This has been a grim week for the Internet. While nothing in the following article will be news to anyone who follows Internet governance, it is worthwhile to look at these events together, as part of a pattern:

  • China imposed a repressive National Security Law on Hong Kong
  • India forced its ISPs and platforms to block dozens of apps offered by Chinese companies
  • The United States Senate advanced a bill attacking Section 230 immunity and proposed another that would ban end-to-end encryption in online services
  • Brazil put forward a law targeting “fake news” on the Internet
  • Germany is tightening its anti-hate speech rules
  • Advertisers urged to boycott Facebook to pressure it to assert more control over content

We discuss these events in the order of their seriousness, and then assess some of the dynamics leading to this trend.

China crushes Hong Kong SAR’s autonomy

A new “National Security” law for the Hong Kong Special Administrative Region (SAR), written in mainland China, came into effect at 23:00 on 30 June, 2020, an hour before the anniversary of the 1997 sovereignty transfer from Great Britain. The law is Beijing’s answer to months of protest in the SAR. It is designed to chill all forms of speech, assembly and private communication critical of the regime. Michael Tien, the pro-China representative of Hong Kong in China’s National People’s Congress, said on Bloomberg that Hong Kong people will have “freedom” as long as they “stay out of politics.”

The law targets advocacy of secession, dissemination of messages considered subversive, and collusion with foreign forces. It also targets “terrorism” but defines it broadly to include any form of violent protest, such as damaging public transport facilities. All four are punishable by a maximum sentence of life in prison. Mainland China courts, not any Hong Kong judicial or policy body, will have full authority over the interpretation and enforcement of the law, and it overrides any Hong Kong law.

Posts by Hong Kong people criticizing the Communist Party, or promoting Hong Kong resistance or independence can often be seen on Facebook, Twitter and WhatsApp. The law criminalizes this speech. WhatsApp groups composed of Hong Kong expats have already fallen silent based on intimidation, even though WhatsApp messages are encrypted.

Shockingly, Article 38 of the law asserts jurisdiction over people “from outside [Hong Kong]… who are not permanent residents of Hong Kong.” This means that a Hong Kong expat who is now a citizen of Canada, a Chinese student in the UK, or any American, European, African or Indian who expresses thoughts on social media or email that the Communist Party deems secessionist (e.g., supporting Uighurs or Hong Kong autonomy), subversive (critical of the CCP and its system of government) or colluding with foreign forces (e.g., receiving support from external human rights organizations) could be deemed criminals. While it is unlikely that China would try to arrest someone in another territory, anyone who plans to visit or do business in Hong Kong – or the mainland – could be arrested and jailed under these provisions.

Internet censorship will be extended to Hong Kong. Simon Young Ngai-man, associate law dean at the University of Hong Kong, said the legislation gives police “unfettered power” to require media outlets and internet service providers to delete information and aid authorities in tracking people down. No court order will be needed to require them to turn over information about their users. In short, One Country, Two Systems is dead.

India blocks Chinese apps

Following a clash between troops along the India-China border, India’s government banned 59 Chinese apps, allegedly on cybersecurity/national security grounds. TikTok, WeChat and several popular gaming apps were among the blocked services. Using data from App Annie, TechCrunch reported that the blocked apps had a combined monthly active user base of over 500 million Indian users. The ban does not just remove the Chinese apps from local app stores; authorities have also ordered internet service providers (ISPs) to block access to their websites as well. Google said that the company had “temporarily blocked access to the apps” on the Google Play store available in India. Apple has taken a similar approach.

As the South China Morning Post pointed out, India’s move “could have been taken right out of China’s playbook.” It is a process of alignment, whereby access to global content and services is restricted to the territorial jurisdiction of the state. India’s Ministry of Electronics and IT tried to justify the ban by claiming that the apps were “compiling, mining and profiling” users’ data that posed threats to “national security and defence of India.” But no credible national security threat from consumer social media and gaming apps was ever documented; the move was really economic punishment for the Kashmir conflict, and security was used as a cover story that made discrimination against Chinese apps more difficult to challenge legally.

USA: Encryption and Section 230 under attack

The so-called EARN-IT Act, which emerged unanimously from a Senate Committee this week, erodes Section 230 immunity, ostensibly in order to improve detection and removal of Child Sexual Abuse Material (CSAM). It would create a “National Commission on Online Child Sexual Exploitation Prevention” full of law enforcement personnel and child protection advocates, tasked with developing “best practices” for owners of Internet platforms to “prevent, reduce, and respond” to findings of child porn. Platforms who do not adhere to the designated best practices would lose their Section 230 immunity. Originally the law was seen as an indirect way of banning end to end encryption, but an amendment by Senator Wyden mitigated – but did not eliminate – that threat.[1]

CSAM is already illegal and heavily prosecuted, and several laws have been passed from 1998 to 2017 strengthening cooperation on this issue. Section 230 immunity, not child abusers, are the real target of EARN-IT. Its supporters’ goal is to give victims of CSAM a cause of legal action against social media platforms. That is, they are less interested in catching perpetrators or preventing child sexual abuse at its source than they are in being empowered to mount lawsuits against deep-pocketed social media providers, so that the platforms will more aggressively surveill and intervene in user-generated content. That approach has far-reaching implications for privacy and free expression. A child protection advocacy organization noted that the law provides no assistance for child sexual abuse prevention programs and makes no attempt to address the root causes of child sexual abuse.

While Senator Wyden’s amendment to EARN-IT reduced one threat to encryption, a new bill revives the threat. Senators Lindsay Graham (R-SC) and ultra-right Trump Republicans Tom Cotton (R-AR) and Marsha Blackburn (R-TN) introduced a bill that Stanford University’s Center for Internet and Society called “a full-frontal nuclear assault on encryption in the United States.” The bill bans providers from offering end-to-end encryption in online services, encrypted devices that cannot be unlocked for law enforcement, and any encryption that does not build in a means of decrypting data for law enforcement. The bill reprises a 2016 US bill known as the Compliance with Court Orders Act (which never made it out of committee) and is similar to Australia’s 2018 Assistance and Access Act, which did pass.

Germany strengthens social media surveillance

Germany is trying to tighten its online hate speech rules. A new law would make platforms send reports of alleged hate speech and the personal details about the person saying it straight to the Federal Criminal Police Office (BKA). The German government’s reform of hate speech law follows the 2019 murder of Walter Lübcke, a pro-refugee politician, by neo-Nazis. The government claims the murder was preceded by targeted threats and hate speech online.

Civil liberties advocates believe that the social media giants are being co-opted to help the state build massive databases on citizens without robust legal justification. The Green party, concerned with the privacy implications of the law, proposed an amendment that would only require transmission of the content to the police with no personal details; the police would then be able to follow up to request the personal data if justified. That amendment was defeated.

While proponents of the law correctly note that threats and incitement to violence can chill speech on the internet, the hate speech sanctions are also intended to suppress messages on social media ex ante rather than to prosecute incitement and the perpetrators ex post, which often results in broader chilling effects. Like so many other legal and regulatory responses to violent acts, the law seems to assume that removing expressions of social conflict from major social media will eliminate the conflict and the crimes, an assumption which has no empirical backing.

Brazil reacts to “fake news”

On 30 June 2020, Brazil’s Federal Senate passed a Bill (2630/2020) intended to combat abuses of social media by heavily regulating both platforms and their users. Mislabeled the Law on Freedom, Responsibility and Digital Transparency on the Internet, the original version was a privacy and free expression nightmare. According to Human Rights Watch, it made it a crime punishable by one to five years in prison to create or share content that poses a serious risk to “social peace or to the economic order,” without defining those terms. It ordered internet companies to track the chain of forwarded communications of all Brazilians for at least four months.  It criminalized membership in an online group whose primary activity is the sharing of defamatory messages, even if the member did not create or share the messages. To discourage the use of inauthentic accounts to disseminate misinformation, users of social networks and interpersonal communication services in Brazil would be required to have a valid identity document, a cell phone number registered in Brazil, and a passport for foreign cell phone numbers. In trying to prevent anonymity in social media, the law “goes over the top” according to one Brazilian commentator.

Controversy over it led to four versions of the fake news bill over 11 days and (as Brazil is still a functioning pluralist democracy) some of the harsher provisions were watered down. It is not easy to find an up to date, translated version of the bill at this time. The bill now goes to the lower house, where it may not be passed, and it may be vetoed by the President.

Brazil’s attempt to regulate fake news mirrors that of Malaysia, whose Anti-Fake News Act 2018 was passed by its Parliament a few weeks before national elections and was immediately used to curtail speech that was critical of the government, including reporting on corruption investigations that implicated the then-Prime Minister. The law was repealed by the reform government in October 2019.

Facebook boycott

Seeking to capitalize on the heightened awareness of racism fostered by BLM protests, a group of left-advocacy organizations have promoted an advertiser boycott of Facebook. Derrick Johnson, NAACP president and one of the leaders of the boycott, claimed that Facebook “is a breeding ground for racial hate groups.” The same groups are also upset that Facebook has not moderated political ads more aggressively, especially the statements of Donald Trump.

800 companies worldwide have pulled advertising from Facebook, including Coca-Cola, Unilever, and Ford. But, according to an insightful analysis of the situation by Casey Newton at The Verge, a boycott by brand advertisers is unlikely to have a major impact. The highest-spending 100 brands accounted only about 6% of the platform’s ad revenue. Most of FB’s money comes from smaller direct-response advertisers. Big brand advertisers could all quit Facebook permanently tomorrow and it would still have more than 90 percent of its revenue.

At any rate, it’s hard to get too enthusiastic about this effort because pressure from major advertisers has a long history of sanitizing and de-politicizing communications media, notably broadcasting. Note that Facebook policy already targets what it considers to be hate speech; Facebook says it removed 9.6 million pieces of it from the network in the first quarter of 2020. Casey Newton suggests that it is the massive size of Facebook, rather than its alleged tolerance of unacceptable forms of speech, that is the problem:

“…what is at stake here, to the extent that the boycott is actually about hate speech, is not what is allowed but what is enforced. And if that’s the conversation you want to have, you need to ask different questions. Questions like: How swiftly should violating content be removed? How much of it should be identified by automated systems? And how many mistakes are you willing to tolerate, both for posts removed in error and posts left up in error?”

Surely bigness is part of the problem, but breaking up FB and/or fostering a more diverse social media economy also means that a wider range of content moderation policies would thrive, which could easily allow the groups that the boycotters don’t like to find an outlet for their views. The underlying issue here is whether different ideologies and factions should be encouraged to shape platform policy in ways that suppress views and groups they disagree with.

The pattern

Compressed into one week, we see a reactionary assault on almost all aspects of Internet capabilities. The spectrum of the reaction ranges from outright censorship and repression in Hong Kong, to an economic and technical blockade in India, to a variety of efforts to regulate platforms in western democracies. All have in common a perception that free and open communication on the internet is a threat that needs to be curtailed. China has, for all practical purposes, conceded that its entire political system is threatened by political speech in one tiny part of its territory holding less than 1% of its population. India purports to see a similar national security threat in Chinese apps, but in reality is using Internet-based information services as hostages that can be taken more easily than soldiers on the border. The attack on encryption in the United States is another instance in which the capacity for confidential communications on the Internet by businesses and civil society are seen as threats rather than as strengths. In Brazil and the US, social media content regulation is caught up in largely partisan, left-right factional and political disputes, sometimes flying under the banner of hate speech, sometimes under child protection, sometimes under the guise of platform bias.

In Brazil, concerns about online misinformation are related to investigations documenting influence operations run by Bolsonaro’s government, which is accused of hiring people to spread fake news and defame the opposition across social networks as part of their job. As in the US, the left sees social media as a vehicle of the right and the right sees the platforms’ content moderation policies as biased toward the left. Social media content regulation has become the chosen vehicle for underlying conflicts between political parties and political factions. As the fate of fake news laws in Brazil and Malaysia show, however, one can only do this by ending anonymity, implementing comprehensive surveillance, and making the government the ultimate arbiter of truth, worsening the risk of political bias in application. In the USA, platform immunity is under assault from both left and right (both Biden and Trump have expressed their opposition to Section 230), but few seem to understand how eliminating that immunity will lead to more and probably less balanced forms of suppression.

There was, however, one bit of good news: France’s Constitutional Council invalidated key provisions of its anti-hate speech law. A good Techcrunch article on French Constitutional Council decision can be found here.


[1] Sen. Patrick Leahy’s amendment specified that the implementation of end-to-end encryption does not violate the new regulations and does not give rise to civil and criminal liability. But another amendment gives the state governments the power to implement anti-encryption policies and to push for criminal and civil penalties if the platforms were “reckless,” a lower threshold that will certainly encourage the moderator’s dilemma.