Update 11/09/2016:
Access Now has now issued a statement following the election of Donald Trump, which refers to the letter below.
Dear President,
The internet is central to the lives of people in the U.S. and everywhere around the world. Given its fundamental role, decisions affecting the future of the internet will also have a major impact on human rights. Here’s a 10-point agenda that we call on you to follow in support digital rights from your first day in the White House.
1. No more internet shutdowns
You should condemn and push back on governments that disrupt the internet for whatever reason. Shutdowns are early warning mechanisms for human rights violations and have been used during the most critical moment of the democratic process — elections.
We’ve documented 40 shutdowns around the world in 2016 alone, more than double our records for the previous year. The U.N. Human Rights Council has condemned them, and so has the world’s largest technology and telecommunications companies. You should publicly come out against blocking social media and disruptions, and hold other governments to account by directing development aid and connectivity programs to countries that keep the internet on. Our #KeepitOn campaign to fight internet shutdowns now includes more than 100 organizations from nearly 50 countries — and we need strong voices to speak out. You also need to become more transparent about our own practices, for example by releasing un-redacted information about the Department of Homeland Security’s Standard Operating Procedure 303 and other documents which set out the procedures for shutdowns within the country.
2. Quit wavering: Support encryption
You should come out strongly in favor of encryption, with no hemming or hawing. Governments are continuing to fear-monger about how encryption supports terrorism, despite little evidence on how mandates could stop this and in ignorance of the clear benefits of encryption (PDF), which range from safeguarding the privacy of vulnerable communities to enabling the digital economy to thrive. Yet spurred on by fear and seemingly bottomless counter-terrorism budgets, officials at the FBI and other agencies are still pushing for mandates to limit or alter the use of encryption in technology to ensure that law enforcement can read the contents of messages and communications. These vulnerabilities can also empower criminals and repressive states to inflict significant harm and undermine human rights. Enough is enough. Encryption isn’t the problem. Bad actors are the problem. Let’s quit wasting people’s time and work together to improve cybersecurity for all.
3. Build in human rights when connecting the next billion
In 2017, the U.S. will join countries around the world in spending billions of dollars to expand internet access, including by the Global Connect Initiative. The inclusion of access to the internet in the Sustainable Development Goals spurred governments to think about ICT for development. Billions lack access to the 21st century’s essential global forum for expression, communication, information, innovation, and wealth creation. Yet these projects — which are supported by the World Bank, the IMF, and major development agencies — need to have real safeguards for human rights built in, such as conducting a human rights impact assessment. We can’t throw rights out the door for projects that are “shovel ready.” Our connectivity principles, which we designed in conjunction with Public Knowledge and others, provide concrete steps for the government to take. We’ll be sharing them this Fall.
4. Support rules for government hacking
We’ve seen several high-profile examples of governments hacking into consumer devices or accounts for law enforcement or national security purposes. Government hacking seriously interferes with the rights to privacy, free expression, and due process, and we need a presumptive prohibition against it. There has yet to be an international public conversation on the scope and impact of government hacking. You need to foster more transparency on how governments decide to employ hacking and how and when hacking activity causes unanticipated impacts, including human rights violations. We delve into these concerns in more detail in our report A Human Rights Response to Government Hacking (PDF).
5. Create a rights-respecting system for vulnerability disclosures
We need to create a viable system for disclosing vulnerabilities in software and infrastructure. At the moment, the National Security Agency stockpiles vulnerabilities in code in order to be able to utilize them strategically against other countries or to respond to threats to the U.S. But these vulnerabilities can fall into the wrong hands or be independently discovered and used to harm users. In August, we learned how such exploits can be used against human rights defenders when Citizen Lab released a report detailing how the government of the United Arab Emirates was targeting a human rights activist through “zero-days” or holes in iPhone code. The FBI paid over $1 million to lease an exploit to access the phones of the terrorists in San Bernardino, California, bypassing its own system of vulnerability disclosure in the process. We need to limit how long the government holds this information, and develop a clear law for responsibly informing companies and the public when vulnerabilities are discovered or purchased.
6. Expand a genuine internet freedom agenda
As Secretary of State, Hillary Clinton promoted internet freedom to embrace the promise of the internet and enable people to exercise their human rights. While the community has made great strides, there is much more work to be done as governments increase their repression of journalists, LGBTI people, and human rights defenders. Freedom House’s 2015 Freedom on the Net report showed worrying backsliding for free expression in many countries around the world. We’ve learned how important digital security training is to equipping people with the tools to guard against threats, and trainers are constantly improving their methodologies. We’ve also seen an array of creative new tools to document, resist, and circumvent censorship. But digital security is a process, not an endpoint, and we need to expand the internet freedom agenda in a thoughtful, forward-looking, and impactful way. For a genuine internet freedom agenda to succeed, it needs to be more than just a foreign policy objective of the U.S. government. Rather, a multistakeholder approach can give rise to an open internet that supports freedom of expression, privacy, and the right to association.
7. Don’t recruit the internet into the War on Terror
Governments are increasingly concerned that terrorist networks are using the internet, and social media in particular, to spread propaganda and recruit potential terrorists to attack innocent people. These threats are out there, and they’re real. But a path forward can’t trample on our privacy and other human rights, whether through mass surveillance or deputizing tech companies to act on behalf of the government with little to no accountability. Countering violent extremism, or CVE, represents a new battleground that could drastically reconfigure the responsibilities of companies and place increasing pressure on civil society.
You should declare the importance of directly protecting human rights in all CVE efforts. We’ll soon be releasing a set of principles that should serve as a bedrock for any CVE policy that respects human rights.
8. Get firmly behind Net Neutrality
In 2015, the U.S. approved some of the strongest rules to promote Net Neutrality on the planet. This is huge for free expression, innovation, and ensuring that everyone enjoys the benefits of the internet. Other countries now look to the U.S. for leadership on this issue, and the European Union and India have followed suit. While we believe the FCC’s rules could do more — such as eliminating “zero-rating” practices — we need to firm up this bedrock of the internet. You should get behind the enormous advances we’ve made and push even further.
9. Endorse privacy: move us from opt-out to opt-in
We need to face the reality that reams of personal data are collected about innocent people around the world every single day. Much of this information is collected by private companies, which is then used to sell us products and services. New technologies, such as drones and internet-connected “things” will only exacerbate these practices, and we need limits on this behavior that align with the U.S. Constitution and human rights. You should support strong broadband privacy rules and go further and support a strong consumer privacy law to provide baseline standards, such as the use of “opt-in” consent in the collection of data. We can’t rely on investigatory reports from journalists — or civil society groups like Access Now — to tell us how companies collect and use – and abuse – our data. This fight is too big for any one organization to take on — we need leadership from the top to shift norms in the right direction.
10. …and finally, place strong limits on government surveillance
The U.S. operates the strongest, most well-funded surveillance apparatus in history. The National Security Agency, Federal Bureau of Investigation, and even local police forces collect copious information about our movements, habits, and acquaintances. Worse, this collection extends overseas through Section 702 of the FISA Amendments Act, passed to expand the authority granted in the USA PATRIOT Act, and other, even broader authorities. It’s time to scale it back. You must recognize that people outside the U.S. also have human rights and shouldn’t be spied on haphazardly, and especially not without oversight, checks and balances, and other limitations. The International Principles on the Application of Human Rights to Communications Surveillance and Access Now’s Implementation Guide provide a clear road map about how surveillance can respect human rights. You should affirm support of these important benchmarks in international law.
As you take the mantle during your first days in office, many of us in the global community stand ready to assist you in implementing this agenda. We are prepared to advise your new administration on issues related to internet freedom, as we are with all governments around the world, to protect the open internet and the digital rights of its users.