A net of rights: Human rights impact assessments for the future of the internet

Event report

[Read more session reports and live updates from the 12th Internet Governance Forum]

The session focused on the development and implementation of human rights impact assessments (HRIAs) with special focus on Internet infrastructure. The moderator, Ms Mehwish Ansari, Article 19, explained that to ensure there are stronger human rights considerations among the non-state actors that own, operate, manage and insure the interoperability of the global Internet infrastructure two categories of actors were identified: infrastructure providers, which include internet registriesand domain name registrars, and technical communities.

Reflection on the levels of HRIAs and some of the ways in which the information and communication technology (ICT) sector has been working on conducting HRIAs was provided by Ms Cathrine Bloch Veiberg Senior Adviser, Danish Institute for Human Rights. The integrated approaches to HRIAs refer to companies taking human rights into their existing impact assessment measures, including areas like environmental social health, children’s rights, and forced labour. The standalone human rights impact assessments consist of company level assessments conducted by the companies themselves with the support of third parties. The issue-specific impact assessments focus on specific areas of concern as well as product-specific or service-specific impact assessments which are adopted by the ICT sector, specifically telecoms, looking at their impacts, physical activities, and relationships with governments. There is also the sector-wide impact assessment which was adopted by the Danish Institute to conduct a sector wide impact assessment for the ICT sector in Myanmar which covers the physical impacts, governance and relationship with the government.

Mr Maarten Simon, Senior Counsel, Stichting Internet Domeinregistratie Nederland (SIDN), elaborated on how the HRIAs were implemented by the SIDN and the challenges they encountered during implementation. SIDN is a small company 60% of whose employees are technicians who couldn’t answer the questionnaire. Only two staff members had the required knowledge to answer 95% of the questionnaire and took more time. Another challenge was regarding providing evidence of the answers to the questionnaire. One of the things that came out of the questionnaires is that SIDN is considering publishing transparency reports.

Ms Beth Goldberg, graduate from Yale Jackson Institute for Global Affairs, spoke of the findings of her research vis-à-vis the drivers of adoption of the HRIAs. There are two barriers to adoption by infrastructure companies: 1) the requisite privacy standards and the law enforcement requirements to access user data, and 2) that set of rules that are perceived by companies to be rigid. Even if the HRIAs would remain private, companies are afraid they would lose their  autonomy in being able to have a case by case response to human rights scandals. However, a correlation between public scandals and public attention was demonstrated. For example, it was exposed that Nokia’s network infrastructure in Iran was used for surveillance during the Green revolution in 2009, so Nokia developed and adopted measures to ensure its technologies are not used for dual purpose by governments or consumers.

Dr Alissa Cooper Chair, Internet Engineering Task Force (IETF) explained how the discourse on human rights was manifested at the IETF. There’s a strong culture in terms of making trade-offs in favour of designs that promote human rights. IETF has a strong culture on Internet security which goes back to the early 90s when the security implications of the protocol being standardised started to be required. IETF built up the required security details and developed a culture where confidentiality and integrity became part of new standards. In 2013, the IETF published a request for comments (RFC) which specified guidelines for authors to incorporate privacy guidelines into their protocols including data minimisation and users control over.

Mr Niels ten OeverHead of Digital, Article 19, noted that the main objective of the research group that worked on the HRIAs was to bring different groups to work together. This includes civil society, technical community, and lawyers. As Dr Cooper said, since IEFT produced the RFC, policies, rights and civil liberties became part of the discussion. And the way the IETF defined Domain Name System (DNS) put forward many of the issues that Mr Simon had to think over, and resulted in many of the current discussions in the Internet Corporation for Assigned Names and Numbers (ICANN) as well. He concluded that we get to implement the promise that was made in Geneva in 2003 that Internet governance should be based on human rights, but it took 20 years for the community to understand how to do that.

By Noha Fathy