By Natasha Tusikov, author of Chokepoints: Global Private Regulation on the Internet
This guest post is published during the American Society of Criminology conference in New Orleans, which ends today. Search our blog for #ASC2016 to find other blog posts from our authors related to the ASC conference.
In another disturbing example of pervasive corporate surveillance, the American Civil Liberties Union released a report in mid-October that showed Facebook, Twitter and Instagram facilitated surveillance against Black Lives Matter activists. These Internet companies allowed a Chicago-based social-media monitoring firm, Geofeedia, to access their users’ information, which it then sold to law enforcement agencies. Geofeedia’s information, which provides real-time data on social media users, enabled police to track protests and monitor activists. Following outrage from civil-society groups and Black Lives Matter activists, the companies have ceased operation with Geofeedia. Serious concerns, however, remain about the vast amounts of information social media platforms – and Internet firms more generally – gather on their users. What’s also interesting about the Geofeedia case is that it highlights the growing, but often murky role of mostly large, U.S.-based Internet firms as global regulators.
A key reason that these Internet firms, like Google, PayPal, Facebook and Twitter, are powerful global regulators is because they operate what security analyst Bruce Schneier calls surveillance-based business models in which they comprehensively track their users. The firms’ regulatory capacity derives in part from their provision of essential services, such as search, web hosting, or payment services, but also from their global platforms, significant market share, and sophisticated enforcement programs. Internet firms’ legal authority for setting and enforcing rules comes from their contracts with their users – the lengthy, (often unread) terms-of-use agreements that spell out users’ responsibilities and rights. Through these contractual agreements, Internet firms can set and enforce rules that govern hundreds of millions of people who use their services and monitor their platforms for illegal content. And they can do so without court orders.
The U.S. government has recognized Internet firms’ capacity to target online wrongdoing and have increasingly delegated responsibility to them to address social problems such as child pornography, illegal gambling, copyright infringement, and counterfeit goods. We may cheer corporate efforts to rid the web of child sexual abuse images and to deter fraud. But we should do so with caution. These companies have significant discretion to determine the legality of certain types of content, such as the kinds of images that constitute child pornography or copyright infringement. How comfortable are we with Facebook determining what images constitute illegal pornography, or with Google deciding what information should be defined as terrorism? While these companies have considerable power to determine all manner of wrongdoing on their platforms, governments have generally neglected to require oversight or accountability measures on Internet firms. The resulting regulation is largely opaque, unaccountable, and prone to error. Consequences of mistakes are serious as people may have funds frozen, be placed on ‘blacklists’ as criminals, or come under police investigation.
Who regulates the Internet and how are vitally important questions given its centrality to economic, social, and political life. We need debate in both the public and political arenas to consider how rules governing the Internet are made and enforced, by whom, and in whose interests.
Natasha Tusikov a visiting fellow with the School of Regulation and Global Governance (RegNet) at the Australian National University, and a former strategic criminal intelligence analyst with the Royal Canadian Mounted Police in Ottawa, Canada. She holds a PhD in sociology from the Australian National University.