In 2011, Silicon Valley entrepreneur and investor Marc Andreessen famously wrote the startling essay, Why Software is Eating the World, in which he described how emerging companies built on software were swallowing up whole industries and disrupting previously dominant brand name corporations. Andreessen was prescient and almost giddy, in anticipating the dramatic, technological and economic shift through which software companies would take over large swaths of the global economy. What he did not anticipate was the extent to which software would also eat up the realms of governance, security and human rights.

Digital technology has disrupted multiple dimensions of governance related to national security, including protection of human rights. In our brave new digital environment, roles and responsibility related to digital security for data, for infrastructure or for people are unclear. The question emerges: Can the human rights framework remain relevant in our new cyber-ecosystem? The fledgling conversation about how to protect human rights in the 21st century digital context needs further development.

We live in a world where the distinction between online and offline has effectively collapsed because everything is connected. The Internet of things and digitization of everything has spawned the era of big data analytics; algorithms facilitate governance decisions in both the private and public spheres; and artificial intelligence and machine learning has progressed to a level where machines are viewed by some as more trustworthy than humans for primary decision making with respect to a wide variety of activities, from driving cars to identifying likely terrorists as targets. The distinction between “online” and “offline” activity now almost seems quaint.

In the past five years, virtually every realm of society has been disrupted as a consequence of “software eating the world.” None of our social, legal or political institutions have caught up with this tectonic shift, and those responsible for governing, for providing security, and for protecting our rights are reeling.

Technology has brought many benefits to the human rights movement, but the need to focus on the challenges, and to look at the dark-side of technological advancements as they relate to human rights is urgent. Concern is growing that governments’ commitment to their human rights obligations is increasingly tenuous in this era of disruption. In a very short period of time, digital technology has transformed both the means through which human rights are exercised, and the means through which human rights are violated around the globe. Yet, an understanding of how to protect human rights in the digital context is significantly underdeveloped. As we stumble along and try to adjust to our new digital reality, the relevance and predominance of the international human rights framework could lose salience in the international geo-political arena.

Exploration about whether fundamental human rights concepts and approaches can be adapted to meet the rapidly evolving technology landscape must go into high gear. New themes need to be developed to shore up and reinforce the human rights paradigm in the digital ecosystem. 

Starting on the conceptual level, some features of the Internet and digital technology have challenged the basic sovereign state-based conceptual framework that underpins international human rights governance, something we’ll examine below in our effort to evaluate the role human rights in the digital age. On a more concrete level, it is essential to understand how digital technology is actually affecting human rights in practice, and even exacerbating problems that existed in the pre-digital world — we’ll explore this next week.

Conceptual Disruption of the Human Rights Governance Framework

Let’s start with some historical context: 70 years ago at the founding of the United Nations, the commitment to protect human rights served as one of three pillars for the new international order, along with international peace and security and economic development.

The UN and the international human rights framework were built upon the nation state system, which rested on the concept of sovereign states; geographical territorial boundaries; state obligations to citizens within their jurisdictions; and the principle of non-interference. Within this system, the human rights pillar always existed in tension with the concept of state sovereignty: human rights were intended to function as both a check on state power and a basis upon which the actions of government could be judged with reference to universal human rights principles.

According to this framework, the primary human rights relationship is between governments and the people they govern. Governments have the obligation to protect the rights of those within their territory and to provide security. This means governments are bound by the commitment not to violate human rights through their own actions, as well as a duty to protect individuals from human rights abuses by others.

Several dimensions of the new digital ecosystem challenge this conception of governance.

The Trans-Border Nature of the Internet

The Internet was constructed through open collaborations between technologists, academics and other stakeholders in an atmosphere of permission-less innovation. The digital ecosystem that emerged through this collaboration operated through open, interoperable, trans-border connectivity, and did not fit easily within the confines of sovereign territory-based jurisdiction.

The Internet was designed as a network of networks that operates without reference to geographic boundaries. Simply put, this basic design feature was inherently disruptive to the nation-state system. Recall 1996’s Declaration of the Independence of Cyberspace, by John Perry Barlow, who captured this original sense of borderlessness when he asserted that governments have no sovereignty in cyberspace.

Although we now experience instantaneous trans-border, global communication as normal, one of the radical aspects of the Internet was that it facilitated seamless global communication between individuals or groups anywhere, with people or organizations anywhere else. Individuals were empowered to reach a global audience without authorization by any gatekeeper. Several distinctive technical features of Internet connectivity were different from earlier forms of communication technology: the infrastructure was dispersed rather than located in a pre-determined physical geography; and the transmitted material could be broken up and circulated though numerous territories simultaneously. The digital material created by residents in one country would be transmitted and stored in other locations. This global reach and trans-border mode of operation has placed tremendous strain on the so-called “Westphalian system” of sovereign jurisdiction.

On the positive side of the ledger, this openness has meant that evidence of human rights violations can instantly be transmitted to witnesses around the world; that human rights victims can be supported by a global community; and that activists can organize worldwide advocacy with digital tools. On the other side of the ledger, this openness and interoperability also means that the digital activity of a government or hacker anywhere, can have an extraterritorial effect on the enjoyment of rights of people everywhere. Governments now routinely extend their reach abroad and affect the enjoyment of human rights of non-citizens outside their territory through digital means, but without necessarily understanding that their human rights obligations follow. In fact, many governments believe their human rights obligations stop at their territorial borders, rather than understand the obligation not to violate human rights, extends to non-citizens outside their boundaries.

Many states have woken up to this trans-border digital reality and gone into overdrive, but without understanding the consequences for universal human rights. Governments now are rushing in to assert jurisdiction over data, communications, and digital materials that flow into or out from their territory.

States’ motives for asserting jurisdiction in the digital realm are mixed: sometimes they are motivated by a desire to protect the privacy and security of citizens online. Other times the intentions are more nefarious — to control access to information or to restrict online speech in the name of public order or security. But the new normal is for governments to seek digital control over data of individuals wherever that data rests or moves. This trend is creating a mosaic of complex, overlapping and conflicting legal regimes. Many well-intentioned laws and policies are ill conceived, such as some of the data localization proposals — and they have the effect of fragmenting the Internet as a global platform. This fragmentation in turn undermines the benefits for human rights. To the extent that laws and policies cause fragmentation of global end-to-end connectivity on the Internet, that fragmentation must be recognized as a threat to human rights.

The bottom line: by facilitating digital reach across borders, the Internet has wreaked havoc on traditional notions of territorial governance. The response of states has been to assert control through legal and technical means that threaten both universal connectivity and universal human rights. Two basic governance concepts should be underscored: First, beware of laws and policies that undermine the open and interoperable global Internet itself, and second, affirm the universal obligation of states not to violate human rights — not only of their own citizens, but of people whose rights they control anywhere, in our global, trans-boundary digital environment.

Digitization of Everything

Another significant conceptual challenge to the human rights framework comes from digitization itself. While advancement in digital technology has had many empowering social effects, the inexorable move toward the “digitization of everything” and “Internet of Things” also has meant that everything we do is now traceable: wearable technology tracks our bodies; connected cars monitor our locations and movements; smart devices in our homes know the patterns of our daily lives. All this connected technology means governments have greatly enhanced ability to monitor people and analyze personal data about our communications, habits and relationships.

In this context, the right to privacy obviously is under serious assault. Early on in the digital revolution, some prominent technology figures were fairly cavalier in asserting that with the advent of new digital connection technology, consumers had decided, privacy is over or at least over-rated. Some suggested that privacy had simply been a construct of the modern era and had run its course. Despite all the post-Snowden commentary, the role and function of privacy in democratic, but now digitized societies, is still under-theorized and under-appreciated.

One big issue that needs attention is whether the digitization of everything threatens the basic relationship between citizens and governments in democratic society. More specifically, the democratic model starts with the assumption that “the people” are sovereign, and governments serve at the pleasure of the people. In this political conception, government should reflect the will of the people, and citizens play the role of watching and judging their elected representatives, not the other way around. A profound question that must be explored further is whether the digitization of everything is having the effect of inverting that basic democratic relationship, and if so, what can be done about it.

The fact that there are serious consequences from digitization for the exercise of other fundamental freedoms, especially freedom of expression, and freedom of peaceful assembly and association is clear. The simple reality is that when everything you say or do can be tracked and monitored, it will have a chilling effect on your choices about what you say, where you go, with whom you meet, and what information you search for online. For dissidents and human rights defenders in repressive countries, the ease with which governments can now track people’s digital footprints also has consequences for physical security. In this sense, the online/offline distinction has completely collapsed: loss of privacy can and does leads to loss of physical safety for human rights activists. The question is whether democratic governments are moving unconsciously toward more repressive uses of digital technology as well.

While our notions of privacy are evolving along with social media and data-capturing technology, we need to be more cognizant of the fact that it is not “just privacy” that is affected by the digitization of everything. Unchecked digitization may be slowly eroding democracy and fundamental freedom everywhere.

The Privatization of Governance

A third big conceptual challenge to human rights governance flows from another trend: the privatization of governance in the digital ecosystem. Widespread adoption of the Internet has dis-intermediated many institutions and contributed to the larger trend of distribution of power away from governments to non-state actors, most notably, to private sector Internet companies.

User-facing, data driven, social technology companies like Facebook, Twitter, Google, and Weibo, play a larger and larger role in mediating all aspects of society, whether related to politics, education, health, news, or entertainment. Through internal policies, algorithms, and terms of service agreements, private sector companies are effectively governing multiple dimensions of society that bear directly on the enjoyment of human rights. For example, proprietary algorithms constructed and controlled by dominant search platforms affect global access to information, and play a significant role in shaping world-views. The private terms of service for popular social media platforms, effectively dictate parameters of free expression for their communities of users. Arguably, dominant social platforms can be compared to public spaces. The trend toward privatization of governance in these digital spaces raises many questions about who is accountable for protecting human rights.

Other questions about governance arise from the monetization of data, which has become the primary business model and basis for the digital economy: What are the consequences of widespread monetization of data — without full transparency or adequate consent — for ownership of users’ digital footprints and control over people’s digital personas? How does private sector access to our digital communications, search histories and news feeds affect our rights to freedom of expression, access to information and to privacy? When digital platforms function as virtual monopolies for search or email, to what extent is it fair to equate consumer acceptance of terms of service agreements, with consent to waive privacy for digital communications or activities? All of these aspects of the privatization of governance are under-developed.

On the security front, there are multiple dimensions where the private sector is playing an increasingly important governance role. Just starting with digital security for users’ communications and personal data, what are the responsibilities of private sector cloud services or device makers in terms of keeping our digital material secure from theft or hacking? What level of resilience and adaptability post-infiltration should be required of private sector custodians of personal information and data?

Questions about privatization of governance responsibilities as they relate to national security, counterterrorism, and homeland security, are even more challenging. Article 3 of the Universal Declaration of Human Rights identifies the right to security in persons. Providing security has been traditionally understood to be one of the first responsibilities of government. Yet, as the Internet has become intertwined in all aspects daily life, the Internet has become the infrastructure for all critical civilian infrastructure, from electricity to communications to transportation. Most of this Internet infrastructure is owned and operated by private sector actors, who now provide front line security for this critical infrastructure. Private sector responsibilities related to all of these dimensions of security need much further development.

In this vein, the UN Guiding Principles for Business & Human Rights set out at the Human Rights Council in 2011, constituted a notable effort. But these Principles reaffirmed the foundational concept that the primary human rights obligations rest with governments, and did not fully anticipate the extent to which governance responsibilities would shift to the private sector because of digital technology.

Finally, there is a trend toward burden shifting by governments to private sector technology companies for different aspects of law enforcement and foreign intelligence surveillance. The FBI v. Apple controversy is a case in point. The blurring of governance lines without adequate transparency or clear accountability has its own negative effect on the rule of law in the digital realm.

The bottom line: As governance roles and responsibilities have shifted in the digital ecosystem, the 20th century model of human rights governance is at risk of losing salience. The privatization of governance for semi-public spaces and infrastructure means private sector companies now play an outsized role in setting the parameters of freedom of expression, privacy, access to information and all dimensions of security for their users. Gaps in the public’s understanding of the governance roles played by the private sector in these dimensions of security and human rights protection need to be filled in.