Cisco and Abuses of Human Rights in China

What responsibility do corporations have to consider human rights when making business deals? Are companies that build and market equipment for the purpose of surveilling and censoring pro-democracy activists in authoritarian regimes culpable when those activists are imprisoned or tortured? Do companies bear a special responsibility if they customize products to improve the efficacy of tracking dissidents and choking free speech? What if the companies train government agents in using the technology to ferret out activists?

This post was originally published on EFF Deeplinks.

This is the first in a two-part series explaining the background around the EFF call to actionover Cisco assisting the Chinese government in abusing human rights. This article outlines the background of the issue and the first of our two demands to Cisco: intervening on behalf of dissident writer Du Daobin. Our next post will outline specifically how Cisco and other similar networking companies can pledge to uphold human rights.

If you have not done so, we urge you to sign our petition to Cisco. And if you’ve already signed, please continue to spread the word.

Understanding Du v. Cisco

What responsibility do corporations have to consider human rights when making business deals? Are companies that build and market equipment for the purpose of surveilling and censoring pro-democracy activists in authoritarian regimes culpable when those activists are imprisoned or tortured? Do companies bear a special responsibility if they customize products to improve the efficacy of tracking dissidents and choking free speech? What if the companies train government agents in using the technology to ferret out activists?

Two cases — one in the United States District Court of Maryland and another in the Northern District of California — are attempting to create legal precedent around these issues of corporate social responsibility. In Du v. Cisco, three named plaintiffs – Chinese citizens Du Daobin, Zhou Yuanzhi, and Liu Xianbin – are joining 10 unnamed “John Doe” plaintiffs in suing the American company Cisco Systems for their role in assisting the Chinese Communist Party (CCP) in violating human rights. The complaint against Cisco alleges that the plaintiffs in the case:

Have been and are being subjected to grave violations of some of the most universally recognized standards of international law, including prohibitions against torture, cruel, inhuman or other degrading treatment or punishment, arbitrary arrest and prolonged detention, and forced labor, for exercising their rights of freedom of speech, association, and assembly, at the hands of the Defendants through Chinese officials.

The complaint makes several accusations against Cisco Systems, including:

  • That Cisco Systems “aggressively sought contracts to provide substantial assistance in helping the Chinese government implement the Golden Shield Project”
  • That Cisco knew its services and products would be used by Chinese law enforcement, prisons, forced labor camps and also to police Internet usage
  • That Cisco employees themselves customized or trained others to customize the equipment they sold to China to meet the unique goals of the Golden Shield Project, including targeting disfavored groups in China
  • That Cisco knew the Golden Shield Project would be used to commit human rights violations

To understand these issues, one must first understand China’s Golden Shield Project, often referred to in the West as the Great Firewall of China. According to the complaint as well as published articles on the topic1, the system employs a series of techniques to monitor and track the Internet usage of people in China and prevent them from accessing a wide swath of online content. The surveillance aspects are extensive; the government is often able to not only track what sites an individual visits, but may also be pinpointing who that individual is, what messages that person posts, and even the content of her communications.

The complaint alleges that the system sold by Cisco, and subsequent training, allows Chinese officials to “access private internet communications, identify anonymous web log authors, prevent the broadcast and dissemination of peaceful speech, and otherwise aid and abet in the violation of Plaintiffs’ fundamental human rights.”(para. 2). The government is able to block access to certain content on the Internet – either temporarily or forever – using several techniques, including blocking domain names or entire IP addresses. Access to information that is critical of the CCP or provides unflattering evidence about CCP – such as information about the 1989 Tiananmen Square protests – is frequently inaccessible from within China. Search results for terms like “Egypt” have been blocked for fear they might inspire an uprising, and social networks like Facebook and Twitter are inaccessible. Cisco readily admits to selling this equipment to China, but denies allegations that they customized that equipment for the unique needs of the Chinese government.

At this point, only an initial complaint has been made against Cisco Systems, and it’s likely that much of the evidence that will be used against them, and that that they will use in defense, is not yet available. However, the initial complaint does point to some public evidence. It references a leaked 90 page internal presentation of Cisco from 2002. The document shows that Cisco Systems had extensively evaluated the Chinese government’s needs for a censorship and surveillance system and even noted that the system could be used to target disfavored groups. The documents produced by Cisco specifically note that the Golden Shield Project would (exact quote) “‘Combat Falun Gong’ evil religion and other hostiles.” It also specifically mentions China’s “forced labor” centers and “forced custody and education centers.”

As noted above, Du v. Cisco is only one of the two lawsuits currently pending against Cisco Systems for their hand in facilitating human rights abuses in China. The other case, filed by the Human Rights Law Foundation on behalf of members of Falun Gong and pending in the Northern District of California, is attempting to seek class-action status for the many Falun Gong members who were identified, imprisoned, tortured and (in some instances) killed by Chinese government agents relying on information obtained using equipment supplied by Cisco.

Addressing Differences in a Court Room, Not a Torture Chamber

We believe all of the plaintiffs in the cases against Cisco Systems are taking great risks through their involvement in the lawsuits. Recently, Du Daobin’s attorney published a blog noting that his client had been detained and interrogated at length by senior officials from China’s Ministry of Public Security about his role in Du v. Cisco. Mr. Du and the other plaintiffs are currently at risk of further torture, imprisonment, or even “disappearance.”

Regardless of whether Cisco “merely” sold surveillance and censorship equipment to China or whether they customized this equipment to pinpoint dissidents, it’s clear that the place to decide this issue is a court of law. The plaintiffs have a right to present their evidence and have a court rule on the legitimacy of their claims. But if the plaintiffs are tortured or imprisoned in China before the trial can take place, no justice will be served.

If Cisco believes what it did was legal, it should be eager to see a court ruling to that effect. Therefore, it’s in Cisco’s own interest to show their commitment to human rights and the rule of law by speaking out now for the safety of the plaintiffs in the case. After all, Mr. Du wasasked about his lawsuit against Cisco during the interrogation, so it’s clear that the detention and harassment is being done, at least in part, to protect Cisco by convincing Mr. Du and the others to drop their case.

Even if the detention wasn’t being done to benefit or protect Cisco directly, however, it makes sense that the the Chinese government would pay particular attention to statements from Cisco given the many-year relationship Cisco has cultivated with Chinese government officials. A statement from Cisco affirming their commitment to the rule of law and hopes for the continued safety of Du Daobin and the other plaintiffs could well help to keep these activists safe while the case winds its way through the courts.

Digital rights supporters have sent a steady stream of emails to Cisco Systems over this issue, but it appears that Cisco still doesn’t realize how important it is for for them to stand up for the safety of Du Daobin and the other plaintiffs in the cases.

To clarify, we are asking Cisco to contact their customers and business partners in the Chinese government and tell them not to target the plaintiffs in Du v. Cisco or Doe v. Cisco. We hope Cisco will prove that they don’t condone bullying tactics used to repress free speech and that they believe these disputes should be settled under the rule of law, not the iron fist. We’d be particularly pleased if Cisco would make a public statement about their stance on the continued safety of the plaintiffs – and it would certainly go a long way to improving their public image at this time when the world is watching. But above all, we urge Cisco to use every method at their disposal to ensure that Du Daobin and all of the plaintiffs in both cases make it through the court process, and beyond, unharmed by Chinese officials.

We’ve taken the liberty of writing a script to help guide Cisco through the conversation with their Chinese business partners, making it that much easier for them to fulfill this request:

Dear (insert names of business contacts in China),

As you know, Cisco Systems is currently being sued in the United States over the sale of equipment to you. We’re contacting you today to let you know that we do not wish you to harass, harm or otherwise attempt to dissuade or scare the plaintiffs in those cases. We believe that individuals like Mr. Du Daobin, one of the plaintiffs in the case, have a right to speak freely – even if they use their rights to file a lawsuit against us. We intend to resolve this matter in court and do not need or want any representative from your government to contact Mr. Du Daobin in any way. Please refrain from targeting the plaintiffs in the case against us; give us a chance to respond to the allegations in court.

Hope all those routers and other devices we sold you are still working well.

Thanks,
Your pals at Cisco

Moving forward

There are several things we’d like to see happen now that these cases have been filed against Cisco Systems. We hope to see Cisco Systems held accountable for their actions, if they did indeed facilitate human rights abuses in China. But just as importantly, we’re hoping to see a thoughtful discussion arise from this lawsuit about the responsibilities that corporations have to safeguard human rights in their business deals, especially where those business deals are with governments with well-established records of repression.

We also hope that the United States government will explore what role it should play in ensuring American companies do not supply authoritarian regimes with tools to censor and control individuals.

We’ll be discussing these issues in greater deal in our second post on this topic. For now, we urge supporters to keep sending emails to Cisco and stay tuned to the EFF Twitter feed for additional updates on the case.

Medical Justice: Stifling Speech of Patients with a Touch of “Privacy Blackmail”

Whether you’re buying a car, looking for a nearby cafe or hunting for deals on sneakers, the Internet – and especially crowd-sourced online review sites like Yelp – can help you decide which businesses to patronize. But one company is taking away users’ voices when it comes to reviewing medical services.

Whether you’re buying a car, looking for a nearby cafe or hunting for deals on sneakers, the Internet – and especially crowd-sourced online review sites like Yelp – can help you decide which businesses to patronize. But one company is taking away users’ voices when it comes to reviewing medical services. Medical Justice, started in 2002, is a member-based service for physicians that works to restrict unflattering reviews of participating doctors. Patients who go to these doctors sign a contract that assigns, in advance, the copyright in any online review to the physician being reviewed. A doctor who doesn’t like an unflattering post can then use a copyright infringement claim to have the post removed.

We’ve have long opposed these and similar efforts to misuse copyright to stifle speech. And we’re very glad that a new site, called Doctored Reviews, is explaining in detail why the business model promoted by Medical Justice is bad for patients, bad for doctors, bad for review sites – and especially bad for online free speech. As Doctored Reviews points out:

Imagine if other companies used similar contracts. Before you get a haircut, before you buy a six-pack of soda at the local grocery store or before you order a meal at a restaurant, imagine you were required to keep quiet and never post your opinion online about the product or service you purchased. Sound ridiculous? It does to us, and we think it’s no less ridiculous when doctors demand this of their patients.

The outrageous provisions don’t end there: as Courtney Minick pointed out on Justicia, the contract includes a provision that prevents the consumer from exercising her right to anonymous speech when reviewing a doctor and even mandates that a patient “will not denigrate, defame, disparage, or cast aspersions upon the Physician; and (ii) will use all reasonable efforts to prevent any member of their immediate family or acquaintance from engaging in any such activity.” This means that the patient is responsible for the online comments of friends and family members (“will use all reasonable efforts to prevent”), even though none of these individuals signed the contract.

Why would patients sign these anti-review contracts? (Assuming, of course, that patients even notice what they are signing in the stack of papers the receptionist hands them when they are in need of medical care.) Some might call it privacy blackmail; in return for a patient forfeiting her right to publish online criticisms, doctors promise not to share patient data with marketers. But these promises mean little: doctors are already forbidden from sharing such data without prior authorization from patients. The Medical Justice contract simply guarantees the doctors won’t ask for that authorization. Learn more about marketing and medical privacyhere.

So, what is the solution for doctors who are concerned about their online reputations? In the words of Justice Brandeis:

If there be time to expose through discussion the falsehood and fallacies, to avert the evil by the processes of education, the remedy to be applied is more speech, not enforced silence.

In less poetic terms: speech you disagree with should be fought with more speech, not censorship. We hope that doctors embrace this mantra and tell Medical Justice to take a hike. Doctored Reviews has tips for doctors looking to respond to online criticisms as well as advice for patients on refusing to sign Medical Justice’s anti-review contracts. And we’re excited to see that some reviews sites like Yelp and Avvo are refusing to honor these anti-review contracts. If you are with a review website and want to learn more about your obligations to respond to takedown notices from Medical Justice, see this guide.

Want to exercise your speech and tell Medical Justice what you think about their plan to cut off the voices of medical patients? You might leave a few comments on their blog (though apparently they aren’t always welcoming of robust discourse in blog comments) or send them a quick tweet, but perhaps the best way to get your message across is to write a review of their services on the Greensboro North Carolina Yelp.

The Best of Cablegate: Instances Where Public Discourse Benefited from the Leaks

Since late November, the whistleblower website Wikileaks has been in the process of releasing in waves over 250,000 leaked United States diplomatic cables. Known as “Cablegate,” this is the largest publication of confidential documents by any organization. (Catch up on Wikileaks developments by reviewing EFF’s page on this issue).

This blog post was originally published on EFF Deeplinks.

Since late November, the whistleblower website Wikileaks has been in the process of releasing in waves over 250,000 leaked United States diplomatic cables. Known as “Cablegate,” this is the largest publication of confidential documents by any organization. (Catch up on Wikileaks developments by reviewing EFF’s page on this issue).

Wikileaks’ disclosures have caused tremendous controversy, with critics of Wikileaks claiming the leaks of classified information could endanger lives and harm international diplomacy. Others have commended Wikileaks, pointing to a long history of over-classification and a lack of transparency by the United States government.

Regardless of the heated debate over the propriety of Wikileaks’ actions, some of the cables have contributed significantly to public and political conversations all around the world. In this article, we highlight a small selection of cables that been critical to understanding and evaluating controversial events.

  1. “Dancing Boy” Scandal Alleges Child Prostitution, Possible Drug Use among U.S. Private Contractors
    The Guardian reported on a cable describing an incident in which employees of DynCorp, a U.S. military contractor, hired a “dancing boy” for a party. The term “dancing boy,” also known as bacha bazi, is a euphemism for a custom in Afghanistan in which underaged boys are dressed as women, dance for gatherings of men and are then prostituted. Read more. The incident allegedly involved soliciting local Afghan police for a bacha bazi as well as usage of illegal drugs. The cable detailed that Hanif Armar, minister of the Interior of Afghanistan, urged the United States to help contain the scandal by warning journalists that reporting on the incident would endanger lives.The incident contributed important information to the debate over the use of private military contractors in Afghanistan. The articles published in the wake of Wikileaks’ publication of the cable are far more critical than the original reporting on the issue. For example, back in July of 2009, the Washington Post described the incident as “questionable management oversight,” in which “DynCorp employees in Afghanistan hired a teenage boy to perform a tribal dance.” This cable helped the Post and the public understand there was more to this story than a tribal dance.
  2. Pfizer Allegedly Sought to Blackmail Nigerian Regulator to Stop Lawsuit Against Drug Trials on Children
    A cable released by Wikileaks says that Pfizer “had hired investigators to uncover corruption links to [Nigerian] Attorney General Michael Aondoakaa to expose him and put pressure on him to drop the federal cases.” The Guardian reported that the drug giant was trying to convince the Nigerian attorney general to settle lawsuits arising from medical testing of the oral antibiotic Trovan that it administered to children living in Kano during a meningitis epidemic in 1996. The cable also noted that Pfizer Nigeria Country Director Enrico Liggeri felt the lawsuits “has had a ‘chilling effect’ on international pharmaceutical companies because companies are no longer willing to conduct clinical testing in Nigeria.” This episode helped the public understand more about the controversies surrounding drug testing in underdeveloped countries, as well as the politics behind Nigeria’s settlement of the multi-billion dollar lawsuit for $75 million.
  3. U.S. Failed to Bully Spain Into Adopting Untested Anti-P2P bill
    A diplomatic cable released by Wikileaks to the Spanish paper El Pais shows that the United States used bullying tactics to attempt to push Spain into adopting copyright laws even more stringent than those in the U.S. As EFF reported, a U.S. official apparently pressured the government of Spain to adopt novel and untested legislative measures that have never been proposed in the United States. The Wikileaks revelations came just in time, providing critical information in a December legislative session, and saving Spain from the kind of misguided copyright laws that could cripple innovation and facilitate online censorship.
  4. U.S. to Uganda: Let Us Know If You Want to Use Our Intelligence for War Crimes
    The United States has long supported the efforts of the Ugandan government to defeat theLord’s Resistance Army, as part of a conflict known for its brutality and the use of child soldiers. One cable released by Wikileaks indicated the United States was considering selling arms to Uganda. The Guardian reported that the U.S. ambassador accepted verbal promises from the Ugandan defense minister that they would “consult with the US in advance if the [Ugandan army] intends to use US-supplied intelligence to engage in operations not government [sic] by the law of armed conflict.” That same article noted that the United States has been concerned that the Ugandan government is engaged in actions which might violate the laws of war.Learning that U.S. intelligence might be used outside the laws of law, and that the U.S. government merely wanted a consultation, helped the public understand more about the American-Ugandan cooperation against the LRA, and informed the debate over the methods used to combat rebellions in Africa. This is not an idle concern- the very next day a cable detailed the use of extrajudicial execution of a Ugandan prisoner.
  5. U.S. Haggling over Guantánamo Detainees
    President Obama promised to close the Guantánamo Bay detention camp since his campaign for the office, and reiterated the promise once he took office. Yet the controversial detention facility remains open. An article by the New York Times analyzed cables released by Wikileaks which indicated the United States is having difficulties in fulfilling this promise and is now considering some unique solutions. The cables show that U.S. diplomats have been searching for countries that would take detainees, often bargaining with foreign countries over the placement of prisoners. In return for accepting detainees, the receiving country might get a one-on-one meeting with Obama, assistance obtaining International Monetary Fund assistance, or some other helping hand from the United States. In one cable, Saudi Arabian King Abdullah recommended that the U.S. implant an electronic chip in each detainee for location tracking, using technology developed for livestock.

The debate over Wikileaks will continue for some time. But these examples make clear that Wikileaks has brought much-needed light to government operations and private actions which, while veiled in secrecy, profoundly affect the lives of people around the world and can play an important role in a democracy that chooses its leaders. As founding father James Madison explained, “a popular government without popular information or the means of acquiring it is but a prologue to a farce or tragedy or perhaps both.” Regardless of whether you agree with WikiLeaks, Cablegate has served an important role in bettering public understanding on matters of public concern.

In Data Portability Deathmatch, Users Lose Out

This blog post was originally published on EFF Deeplinks , and it was co-authored with my amazing colleague Marcia Hofmann. This is the first blog post I published on EFF. 

In the last few weeks, Facebook and Google have been engaging in a public tussle over an issue that is near and dear to EFF’s heart: data portability. The crux of the issue is that when you sign up for Facebook, you can find your Gmail contacts or invite them to join the social networking service with a few quick clicks. But when you sign up for Google, Facebook prevents you from easily inviting all of your Facebook friends to Google, despite the fact that Facebook makes it easy for users to export their contacts to other services like Yahoo!.

Earlier this month, Google altered its terms of use for API users in an attempt to push Facebook into making contacts more portable. Basically, if services (such as Facebook) aren’t willing to make contact data portable to Google, then Google will stop making Gmail contacts exportable to their sites. Somewhat ironically, Google is promoting data portability by restricting data portability.

This comes at a time when Facebook is launching a messaging product that may rival Google’s communication applications and rumors abound that Google is looking to make a foray into the realm of social networking — suggesting that market advantage, rather than user rights, could well be driving this data portability squabble.

Google’s maneuver is particularly interesting in light of Facebook v. Power Ventures, a case in which Facebook has sued a company that offers a tool for users to access and aggregate their personal information across social networking sites. Because Facebook’s terms of service don’t allow users to access their information through “automated means,” Facebook claims that Power’s access is not authorized or permitted, and therefore violates state and federal computer crime laws. (The court recently threw out one of these claims, finding that Power could not have violated California’s computer crime law merely by breaching Facebook’s terms of service — a result EFF urged the court to reach in two amicus briefs.)

So Google put Facebook in a bind. Facebook could:

  1. Let users take their Facebook contacts to Google,
  2. Stop importing contacts from Google, or
  3. Continue its current practice and violate Google’s terms of service — which Facebook itself has argued is criminal behavior.

Rather than taking this opportunity to give Facebook users the ability to export their contacts — something that EFF has strongly advocated for in the past — Facebook instead created a tool to work around Google’s restriction. Users signing up for Facebook are now prompted to download their Gmail contacts to their hard drives, and then upload them to Facebook. While this means an extra step for users, the end result is simply that Google contact data is still portable to Facebook, and Facebook doesn’t reciprocate. Google, in its latest salvo of the battle, is highlighting Facebook’s approach in a new message that asks users seeking to export their Gmail contacts to Facebook whether they’re sure they want to take their contacts to a service that refuses to let them export.

So why does exporting data matter to users?

Data portability is a deceptively simple idea with serious benefits for users. EFF championed data portability in our Social Network Bill of Rights. If an online service disrespects user privacy, lacks functionality or violates user expectations, a user should have the right to pack up her information easily and leave. This means that online platforms would have a vested interest in making sure users were happy with their services — or face an exodus.

Facebook has been working to improve its data portability. In October, Facebook announcedthat it would provide a way for users to export their content, which fits squarely into the Social Network Users’ Right to Leave. (That is, assuming you can figure out how to close your Facebook account.) But Facebook still doesn’t allow users to export the contact information of friends to any service they like.

However, that might be the most important thing.

Social networks like Facebook are more than just status updates, photos and links. They are built on relationships with people. So if you really want to abandon your social networking account and start homesteading a virtual farm on a different online platform, you’ll want to bring the contact data of your digital acquaintances with you. Facebook’s failure to freely provide this functionality makes it more difficult to leave Facebook for one of Facebook’s many social networking rivals.

Facebook, for its part, argues that users don’t have the right to easily download their friends’ contact data anymore than they have the right to mass download their friends’ photo albums. This is a somewhat dubious argument, considering Facebook does allow contact data to be exported to the iPhone address book, Yahoo! and Hotmail. While user privacy is important, hamstringing data portability isn’t the right solution. (And in fact, a savvy user can export Facebook contacts if he or she tries. Here’s how.) If Facebook wants to respect user privacy and choice, it should provide a simple way for users to download data — including the contact data of friends — while also providing an opt-out for individuals who never want their data downloaded by online acquaintances.

One thing should be clear to users of both Google and Facebook: when companies guard data to obtain a market advantage, consumers lose out.

UPDATE (11/16/10) — InsideFacebook.com is reporting a new feint from Facebook in its knife fight with Google over portability. After the launch of Facebook’s new unified messaging product yesterday, a Facebook spokesman told InsideFacebook that the company would allow users to export their friends’ email addresses — but only up to a point. Users will *only* be able to export their friends’ “@facebook.com” email addresses — the addresses associated with the new messaging service — which does little to enable competition in the social network arena, whether from Google or anyone else. As InsideFacebook points out, “Even if Google or another company managed to recreate parts of the social graph by importing @facebook.com addresses, these companies would still have to contact these users by their @facebook.com accounts, leaving the social network as the middleman.”