Even as governments around the world acknowledged the difficulties inherent in censoring the Internet, legislative proposals continued to threaten free speech. While human rights and civil liberties groups pointed out the global implications for the rights to privacy and free expression represented by such proposals, regulators around the world were quick to refine online monitoring, screening, and other controlling technologies.
Filtering and Blocking
Arguing that national regulatory frameworks are not appropriate to the global nature of the Internet, industry leaders joined forces to create an international Internet content rating system to "protect children and free speech" on the Web. In May they formed the Internet Content Rating Association (ICRA) to facilitate the development of an integrated self-regulatory approach to dealing with "harmful and illegal" content on the Internet.
Human Rights Watch, along with other members of the Global Internet Liberty Campaign (GILC), argued for more deliberate consideration of so-called self-regulatory approaches to Internet content control. The Global Internet Liberty Campaign Member Statement (submitted in September to the Internet Content Summit) further emphasized the danger that rating and filtering systems could, in fact, facilitate government censorship.
The wide-scale deployment of rating and blocking systems could be used by regulators to stifle expression and marginalize any Web sites that failed to adopt ratings. The existence of a standardized rating system for Internet content with the accompanying technical changes to facilitate blocking would allow governments to require Internet service providers (ISPs) and other content access providers (public libraries, schools, etc.) to employ such regimes.
Exemplifying this possibility, the Australian government on June 30, 1999 approved the Broadcasting Services Amendment (Online Services) Act (scheduled to go into effect in 2000), which would force Australian ISPs to remove objectionable material from Australian sites and to block access to similar sites overseas. Material suitable for blocking was to be identified based on existing national film and video classification standards. The new law placed sweeping restrictions on adults providing or gaining access to material deemed unsuitable for minors.
In Bahrain, Iran, Saudi Arabia, the United Arab Emirates, and Yemen, ISPs either under government orders or pressure all blocked Web sites on the basis of their content. At least in the first four of these countries, blocking extended to cultural and/or political content. Proxy servers such as the ones in place in the U.A.E. and Saudi Arabia could be used by authorities to track which computer terminals were accessing which Web sites and for how long. While U.A.E. authorities denied monitoring individual Web use, Saudi Arabian users who requested blocked sites received a message on their screens warning that all access attempts were logged.
State-controlled or state-influenced ISPs in Tunisia, Iran and Bahrain blocked Web sites containing political or human rights criticism of their governments. Tunisia acknowledged blocking only those sites that offended moral values, but apparently this included the sites of various human rights organizations critical of the government.
Videsh Sanchar Nigam Ltd. (owned by the Indian government) was the nation's largest Internet service provider and controlled the international Internet gateways used by ISPs in India. During the last week of June, at the height of the Kashmir crisis, Internet users in India could not reach the online news site of the Pakistan daily Dawn, which was known for its independent coverage of the crisis. Fearing that VSNL gateways blocked access to the newspaper site, other Web sites began posting information explaining how surfers from India could break the blockade, and a number of mailing lists began circulating articles from Dawn in text format.
Radio B92, the leading independent radio station in Belgrade, Yugoslavia, was banned in March but continued to broadcast news on the Internet. Renamed B2-92, it re-launched its Web site
In late 1998 the United States Congress passed the Child Online Protection Act (COPA), making it a crime to publish "any communication for commercial purposes that includes any material that is harmful to minors, without restricting access to such material by minors." In April the U.S. Department of Justice appealed a federal appeals court ruling declaring the law unconstitutional, the result of a lawsuit brought by opponents of the COPA.
Monitoring and Surveillance
Governments rarely admit to "eavesdropping" on e-mail, and it is extremely hard to ascertain whether government monitoring is occurring when most information about monitoring mechanisms is classified. But during 1998 official disclosures in Europe and Australia provided a glimpse into one such system, a monitoring process referred to as ECHELON. According to a January 1998 report published by the Scientific and Technological Option Assessment (STOA) unit of the European Parliament, ECHELON formed part of the UKUSA spy system and was designed for primarily non-military targets: governments, organizations and businesses. The system operated in virtually every country and intercepted fax, e-mail and telephone messages routinely and indiscriminately.
In Britain, the Home Office announced a number of proposals in a June 1999 consultation paper on the interception of communications. Future laws based on these proposals would require "communications service providers" to integrate government interception facilities into their networks, including the Internet, at their own expense. These proposals followed the specifications secretly agreed by European police officials in ENFOPOL plans revealed the previous year. (ENFOPOL was a standard European Commission classification for documents concerned with law enforcement matters.) The British consultation paper also argued that the maintenance of an interception capability was a basic requirement for providers of communication services in countries such as France, Germany, the Netherlands, Sweden, Canada, the United States and Australia.
On April 2, the Second Chamber of the Dutch Parliament approved a new Telecommunications Act that included a chapter intended, among other things, to force ISPs to facilitate monitoring by the police and intelligence services.
In April, an Internet service provider, Singnet of Singapore, apologized to its subscribers after scanning their computers without their knowledge. Singnet had asked the Home Affairs Ministry to check the computers of its 200,000 subscribers during a computer virus scare.
In Russia rules requiring ISPs to provide the security service with complete access to users' e-mail were challenged by an ISP based in Volgograd. The rules, known as System of Efficient Research Measures 2 (SORM-2), were written by the Russian Federal Security Services and the State Communications Agency in 1998.
In the Middle East and North Africa, where many governments routinely tapped the phones of potential dissidents, Internet users in many countries, including Bahrain and Tunisia, suspected that the right to privacy of correspondence was being violated by government surveillance of e-mail communications. One Bahraini spent more than a year in jail on suspicion of e-mailing "political" information to dissidents abroad.
Under India's License Agreement Provision of Internet Service (provision 1.10.3), ISPs had to maintain logs of all Internet users and the service they were using. These logs, as well as copies of all the packets originating from the customer premises equipment (CPE) of the ISP, had to be available in real time to the government telecom authority (in other words, the telecom authority had access to live communications).
According to BBC News Online, a Sri Lankan government minister admitted in August that he had intercepted a personal e-mail sent to the leader of the country's opposition.
China continued its crackdown on Internet dissent by explicitly prohibiting the transmission or posting of what the government considered "anti-government propaganda." In January 1999, a computer technician, Lin Hai, was sentenced to two years' imprisonment by a Shanghai court for giving the e-mail addresses of 30,000 Chinese subscribers to a dissident site that published an online magazine from the United States.
In a worrying development, Internet providers and telecommunications companies in many countries could be forced to build special data taps into their Internet servers to allow government security agencies real-time monitoring of every e-mail message and Web page sent to or from their servers. This could allow government agencies to circumvent national privacy laws (such U.S. laws that bar the government from spying on its citizens), allowing them to rely on surveillance mechanisms in other countries. Citing national security concerns, governments continued to avoid releasing information on monitoring mechanisms.
The promise that the Internet held for human rights was limited by the fact that electronic communications were highly vulnerable to interception, with potentially deadly consequences for those who would expose abuses of state power. The development of and freedom to use encryption software could provide substantial protection for the privacy of online users. Yet contrary to the spirit of international norms that recognize privacy as a fundamental human right, governments continued to use export controls or other national laws limiting the public's access to encryption technologies and inhibiting the development of new encryption products. In December 1998, the Wassenaar Arrangement (a group of thirty-three states) announced, largely due to United States pressure, new guidelines that would authorize restrictions on the export of most commercial cryptography products above a fifty-six or sixty-four bit strength.
But there were other, more encouraging developments in this area. In Germany, as of September 1, an export license was no longer required for the export of encryption products to third-country markets. Ireland, counter to the wishes of its E.U. neighbors, was willing to adopt policies that favored the use of strong encryption to encourage Internet trading. The French prime minister announced in January that due to the threat of electronic espionage and other dangers to privacy France would allow encryption strengths up to 128 bits, and would remove the compulsory or third-party escrow of encryption keys.
As should be evident, the field of Internet regulation and surveillance was still very much in flux in 1999. It was clear, however, that the privacy and free expression rights of users of this global medium would be shaped by a multiplicity of regulations and policies, including self-regulatory approaches promoted by Internet industry leaders as well as myriad national and international rules on surveillance and encryption.
Disclaimer: © Copyright, Human Rights Watch