs at Princeton and an old student of Nye’s — began updating this framework to incorporate the rise of the Internet and the digital networks it affords:

In this world, the measure of power is connectedness. Almost 30 years ago, the psychologist Carol Gilligan wrote about differences between the genders in their modes of thinking. She observed that men tend to see the world as made up of hierarchies of power and seek to get to the top, whereas women tend to see the world as containing webs of relationships and seek to move to the center. Gilligan’s observations may be a function of nurture rather than nature; regardless, the two lenses she identified capture the differences between the twentieth-century and the twenty-first-century worlds.

Slaughter sees the rise of digital networks as fundamentally positive for American power — hence the title of her piece, “America’s Edge: Power in the networked century”:

In this world, the state with the most connections will be the central player, able to set the global agenda and unlock innovation and sustainable growth. Here, the United States has a clear and sustainable edge.

Collaborative power

Since then, her thinking has evolved. Back in 2009, she did not explicitly refer to the hard power/soft power framework of her mentor, but in a new article published a few weeks ago in The Atlantic, she contends that Nye’s framework lacks analytical clout with the kind of power that dramatically upended a slew of regimes in the Middle East this year.

Her main point is that Nye’s concept of power is limited to that of “power over” others, whereas the new kind of power mustered on Tahrir Square and in Tunisia is “power with”. The former is top-down, defined in terms of relationships between groups (“relational power”), while the latter is bottom-up, guided and enabled by the logic of informal networks, including digital ones. The term Slaughter settles on for this new power varietal is “collaborative power”.

Briefly, (do go read her piece), Slaughter juxtaposes some key traits of relational and collaborative power. While relational power is wielded by a specific group to command action, collaborative power can be mobilized by calls to action from any number of connected groups with an urgent need. While relational power aims to control agendas and hierarchies so as to better shape the preferences of others, collaborative power is all about broadening access to the network, and adapting one’s own preferences to better communicate with it — to better “move to the center” of the network. Collaborative power “is an emergent phenomenon — the property of a complex set of interconnections. Leaders can learn to unlock it and guide it, but they do not possess it.”

How is the United States positioned to “unlock and guide” this collaborative power so it aligns with its own interests? How is Sweden positioned?

Advantage Sweden

In her 2009 essay, Slaughter lists a series of cultural, social and demographic traits the US possesses which give it an edge in this “networked century”. In most cases, to the extent that these traits favor the US, they also favor Sweden. My hypothesis is that Sweden is very well positioned to become a collaborative superpower, in some case more so than the United States — especially in the Middle East.

Small population

Slaughter posits that in the networked age, a small population is an asset: While territory and population are certainly resources that have contributed to hard power, global trade now ensures that a state’s wealth is no longer tied to the size of its internal market. Smaller populations are more manageable, politically, in part because they are less prone to secessionism. Slaughter considers the US, with its 300+ million people, to have a limited population, at least when compared to that of China or India.

At 9.4 million, Sweden’s population is similar to that of New York City, and over an order of magnitude smaller than that of the US. And while the US is not riven by secessionism (pace Alaska and Texas and Puerto Rico and Hawai’i) its political system is besieged by an increasingly ideological intransigence that has some regional bias. In Sweden, meanwhile, mere policy tweaks separate the left from the right, and the electorate resolutely favors technocrats over populists.

Immigration

Immigrants are an asset in the networked age, because they contribute strong trusted connections back to their country of origin, facilitating trade and the spread of ideas. (The Economist most recently chimed in on the benefits of diaspora networks.) America’s famed heterogeneity is rightly tagged by Slaughter as a magnet for the world’s creatives and entrepreneurs, no matter what their origin.

But while the US has always been attractive to immigrants, America’s immigration policy is no longer requiting their overtures. Post 9/11, there’s been a turning inward, a hardening towards the notion of immigration. Slaughter acknowledges this, calling for US immigration reform that recognizes the positive impact of diaspora communities.

Sweden, in contrast, is often perceived as a homogeneous nation of blue-eyed gentle giants. But the numbers tell a different story. 14.7% of its population is foreign-born, a percentage that is rising. The US foreign-born population stands at 12.5% of the total, and is stagnant or declining in absolute terms. Granted, a portion of Sweden’s foreign-born population, like myself, hails from the rest of Europe, but that is the case for the US as well.

Sweden has long had a generous asylum policy, welcoming Chileans fleeing Pinochet, Iranians fleeing the mullahs, and most recently, Iraqi Assyrians fleeing religious persecution in the aftermath of the Iraq war. One town alone in Sweden took in more Iraqi refugees than all of the United States combined.

And alone among its Nordic neighbors, Sweden appears to have inoculated itself against immigration fatigue; the anti-immigrant Sverigedemokraterna party remains on the fringes, with a stagnant 5-6% support in opinion polls.

Immigrants, then, are set to remain a strong asset for Sweden in forging trusted networks with the rest of the world.

Global engagement

Another competitive advantage, according to Slaughter, is that America’s youth is increasingly seeking international exposure.

John Zogby, the influential pollster, calls Americans between the ages of 18 and 29 “the First Globals,” a group he describes as “more networked and globally engaged than members of any similar age cohort in American history.”

The problem is that global engagement has historically not been America’s strong suit (with a notable and appreciated exception in WWII). It’s great that this latest cohort of Americans to deserve a moniker are using their passports “far more frequently” than older generations, but the historical comparisons are not that hard to beat.

It’s safe to say that nothing comes close to the Swedish zeal for global immersion. Swedish backpackers swarm the hostels of the world, while Swedish families lord it over the slopes and beaches. The evidence is not just anecdotal: Some rather gruesome statistics for the 2004 Indian Ocean earthquake and tsunami list casualties for countries that lost citizens travelling abroad in the region. Sweden suffered 543 casualties in that disaster, second only to Germany’s 552, and compared to 51 American deaths. The casualty rate per million inhabitants is truly shocking: Sweden lost 58.1 citizens per million, followed by Finland’s 33.4 and Norway’s 17.3. The United States, in comparison, lost 0.2 citizens per million. In terms of global engagement, the First Globals have a lot of catching up to do.

Innovation

Slaughter argues that the United States is far more innovative than China, because innovation requires a cultural inclination towards “constructive conflict”, the kind that drives creative destruction and which is found “on American playing fields, in American courtrooms, and in the American political system.” Innovation requires not just critical thinking but the challenging of authority, says Slaughter, and that is a trait China’s rulers are simply not willing to encourage.

The comparison to China is understandable, in view of the oft-proclaimed trope that this is Asia’s century. But the conflict model of innovation is not the only model available to the Chinese as they seek to emulate western success in the information economy. The Swedish innovation model, much admired by visiting Chinese dignitaries when it was the centerpiece of the Swedish pavilion at the Shanghai Expo in 2010, stresses a catalytic role for the state in fostering collaboration between companies, universities and research institutes. A Swedish governmental agency, VINNOVA, actively searches out societal challenges to prioritize, then sets about building broad consensual alliances to tackle them. Its strategies include:

Promoting new, cross-sector collaborations to find solutions to needs; solutions to social and societal challenges are rarely found in one traditional sector or a single research field. New collaboration patterns are emerging between actors in different value chains; for example ‘green urban transportation’ is being developed at the interface between energy, automotive engineering and ICT.

Hints of this kind of strategizing can be found in how China has begun promoting industry alliances around emerging green technologies.

Different innovation models suit different national temperaments born of historical contingencies — Sweden and the US should under no circumstances switch models. Two observations are worth making, however: First, conflict-driven innovation is not as network-friendly as collaborative innovation — the former is firmly rooted in the dynamics of relational power. Collaborative innovation is far better suited to the projection of collaborative power, according to Slaughter’s own network-centric theory of power. Second, global innovation metrics show that while both Sweden and the US do well in global rankings (Sweden comes second after Switzerland, the US is in seventh place, vs 29th place for China) most other countries in the top 10 have innovation models similar to Sweden’s. America may be exceptional, but it is not peerless.

Trust and transparency

Slaughter writes in her 2009 essay:

Although trust and transparency are not unique to the United States, it is still one of the most open societies in the world. The Internet world, the wiki world, and the networked world all began in the United States and radiated outward.

The US sets the gold standard for its embrace of open government data, especially after the initiatives by Obama’s administration over the past few years. Most NGOs that embrace networks to mobilize for government accountability, net freedom or democratization have American roots, a marriage of America’s talent for civic-mindedness with a vibrant can-do hacker culture. The academic institutions studying Internet and society are also predominantly American. Events such as the Personal Democracy Forum in New York are a Mecca for networked activists the world over. Such thought leadership is a great asset in the networked era.

But hard power prerogatives can and do undercut this reputation. The US government’s reaction to the Wikileaks diplomatic cable dump betrayed a controlling muscle reflex over American companies such as Mastercard, Paypal and Amazon that worked against the public interest. America’s hard superpower legacy requires it to adopt all kinds of realpolitik-al stances that are inimical to the ideal of openness and transparency. The public airing of such machinations through Wikileaks led to a hypocritical and extrajudicial response that even Slaughter was caught up in.

Sweden’s diplomacy is a far more open book, with a foreign minister that tweets from the hip, and where the electorate expects public positions on international issues to match what is privately communicated. Of course there is secrecy, but it is in the service of discretion, not conspiracy. I suspect an equivalent leak of Swedish diplomatic cables would be far less damaging to Sweden.

Middle East politics

In the Middle East, America’s legacy of hard-power politics interferes with the trust-building needed to direct collaborative power. US-funded initiatives to promote Internet freedom and digital activism are seen as tainted with murkier US policy goals. Tunisian blogger Sami ben Gharbia spelled out the problem at length in a much-noted essay from 2010, when the US still counted Mubarak and Ben Ali as allies:

I don’t see the new [US] Internet Freedom policy as independent from the broader and decades-old US foreign policy, which has been based on practical rather than ethical and moral considerations such as the support for human rights. As we all know in this part of the world, in the name of a short-termed realpolitik, the US has been supporting all kind of dictatorships at the expense of democratic and reformist movements and aspirations.

Over the past four years, Sweden has funded an initiative in the Middle East to build trusted networks between young activists and opinion leaders, both across the region and with their Swedish counterparts. Each year, participants in the Young Leaders Visitors Program (YLVP) are invited to Sweden for a few weeks of networking, training, seminars and internships. Some alumni have ended up among the youth leaders of the Arab Spring. (Full disclosure — I have been involved peripherally with training and reporting.)

Sensitive to the possibility that Sweden sponsoring such a program might be characterized as outside meddling in the internal affairs of another state, we surveyed YLVP alumni for feedback in May 2011. A large majority said that such a characterization would be unfair. Surprisingly, to the extent that some felt YLVP did amount to “outside meddling”, they were in favor of it.

We then asked how they would feel if YLVP were funded by a country such as the US, UK or France. A larger group was wary. Polled for their reasons, here are some typical responses:

“It’s a Swedish initiative and so it should stay. Sweden is perceived as being neutral while if France or the US started to sponsor such programs, we would start to question the neutrality of the program.”

“Having the UK, US or France organize any event targeting youth will definitely raise red flags, which means they might be perceived as holding a different/unknown agenda to take advantage of the fragile situation in the Middle East. I dont think any Jordanian, as a result, would participate.”

In fairness to Slaughter, she was well aware in early 2009 that President Bush’s disastrous Middle East policies would take some time to recover from:

On January 20, 2009, Barack Obama will set about restoring the moral authority of the United States. The networked world provides a hopeful horizon.

But the networked world has not so much served as a tool in this restoration as an autonomous organism highly attuned to discrepancies between words and deeds. In the Middle East, Obama’s two inspirational speeches on US diplomacy in the region were no match on Twitter for his administration’s subsequent inability (or unwillingness) to hold its closest allies — Saudi Arabia, Israel, Bahrain — to account for their continued flouting of human rights laws.

In her Atlantic article from two weeks ago, Slaughter’s case study on the effective use of collaborative power narrates the recent spontaneous Twitter initiative to press for the release of the Egyptian-American journalist/activist Mona Eltahawy after she was detained by Egyptian security forces near Tahrir Square. I do not however see this as an example of the state mobilizing a networked collaboration of activists to achieve a positive outcome — rather, the reverse: Activists successfully mobilized America’s hard-power influence over the Egyptian military regime via Slaughter’s State Department contacts.

Horizontal societies for horizontal networks

Slaughter’s 2009 essay also identifies a social trend in the US that impedes it from benefiting fully from the horizontal nature of networks:

A networked world requires a genuinely networked society, which means fostering economic and social equality. The United States has never been as egalitarian as it imagines itself to be, but this divide has worsened in the past decade, as the rich have become the superrich.

While the Kingdom of Sweden is also not as egalitarian as it imagines itself to be, it is by at least one major measure the world’s most egalitarian society: Sweden’s Gini coefficient, which measures income inequality, is the world’s lowest at 0.23. (The US, at 0.45, ranks 100th out of 140, according to the CIA World Fact Book). Other more offbeat pointers to a deeply horizontal society include sky-high choral participation rates, near-universal Internet access, the concept of “lagom“, and the invention and embrace of the ombudsman.

A division of labor?

At the risk of having been long-winded, I hope I’ve made the case that Sweden is well positioned to thrive in the networked century. A nimble, innovative and open society such as Sweden has all the right qualifications to mesh itself deeply within trusted networks that are able to mobilize collaborative power.

The notion of Sweden as a collaborative superpower can sound boastful to modest Swedish ears, but it is important to remember that collaborative power is not the ability to command a network; rather it is the ability to align with a trusted network so that common ideals can be fought for and achieved far more effectively.

Many of these ideals — open societies, democracy, Internet freedom — are shared by the US, Sweden and by the Arab youth at the vanguard of the Arab revolutions. But if a lack of trust is preventing US-funded initiatives from effectively connecting with the networks driving these revolutions, then perhaps the best solution is for the US not to spend more resources knocking on locked doors. Leave the job of networked collaboration in the Middle East to countries not afflicted with hard power, such as Sweden.

The distinction between soft power and collaborative power can be blurry at the edges: Much of what contributes to soft power can also position a country for collaborative power. But soft power is often a resource-intensive pursuit — money does buy brains, build research institutes, and feed starving artists — whereas collaborative power is relationship-intensive — its currency is trust, which enables collective action towards a common goal. And Swedes are easy to trust, in part because they are always seeking consensus: It is what knits together their choirs, what underpins their collaborative innovation processes, and what drives their diplomacy.

Digital public diplomacy strategies for Sweden

The ideas brainstormed at the workshop on the future of Sweden’s digital public diplomacy are still far too tentative to sketch out, but it’s worth musing on some general strategies for Sweden that a network-centric world implies.

In a collaborative power dynamic, the network quickly disseminates best practices for the good of all, with a concomitant boost to the reputation of the originator. In this context, gaining reputation is akin to “moving to the center” of a network, improving both the quantity and quality of connections. This should be Sweden’s aim in its digital public diplomacy.

Sweden has plenty of best practices to share with the world — and the world has plenty to share with Sweden. For Sweden’s foreign-facing government agencies, the challenge becomes ever tighter integration and interaction with the networks along which these ideas travel.

Where networks are scarce, it is in Sweden’s interest to build up their physical capacity. As a nation-state, Sweden has considerable resources available (when compared to NGOs and civil society actors) to build the foundations for networks that can grow autonomously around prioritized issues. Both YLVP and She Entrepreneurs, a network connecting young female social entrepreneurs in the Middle East with mentors in Sweden, are great examples of such capacity building.

Finally, even open networks need to be trusted before they can be used to build trust. For digital networks, this means they need to be safe and secure for users, regardless of where they live. Power attracts attention, and the collaborative power residing in a network is no different. Digital natives cannot afford to be digital naïfs about the fact that censorship, surveillance and cyber-attacks constitute a real systemic risk to networks. The Swedish state should not be responsible for securing such networks but it can work with others do get the job done. Fortunately, Sweden has recourse to some great hacktivist talent.

So: Build networks, secure networks, engage networks. These are three useful motifs around which Sweden can structure its future digital public diplomacy efforts. The devil is of course in the details.

In Slovenia, panoramic photography comes under regulatory attack

In the European Union it is in the main legal to take photographs from public spaces and then publish them, even if they include identifiable people — and people do so every day in the millions to sites like Flickr, Facebook, Twitter, or to their own blogs. This precedence of the right to free expression over the right to privacy in the public space is a long-standing legal norm, and it has made possible some of the past century’s best photography — street photography, pioneered by the likes of Henri Cartier-Bresson and Robert Frank, who obsessively recorded the everyday gestures and habits of urban life, away from the headlines of the day.

In Slovenia, however, the past few months has seen a bizarre new legal constraint emerge: Should you take photographs in a public space in Slovenia that are social documents but not newsworthy (for example of a street merchant, or a moped driver) and opt to transform them into a 360-degree panorama format before publishing them, you are now obliged to first remove all recognizable faces, or face fines. Furthermore, this decree is applied retroactively, to all panoramas ever taken in Slovenia.

What happened? The Slovenian information commissioner has decreed that 360-degree immersive panoramas by their very nature cannot have the same purpose as conventional photographs, but also that the balance of rights between free expression and privacy depends on a photograph’s purpose — in this case, as expressed by the photographer’s choice of technical format.

The upshot is that if the following panorama had been taken in Slovenia, all faces would need to be removed before it can legally be published online, because it does not indisputably record a newsworthy “event” such as a concert, protest march or accident, even though it is clearly an example of street photography:


Tin suq, Sana’a, Yemen in Yemen

A conventional photograph in the genre of street photography, however, would have no such constraints, even if it is more invasive of individual privacy in the pursuit of free expression:


Chinese-Arab cultural exchange in Alexandria, Egypt

What is currently unclear, however, is if conventional photography taken in Slovenia that does not pass muster as street photography — with an architectural object as its subject, or a snapshot of friends with strangers in the background — requires the anonymization of people in the image:


Building with Verandas, Kashgar, China

(So that we’re all on the same page: 360-degree panoramas are made by taking several wide-angle photographs from the exact same spot and then using computer software to stitch them together so that they seamlessly portray the view in all directions. The resulting image can be displayed as an interactive experience on a computer screen, an equirectangular flat image format or as an image in any number of different projections. There are edge cases too: A conventional-looking flat photograph may be stitched together from several component images, such as this one (6 images) or this one (5 images). There are panorama cameras that take ultra wide-angle conventional photographs, while smartphone applications let consumers sweep their phone camera to make panoramas, up to and including 360-degree panoramas.)

So how did an arbitrary technical distinction come to decide whether an uncensored photograph is legal or illegal in Slovenia? The following is a cautionary tale of what happens when non-technical regulators meet a new-to-them technological innovation they are ill-equipped to judge. It is also a case study of how Google, by voluntarily implementing facial blurring in its relatively new but hugely popular Street View automated 360-degree panoramas, created norms in the minds of regulators that they are now eager to set in stone legally. By focusing on the technical details distinguishing Street View from more conventional photography formats, these regulators have managed to condemn an entire emerging field of photography to burdensome and invasive censorship requirements that are impossible to scale without Google-sized automation resources.

(This is perhaps a good place to mention that there is currently no Google Street View in Slovenia, and there likely won’t be for some time. That’s because Slovenia said it would require Google to keep the raw Street View images in Slovenia until they were blurred — no unblurred images were allowed to leave the country. Because the blurring makes use of Google’s servers, none of which are in Slovenia, Google respectfully declined to add Slovenia to its Street View program.)

Slovenia’s unfortunate regulatory turn came to a head because Slovenia happens to be home to Boštjan Burger, one of the pioneers of immersive photography. For almost two decades, Burger has been recognized inside Slovenia (and abroad) as an important cultural geographer, collaborating with museums and schools to create immersive exhibitions and courseware using his panoramas. Years before Google Street View, he was creating panoramas of everyday street scenes in Slovenia; in these scenes, he didn’t blur faces — his intention was to be a social documentarian, where these individuals are part of the story. He hosted this “open-air museum” on his personal website.

In July 2011, out of the blue, he was placed under investigation by Slovenia’s information commissioner. The (anonymous) complaint: He was making personally identifiable information available in his panoramas, because he hadn’t blurred faces. Never mind that his 11,000 panoramas had been published on his website for years without issue; pending the result of the investigation, Burger was told his panoramas were “most probably illegal” without facial blurring, and so he opted to take many of them offline.

In September 2011, the office of the information commissioner released a legal opinion which stated that conventional street photography engaged in social documentation did not need to have faces removed under Slovenian law, but that panoramas such as Google Street View did, because Street View’s purpose is as tool for getting a sense of the architecture of a place or for finding a location, not social documentation. When the purpose of a photograph is not social documentation, an individual’s right to privacy gains precedence.

This prompted more questions: Who decides what the purpose of a photograph is? Who decides what passes for social documentation? How can a photograph’s format determine its purpose? Burger asked these questions.

In October 2011, in response to Burger’s requests for clarification, the information commissioner released a directive (not online) which explained what kinds of panoramic photography can legally be published in Slovenia with faces unblurred. The directive decided there were just three different kinds of panoramas:

  1. Panoramas without identifiable people in them — these are not in contention.
  2. Panoramas of events such as concerts, protest marches, accidents — in these cases, the photographs have some news value, and so faces need not be blurred, for example if published on a news site.
  3. Photography of public spaces without newsworthy events, where the purpose is to show the architecture or scenery of a specific place — this kind is meant to contain Street View-type panoramas, and here people’s faces must be anonymized. The commissioner decided that a portion of Burger’s panoramas are of this kind. (There is no fourth kind, for social documentation in non-event situations, which is what street photographers most often pursue.) In addition, Burger may not send the original unblurred versions to others in Slovenia or abroad. He faces fines of up to 5,500 euros if he does not comply.

Burger told me that in face-to-face meetings at the commissioner’s office, he was told that this test of newsworthiness, although applied just to panoramic photography in the directive, was in fact valid for conventional photography as well. He then decided to comply with the directive for the long term, either by keeping his panoramas offline or by creatively masking faces on published panoramas so that individuals were not recognizable.

When news of Burger’s meeting spread through the Slovenian photographers’ community, it was immediately pointed out that this test of newsworthiness directly contradicted the legal opinion from Sept 2011, which had specifically upheld the legality of publishing street photography with faces unblurred. So Burger asked for a further clarification: He was told in yet another meeting that the September 2011 opinion defending street photography was only meant for “master photographers” and artists, pursuing creative work. Of course they would not need to blur images if they were exhibiting their work in a gallery or book, for example. In any case, there would be a further statement, he was told.

That statement arrived today.

In it, the commissioner first references Wikipedia to define street photography and then apparently concludes that while this kind of photography has broad legal protection, the test for what constitutes street photography is also rather precise: (Translated via Google Translate, edited for clarity)

In the opinion of the commissioner, street photography is a photograph of the individual in special circumstances, situations, interactions with living and inanimate nature, or with other individuals. The point [of the photograph] is therefore an individual — a representation of an individual as an integral part of society. It is not so important where exactly a person is depicted. The focus is on an individual’s social position and the consequences resulting therefrom, and his/her interaction with other individuals and the environment, and expressed feelings. The location where the photo was taken is of secondary importance.

It is important to note here is that the commissioner is referring to photography in general. There is apparently a class of photographs — those which are neither street photographs nor news photographs — that do not deserve the same legal protection, for example because their purpose is depicting architecture or perhaps because they fail to be sufficiently artistic. In this class of photographs, whether they be flat or panoramic, the right to privacy of the individuals in them would appear to trump the right to free expression by the photographer. This amounts to an opinion with far wider consequences than the original judgment against 360-degree panoramas.

She also argues that 360-degree panoramas in particular — “spatial photography” in her parlance — cannot fall under the street photography rubric because in panoramas location is important, by her reckoning.

A key element of street photography is that the picture depicts an individual. If you show exactly where a photo was taken, the individual is possibly one element in the interpretation of images, but not its essential part. A photo where the presentation of a location is more important than the presentation of the individual as a rule does not fall within the definition of street photography.

We are also told that it is the photographer who is responsible for determining whether a photograph qualifies as street photography and thus can escape the removal of faces:

Clearly, whether a photo is street photography or not should be determined on a case by case basis. This is the primary task of the photographers themselves […] and of course the editors and curators.

The photographer does not escape liability however, should he/she make this determination incorrectly:

Liability for the lawful processing of individual images as street photography is with the photographer. […] Otherwise, there may be an inadmissible interference with personal rights, and this will be protected before the competent courts.

Finally, we are told why specifically all non-newsworthy panoramas must have faces removed. It is because panoramas make it clear where and when they were taken that individuals who find themselves in them must have greater privacy protection:

The essence of space photography (when not a depiction of an event) is a pictorial depiction of the environment surrounding the camera. The location of the photo is thus an intrinsic part of the spatial image. Also, because of the special technique used to produce spatial photographs, individuals cannot be the central motif — the finished product can even be disturbed by them. […] According to the commissioner, an individual whose recognizable image becomes an integral part of spatial images does not only enjoy the protection of personal rights, but also enjoys personal data protection. Spatial photography not only reveals his/her identity, but also reveals his/her personal data, for example a very precise location and possibly also a time when he/she was at this location. [… Before publishing a spatial image, a photographer needs to] obtain the individual’s prior consent, or in the absence of this consent, make the individual unrecognizable.

The argument that only panoramas can expose an individuals’ personal data is quite odd: Any photograph taken in front of a landmark automatically does the same for location. All digital photos contain EXIF timestamps that photo publishing sites automatically share. Mobile phone camera applications automatically add GPS-derived location- and time stamps when uploading to Twitter, Facebook or FourSquare. Will these kinds of photographs now also require the removal of faces? And besides, can street photography not also come with location and time data attached?

What next? Burger tells me that there will likely be a legal challenge to the decree, so that it will face a number of tests in progressively higher courts of law — and with any luck, in the European arena, which is usually good about slapping down ill-considered constraints on free expression. And on November 24, the Slovenian Association of Photographers and Journalists will tackle the issue in a public debate that is slated to feature both Burger and the information commissioner.

2011/12/2 Update: After the debate, the commissioner has now come out with a definitive decision. Burger writes (paraphrased somewhat):

The information commissioner of Slovenia has declared that 360-degree panoramas contain personal data. As a database it is under her jurisdiction. Such photography may not be published online unless faces are blurred.

 

Published 360-degree panoramas with unblurred faces are legal only if the publisher has a written permit of all the people in the panorama. The source images from which the panorama was stitched need to be unrecoverably deleted, e.g. destroyed.

 

What about other images published online? That is not data collection, but it doesn’t mean that the publisher is without responsibility. To be “safe”, the publisher (photographer, videographer) needs to get (ex-post) the permission of every individual documented in the image.

The decree is valid for all images taken on the territory of Republic of Slovenia and is retroactive (with no time limit in the past).