 Gweithio gweithio i GNI's first annual learning forum. I'm Susan Morgan and I'm Executive Director of GNI. I think today really marks something of a milestone for GNI. We launched our organisation at the end of 2008 with a set of principles and implementation guidelines which were really the product of two years of hard-won negotiation between different stakeholders that based on international human rights standards and we had a charter that was governing our work and an aspiration that over time what we would do would be to start to seed a global standard on corporate responsibility on freedom of expression and privacy issues in the ICT sector. Today's certainly the first time in the two years that I've been here that we've brought together in one room so many people who are either directly members of GNI or interested and involved in the issues on freedom of expression and privacy in the ICT sector that we address. So if we look back at the reasons why GNI emerged, I think what we see now, what's happened over the last few years is we've just seen how relevant these issues are for companies right across the ICT sector and for so many stakeholders in so many countries. And we've also seen many illustrations of just why the issues are too complex and fast-moving to be solved by any one stakeholder group alone. The original inspiration for GNI was in part to create a framework to really guide responsible company action, to help companies integrate thinking about freedom of expression and privacy into the way they do business. And I think alongside that the thinking was really that by bringing together an unusual set of actors to work together on an ongoing basis that over time we'd be able to develop the kind of trusted relationships that would enable us to work effectively to tackle some of these really difficult and challenging issues. There was and continues to be a strong belief that there's benefit in working together rather than working alone. So I think we've made some strides in this direction although I think it's fair to say a lot still remains to be done. We've seen our membership increase across our four constituencies so that's companies, human rights groups, investors and academics. This is vital for the strengthening of our network over time. We're becoming increasingly vocal on policy issues internationally and again this is something that we would expect to continue to grow. We've begun to develop learning streams within G&I focused on things like intermediate reliability, account deactivation and content removal. And in recent months we've started to put some real focus on things that are happening in particular countries around the world. And earlier this year the first independent assessment of our founding three member companies were completed. You may have seen the outcomes of these that were presented in our recently released second annual report. So today I think marks a milestone not only in bringing people together both in the room and on our live stream but also in terms of starting to distill some of the collective lessons we've learnt so far and to helping our future work. I wanted to take a few minutes just to take you through the format for the day. So you will see hopefully on the agenda that we've got three sessions this morning. I'm really delighted to welcome Ian Brown from the Oxford Internet Institute to our event to talk about the findings from the research report that he's been working on which we commissioned. He's been working on it jointly with Dela Coff from London Metropolitan University. The report was developed through a series of interviews with many different stakeholders in different countries. We've had held consultations here in DC as well as in London and Delhi. And really what we've tried to do here is to start a conversation on some of the most difficult issues related to freedom of expression and privacy. We hope the report is going to engage people in a discussion on the recommendations and we'll look forward to being part of that discussion going forward. Hopefully you'll have picked up copies of the executive summary on your way in. If not, they're just on the table out to the left. And the full report can be downloaded from our website which is globalnetworkinitiative.org. Ian's presentation is going to be followed by a panel discussion on the many issues that are raised in the report around freedom of expression, privacy, national security and law enforcement. Our second panel is going to focus on some of the emerging issues around the world in the ICT sector. And we'll hear the perspectives of several GNI members on some specific examples of issues being faced. And the challenges and dilemmas that they pose not only to companies but also to users on freedom of expression and privacy rights. And finally, we wanted to give the opportunity for some members of GNI's board to have the chance to reflect on lessons we've learnt so far and to offer some thoughts for the future. We want it to be a lively and interactive morning, so don't hold back. Please, you know, ask questions and raise issues and ideas. And then after lunch, we've got a session which is specifically for GNI members. Before handing over to John Campfner who's going to moderate our event, I'd like to finish with some thank yous. Firstly, to the New America Foundation for hosting us today and all their help and support in making this event work. Second, to those who travelled considerable distance to be with us, we're delighted you're here and we look forward to your contribution. And then finally, I just wanted to take a moment to thank GNI's incredibly engaged board, our independent chair and David Sullivan who's our comms and policy guy and who they all play such a vital role in making our work happen. It's now my pleasure to hand over to our moderator for the morning. Until recently, John was CEO of the UK-based organisation index on censorship and we're really delighted that he's now working with us as GNI's European advisor. He has a long and distinguished career as a journalist so I'm hoping that we're going to be in good hands. Over to you, John. Thanks. Thank you, Susan. Good morning, ladies and gentlemen. It's great to be here and it's great to see so many familiar and new faces as well. Everybody bringing their own different expertise and perspectives to this incredibly important issue channeled through three separate discussions which we will be having this morning. Just some technical points. If you have mobiles, please put them on silent and please do tweet away vociferously, voraciously, think of any adverb you like. The hashtag is GNI2012 and if the Wi-Fi continues to work it will come up on my laptop and I can relay some of the tweets to our panel. Without further ado, what I will do first is invite the three panellists who are here with us today to come on stage. When the panel discussion begins we will beam in Sunil Abraham from India. But first could I invite... You have all their biogs with you so I won't give long biogs. I will just simply invite on to the stage our participants. Dan Bear from the State Department, Bob Borstyn from Google and Gillian York from the EFF. Good. It's my great pleasure to ask Ian Brown to come on stage to explain away his report. Ian. Do we have the slides? Thank you. Perfect. And the clicker. Thank you, Susan. Thank you, John. Good morning. Thank you all for coming. I'm going to try to summarise the highlights of a quite dense 50-page report here. So please do download and look through the details. So, sorry. The title of the report is Digital Freedoms in International Law. The subtitle is Practical Steps for the stakeholders involved in the GNI process to take on privacy and freedom of expression. We mean in particular international human rights law, especially the International Covenant on Civil and Political Rights, article 17 and 19 on privacy and freedom of expression, and their interpretation by the UN Human Rights Committee, the UN High Commissioner for Human Rights, and various UN special rapporteurs. I'm sure you have all come across Frank Leroux, who has been the rapporteur on freedom of opinion and expression, but also other rapporteurs on the protection of human rights and fundamental freedoms while countering terrorism. Llywodraeth, of course, and his work on human rights and transnational corporations. Secondly, I'll talk a bit about export controls and the particular international agreement there that is relevant is the Vasinar arrangement on export controls. So the ICCPR has 167 state parties, very broad coverage around the world. As you can see there from the dark green, are the countries that are state parties. The Republic of China did sign the Covenant, but the people's Republic of China has not ratified it. The largest country there, Saudi Arabia, Cuba, a couple of other countries are not parties, but by and large the Covenant is an agreement that has very broad consensus around the world. Obviously with varying degrees of compliance by different countries, various degrees of remedies available to people whose rights have been wronged. The reason we have focused in this way is not to say that the Covenant is always and everywhere observed. Clearly it is not. However, it sets a powerful set of norms for states themselves, for companies to look to when they are making decisions about entering and perhaps exiting markets, and also importantly in international discussions between states, especially the Internet Governance Forum and related areas. I also wanted to make the important introductory point that human rights law includes importantly security of the individuals. You can see in this quote from the high commissioners, fact sheet on human rights and terrorism. Clearly terrorism and serious crime seriously damage the security and the rights of individuals and it is perhaps the principal duty of states under international human rights law to protect individuals' rights. I just wanted to make very clear and emphasise this is not a report or a presentation that is one-sided that is focused only on the freedoms. The security of the individual is a fundamental freedom, perhaps the most fundamental freedom. The rights are not absolute. That is an important thing to say as well. In the Covenant, most of the rights in the Covenant including to freedom of expression and privacy are qualified rights. There are circumstances in which states are perfectly justified in limiting those rights for specific reasons, not least to protect the security of individuals. When those rights are restricted, there are some basic tests under the Covenant and these interpretations and expansions of it that states have to meet. I won't go right through them, but you can see them there. They should be based on published, clear and specific legal rules, serve a legitimate aim in a democratic society and that absolutely includes law enforcement and the protection of national security. The restriction should be necessary and proportionate to that legitimate aim. They should not involve discrimination. They should not confer excessive discretion on the relevant authorities and they should be subject to effective safeguards and remedies. There are further special circumstances which in practice is often where the focus of these international debates are when it comes to a time of war or other public emergency threatening the life of the nation. So very serious emergencies. States then can go further to restrict rights, but only to the extent that is strictly required by the situation and even then those restrictions should not involve discrimination. They should be officially proclaimed and notified to other state parties so that other states can assess the measures that are being taken and this is something then obviously that's important for companies to know as well. Secondly in relation to terrorism and other serious breaches of public order, there are important discussions about what the definition of terrorism is, so you can see there the definition from the special rapporteur that I mentioned that terrorism is hostage taking killings or serious physical violence undertaken for the purpose of provoking a state of terror or compelling state action, but even there a couple of key things to bear in mind that first of all except in cases of very severe terrorist attack which reached the standard in the first paragraph that threatened the life of the nation by and large within this international law framework states should deal with terrorism and the criminal law framework and it will not trigger emergency powers and secondly within those restrictions in that framework on rights there should be clear safeguards for the rights of political opposition parties for trade unions and for human rights defenders. Last in this area of international law background the UN guiding principles on business and human rights the Ruggie principles as they are often called this framework obviously the human rights law framework is mainly targeted at states although states do have a duty then within their jurisdiction to protect rights of individuals sometimes against other individuals and companies as well as against the state itself but looking more explicitly to companies the Ruggie framework has three core principles you can see there the states duty to protect against human rights abuses the corporate responsibility to respect human rights and the need for more effective access to remedies so concretely when companies in a repressive regime face demands that violate human rights in this framework companies have a duty then to refuse to do so where they can obviously there are very important practical questions about the degree to which companies are in a position to deal with these demands in this way minimise the extent of any such cooperation and help victims of any enforced cooperation the GNI principles themselves actually fit very well within this framework they predate the Ruggie principles by a number of years but they actually they go much further than the Ruggie principles in making concrete and explaining in operational terms what companies following those principles can do so having given you all of that background let me just highlight some of the recommendations we've made in this area they're set out in more detail in the report so first of all we found that companies were eager to to learn more from each other and from other relevant parties whether that's NGOs, governments and so on about the detailed information they need on specific legal systems in markets that they want to enter and continue doing business in and practical experiences this is something obviously companies have to do themselves already before they go into a market but there's a lot of knowledge which at the moment is slightly fragmented between companies that's in a forum like GNI for example I think could very productively be better shared and that would then help companies making those market entry and exit decisions but also importantly where companies are being faced with demands for the termination of connections for access to user data and for blocking access to specific content where companies are faced with legally binding demands to do that which is the standard that we've recommended they follow and which by and large already many companies are following obviously to know what those legally binding standards look like you need a very good understanding of local laws secondly in terms of the ruggy duties that I was just talking about we've recommended that governments and companies look more into what kind of mechanisms might be put in place to limit the use of products and services for serious human rights violations whether that's in the terms of use and conditions and the contracts relating to the use of those products and services whether that's greater support from diplomatic services of the democracies in supporting their companies in disputes in countries over the use of their technologies where there are concerns about human rights violations whether that's technical measures that companies could take if they are selling products into markets as opposed to services which obviously remain much more directly under their control are there technical measures that they could make so that in the final analysis if their products are being used for systematic serious human rights violations that actually that they can stop the use of those products we've recommended that in line already with the GNI principles that companies plan very carefully on how they store data about their users, where they store it in which jurisdictions there are a very broad range of different standards in different jurisdictions even between the US and Canada and different European member states on the situations under which data can be accessed that's something again if companies know no more about legal requirements in specific jurisdictions they can think about we've also recommended that there be a renewed focus on mutual legal assistance treaties as the best way for states to order international access to user data at the moment many companies are slightly uncomfortable at being put in the position where government agencies are coming to them and asking for voluntary cooperation to provide user data about people within that jurisdiction companies don't always have all the information they need to make that decision the traditional international law framework is that procedures to protect the rights of all interested parties are set out in mutual legal assistance treaties those are very cumbersome today in practice often take much longer than is necessary for the kind of situations that law enforcement agencies need data for so if this would work it would have to be under a much streamlined and speedier MLAT regime and then finally we recommended I think most people agree transparency is a positive measure both on states and companies so GNI's own members have gone a long way towards doing this already for example the Google transparency report is an obvious example where Google has been adding more and more data about takedowns about user access requests we think that's a very positive framework great if companies can do that themselves some companies have concerns about publishing figures just relating to themselves but would be willing to share that data confidentially perhaps within groups like GNI and then aggregate data be produced so second smaller part of my talk as you all know there's been a lot of criticism over especially the last couple of years where it has turned out that companies in particularly North America and Europe have been exporting technologies of mass surveillance and mass censorship to repressive regimes and this has understandably got huge media coverage when for example NGOs go into the former torture palaces of regimes in the Middle East and find rooms installed by French companies for example to help those regimes track down political activists the obvious response to that but I'll explain the subtleties hopefully in the time that I have the obvious response is to say companies should not be providing products and services like that to repressive regimes some companies have indeed said they have corporate policies they will absolutely not sell products and services into those kind of regimes of course the problem with the purely voluntary approaches you then put pressure on some companies to profit out of the good behaviour of more scrupulous companies second difficulty many of the when you start drilling down and say well how exactly do you define these products and services that we're talking about many of them have completely legitimate civilian applications some actually are mandated by the democracies so things like lawful intercept capabilities and communications networks for example is required under the law of the US and the UK and many other companies again many of the tools that on the one hand can be used for mass surveillance are actually quite important capabilities for network operators themselves to have in managing and running their own networks and keeping them secure US and EU sanctions most specifically on Iran and Syria include some technology bands and you'll know of course in April the White House went further to try to impose controls to target those that create or operate systems used to monitor, track and target citizens for killing torture or other grave abuses the difficulty first of all with relying purely on a sanctions based approach is it's very narrow by and large sanctions are only put in place countries and governments that have already gone a very long way down the road in serious human rights violations whilst allowing other repressive regimes to build surveillance infrastructures and censorship infrastructures that then might later be abused sanctions politically are very hard to agree between the states understandably because states have significant companies whose business interests they do not want to to damage the practical issues about controlling exports of technology the very long running attempts by western governments to restrict the export of encryption software in the 1990s is a good example of how very difficult indeed it is to do that and I think the time is long gone when software components purely software components can effectively be export controlled I think you have to focus on hardware can you define controls in a way that won't damage legitimate sales that won't be easily circumvented by bad actors and one of the civil society experts we interviewed you can see the quote there in the second bullet point said despite a great deal of work in trying to do this they were yet to see a workable definition that wasn't too narrow or conversely so broad that they undermined the activists in those regimes that they are trying to help that has also been a problem we've seen with the sanction regimes that I mentioned that many companies are very nervous about allowing any use of their products in Syria and Iran even when those products might be incredibly helpful to democracy activists even when governments like the US government have made a lot of efforts to try to clarify controls to create general licences to give advice to companies there are such strong penalties for breaking some of those controls companies are still quite nervous about it and last but not least the equipment is not just sold new internationally but actually a lot of it is available on the second hand market because as ISPs for example in the advanced economies are constantly upgrading their networks sometimes then they have equipment that might come under some of these definitions and they are quite happy to sell and will do the job perfectly well in many less advanced economies who don't have super high bandwidth networks and who actually where repressive governments are most interested in international traffic which relatively speaking might be at quite a low volume I mentioned the Vasnar arrangement already to try to if you're going to go for export controls at all to try to prevent a race to the bottom and to get maximum coverage this is the obvious choice the 41 member states of this arrangement coordinate their controls and share information on them but having said all of that what we've recommended here is more tentative because there was much less consensus on this amongst all across our interviewees and our workshops first of all that these international arms control and export control regimes currently are targeted almost purely on military capabilities and preventing the build up of military capabilities so we've suggested that a further object of protecting human rights against serious violation would be a useful extension of those regimes and that done that states could then consider including technologies that are primarily or significantly useful for human rights violations in those regimes Vassanar itself because of the way it grew out of these mainly military focused controls is quite a traditional state to state grouping of course states do consult with companies and with NGOs in their own jurisdiction but Vassanar itself doesn't have the formal multi stakeholder engagement that you get it now at places like the OECD and most obviously in the internet governance forum so those controls might be better targeted if you brought stakeholders more formally into that arrangement and at the same time actually I think even within Vassanar there are still some of the controls there that are really showing their age now such as the information security tools controls which absolutely get in the way of tools that are useful for activists so TOR for example that we talked to said they are still having trouble with governments to develop TOR as a tool for human rights defenders in repressive regimes in getting export control licences and the permissions they need to export that there and that is it so thank you for listening you can see the full report we would welcome feedback to this email address and let me just say thank you to everyone that we interviewed that came to the workshops to the open society foundations for funding the research to Eric King for the technology export maps and the GNI members who gave us a lot of help in putting it together thank you thank you very much indeed Ian if you take a seat and if I ask the panellists to come back on their dance up and down the platform I very much commend you the report I hope several of you will have had a chance if not to read the whole report which is also available online to have at least read the executive summary as Ian outlined with the the big picture questions and the recommendations as well and just to say this is being live streamed this morning's session so anyone watching us from afar we welcome you too now let's just hope there is Sunil Sunil can you hear us yes I can good and can the audience I think we need to up the volume for Sunil anyway very warm welcome to Sunil Abraham from the centre for internet and society in India and we saw you here in DC Sunil at the internet at liberty discussions just a few weeks ago and it was very good to see you offline a few weeks ago and now very good to see you today Dan and Bob and Gillian thank you very much indeed and I hope you've had time to absorb some of the report and just to say that I will be with the co-author of the report Dawey Cawth in Stockholm tomorrow at the Euridig conference where we will be presenting it second? Fleistroffa that's if the connection is right where we will be presenting it there so Sunil did you manage to hear Ian's presentation and just first of all yes I did I got most of it I think the connection is a bit flicky but I got most of it good I just maybe start with you Sunil while we have you on the line there's been quite a considerable and consistent pushback in India in recent months on a number of freedom of expression issues I'm wondering whether into what degree this report with its attempts at a tighter definition of the questions of terrorism what one might call the powder keg argument used by Indian federal and state governments to what extent can this help influence the debate in India and in other countries grappling with the twin dilemmas of free expression and at the same time security I think it would go a long way before I expand on that specific question I would also like to take this opportunity and commend Ian and the co-author and our colleagues at the exhaustive and impressive report that would really be useful to a wide range of actors both in India and also I assume internationally in India whenever policy is formulated the country's policy makers always look to the west for both good ideas and bad ideas. Sometimes they focus on cherry picking worst practices and I think efforts such as these that bring greater clarity to the discussion that also foreground important evidence is very important and I think the report in its current form and perhaps future research that builds down Have we lost Sunil completely? Right, okay. Well we managed to catch a little bit I think we may be toying with these problems. Bob and Dan as the report has been separated out between companies and governments Bob what is your response to the recommendations a very good list of recommendations to what degree do you think not just Google but other companies in this sphere are already abiding by them and to what degree is their room for improvement? Well I guess I would start first just by thanking G&I for putting this together especially Susan and David in German for the work they've done here and to Ian and his co-author for the work they've done on this report it's comprehensive and very helpful I think Let me start by saying in response to your question John that I actually want everybody to understand that governments are the primary problem here not companies and I think that the challenge begins with the governments and then goes to the companies we are in a situation where around the world companies are faced with what I would call forced compliance you either do what the government says or you don't get to operate in that country and I think that's a very important thing that's lost now often in these discussions and it's interesting that you put the recommendations for companies ahead of those for governments at the end of your report and in the executive summary simply because I think it reflects a current thinking about this about this area and this problem Am I saying that companies are doing everything right and they don't have responsibilities of course not but I do believe that we have lost sight of that important thing now that being said how are companies doing depends on the company I mean I know that's a gray and unsatisfactory answer and everybody wants a black and white answer but I'm not going to give one simply because there's a huge gap between where we are with certain hardware companies and where we are with companies that are exporting technology to regimes that they know are going to use it the wrong way if you'll excuse the expression the wrong way there's a black and white expression that they're going to regimes that are going to use it in order to spy on their own citizens or to track down their own citizens who are in opposition to that regime to be more specific and between other kinds of companies that are trying to do the right thing and by the right thing I mean protect re-expression and protect users if I was going to have to say you know how are companies doing overall I would say not great how are certain companies doing I think we're getting better when it comes to transparency when it comes to cooperation with non companies again allows the expression but other actors in the field with reaction time and with offering everything from practical solutions such as two step verification transparency report things like that to macro policy solutions and also advocacy where companies are coming together in relation for example to India as we did with Facebook and others there in order to counteract what we see as extraordinarily bad trends and ideas that the government has had there well I'm sure members of the audience and other panellists will have questions to you on that and on Google's record and the broader record on companies but Dan first of all respond to Bob's first remark which is the problems reside predominantly with governments I think that's generally true I think I think there are very few companies who set out to target human rights activists and there are a number of governments who do and so that being said in the same way that Bob answered it depends on the company which is accurate it also depends on the government and I think first of all the report is very helpful in laying out a landscape of issues that generally get talked about at events like this and particularly the challenge there are basically two broad areas of challenge that come up with respect to governments and companies internet freedom one is a set of security challenges which this report focuses a great deal on the other is a set of commercial challenges particularly intellectual property which this doesn't touch on as much but a lot of the supposed hypocrisy or conflicts or very real tensions emerge around one of those two camps and I think that with regard to the security challenges you can rather than divide good governments from bad in the first instance you ask the question of whether governments start from a premise that security challenges can be met in a way that is consistent with principles and obligations under international law or they start from a premise that they can't and for the ones who start from the premise that they can't first of all if you dig deeper you find out that their security challenge is not only countering terrorism usually it's often countering the justified demands of their own citizens to have more of a say in how they're governed etc so that it's a broader context for those governments so there's a bigger picture to look at but for the ones who are committed to it I think the challenge lies both for us in terms of the practical challenge of figuring out how to meet security needs while being consistent with principles in our own house and also how to encourage others many of them have much broader challenges because they are illegitimate governments who are oppressing people how to encourage them to respect the rights of their citizens so I don't take issue with Bob's characterization but as you've alluded to there are two main areas there is one the practice in your own backyard there is to what degree do democratic governments practice what they preach or to what extent are the restrictions laid on the internet for whatever reason usually under the guise of terrorism anti-terrorism and security are they sort of manner from heaven are they the perfect get out clause and also protecting children right but I mean for example today even the UK government has just unveiled its data communications bill in parliament seeking considerably more access to social media data and a considerable amount of other data from individuals again under the guise of anti-terrorism do you and other measures as you've said as well Bob do either of you see this as this kind of thing you can understand why it makes much easier for oppressive governments to act in the way they do I understand the opportunistic precedent harvesting of oppressive governments of the discrete practices of governments some of which are completely justified of other governments that operate within a framework of rule of law and I think one of the challenges of this conversation broadly is distinguishing between a lawful intercept that is done according to procedures that are published that have been debated in a democratically elected legislature that are appealable et cetera where nobody has picked up in a black van and disappeared off the street and never heard from again and a lawful intercept that results in somebody getting picked up in a black van tortured and never heard from again those are different context and obviously this is a very that's not a sound bite so I think there's a real challenge yes in making sure that we are reasoning through arguments in terms of how we are applying our principles to solve practical challenges to making sure that we are bringing the context into the picture so that opportunistic precedent harvesting can't take place or is more difficult and to making the case for the broader set of changes that need to happen it's not just that these governments need to not use intercepts to target human rights activists it's also that they need to have protections for human rights they need to have transparent courts they need to have a whole range of other reforms that allow governments to be able to solve real challenges in a way that is consistent with rights over the long run Julian bring you in here both to comment on that area the area of western governments and their practices and to what extent do these recommendations help in that area but also with regard to companies Bob used the term enforced restrictions do you take the view that some companies in certain countries and you can cite some precedents if you wish exceed to the pressure all too easily yes so first I would also like to thank GNI for hosting this and for having us and the authors of the paper of course so to respond to the first bit I would say you know I actually fundamentally agree with you Bob that the countries are the problem and not the companies and yet at the same time I think that the targeting of companies is for me within the context of you can't fix China you can't fix Iran and so in those cases it makes sense but at the same time a lot of these companies have been doing an excellent job with the countries that sort of fall in the middle ground and India being a great example of that I don't know if we have Sunil back but to the second question do I think that in some cases companies are seeding too easily I would say yes I think that we've seen a number of companies willingly offer to restrict certain types of content based on various laws in various countries and Google has been very transparent about this I would say other companies have not been so transparent we've seen over the past year Twitter now saying that they will indeed take down certain types of content if it's legally required I don't know that we've seen any instances of this aside from intellectual property just yet and then you do have a number of other social media companies and up and coming social media companies that are not taking the transparency aspect of this seriously and so I guess what I would say is that I would love to see more companies whether by force or by preferably voluntarily follow Google's lead with that type of transparency report I think that that's the first step while acknowledging that this is a matter of it is the problem of the countries and not the companies but it's not the last necessary to report on it what about the recommendations such as companies actively trying to support the people who are being forced to hand over data or put under pressure from these restrictions and also the requirement to receive a legally binding physical receipt of the request which can then be challengeable in courts are these routes that you think both for companies and also the question of western embassies in those countries is that realistic I think that's not sure that I've got a good answer for that not a straight answer anyway but ultimately I think that the companies in the room here the companies that are participating in GNI are aware of this but there's so many more and I think that it's not going to be realistic until more companies come to the table Sunil, I just wanted to check first of all can you hear us yes I can before popping off as soon as he starts speaking you freeze again unfortunately can you Sunil can you just start and we'll have to cut you off if you do free oops he's gone well he didn't try I think that if you mute us because I think when noise gets picked up from us it intercepts the blocks then like when you're David any what we can apologies to Sunil and to the audience let's bring you in here this question it's not a binary thing issue of companies or governments but to what degree do you think companies and western governments for want of a better term democratic governments should co-operate better to what extent does that in some ways compromise the independence of companies in so doing I agree with what Bob has said yes absolutely as Ruggie pointed out and elsewhere it is human rights protection is the responsibility of states absolutely I don't have that fear John I don't worry that companies working closely with democratic governments compromises their position of course having the measures in place like transparency as several speakers have said puts the sort of protection in place against that happening so I think that's very positive obviously things are slightly different when it comes to the oppressive regimes and ultimately I think two important points first of all as Gillian said the companies in the room here by and large I'm not the problem they are making a significant effort through GNI and through other mechanisms to take voluntary action to deal with some of these constraints the concern is the companies that aren't in the room and the absolutely legitimate problem that if if states try to persuade companies to do everything voluntarily that you end up rewarding the bad actors the ones that will not come to the table and act in a responsible way can I just I actually am going to disagree that protecting human rights is a responsibility of states and I think you're reading Ruggie very narrowly here and Christine Bader is here and maybe she can pitch in on this in the question period but the way that I read it is that it's the responsibility of all of us every institution every international organization every NGO every company should in some way work to protect human rights and I actually find the Ruggie principles a little bit weak in the way that they are worded and we don't have to get deep into wording here because that's boring frankly but I was considering them when I was reading over your paper and it strikes me that protect, respect and remedy which are the basic words used in Ruggie are really not quite there especially when it comes to trafficking and information and the stuff that companies like ours deal with because protect is too late respect is passive respect human rights is just a really lousy way to express it to me and the final one remedy is over promising because remedy is a cure it's some way that you can fix what's gone wrong so instead at the risk of upsetting Christine and others who worked for years on getting those words right I would suggest prevent instead of protect because that's trying to do something before as a company or as an individual or as an NGO you do something dead wrong protect as a second one instead of respect simply because it has more oomph to it and the last one is mitigate instead of remedy because I don't think when you mitigate something you've done wrong you're over promising all you're trying to do is fix your mistake and the one thing I can promise you when it comes to this field is that every company involved in trying to protect human rights is going to make a mistake at one point or another Dan what about the point about territorial and extra territorial how does that affect for example US law enforcement if there is email traffic say between Pakistan and France that you regard as potentially suspect on terrorism questions where does jurisdiction begin where does jurisdiction end and if governments such as the US, UK Germany and others are seeking either through the cloud or through cooperation with companies or countries elsewhere extra territorial jurisdiction should that not then apply to other countries too I'm going to be honest and say I'm probably already out of my depth in terms of I'm not a lawyer and I don't work in law enforcement and I know that there are a number of complex national agreements and bilateral agreements including emlats which are covered in the report that make arrangements for in the United States case for US efforts to protect against terrorist attacks or prosecute and investigate and prosecute international crime etc and I think in many cases it's therefore not a question of jurisdiction per se, but rather whether agreements are in place in order to access information I do want to come back to something that both Jillian and Bob said one of the things that Jillian said that I had intended to say early on was even though that it's that I agree that the and what Bob said originally was not that it was the responsibility of governments to protect but actually that governments were those who were the greatest the original violators it wasn't the companies were were out to get folks and I think that being true sitting in the position of a government official who's mainly externally focused in terms of how do we help make sure that protections are in place and that people's rights are less violated abroad one of the things that's obvious to me especially the challenges with export controls for example that are discussed and having them have practical import etc one of the problems is not only having companies not make monumentally bad decisions but it's also how do we get companies to be part of help us be part of the solution companies are much more innovative generally speaking than governments and so I see it as even though the companies the governments may be the source of the bad the companies are in many cases in a position to be the sources of the good and the boundaries between companies not doing wrong and being innovators in terms of protections are blurred because for example a due diligence process is a management innovation from many companies and it's one that prevents bad behavior on their part inadvertent bad behavior on their part but it's also an innovation and I think there are innovations of management and innovations of product that can both be part of the solution set here and probably are more promising than many of the tools that are open to governments looking at supporting human rights overseas. Let me just make one point though I mean Dan speaks from a state department viewpoint it is not as if the government of the United States is a monolith and if Dan was to launch a campaign tomorrow for there to be a transparency report by the US government to show everything that it is asking for and why it's asking for and what the reactions are certain agencies that have three letters plus the department of justice plus probably the defense department would all violently object to the production of such a report so you're frowning yes well yes I'm frowning we look forward to the frown we look forward to the frown the frown will take verbal substance in one second anyway I just point out the difficulty of transferring a product from a private arena into a public arena I think it's time for questions that I think there will be quite a few and pushbacks which will be great just to say the twitter feed again the hashtag is GNI 2012 there's been a lot of good tweets more on a reporting in a reporting manner than comments or questions so if either anybody here has questions they would rather tweet or anybody outside would rather tweet questions please go ahead and do so we have a microphone when you are called to speak please just briefly introduce yourself you would be familiar to many here for people outside watching that you need to be identified right, lady there go ahead and then here that's right hi I'm Christine Bader I was working on the guiding principles so I agree that word definitions are terribly boring so what I would encourage everybody to do is actually read the guiding principles which do spell out explicitly that protect is about stopping people from getting hurt before it happens respect explicitly spells out a proactive due diligence process that companies are supposed to undertake and remedy is about well yeah if you contribute to harm I think it's reasonable to expect that you should also contribute to at least making sure that people have access to a mechanism where that wrong could be righted but the guiding principles do not say however is in something that was in your report that companies have a duty to to refuse violations sorry to refuse state requests that violate human rights minimize compliance with yeah the guiding principles actually don't say that and so I think it's a reasonable interpretation of what they do say but I do think it's quite important to distinguish what the guiding principles actually say from an interpretation of it for a number of reasons that may well be obvious okay Ian do you want to come out Angillian if you have any observations on either the question or the brief remarks previously from Dan and Bob and then we'll have the second question no that's right and I tried but maybe I failed in this case to make clear which were direct quotes from the principles and which were our interpretation of them but that's fair okay if we can move quickly along with the mic thank you and then if you stay no no no she's on the side just behind thanks if you just keep it close to you oh it is on I also work at the State Department in a different bureau than Dan but I wanted to comment on this issue of transparency and the issue of transported law enforcement access to data and just as a general comment on the report I would say the one party that you need to be talking to that I don't think you talked to before preparation of the report is the Council of Europe and the reason I say this is because I was just last week at the octopus cybercrime conference which for the first time really brought together prosecutors technology companies cybersecurity companies you know Microsoft was there prosecutors investigative judges in a very major way they actually now house cybercrime and privacy under the same division there was one workshop in particular which is an all day workshop on transborder access to data by law enforcement it was not for attribution and if you were there you would understand why it was not for attribution but you know there is a wrap up session that I can send you the link to that would be very helpful among the many takeaways I would say that this issue of transparency the issue of MLATS this is not an American problem this is definitely at least a European problem and certainly there was also a lot of outreach to the developing world that's going on with the Council of Europe a lot of promotion of the cybercrime convention so on the one hand the cybercrime convention is a very useful tool to sort of give a structure to this issue of transborder access to data but there was also one magistrate in particular who stood up he was from a western European country he's one of the types of magistrates that have investigative powers in the area of counter-terrorism he said in the age of cloud computing and proxy servers I don't have time to figure out what 12 countries the data is passing through much less direct and MLAT request to that country this is just not going to work for me so there were a lot of people who agreed with him and said we really need a paradigm shift as to how we approach these issues so whether he's right or wrong I would say that is a dialogue that we need to have because if we're not having a conversation that's really responsible and sophisticated and human rights respecting law enforcement entities then we're never going to have a common set of principles that we can join with Europe in sort of bringing the more repressive regimes to heal Can I just ask you then this magistrate how did he see the way forward in dealing with traffic that's on the cloud well he said I have the authority under my domestic laws to pull that data if I can access it from my country I'm legally authorized to do so and that's what I'm going to do to a country by country jurisdictions he said that's the approach that's going to work for me now there was a prosecutor from that same country who said those authorities aren't available to me and therefore I'm stuck trying to get data from a company in fact a US company that didn't actually have a legal presence in Belgium now we know the country so go secret safe with us I'm still not naming names so people's frustrations seem somewhat related to the legal authorities that they have at their disposal under domestic law and also the legal authorities in other countries to sort of assist them so there needs to be a conversation on a wide variety of topics like do we go through the MLads can we work this out cop to cop because the cops want to work it out cop to cop because that costs them time so it was a great conversation to have had and I think if there's follow up events for you guys to have I would recommend talking to some of these guys at Council of Europe thank you thank you that was very helpful there's a good tweet from Daniel Bryan sitting there on the second row your tweet it's a call out anyone got any questions for Google the State Department and NGOs the Human Rights we have them all in the room John you said go back to country by country jurisdiction what did you mean by that well I'm just saying how do you resolve when you have traffic based in country not based in the cloud then the jurisprudence is surely clearer on that developing that jurisprudence with traffic on the cloud is surely the challenge I just am I I don't know if the word is tired but perhaps exhausted is a better word in hearing the expression borderless internet or such or something like borderless internet because the fact of the matter is if you're looking at from a company's perspective or a government's perspective there is no such thing as a borderless internet every time you cross a border a new law comes into effect and it means that you have to react to a different case on free expression or privacy in a different way can I just say absolutely those are the kind of challenges we that's what we mean when we say develop and streamline the MLAT framework I quite understand what you're saying it should remain a very traditional slow bilateral to bilateral process absolutely not on a European ongoing basis and we've made specific recommendations to IGOs like the Council of Europe that this is something they could support moving forward and down apart from agreeing 100% with your colleague is there anything you'd like to add to those remarks I'll just move to more questions right Ben and then another hand up so we can then two rows behind after that thank you I just want to briefly build on my friend Christine Bader's response to the very important point that Bob Orston made about the rugged framework and how it relates to GNI in particular the GNI principles were developed apart from but in full awareness of the then evolving protect respect remedy framework which was released if I recall correctly Christine in the spring of 2008 and thanks in part to you your participation in the GNI process our efforts to finalize the draft GNI principles in the first half of 2008 were informed by that framework that said I believe that GNI principles and I think this point was alluded to earlier in fact by Ian explicitly so and in the report and in your very good opening remarks the GNI principles go much further than the guiding principles the guiding principles as terrific as they are are simply but powerfully a foundation for companies in virtually every industry to understand and address risks and responsibilities alike what GNI does is to provide an operational framework for addressing very specific issues in this particular context of freedom of expression and right to privacy. One last point and just to hit Bob's concern or observation rather right on the head is that I think that the GNI principles blur or meld and quite constructively so even if consciously at the time the bruggy duty to protect on the part of governments and the company duty to respect on the part of companies and especially so in the context of censorship of content and also responding to governments request for data on individual users for purported national security reasons which is the main focus of this report so without getting any further detail that ambiguity which may be uncomfortable for some I think is actually constructive for companies and while these issues certainly is all the panelists have emphasized live first and foremost with governments there is a company duty I think not only to respect but to protect human rights in certain ways that I think that the GNI principles and implementation guidelines help take forward. Thank you very much. Thank you. Hi I'm Don Kraus with global solutions.org and this is a question for Ian in your second part of your presentation you talked about extending export controls around arms controls to include dual use information technologies and I just want to get a little bit more from you and your thinking on that. It's a little bit apples and oranges we're involved in negotiations on an arms trade treaty right now for example that happens in July up in New York and the parts of government civil societies that are thinking about guns and bullets are really not thinking about information technology and there are different parts of the state departments and foreign ministries and a lot of that treaty is about actually getting countries to establish export controls that have no export controls are very very few. There is a vision connecting the dots on that and bringing together some groups of people who really think of themselves and working on different kinds of things where actually you're right they both can go towards really protecting human rights but it's making those connections and pulling that together that seems to be a pretty high barter to be able to achieve. Yes I think that's right one reason we emphasised Bassanar in our report is that they've dealt very extensively with the dual use goods already the single use purely military goods you're quite right that it's entirely different sets of people so in the UK for example we've talked to groups like Amnesty that are very involved in the areas you were discussing have been less so in the past related to the internet but it is something that they are getting into and want to further develop and so I know it's almost trite to talk about multi-stakeholderism and the question is how do you make it work but that's why we we recommended getting that process rolling but we wouldn't claim to have easy answers to that problem. I think the arms question is tricky I mean I don't have a clear answer on how that convergence can come about EFF for our part we've thought about it along the lines of the Foreign Corrupt Practices Act instead in terms of being able to create transparency around what governments particularly around dual use technologies what governments are exporting what it's being used for etc and I think that that's the first step and you know I've gone through my own sort of evolution on this over the last year from voluntary to perhaps at least the transparency aspect of it needs to be enforced Thank you I just chip in here I think that the the ultimate object of these whatever that whether it's transparency whether it's export controls etc you know for all the reasons that you laid out it's challenging to have it be frankly you know it's challenging to expect a high degree of actually limiting the amount of equipment that gets to places that you don't want it to get but it isn't challenging to imagine it creating norms of shame etc and things like that and those things do I mean again the broader context over time being associated with having to only do business with companies that or countries that are known to not be transparent etc there are other costs in the broader relationship and just as a point of fact I work on both actually I supervise an office that has both the internet freedom team and the arms vetting for human rights team and working on the ATT as well as on other technology issues so there are some convergence and I had had the thought I didn't want to raise it but I had the thought about whether or not people are thinking about New York etc so you know I think there's a reasonable conversation I think if you hold the standard that will this lock up and ban bad equipment from getting to bad people that's an unreasonable standard it's not going to happen we should never be wholly reliant on this but we should be trying to figure out how to make them as effective as possible and recognize that they can have a variety of different kinds of effects let me just add very briefly that one of the most interesting points in Ian's paper is the point about the second hand market I mean let's talk real world here if we ban let's just say that the US Congress and the European an European Parliament and every institution in Europe were to ban any company from those countries in engaging in such transfers I have a feeling that Huawei might not pay attention to that and might actually gain market share around the world but that doesn't mean it doesn't impose a cost no, I'm not saying it doesn't impose a cost to only do business with Huawei because there are other costs to only doing business with one company I understand that but I do want to just be very clear about the difficulty of approaching this through legislation that affects only companies in certain countries and are there other ways which you also raise technical ways technological ways and I'm not a lawyer or a technologist let me be clear about that thankfully that would act that would succeed in stopping those technologies from being used in the ways we were describing earlier well as several speakers are saying that they have no legal background are there lawyers in the room who would like to this is Washington DC but there are no lawyer exactly thank you I'm Sharon Haum from Human Rights in China and we are one of the founding NGOs of GNI I'm a human rights lawyer so some people think that that's not a real lawyer so I wanted to thank Ian and Dorn for a really useful paper and I hope that GNI and the broader public that's engaged with these issues will really look to the paper as a discussion paper that helps them move us forward because I don't think it was intended to be like a blueprint that we were going to implement so there are a number of quick comments and I'm sorry I hope this is not too little too late for the paper and for GNI in particular for us in moving and implementing I think some of it because it's really like a good map I think it's a map of some of the really relevant issues but the map is not the territory because in this particular territory in ICT both the technology and the regulatory framework domestically of domestic jurisdictions and the international normative are all in flux right now so I wanted to say that I stand with Bob Borstein let's talk about the real world so let me say something about jurisdiction users end users, Chinese users, Chinese citizens like we're in an actual jurisdiction so we may think we're in cyberspace and we're transcending borders and all that but at the end of the day it will be the Chinese public security that will come knocking on the door and will be in a Chinese prison so I think it's important to keep in mind that while they are international and blah blah blah that the reality is that people still live you know until they're downloaded we're still in a real physical jurisdiction so that's one I think the second thing is I think it's important to build the norms I have been trying to be downloaded into a cybernetic body I have been trying to be downloaded into a cybernetic body I have been trying to be downloaded into a cybernetic body but it's not happening so the second thing is on Vasinar it's important to look at it but except for the fact that it leaves out most of Asia, Africa and Latin America except for that well Mrs Lincoln did you enjoy the show so it's kind of like a big but but it still is at least a starting place the second thing is on whether we might take a little bit more look at regional frameworks which have a vastly important negative impact on issues like terrorism and human rights human rights and etc and the one of course I'm obviously referring to is the Shanghai Cooperation Organization which has a very bad approach to terrorism because it links it normatively and in implementation with splitism and separatism which is not part of the international the other thing is including India and Pakistan as observer states so we should be careful about thinking that everybody's there are good governments and bad governments I think there's always a question of what do you do when good democratic governments do bad things so we should move to a more nuance of saying the world is good governments repressive governments and bad governments except with the exception of China I think we should say it's a repressive government it's also not monolithic and there are some reformer voices right now that's peeping up but I do think we need more nuance to bad and good governments and bad and good companies because that's one thing we have learned from GNI and in our participation so I think that's important so the one thing to also keep in mind is when you look at ICCPR which we always do when we talk about international we really ought to not forget the implementation mechanisms for those treaty bodies and that's an opportunity for both policy and norm building because that's where the jurisprudence develops that all of the treaty signatory member states in fact have to go through an implementation supervisory transparent review and that's where we can have some input as multi-stakeholder, as individual you know as NGOs etc and the one thing I would recommend us to push on your recommendations is for governments and multilateral bodies that you know as an NGO I think we want to be part of all those processes so I think one recommendation should be that they should include civil society and NGOs in those norm setting like wicked processes, thanks Thank you for that contribution Dan maybe if you can come back on this point about not just the potentially negative influence of regional groups like the Shanghai Development body bringing Russia and China and the various stands together is not likely to induce great confidence in human rights but more generally what about the question of different countries that feel entirely emboldened to interpret the threat of terrorism as they see fit You know I think it's a unavoidable challenge I think it obviously we have a concern not only we should be concerned about exploiting the term not only because it's exploited in order to perpetrate abuses but also because it cheapens the coin of a very real and therefore unhelpfully broadens what is aimed at being a very focused effort to target a very real threat which is real terrorism and so there you can object on both prudential and moral grounds I agree that regional organizations are a real challenge yet I mean I think first of all as a practical matter can't remove them from the map of diplomatic engagement et cetera and second of all I'm not sure you would want to because there are opportunities there but it's incredibly difficult because it's incredibly difficult to make progress in a bunch of different regional organizations let's leave the SCO out which for all the reasons that Sharon highlighted is highly problematic but there are other regional organizations that we hope have some promise in the OAS or the AU and I'm not speaking strictly speaking on internet level but just in general and the OAS has a long track record of being a constructive contributor to good governance in the hemisphere et cetera the AU is a submergent ASEAN and then the OSCE which I think is actually a model for being founded on the idea that security economics and human rights are unavoidably intertwined and need to be pursued in tandem et cetera and so regional organizations are critically important but the challenge is not only are there some that are less constructive than others but also once you establish a standard in one if the standard in another doesn't look exactly the same then you kind of erode the idea of standards and so there's this practical challenge in terms of advancing universal standards step by step this is something that's mirrored in the challenge of state by state advances so I just wanted to comment on something else that Sharon said which was this idea of separating countries between good and bad and I think that this in terms of one of the things I was thrilled to see in the paper was commentary on the existing export control regimes that do in fact punish the citizens rather than the governments what I've seen is in the case of Iran and Syria which have had the strictest regulations and let me be clear on Syria these regulations emerged in 2004 out of something that frankly does not appear to be a US a definitive US interest Syrian I believe Lebanese sovereignty and Syrian accountability act which prevented things until recently such as Google Earth from being downloadable by Syrian citizens and it's hard for me to see how that particular tool could be used by a government against it citizens I'm sure it could be but needless to say you know in that case I think what we've seen is my own government the US government deciding in those two cases that Iran and Syria are terrible places which I mean sure they are extreme human rights violators but so is Bahrain so is Saudi Arabia and so when we've seen these new efforts such as the Global Online Freedom Act to restrict the export I'm concerned again that we're going to see a distinction particularly you know in the wording of that bill we're going to see a distinction between what's a good government what's a bad government and you know I don't think Saudi Arabia is going to end up on the bad government list despite their extreme restriction on political speech and so I you know I think that just when we think about these things obviously I do feel that the first step should be transparency but I also think that we do need to be very clear about good versus bad and and not trying to separate into those buckets we've got time for one more question or maybe we'll fit into gentlemen there with the blue tie Nick Delay Nick Delay PwC are working on sustainability practice and essentially what we do is we help companies do the right thing in a way that makes business sense right and you can do a couple of things you can approach it with a risk compliance or moral responsibility angle I'm sorry the name of your firm? PricewaterhouseCoopers PwC and so you can you know to help companies in a way that makes business sense I suppose you can approach it from a risk compliance or moral responsibility angle and it works sometimes or you can actually say to companies if you do the right thing you're going to achieve those benefits tangible benefits and tangible benefits and you put a dollar value on those tangible benefits it's easy and tangible benefits a little harder so my question to the panel is this if protecting online freedom of expression is a good thing for businesses has anyone ever attempted to actually quantify the business benefits that corporations would achieve by doing so such as for example increasing user satisfaction user value user retention reducing litigation costs you know improving brands you know whatever it is so I would be curious to see if anyone has tried to look at gets more the carrot angle than the stick angle or the moral angle to help companies do more in this space thank you as much as I love Bob that question had your name written all over it I think it's a really interesting question which is my way of saying I don't believe so if there is research on this I haven't seen it but it's there's no question that there are discussions that go on about the value of reputation and what reputation means to a company and in turn whether or not investor investor attitudes are changed by the way that companies act and I don't have quantifiable evidence on those questions to give you in return for your question I do think though that there's little question that once a company starts to act in the right way inverted commas that in the west quote unquote also you get a favorable backlash if that's not an oxymoron and I apologize you get a favorable reaction from NGOs and others that in bolstering your reputation does help in the long run I think but I can't give you anything quantifiable on that good I mean I love Bob and I think Bob is a great human being but Bob is here because Google sees value in the broad range of engagements that Google does to advocate for free and open internet and protect netizens and stuff like that and so I mean obviously there's a business case to be made I think the business case ends up getting made more in a downside protection in the first instance in a downside protection way rather than an upside potential way and I think there's no question that there are when bad things happen there are reputational things happen there is a potential knock-on effect on both your cost of capital and consumer reactions I think that the other downside protection that is difficult to separate out each company's interest in is the fact that all firms both hardware, software and internet firms have a stake in the internet remaining a free and open platform for the growth of their business and so I think that's one where it's not where there's a collective action problem and there are certain firms that are leading on advocating and you can't separate out I mean importantly the front runners here understand that you can't separate out the free and open platform that you need in order to sell more cable in order to acquire more users in these countries from protecting the particular users because they're being targeted by regimes that are also laying the blanket restrictions that restrict the internet as a free and open platform that's the interesting case where how do you make the case to the industry as a whole which obviously the GNI has a role to play in but how do you make the case to the industry as a whole that they all have an investment in this thing called the free and open internet and that it needs to be protected in order to protect against downside risk and I would say basically that I guess you could summarize this in a way by saying it is hard to untangle a corporations right to sell ads on the open and free internet from the users of that corporation services right to express themselves they go hand in hand as a result if you look at the if you look at for example the current movement by companies to link the free flow of information with economic growth around the world there's no question that we're doing that in part because we want countries to realize that you can't have one without the other that they can't have direct foreign investment by companies without guaranteeing the fact that data is going to flow across borders I would refer you specifically to the national foreign trade councils paper on this on this issue NFTC it's an interesting paper and it includes both people from the IT sector and from the financial services sector we brought together an interesting alliance of companies in producing that evidence I would also point to an issue that's not I don't think raised sufficiently in the paper but is one that is becoming increasingly important and that is the location of data centers and demands by countries around the world that in order to provide services or products in those countries you must locate data centers in those countries that poses all that issue in and of itself mixes everything we're discussing today security economics privacy all this come to bear when it comes to these discussions and there are companies such as Google which are aggressively resisting movements all over the world to do this Times up if you haven't been able to ask a question you can do so obviously in the next two sessions the next session is going to look at some very specific country case studies Sweden, Russia, Pakistan and others so your questions will be equally apposite to that if we can reconvene at 11.15 please can I thank you all for your engagement it was a very good and lively session can I thank Sunil remotely who has been following us assiduously on Twitter since the line went down and commenting so it's great from him can I thank Bob Burstyn, Dan Bear, Gillian York and the co-author of the report Ian Brown and it's coffee time