Should the private sector protect our online privacy?
By GJ for APCNews
OTTAWA, Canada, 21 September 2011
Increasingly governments are delegating responsibility for content restriction, surveillance, and even internet blackouts to private companies. APCNews spoke with Milka Pietikainen, Head of Corporate Social Responsibility at Nokia Siemens about the role of the private sector in protecting our rights.
What is “corporate social responsibility”? What kind of work do you do?
Each company seems to have their own definition of corporate responsibility. At Nokia Siemens Networks we of course look at the full spectrum of issues ranging from anti-corruption and environment to health & safety and human rights – the umbrella name we give these activities is “Sustainability”. My specific area is “social responsibility” — meaning the whole spectrum, from labor conditions to freedom of expression — as well as employee engagement on sustainability and the various charitable programs of the company.
What are your feelings about big business and human rights? Do corporations have a role or just governments?
We are very happy to see John Ruggie’s report on human rights and transnational corporations as it helps to define the boundaries of responsibility between states and the private sector.
First and foremost, states must live up to their duty to protect the human rights of their citizens. When they do not, it is of course also much more difficult for corporations to live up to their role in respecting human rights. When states are not protecting the human rights of their citizens, the role of corporations becomes complex – especially when what you do is something that can have a direct positive impact on human rights, like allowing people access to communications and information.
We are a telecommunications infrastructure vendor. In our case, we must work to ensure that the telecommunications solutions we provide are used to respect and not infringe on human rights. Human rights issues are multifaceted and hence require governments, the private sector and the civil society to work together for global solutions – there are no quick fixes but there is plenty of room for constructive collaboration.
Should internet intermediaries be liable for what users do on their network? What is their role vis à vis media piracy or content filtering?
I find it a very dangerous proposition that private companies should start policing their users. However, there are cases where I feel that companies have to take part of the responsibility – when governments are not living up to their duty to protect the rights of their citizens.
Nokia Siemens Networks is not an internet intermediary as such, but as part of our portfolio we sell content filtering technologies; things such as anti-spam and parental control software. We realize that some of these programs can be misused for unintended purposes, even to violate human rights. We accept that when selling these products in certain high risk markets, we must carry out additional human rights impact assessments to try to mitigate the risk of misuse.
That is our responsibility. But it is the customer, often the government, that carries out the actual misuse that has to be ultimately held accountable for it.
In response to the internet blackouts during the last days of Mubarak’s regime, an Egyptian court ruled that three major telecoms had violated the constitution by complying with the request without a proper warrant.
Do you think this is appropriate? Should intermediaries be required to deny blackout requests? Is that feasible?
Generally speaking, if intermediaries were required to deny such requests at all times, they would be putting their employees in very real danger and would in all likelihood lose their license to operate in that country as a result. And in the end, the government can still shut down the networks, whether the intermediaries comply or not. To me, this question comes back to your previous question on boundaries of responsibility: if a government demands a company to do something like this, is it really right to blame the company?
These are never simple questions. When things like this happen, the situation in the country is usually extremely volatile, and companies’ first responsibility has to be to consider the very real risks to their employees’ safety.
Also, while these types of law enforcement requests would ideally follow an internationally agreed-upon process – usually these situations happen when a “state of emergency” has been declared. Typically, a state of emergency would over-ride any such process requirements for law enforcement requests.
The solutions to these issues will not come just from the industry or just from the governments or civil society. They require everyone to accept their share of responsibility and commit to constructive collaboration.