Global Network Initiative Submission to the
UN Special Rapporteur on the Promotion and Protection of the Right to Freedom of
Opinion and Expression
February 2015

Global
Global
Network
Network
Initiative
Initiative

Protecting
Protectingand
andAdvancing
Advancing
Freedom
of of
Expresssion
Freedom
Expressionand
and
Privacy
PrivacyininInformation
Informationand
and
Communications
CommunicationsTechnologies
Technologies

The Global Network Initiative welcomes the opportunity to provide input for the report that the
Special Rapporteur on the protection and promotion of the right to freedom of opinion and
expression, David Kaye, is preparing on the legal framework governing the relationship between
freedom of expression and the use of encryption and other technologies to transact and
communicate securely online.
GNI brings together ICT companies with civil society organizations, investors, and academics to
forge a common approach to protecting and advancing free expression and privacy online. GNI
has developed a set of principles and implementation guidelines to guide responsible company,
government, and civil society action when facing requests from governments around the world
that could impact the freedom of expression and privacy rights of users.
ICT companies worldwide can use the GNI’s principles, guidelines and tools to assess human
rights risk when entering or leaving a market or when designing and introducing new
technologies, products or services. By participating in the GNI and working together with human
rights groups, investors and academics, ICT companies can benefit from valuable collaboration,
accountability, confidential input and collective action. These resources can help companies
manage these challenges, maintain credibility and support the privacy and freedom of
expression rights of their users.
The GNI’s guidelines indicate that companies should:
•
•
•
•
•

Establish human rights risk assessment procedures and integrate the findings into
business decision-making
Require that governments follow established domestic legal processes when they are
seeking to restrict freedom of expression and privacy
Provide users with clear, prominent and timely notice when access to specific content
has been removed or blocked
Encourage governments, international organizations and entities to call attention to the
worst cases of infringement on the human rights of freedom of expression and privacy
Utilize independent assessments of company implementation of the GNI’s principles

Advances in digital encryption have improved security for individuals online, especially in
financial transactions and communications. Encryption technologies can help users manage
their online experiences, and protect their privacy and freedom of expression.
Encrypted communications are particularly important for journalists and human rights
defenders—people who need to be able to communicate confidentially with sources—by
mitigating the threat of surveillance.
The ICT industry is diverse, and different companies may make different decisions about how
they manage security with regard to their products and services. There is no “one size fits all”

1634 I Street, NW, Suite 1100, Washington, DC 20006 
 www.globalnetworkinitiative.org 
 +1-202-407-8830 
 info@globalnetworkinitiative.org

approach, nor a single right course of action or script for all to follow. However, many
companies including GNI participants have recently taken a variety of steps to use encryption to
strengthen the security of their services. For example:
•

•

Companies including Facebook, Google, Microsoft, and Yahoo have, or are moving to,
encrypt the links between their data centers. Facebook, Google, LinkedIn, Microsoft, and
Yahoo support HTTPS, and are moving to adopt other best practices, including Strict
HSTS, forward secrecy, and STARTTLS.1
Google, with collaboration from Yahoo is developing End-to-End, a browser extension
that would make the use of end-to-end encrypted email, previously available through
tools such as PGP and GnuPG, much easier to use.2

These security enhancements are examples of how companies employ protections with respect
to personal information in all countries where they operate in order to protect the privacy rights
of users, consistent with the GNI Principles.
All governments have a responsibility to address national security and law enforcement
concerns. This includes improving the security of computers and networks, protecting citizens
from cybercrime, and protecting children online. GNI is concerned by government proposals and
practices that compromise the digital security of individuals to pursue law enforcement
objectives. Weakening digital security often threatens the rights to freedom of expression and
privacy of individuals, and governments should support strong encryption and not subvert
security standards. They should also not seek to impose liability on platforms for content posted
by users, as this will shrink the space for free expression and could slow development and
adoption of secure communications technologies.
ICT companies have an obligation to comply with lawful government demands, and companies
can and should play a role in addressing legitimate concerns such as cybercrime, national
security and the safety of children online. But this should take place within the rule of law and
not interfere with company's responsibility to respect the privacy rights of their users.
Of particular concern are government mandates that companies provide back doors into
hardware or software or demands that companies take steps that would compromise the
security of user's communications. Governments should recognize that any extraordinary
access to company information that they demand will be expected by other governments around
the world.
Instead of compromising digital security, governments should use legal process to make
requests of companies who encrypt and store their users’ data. If requests are across
jurisdictions, governments should rely on mutual legal assistance (MLA) processes.3

1

See EFF’s “Encrypt the Web Report,” available at https://www.eff.org/encrypt-the-web-report.
See Stephan Somogyi, “An Update to End-to-End,” Google Online Security Blog, December 16, 2014,
availale at http://googleonlinesecurity.blogspot.com/2014/12/an-update-to-end-to-end.html.
3
Andrew K. Woods, “Data Beyond Borders: Mutual Legal Assistance in the Internet Era,” Global Network
Initiative, January 2015, available at https://globalnetworkinitiative.org/content/data-beyond-bordersmutual-legal-assistance-internet-era.
2