Don't be evil: strengthen due diligence and export licenses for tech companies
In 1999, a young technology company called Google was brainstorming a mission statement for the corporation. A series of core principles were written on a blackboard, until one employee summarized them as ‘Don’t be evil’. The slogan became a rallying cry for Google’s fans, and a way to distinguish it from other companies, but what does it actually mean for a technology company to avoid 'evil’?
This is a question of increasing importance at a time when certain governments depend on technologies to monitor the movements and communications of their inhabitants and control access to information. Western technologies have been actively used for these purposes by repressive regimes like Syria and Iran.
Companies claiming ignorance of how their surveillance products end up being ‘abused’ by certain regimes are being dishonest. Surveillance and filtering companies can check, for example, their software update logs to check whether or not their products have ended up in authoritarian regimes. Developers and sellers of these technologies have a minimum duty of due dilligence to avoid any negative human rights impact that their activities, or the activities of their partners, will have. This principle is reflected in a variety of international, European and American standards, including the UN Guiding Principles on Business and Human Rights and the OECD guidelines on multinational enterprises. Willful ignorance can – and should – amount to complicity in international crimes.
Another common excuse is that certain technologies are not covered by export-laws that prohibit the export of certain tools to authoritarian regimes. When confronted with such claims, John Ruggie, the UN Special Representative for Business and Human Rights, replied: “The corporate responsibility to respect human rights is a social responsibility over and above compliance with applicable laws. It is the minimum expectation society has of business conduct in relation to human rights. It means that as business goes about its business, it should not infringe on the rights of other.” In short, this is probably what ‘don’t be evil’ means for a technology company that creates or sells surveillance technology.
Companies should strengthen their due dilligence policies, and take responsibility for the end-users of their products. But governments also need to reconsider and streamline their systems of export licences in order to guarantee that surveillance and filtering tools don’t end up in the wrong hands and iron out inconsistencies. For example, in certain countries prior authorisations are needed to manufacture, import or sell certain surveillance technologies domestically, but that no authorisations are needed to export the same technologies.
Initiatives like the Global Network Initiative and the European Parliament’s ongoing revision of the EU rules on dual-use products, which now will include interception technologies and “digital data transfer devices for monitoring mobile phones and text messages and targeted surveillance of internet use" are already steps in the right direction, but they need our ongoing attention and support in order to prevent future 'evil' on the part of technology companies.
Mathias Vermeulen is a Research Fellow at the European University Institute and the VUB's Centre for Law, Science and Technology Studies and a member of PI's Advisory Board.