At this point you’re probably at least somewhat aware of the revolution of sorts which has been going on in Tunisia. You’ve probably heard that it was instigated by the self-immolation of a fruit vendor who the government had put out of business. You may even have heard that a prominent Tunisian Twitterer has joined the newly formed government and that Twitter itself has been key for Tunisians to spread the word of their protests and the government’s abuses.
There is no doubt that social media has played a role in widespread protests in several nations. But in Tunisia, Facebook has taken it to a new level. Prior to, and during the widespread protests, the Tunisian government, which controlled internet access in Tunisia had instituted a script which was harvesting login information for the people who were accessing Facebook and using that information to delete the profiles of people who were posting anti-government and pro-protest statements and information. It does not appear that they took the next step and rounded up any of those people, but the story isn’t completely clear.
What’s interesting to me is that Facebook took it upon itself to counter the government’s actions by adding some extra security to the login process for Tunisian IP addresses. I don’t know Tunisian law or international law (or any law, for that matter), but I’m curious about the larger issue. If a government says that it has the legal right to access any information transmitted through the internet service which it provides, what legal right does a private entity, based outside of that government’s nation, such as Facebook, have to circumvent the government’s access to that information? Especially after the fact? Facebook was not using https to encrypt the login information preventing the keylogging style harvesting script the Tunisian government put into place until after they became aware of the keylogging.
Even in the US there is a disconnect between an individuals privacy regarding electronic information on stored on computers and networks and their privacy regarding physical information on paper and objects in their homes. And if the US government obtained a warrant to access a US citizen’s Facebook account, I believe that Facebook would be obligated to give that information to the government. Maybe Tunisia doesn’t require a warrant. So, again, would not Facebook be obligated to allow Tunisia’s government to access that information?
On the whole, I’m rather happy that Facebook took the steps it did. (Amused also, considering how much Facebook tries to default to sharing an individual’s personal information with other people and companies.) But with the global growth of the internet and entirely online entities such as Facebook and Twitter and Google and others, I’m curious about how they are able to interact with different nations and their informational policies. Last year we saw Google close up shop in China because of that government’s informational practices which the company did not want to support. And it briefly (I think it’s no longer functioning) provided full Google access to Chinese citizens by directing their access through a different domain.
Over the past 100 years we’ve seen massive growth of international businesses. Calling companies like Coca-Cola “American” simply because that is where their headquarters is located is almost farcical when they are publicly traded and have ownership distributed globally and do most of their business and base most of their employees outside of the US. And internet based ventures blur those lines even further. How are such companies to be governed and policed? While they are headquartered in a country like the US, they are nominally subject to certain laws and restrictions and obligations. But what if they don’t want to be?
Perhaps I’ve read too much dystopian science fiction, but imagine a world in which various internet corporations have banded together to purchase a small area of land, say, an island in the Caribbean or South Pacific and declared that island’s independence from it’s prior government, or just buy off that government. They then draft up a constitution that is completely beneficial to their own needs and desires, completely freeing them from the obligations of the laws of their original host nations. How then would they be restricted, or held responsible? Some might say that the powers of the free market would compel them. But that isn’t really likely when they already control so much of the activity within their business domains. And at that point, they’d essentially be a nation (or nations) themselves. Forget granting companies the rights of the individual which people got up in arms about after the Citizens United case a couple years ago. Now they’d have the ability to declare war. Imagine a group of the most significant international businesses and internet entities placing an embargo on a nation. They would possibly be able to almost completely isolate that nation electronically.
This idea is pretty far ranging from the original issue. Morally, Facebook very much had an obligation to protect the identities and privacy of its users from a hostile government. And it came through on that obligation. But considering the criticism Facebook has faced regarding its policy toward user privacy, it might be somewhat surprising. And at the same time (or possibly before) we concern ourselves with corporate nations, we need to concern ourselves with the ability of any government accessing our private information which we maintain online. In Tunisia it was just Facebook accounts getting shut down. But what if next time it is people getting arrested or killed? How do people protect themselves from that? What ability and legal right do companies have to take action to prevent that?