Regular contributor Bennett Haselton has written in to say that "The Global Online Freedom Act, introduced last year during a firestorm of controversy over American companies cooperating with totalitarian governments in China and elsewhere, was introduced this month as the Global Online Freedom Act of 2007. When Chris Smith (R-NJ) first introduced the law in 2006, Yahoo was under fire for recently turning over information to Chinese authorities that led to the arrest of a political dissident, Microsoft was attacked for removing pages from MSN Spaces China at the behest of the government, Google was being criticized for removing political sites from search results displayed to China, and Cisco was accused of helping to enable Chinese filtering of the Web. All four corporations testified at a February 2006 House hearing during which Representative Tom Lantos summed up the mood of many of his colleagues by telling the companies, "I do not understand how your corporate leadership sleeps at night." The companies protested that they had no choice but to comply with local Chinese laws, but that they were troubled by their own actions, and -- in a rarity for individual tech companies, much less for a chorus -- they all invited the U.S. government to play a bigger role, while being vague about what the role should be."
GOFA would create a U.S.-government-designated list of "Internet restricting countries" and would in most cases prohibit U.S.-based companies from censoring content or turning over users' information to the governments of those countries. Do these companies want GOFA to pass? And is GOFA a good law? I think, yes and yes, but the answers are more complicated than they seem.
With American "collaboration" less in the news, GOFA made less of a splash when it was re-introduced this year, but it is still the subject of spirited debate. Reporters Without Borders, Amnesty International, and other human rights groups have already signed a statement supporting the July 2006 version of the bill (nearly identical the 2007 version). But blogger-journalist Rebecca MacKinnon argues that by creating a government-maintained list of "Internet censoring countries", the law falls short of calling for support of free speech in all countries (the initial list, for example, includes Iran and China, but leaves out notorious human rights violator and net-censor Saudi Arabia). Danny O'Brien of the EFF backs this position as well, and also argues the organization's long-standing position that "code is speech" and that filtering software should not be subject to export regulations that are proposed in the law.
I agree with MacKinnon that instead of using a list of "Internet restricting countries", we should require the same standards of U.S. companies wherever they do business, or at least, stop playing silly games like leaving Saudi Arabia off of a list of human rights violators because Bush is friends with the ruling family. I agree with the EFF that filtering software should be considered First-Amendment-protected speech like encryption software, and not be included on an export-prohibited "munitions" list. And for reasons listed below, I think that the law won't stop censoring countries from blocking any speech they want. But even with all of these qualifications, I think the law would be a step in the right direction, if only for the rules prohibiting companies from turning over users' personal information to the governments of countries like China and Iran. It's painful to give a pass to countries like Germany that also censor political speech, but I think that the situation is so much worse in places like China that we should do what we can in the short term. And for reasons I'll get into, I think that Microsoft, Yahoo, Google and Cisco are secretly hoping that a law like GOFA does get passed -- even if they can't come out and say so.
First, what the law does not do: There is still nothing to stop a U.S. company from blocking or removing legal, political content at the request of a foreign government. Section 204 says only that American content-hosting companies and content-filtering companies have to provide the U.S. government with a list of sites that have been removed or blocked at the behest of a censoring country.
Section 205 does say that U.S. companies may not block or remove sites that are operated by the U.S. government, or by any entity that receives grants from the International Broadcasting Bureau to help defeat foreign censorship. Presumably that would include Peacefire, at least during the periods when we're under contract to the IBB to develop the Circumventor software (but before you start calling me Hallibennett, I'm not working for the IBB right now, and it was my own idea to write this). So the American government, while requiring schools to block us in the U.S., would actually be helping to get us un-blocked in China and Iran! But Section 205 only says that a U.S. business may not block or shut down such sites. As far as I can tell, that means if the Cisco engineer on site in China sets up their routers for them, the Cisco engineer can't put VOANews.com on the block list. But then the Chinese official can walk across the room and add it to the list himself, can't he? Which is almost certainly what they'll do, since the routers are in their country.
So, I think the regulations against Internet blocking will be easy for foreign governments to ignore. But where the law could make a difference is in the prohibition against turning over users' personal data to law enforcement in censoring countries. Section 201 says that servers located in a censoring country cannot contain personally identifiable user information (so that the local police cannot simply storm in and seize the data). Section 202 says that American companies can only turn information over to law enforcement of a censoring country if the information is needed "for legitimate foreign law enforcement purposes as determined by the Department of Justice". MacKinnon has criticized this aspect of the law as well -- "If Americans don't want the DOJ to have access to their user information, why should anybody else?" Very true. But, even at the lowest point of public confidence in the Department of Justice, I think most people living outside of fortified compounds stocked with beef jerky and gold bullion, can agree that the U.S. DoJ has more integrity and legitimacy than the government of China, and that such a rule would mean fewer Chinese dissidents going to jail.
What do the affected U.S. companies think of the law? Microsoft, Yahoo, and Cisco did not respond to requests for comment. A Google PR person replied to say, "We welcome intiatives that expand access to information and protect the rights of users across the globe. At the same time, we remain concerned that legislation in this area can have unintended consequences, so we intend to study any such proposals closely, and work with proponents and others to reach the right outcome." When I replied that the Global Online Freedom Act had been proposed more than a year ago and had been online in its current form since June 2006, presumably enough time to "study such a proposal closely" and take a position on it, he said they would stick with that statement for now. (In his e-mail, he actually put quote marks around the company's statement, which I thought was a nice dry touch.)
But past statements from the respective companies have indicated they would be amenable to such a law. Bill Gates, never one to be shy about criticizing government regulation that he disagreed with, was asked in a February 2006 interview with the London Times, "Should the US government establish guidelines to regulate how internet companies deal with censorship in countries like China?" and answered, "I think something like the Foreign Corrupt Practices Act has been a resounding success in terms of very clearly outlining what companies can't do and other rich countries largely went along with that." At the February 2006 house hearings to discuss American companies' cooperation with overseas censors, representatives from all companies indicated that they actually wanted the government to play a bigger role -- they were vague about what such a role would be, but this was only a month after the first draft of the Global Online Freedom Act had been proposed, the only such law on the table at the time.
At first this might seem paradoxical -- why would companies seem amenable to, even supportive of, laws that would restrict what they can do? But it actually makes sense if you consider their negotiating position with the Chinese government. Currently, the Chinese censors can tell Microsoft, Yahoo, and Google that they either have to either play by the Chinese rules or get out, and the censors know that the companies will comply (without even necessarily feeling guilty about it -- the companies can always say that the Chinese people are better off with a censored version of their services than no access at all).
But if the companies' hands are tied by U.S. law, then they can basically present the Chinese government with a take-it-or-leave-it deal: You can use our e-mail and messenger and blog services, just know that our government won't let us turn over users' personal information if you ever want it. The Chinese censors are presumably coming from the point of view that they'd rather have a controlled Internet, but that it's more important to reap the economic benefits of having the Internet in their country, even if some control is lost (after all, if they didn't believe that, they wouldn't have connected to the Internet in the first place). Hence it's not likely that they'd throw out Yahoo Mail and Google search and MSN Messenger when so many users depend on these and use them for business as well as personal use. (Even if there are Chinese-made alternatives, there would be the huge cost of switching everyone over, and no longer being able to use the old tools to communicate with American companies.) So a law controlling the actions of U.S. companies would very probably allow them to keep doing business in censored countries, while giving them an excuse not to turn over users' data.
But, that might not work if it looks like the companies pushed too hard for the law themselves. If the Chinese see Yahoo fighting tooth and nail to pass a law that restricts what information Yahoo can hand over to China, the Chinese censors could take that as a slap in the face, and punish Yahoo for defying them even after the law is passed that prohibits Yahoo from cooperating. "Oh, you can't give us that information because of the law? This law right here that you lobbied for?"
So, when the general counsel of Yahoo says, "Ultimately, the greatest leverage lies with the U.S. government"; when the Vice President of Google tells Congress, "And certainly also, finally, there is a role for government. We do need your help, and you can help us"; when the associate general counsel of Microsoft testifies, "It is, therefore, the responsibility of governments, with the active leadership of the United States, to seek to reduce or reconcile these differences", I think what we're hearing are subtly encoded messages saying, "Pass this law, or something like it; we just can't look like we wanted it to pass." So, Congress should give them what they want, even if they can't ask for it directly. And at the same time they would be helping users in censored countries all around the world, before the next one gets sent to jail because an American company turned over their information.