Tech Giants In Human Rights Deal

Ostracus writes "Microsoft, Google and Yahoo have signed a global a code of conduct promising to offer better protection for online free speech and against official intrusion." Anyone want to know what this means for China & Australia? I bet it means even less to all of us in America where every major data center has a secret room where the government sniffs our packets.

Talk is cheap

[elrous0]

Unless these companies are willing to stand up and pull out of countries like China if their governments refuse to back down, then this agreement is as worthless as the paper it's written on. The same advice applies to business PR spin as applies to political PR spin: "Look at actions, not words, for the REAL story."

And yes, this privacy policy should apply to the U.S. government as well. No special exception should be made just because the U.S. President runs around yelling "9-11!"

Re:

[Dreen]

I think we all now what this agreement is: PR. Its disgusting, really. I personally highly doubt they will do anything *significant*. They will probably pull off some minor things (probably agreed beforehand with governments in question) just to be able to say "But hey we're doing things!" and continue the PR.

Re:Talk is cheap

[MindKata]

"I think we all now what this agreement is: PR "

My first thought on hearing the headline, was at last. Something good? But yeah, reading the details, its just PR. But the more I think about it, the more its likely to be actually worse than just PR.

Without any legal teeth, this near useless agreement is simply to placate and blind the masses, into believing something is being done to maintain freedom and fairness. So if anything, as it stands, its worse than not having an agreement. Because now, every time something bad is added to Big Brother, they will wave this bit of paper and say something like... "but, everyone, we are thinking of all of you. Look we signed this agreement, to say we care." ... Yeah, right, and its not for their own gain, that they data mine us all and then sell us all to their highest bidder, while silencing any attempt for any news organizations to speak out against them. But then how many of the news organizations are also playing along.

Since the start of the whole web 2.0 user generated content idea became popular, some people in power have said many times, how much they hate user generated content. But then, its no wonder they do hate it, as its likely the only way the full truth is getting out these days. Plus in countries like the UK, they want to create literally Big Brother to monitor everything that is said online. While Australia wants to censor the net. ... Oh sorry Big Brother, should I have also said China was bad... yeah, they are bad, but listen to our media, they constantly point only at someone else, and then look away, when its Big Brother aimed at all of us.

No wonder some people in power want to monitor, control and even at times, silence user generated content. People may actually discuss political points of view, rather than be simply spoon feed points of view, by the large news organizations, like Rupert Murdoch's group.

Machiavelli

[mfh]

This is a nice idea but it won't work. Machiavellian followers agree that treaties are designed to entice your enemies into lowering their guard. The company that abandons this treaty first will gain the most, while the other two are mired in the red tape. And we all know that it is only Machiavellian principles that guide corporations, so I must be right!

Re:Talk is cheap

[elrous0]

You're only obligated to abide by a country's laws if you have chosen to business there in the first place. Just because Saudi Arabia has the death penalty for religious blasphemy doesn't mean I have to move my company in there and help the motherfuckers.

Re:

[probityrules]

Stand up and pull out? No, there's a reason Google's execs are buying fighter jets...

Re:

[Ihmhi]

It's also the reason Google's execs are buying condoms.

Exactly

[Jane Q. Public]

If you want us to believe you, Google, then Do Less Evil!

If you want us to believe you, Microsoft, ummmmm... uhhh... well, you have broken your word so consistently and persistently, and for so long, I doubt we will ever believe you again. You really need to work on that.

Yahoo, just straighten up, will you? If you kept your word while the others continued to be hypocrites, you might gain some real market share!

Good news, but

[aproposofwhat]

I'll bet there's something in there 'respecting local laws' or similar, so the code will have no teeth.

As soon as the Chinese say 'this AC is suspected of being Falun Gong', or the French say 'this AC has a SS dagger for sale', or the Australians say 'this AC has offended Family First', each and every signatory to the code will lube up and bend over.

Sorry, but I don't think Google, Microsoft or Yahoo have the balls to stand up for free speech when faced with a lawsuit.

Re:

[speroni]

Actually they are pushing search engines to respect the relevant country's laws, but also do a little pushing back. If an official in randomforiegncountry asks for the names of some people the company in question is supposed to push back a little and ask if their request is compliant with their own laws. It was cited that often a local official in China would approach a company and ask for names, but this local official isn't necessarily following China's federal laws.

But otherwise I agree, these companies

Re:

[Hal_Porter]

The part about laws does make a difference. In China the constitution is not exactly liberal, but it is more liberal than the behaviour of the police against dissidents would imply.

E.g.
http://en.wikipedia.org/wiki/Constitution_of_the_PRC [wikipedia.org]
Article 35 of the 1982 State Constitution proclaims that "citizens of the People's Republic of China enjoy freedom of speech, of the press, of assembly, of association, of procession, and of demonstration." In the 1978 constitution, these rights were guaranteed, but so were

Re:

[Anonymous Coward]

It's not like we Australians actually have to worry.

The Australian Greens plan to torpedo any Internet censorship bill, and without the Greens, Labour can't pass the bill through senate.

It's really all a big hullabaloo about nothing.

Re:Paranoia

[camperdave]

Yeah! How can the rooms be secret if you're posting them on Slashdot. Now the secret rooms under the ###### ### #########, they are the true danger.

Re:

[sledge_hmmer]

Yeah! How can the rooms be secret if you're posting them on Slashdot. Now the secret rooms under the ###### ### #########, they are the true danger.

I believe you meant, "Now the secret rooms under the {redacted} they are the true danger."

Re:

[sshuber]

I'd personally rather have them sniff my packets than outright block things I love. Australia obviously missed the memo: http://video.google.com/videoplay?docid=5430343841227974645&hl=en [google.com]

Re:Paranoia

[FourthAge]

It's not far off reality. There isn't an NSA room in every data centre, but there might as well be, since their placement at major Internet hubs throughout the USA is equivalent. The [gameshout.com] story [theregister.co.uk] is quite well known.

Re:Paranoia

[krappie]

I used to work as a sysadmin for a major datacenter. There was no room as far as I knew. If there was, it was pretty hidden from everyone.

We did have people from the FBI or Secret Service come in every once in a while and ask for a hard drive out of a server. We'd tell the customer he had hardware problems as we mirrored the drive.

Also, it seems obvious that if the government wanted to spy on traffic, they wouldn't do it at endpoints like datacenters. They would do it at major routers.

Re:

[Enderandrew]

Same here.

Google and Yahoo are both building major new datacenters within 15 miles of me, and Microsoft is building a new one within 100 miles. I plan on checking out all the new datacenters as well when I apply for jobs there.

Re:

[doas777]

yes that is exactly what they do. DataCenters in general is overbroad, so lets call them Telco CommCenters instead.

They don;t have a tap in my companies server room, they have a tap in my companies ISPs server room.

Re:

[JasterBobaMereel]

...and I thought they used ECHELON to spy on all traffic Net, Phone, other ....

Which the likes of US companies could do nothing about ....

Re:Paranoia

[Bender0x7D1]

We did have people from the FBI or Secret Service come in every once in a while and ask for a hard drive out of a server. We'd tell the customer he had hardware problems as we mirrored the drive.

Did you make sure they had the proper warrants? Did you inform the customers of the real reason for the problems if they didn't have warrants, or if they didn't have gag orders? If you didn't protect your customers from federal agents overstepping their bounds, or informing them of the actions of the federal agents, you are part of the problem.

Now, if they had the proper warrants and court orders, then, by all means, you should help them out. If not, then you should tell them to read the Constitution and get back to you when they have done their job properly.

Re:

[canajin56]

If cop shows like CSI are even slightly accurate, if you tell a cop to get a warrant, they get a warrant to search your whole business, then they seize all of your servers and backups to make sure they got the relevant data, and you never get them back due to all the red tape. And since they're the good guys on these shows, I suppose we're all supposed to cheer them on! Just about every time a store owner says "No you can't have my camera tapes without a warrant" good old Jim Brass says "OK, we'll get a w

Re:

[Colonel Korn]

If cop shows like CSI are even slightly accurate

Stop there. They're not.

Re:

[krappie]

Making sure they had the proper warrants wasn't my job. That part was all over my head. My boss would just tell me when someone was coming over to get a drive.

it's not paranoid if they're out to get you

[Rick Bentley]

We did have people from the FBI or Secret Service come in every once in a while and ask for a hard drive out of a server. We'd tell the customer he had hardware problems as we mirrored the drive.

This might be the scariest thing I've ever read. You wouldn't tell the customer that someone showed up with a court order to see the drive and you had no choice but to comply? Did the FBI or SS at least show up with a court order? Did your legal department always review it first, how long did they have to do that? In what way were you bound to not tell the customer?

It makes me itch in a very major way that the customer's legal department never got engaged. I can't imagine that you guys would defend

Re:

[element-o.p.]

Do other /.'ers have experience with being forced to turn over 3rd party private data?

Where I used to work (an ISP), I would occasionally have to provide usage logs, etc. on customers. However, the requests *always* came from the ISP's legal department. If ever I received a direct request (IIRC, it happened once or twice), I sent it to legal before replying with the information. I'd *pull* the data as soon as I got a notice, but I absolutely, positively did not divulge it until my legal department ok'd the request. For that matter, as I recall (it's been a while...), I only gave the inf

Re:

[somersault]

I worked at a major data center about 10 years ago. There was no secret room but there was hidden equipment that belonged to the government. I was fairly high up in the company and I only learned about it years after it was installed. I was never officially told about it, but my boss happened to mention what it was one day. If he hadn't mentioned it, I would never have suspected it was there.

"Damn, this toupee itches! My grandfather stole it from Dwight Eisenhower"

Re:

[laughingcoyote]

We did have people from the FBI or Secret Service come in every once in a while and ask for a hard drive out of a server. We'd tell the customer he had hardware problems as we mirrored the drive.

I strongly hope that you asked for the warrant before sending out the "Sorry for the inconvenience" message, and told them to get lost if they couldn't produce it? Otherwise, I'd sure like to know where that is, so I can avoid it.

Re:

[krappie]

Like I've said here before, knowing about warrants wasn't really my job. I have no clue if they ever had proper warrants.

I probably shouldn't say what company it was, but they had over 20,000 servers when I left. They've grown much more since then. I bet it's the same at any major hosting company. If you have that many servers, you're bound to have some involved in heavy financial crimes or terrorist websites.

Re:

[blueg3]

Perhaps you should clarify, for hyperbole's sake, that there is one NSA room in one major hub. It's well-known now, and the government has gotten quite a lot of crap about it.

Conspiracy theory is when you extend this, sans evidence, to "they must have one in every major hub".

Re:

[element-o.p.]

They don't necessarily have a "secret room", but as I understand, CALEA, etc., requires every telco to have a plan in place to apply a tap to every circuit that they provide.

Yes, I am a network administrator at a telco, and yes, the company I had to work for had to produce a CALEA-compliance plan about a year ago.

Re:

[blueg3]

Now, that's certainly believable. But having a plan in place to apply a tap to every circuit they provide is different from having such a tap active.

I don't really think they should even have a plan in place to do such a thing, but the typical hyperbolic statement is "the government is actively monitoring all of your packets and phone conversations", which simply isn't true.

Re:

[doas777]

No, we just pay attention to Congressional Testimony. http://www.wired.com/science/discoveries/news/2006/05/70908 [wired.com]

Re:

[visualight]

They're not always in a room, in some places they have a cage like everyone else. Referred to as the "fed rack".

Common knowledge, not conspiracy theory.

Re:

[hmar]

Only on Slashdot could you be modded "troll" for calling that a conspiracy theory

except ... morals

[Meneth]

The "principles" they've signed can be disregarded if necessary to protect "national security or public order, or public health or morals".

This is, of course, interpreted so broadly by those in power that the declaration becomes essentially useless.

Re:

[zappepcs]

"essentially useless" ???? How about truly useless?

The simple fact is, as they say, the proof is in the pudding. Had any of these computing behemoths actually previously stood up against governments or oppressive groups in the past, their pact might actually be cause to think brightly about the future. Sadly, historically they have all shown themselves to be in the business of collecting dollars rather than collecting accolades from human rights organizations. Signing the pact does not indicate any true dev

Re:

[gutnor]

I guess we all miss the point here.

It is not about 3 giants agreeing to "defend" Human Rights.

It is 3 giants agreeing between themself that none of them will grow a conscience overnight, starts fighting for Human Rights and makes bad press for the other 2. Example: Google pulling out of China ... that would make MS and Yahoo look so bad. At the end of the day - future money is maybe in China, but today money is still in US/EU.

So, not useless ... for them - just the same kind of PR-spin than DRM.

Re:

[Chris Mattern]

The "principles" they've signed can be disregarded if necessary to protect "national security or public order, or public health or morals".

"We promise to uphold liberty and free speech. Unless they become, y'know, inconvenient or something."

The Bullshit Continues

[nvatvani]

Unless NGO's have an office/unit internally within Yahoo, Microsoft, and Google to oversee their conducts and verify their compliance to the flashy Global Code they are taunting - all this is just a PR stunt.

With ANY company:

• FIRST comes MONEY!!!
• SECOND comes morals (if any, and entirely optional).

Re:

[Enderandrew]

Maybe, maybe not.

When the DoJ was asking for search records, AOL, Yahoo and Microsoft all handed them over, before they were formally asked. Google refused and said they wouldn't hand over data without a warrant.

Yahoo and Microsoft turned over journalists in China. Google didn't want to conform with Chinese censorship, and was the only company to fight China at all. Eventually they conceeded it was better to have an in road in China rather than not do business there at all, but Google is the only one to

sniff away

[Corpuscavernosa]

a secret room where the government sniffs our packets.

I plan on not showering so I can have the most skid-marked packets for their sniffing pleasure.

As for China, I'm sure they'll just going to go along with this. That's what they usually do in reply to any external pressure regarding online rights. They just didn't realize the errors of their ways!

For my own edification

[speroni]

(And maybe some other people)

What does it mean when Google says they will be doing business in china? Would China normally block www.google.com unless they get a business license in China? Is there another reason why the average Chinese citizen wouldn't have access to google.com? (or google.cn or èæOE or whatever?)

Or is this just that Google wants to start selling advertisements in China?

Re:For my own edification

[larry bagina]

They'd probably like to have datacenters in the country to reduce latency.

It doesn't matter what they say...

[gillbates]

Any contract or promise contrary to the law is null and void.

"It is very little more than a broad statement of support for a general principle without any concrete backup mechanism to ensure that the guidelines will be followed."

This is little more than a PR stunt used to shore up their public image. The agreement language is vague, and there are questions about if it is even binding. It can probably not even be enforced, because in most countries, conspiracy is a crime. So if a company should do anything which would hinder prosecution, they could be charged with:

• Conspiracy, if it can be shown that they knew, or should have known, of illegal activity using their systems.
• Obstruction of justice (USA) if it can be shown that they destroyed evidence of illegal activity, or failed to comply with mandatory logging requirements.
• In the US, their assets could be seized under RICO... While this might sound like a stretch, RICO has been used against political protesters in the past.
• In the US, the ability to wiretap voice communications is required under CALEA. The government has made no secret of the fact that even following the law need not be a hindrance when there's a question of terrorism involved, and has punished companies which refused to break the laws regarding limits on surveillance.
• Given that there is legislation pending, or perhaps even signed into law, which allows civil forfeiture for copyright violations, trumping up "probable cause" to seize a company's assets is little more than a paper shuffle these days. If the war on drugs is any indication, the government will use laws such as these to ensure that companies are "cooperative" with its surveillance efforts, legal or not.

I'm not counting on this having any effect other than people saying, "Look, Google really isn't evil!". Which is exactly the intended effect.

Re:

[Spy der Mann]

Any contract or promise contrary to the law is null and void.

I'd like to know which specific law you're talking about. The Patriot Act? DMCA? The US Constitution?

Re:

[robinsonne]

IANAL but from what I remember from from business law classes in school, contract law says something to the effect that: Any contract or promise contrary to the law is null and void.

You can't have a binding contract to do something illegal (as part of the contract)

Re:

[element-o.p.]

In the US, the ability to wiretap voice communications is required under CALEA.

Not just voice -- ISP's providing broadband Internet service must provide the ability to tap customers' Internet traffic as well.

Re:

[Still an AC]

they could be charged with:* Conspiracy

So how come any one was accuses the government of anything is a tin-foil hat wearing conspiracy nut, but the US Government has charged more people with conspiracy then any other crime? Thought police indeed.

Re:

[gillbates]

IOW, that clause about not suppressing free speech is useless if free speech is illegal. Again, it means nothing.

The government, too?

[tgd]

One of my cats was sniffing my packets when I woke up this morning.

Freakin' weirdo.

Enemy at the gates

[not_an_agent]

I'd worry less about the government sniffing and more about double-click, google or other advertisers. They're poised to bombard you with junk created just to tempt you, while the gov can't keep track of its own watchlists. Anyway, you're still allowed to encrypt packets to keep the g-men out... for now.

Protection for us or them?

[tomalpha]

"better protection for online free speech and against official intrusion."

Are they trying to protect us, or themselves against ? Am I getting cynical in my old age, or does this read like it's a demand for less red-tape/taxes etc. dressed up as protecting our rights to free speech?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[BrokenHalo]

Well now, if I hadn't seen your low userID, I might have said you must be new here. Yours seems to be the only usefully informative and insightful post, and as such is entirely out of place on Slashdot.

;-)

How will this be enforced?

[Matt Perry]

There's nothing in the article that talks about how this will be enforced. So, I want to know how will this be enforced? What will be the repercussions for a company that violates the agreement? How will compliance be measured and accounted for? Who will oversee this to ensure that the companies involved are complying? Without answers to these questions this agreement among companies is "just promises." And promises are largely worthless.

The EFF was involved in the deal.

[Spy der Mann]

http://www.eff.org/deeplinks/2008/10/global-network-initiative [eff.org]

For almost two years, EFF has been a participant in negotiations between human rights groups, investors, academics and Internet companies -- including Yahoo!, Google, and Microsoft -- aimed at improving how those businesses deal with free expression and privacy issues around the world.

Today, the results of that discussion have been announced. The Global Network Initiative is a set of principles on free expression and privacy that the companies have agreed to follow in all countries they do business within, together with a set of implementation guidelines and a skeleton for an independent watchdog body that will monitor companies for compliance with these principles.

Still, the EFF isn't completely satisfied with the results:

It's not a perfect set of documents. EFF continues to work in the Initiative, but we do have concerns with the limits of this initial agreement:

        * There is no obligation to inform Internet users of the storage location of personal data, and from where it is accessible.
        * There is no commitment to inform users when they hand over their information to agents of government and law enforcement.
        * There is no binding requirement to develop privacy and anti-censorship technologies and include them in new products.
        * GNI assessors are selected by the companies themselves from a list of neutral groups, and do not have untrammeled access to all relevant company documents.

When it comes to addressing their involvement in worldwide human rights abuses, the first step for Internet companies had been admitting that there is a problem. With the Global Network Initiative, Microsoft, Yahoo, and Google have gone further, and begun to embed human rights assessments into their own company structure. We hope many other companies will join them.

It means nothing in China or Australia either..

[yttrstein]

...for precisely the same reasons.

More corporate BS.

[Quantos]

In pretty much any country of the world they would be forced to submit data for law enforcement issues, and probably taxation purposes(we certainly wouldn't want to short the government what they want, would we?). Then there are lobbyist groups like PETA that might try to interfere with content.

I can't see where anything will change, they certainly won't back you up with legal support to help you maintain your freedoms, even if you're blatantly being abused by some government agency and/or law enforceme

Oh...pack_et_s

[PinkPanther]

a secret room where the government sniffs our packets

I thought I read:

where the gov't sniffs our packages.

Sure feels that way sometimes...sick gov't!

Code of Conduct? Please...

[nysus]

"Code of Conduct" is a euphemism for "idealized behavior that we can put aside when practical reality sets in." What we really need are LAWS that are enforced and that punish people the agencies and authorities in power when they are broken.

Re:Code of Conduct? Please spare me your Whitewash

[misterjava66]

Absolutely. Until money flows out of corporate coffers over this systemetic abuse, Until people go to jail over this systemetic abuse, the rest is just white-wash. Punish people who do bad things. Punish people who enable the doing of bad things, the popular legal phrase is 'conspiricy to commit ...' and 'providing material support to ...'

Where's Cisco in all this?

[oDDmON oUT]

They were largely responsible for the Great [wired.com] Firewall [newsmax.com] of China [wired.com].

So I would think that their involvement, as well as that of Nortel and other network gear OEMs, is more desirable than that of Application/OS/Search companies.

every router/switch forms a fifth colon

[kubitus]

routers and switches can have ( and logic says they have ) a small Trojan Boot Loader (TBL) in their code which listens to traffic from search engines.

the guys from the rooms behind the back-office send a small wake-up packet to a router/switch with a certain serial-number, thus activating the TBL.

The TBL extracts its instructions from the traffic coming from the Search Engine. It loads the spy-program tailored to this very company/institution.

Data reported back is hidden also in traffic to the search e

Bad form

[Oligonicella]

"I bet it means even less to all of us in America where every major data center has a secret room where the government sniffs our packets."

And, since you're willing to make an outright lie such as that, your opinion means what?

How can you say they're "secret" rooms?!?

[ivi]

After all, you've just told everybody about them...

Outrageous!

[Anton Styles]

Yes, because Microsoft is strongly opposed to censorship [slashdot.org].
I wonder how this will apply to the Great Firewall of AUSTRALIA? The news of late has been a magnitude more disturbing than the norm. Reading the signs of the time, it is clear that the elite at the top of the trapezoid of power are preparing to shear the sheeple.
Micro$oft is the opposite of what it claims to be - it is a MegaFirm and not prepared to make any sacrifices whatsoever for Freedom. Moreover, Google isn't really in much of a position to

Mr and Mrs Smith

[westlake]

I bet it means even less to all of us in America where every major data center has a secret room where the government sniffs our packets.
.

The government knows 300,000,000 people who interest it more than you.

The geek is infinitely more likely to sniffed at by his boss, his neighbor, his wife and kids, his dog - assuming he has been out of the basement long enough to acquire one or all of the above.

_____

This being the season of Halloween, I have been wonderingly idly what horrors truly lie behind that

Welcome!

[Un pobre guey]

Welcome, Comrades! [zazzle.com]

Welcome to the Glorious Union of Soviet Capitalist Republics! [zazzle.com]

The real rules of paranoia

[russotto]

1) Any packet which leaves your local network must be assumed to be intercepted by the authorities in your country.

2) Any data provided to anyone you can't personally trust must be assumed to be available to the authorities in your country.

2a) You can't personally trust any corporation, association, partnership, etc.

These apply to _any_ country in any situation.

If you're of special interest to any 1st or 2nd world government, you have to assume

3) All data on your own machines is already compromised, unless

Re:

[alethiophile]

If you're of extreme interest to the US government or any of its allies, you must also assume
4) The authorities can read any of your encrypted data, if they find out it is associated with you, even if they do not acquire the keys.

If you assume encryption is useless, then what's the point? I would think that if you generate the key yourself and no one else knows/has it, then encrypted data is safe (assuming you are using a modern cryptosystem).

Re:

[arminw]

...then encrypted data is safe ....

Unless the rubber hose decryption algorithm is applied to the suspect. Only if the suspect dies first, will the message not be decrypted.

Re:

[russotto]

If you assume encryption is useless, then what's the point?

It's not the encryption is useless, it's that you can't trust it against the full might of the NSA or equivalent. Even for those whose messages would get that sort of scrutiny, encryption is still useful -- for one thing, to hide that the message is of that much interest in the first place.

(Of course, it's possible, even likely, that the NSA isn't _that_ far ahead in decryption. But that's not the way a paranoid would bet)

What the plan really says...

[frank_adrian314159]

I will not try to make myself look more moral than my competitors by raising a stink about (or, even worse, leaving a country over) a foreign government's odious requests.

A great moment in PR

[smchris]

(crick) (crick)

What? There is something else to say?

More concern is censorship

[barv]

Of more concern is censorship, which our government in Australia is reportedly planning. A little bit of censorship is like a little bit of pregnant.

Censorship will not stop powerful memes, which probably grow better in adversity anyway, but it might hinder their development.

I really couldn't give a stuff whether they sniff packets or the chair on which a hot female sat.