After more than two years of work behind closed doors, the Global Network Initiative is launching this week. That's the corporate code of conduct on free speech and privacy I've been talking about in generalities for quite some time. By midnight Tuesday U.S. East Coast time, the full set of documents and list of initial signatories will be made publicly available at globalnetworkinitiative.org.  UPDATE (noon HKT): the site is now live.

On that website you'll be able to read the full text of the Principles on free expression and privacy. A group of companies including Yahoo!, Google, and Microsoft, human rights organizations, socially responsible investment funds, academics, and free speech groups spent the last two-plus years reaching agreement on what should go into that document. There will also be a Governance Charter and a set of Implementation Guidelines giving more detail on how companies should adhere to the core principles. There will be an FAQ, list of participants, and contact people for the organizations that have joined the Global Network Initiative so far. The hope is that many more companies, NGOs, investment funds, and academic institutions around the world will join in the coming months.

The initial plan was to release the news so that the first news reports about the initiative would come out closer to the website's unveiling at 12:01am Wednesday EDT or 12:01pm HKT. But the story leaked early and the San Francisco Chronicle reported it on Monday without any comment from the participants who had all agreed not to talk until the official launch. Since then, the New York Times, Wall Street Journal, WSJ China Blog, the AP, AFP and others have reported the story with remarks from some of the participants. We can expect more coverage in the next 24 hours. UPDATE: The BBC has a good story with lots of quotes from participants.

A few people have called me asking "does this thing have any teeth" or "is this thing more than just a figleaf for companies to get congress off their backs?" 

Organizations like Human Rights Watch, Human Rights in China, Human Rights First, and the Committee to Protect Journalists would not be putting their reputations behind this thing if they didn't think it was meaningful.

That said, the initiative must prove its value in the next couple of years by implementing a meaningful and sufficiently tough process by which companies' adherence to the principles will be evaluated and benchmarked. If there is a rigorous process that rates the companies' behavior, then investors who care about social responsibility, and users who want to know how trustworthy a given company is compared to others, can make more informed choices.

The initiative is based on the reality that there is pretty much no country on earth - including the United States - where governments aren't pressuring telecoms and Internet companies to do things that potentially violate users' rights to privacy and free expression. Companies must consider the right to free expression and privacy of users in all markets to be part and parcel of what it means to be socially responsible. Part of the problem is that many telecoms and Internet companies just have not been thinking through these issues as they roll out products and services around the globe, resulting in all kinds of unintended consequences - the TOM-Skype fiasco in which Skype's Chinese business partner was found to have allowed a huge security breach being the latest example. The Initiative is about getting companies to think ahead and incorporate human rights assessments into new product plans or plans to enter new markets. It's also about being more transparent and honest with your users about what's being censored, why and how, and informing them about how and with whom their personal data is being stored and shared. That way, users can make informed choices about how and when it is safe or reliable to use these services - or not.

As critics point out, the initiative stops short at making companies pledge to commit civil disobedience, break local laws, or to pull out of markets at a certain prescribed point. Depending on where you stand, you might consider this a strength or a weakness. The initiative is focused specifically on how to engage in markets around the world while doing everything you can to avoid causing harm to users and customers. It won't on its own stop governments (of any given ideology or political system) from doing bad things to their own citizens. If it's successful, however, it will help companies who truly care about their users to think ahead about how they can avoid acting as an un-transparent and un-accountable extensions of government abuse. Whether even such a modest success can be achieved will require a lot of work from all the organizations who have already signed on and who may sign on in the future. NGO's, investors, human rights organizations, user groups, and academics need to make sure that the companies' performance on matters related to free speech and privacy is evaluated in a rigorous and meaningful way. I hope that groups around the world will not only insist but help to make sure that this initiative will be much more than a fig leaf.

Creative Commons is getting hip in Hong Kong: Cantopop starlet and actress Ella Koon has released her photo gallery and desktop/mobile wallpaper under a Creative Commons Noncommercial-Share Alike 3.0 License.

Ella Koon has parked her website at a ".asia" domain. Edmon Chung, DotAsia's CEO, has been encouraging ".asia" clients to use Creative Commons licenses whenever it makes sense to do so. For Ella Koon, it makes a great deal of sense to release photos with "some rights reserved" instead of "all rights reserved" so that her fans can legally share her pictures and create fan art with them, as long as they attribute the original source. Since she has used a non-commercial license, that means for-profit media can't freely use the photos without permission or (if she demands it) payment, just as in the traditional "all rights reserved." But fans are free to use them as they wish, as long as they don't try to sell them and adhere to the "share alike" requirement and share any new works under the same kind of CC license.

Until now, though, Hong Kong users haven't been able to use CC licenses localized under Hong Kong law. On Saturday that will change with the launch of CC Hong Kong. With licenses adapted by Hong Kong IP lawyers to stand up in Hong Kong court, web businesses like the Hong Kong-based blogging portal MySinablog are getting ready to make them available as a publishing option for their users.

If you'd like to learn more about how you can use Creative Commons or just want to know what's been keeping me so busy over the past few months, please join us for our launch ceremony and festival celebration on Saturday at the HKICC Lee Shau Kee School of Creativity, 135 Junction Road, Kowloon.

Or perhaps a stronger incentive might be a chance to meet CC founder Lawrence Lessig and CC's current CEO Joi Ito?  Nutshell schedule:

Main Programme, Inauguration with special guests (2:00 - 3:30pm)

• Professor Lawrence Lessig, Stanford Law School, Founder of Creative Commons
• Mr. Joichi Ito, CEO of Creative Commons
• Panel discussion with Pindar Wong (Chairman of CCHK's Preparatory Executive Committee), Charles Mok (Hong Kong Internet Society), and Edmon Chung of DotAsia

Festival activities (noon-2 p.m and 3:30-6pm)

• OpenCourseWare Presentation
• Photographs Exhibit (Hong Kong Flickr Groups)
• Script reading of “An Instant Patriot” - a play by Mrs. Elizabeth Wong
• Live Music ( Snoblind )
• The Making of CC Documentaries ( v-artivist and inmedia)
• Hong Kong Bloggers workshop (Panelists: Jacky See, Poon Wing Hang, Jeff Au Yeung)

Full program with a lot more details can be downloaded here (PDF). Maps, directions, and online registration here.

And that's not all: On Friday from 5-6:30pm come hear Prof. Lessig give a public lecture titled: "Free Culture and Free Society: Can the West Love Both?" Lessig has just come out with a new book, Remix.

Another exciting development: DotAsia has just announced a new partnership with Creative Commons to help promote the use of CC licenses in Asia, and to help facilitate more active collaboration between CC-user communities in different Asian countries. A new website, creativecommons.asia, has just been set up. The plan is for the new CC Asia site to serve as a hub and platform for Asia-wide creative collaboration.

Still not entirely sure what CC is all about? Here's a gorgeous new video, "A shared culture" in which CC's founders and key community members talk about the philosophy behind it:

The Open Net Initiative's Information Warfare Monitor project has published a stunning report by "Hacktivist" Nart Villeneuve titled: "Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform."  It has been covered by both the New York Times and the Wall Street Journal. The report's key findings are as follows:

Major Findings

• The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and
if present, the resulting data are uploaded and stored on servers in China.

• These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.

• The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.

• Our analysis suggests that the surveillance is not solely keyword-driven. Many of the
captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

Nart has posted a Q&A to which he will continue to add answers to questions he has been getting. He says he alerted Skype to his findings before the report was made public in order to avoid further compromising the people whose personal information was stored on insecure publicly-accessible web servers.

Skype's initial reaction, reported here by the Wall Street Journal, was dismissive and somewhat flippant in tone, making it seem as if they didn't take the situation too seriously:

...The idea that the Chinese [government] might be monitoring communications in and out of the country shouldn’t surprise anyone, and in fact, it happens regularly with most forms of communication such as emails, traditional phone calls, and chats between people within China and between people communicating to people in China from other countries.

Nevertheless, we were very concerned to hear about the apparent security issue which made it possible for people to view chat information among mainly Tom users, and we are pleased that, once we informed Tom about it, that they were able to fix the flaw.

They later added a statement that is more appropriate if you want your users to think you take their privacy and rights to free expression seriously:

In 2006, Skype publicly disclosed that Tom operated a text filter that blocked certain words on chat messages but that it did not compromise Tom customers’ privacy. Last night, we learned that this practice was changed without our knowledge or consent and we are extremely concerned. We deeply apologize for the breach of privacy on Tom’s servers in China and we are urgently addressing this situation with Tom.

We confirm our strong belief that Skype to Skype communications, enabled by our peer to peer architecture and strong encryption, remain the most secure form of publicly available communications today.

While Skype claims to have fixed the problem, the fact that TOM-Skype was enabling surveillance and privacy breaches in such a shocking manner for a significant period of time demonstrates that eBay/Skype as a company has not placed enough emphasis on protecting users' rights and interests. What else is going on - or has gone on - which users don't know about and which Skype headquarters doesn't know about either? This incident with TOM raises questions about how trustworthy Skype as a company really is. Even if top management did not intend for such a situation to happen, the fact that it did happen shows that management has not made user rights high enough of a priority company-wide, and have failed to communicate well with their local partners about what practices are acceptable and what practices are not. This situation could have been avoided if they had really been thinking through the potential challenges and pitfalls of working with a local partner in offering a localized internet communications product in the mainland Chinese market.

Skype is now learning the lesson Yahoo! already learned the hard way: that if you leave your users' privacy and security to your local partner to sort out without paying too much attention to details or thinking through how things might play out, you could burn your users badly and badly damage the credibility of your global brand.

Yahoo! (along with Google, Microsoft, and others) has been part of an ongoing initiative to develop a global industry code of conduct for free expression and privacy. The initiative should (I hope) go public before the end of this year. In August, in response to queries by U.S. Sentator Richard Durbin about the status of the initiative, some of the companies issued letters. Here are the pdf's of Yahoo!'s and Microsoft's. They are very similar. Microsoft describes the initiative's substance as follows:

We are pleased to report that representatives of the diverse group of human rights organizations, policy groups, companies, socially responsible investors, and academics working on these principles have reached agreement in principle on the core components of a planned ICT ("lnformation, Communications, and Technology") Initiative. The agreement in principle is now being reviewed by each participating entity for final approval, and for a decision whether to participate in (or, as may be appropriate for some entities, simply to endorse) the lnitiative.

Later this year, once these approvals and participation decisions are made, the Initiative's members, plans, and details will be formally announced. At this time, however, we can provide you with some information about the core components of the Initiative, which are as follows:

Principles on Freedom of Expression and Privacy that provide direction and guidance to the ICT industry and other stakeholders on protecting and advancing rights to freedom of expression and privacy globally. The Principles describe key commitments in the following areas: Freedom of Expression; Privacy; Responsible Company Decision Making; Multi-Stakeholder Collaboration; and Governance, Accountability & Transparency.

lmplementation Guidelines that provide further detail on how participating companies will put the Principles into practice. The lmplementation Guidelines describe a set of actions which, when followed by a company, would constitute compliance with the Principles, and thereby provide companies with concrete guidance on how to implement the Principles.

A Governance, Accountability and Learning Framework founded on the notion that an organizational and multi-stakeholder governance structure is required to support the Principles and that participating companies should be held accountable for adhering to the Principles through a system of independent assessment.

Companies participating in the Initiative will put the Principles into practice throughout their operations over time, and there will be milestones in terms of reporting along the way. Additionally, the companies and other participants will be working collectively to consider options for public policy engagement, to strengthen government respect for freedom of expression, and to carry out the independent assessments that are part of the accountability process.

While the principles have not yet been published and these structures are not yet set up, anticipation of them is already starting to impact how some of the participating companies operate around the world. Yahoo! now says it conducts human rights assessments before entering "challenging new markets."

It's unfortunate eBay didn't get involved with this initiative back in 2006 when Nart first discovered that Tom was filtering Skype chat. Perhaps they might have avoided this eggregious abuse of user trust.

Last week, Wikipedia founder Jimmy Wales had a meeting with Cai Mingzhao, Vice Director of China's State Council Information Office - the government body whose "Internet Management Division" is in charge of censoring online content. They discussed Jimmy's concerns about censorship. No deals or agreements were made, but Jimmy tells me that the meeting has opened a channel of communication and dialogue between the Wikipedia community and the Chinese government.

Many Chinese wikipedians and bloggers first found out about the meeting from the State Council Information Office's own website, which posted the picture above along with a brief text that said only: "On the afternoon of September 25th, the State Council Information Office Vice Director Cai Mingzhao received the founder of the American Wikipedia, Mr. Jimmy Wales. Liu Zhengrong of the Fifth Division and others also accompanied the meeting."  (The Fifth Division is in charge of the Internet. Liu famously told the world in 2006 that Chinese Internet censorship is no different than what goes on in the West and most other countries.)

The official website gave no further information about what was discussed. IT blogger Keso - on his blogspot blog but not on his main China-hosted blog - remarked: "In this kind of meeting, it's unclear what Cai Mingzhao is smiling at Wales about, it must have been interesting."  I saw Jimmy on Saturday at the World Economic Forum meeting in Tianjin. (Jimmy is one of the WEF's Young Global Leaders.) I told him that news of his meeting was on the Internet and that people were starting to wonder what was up. He was surprised, because he said his interlocutors had indicated they didn't want the meeting to be public.

Since 2005 Wikipedia - both Chinese and English - has been blocked in China, but it was unblocked in the run-up to the Olympics, along with a number of other overseas websites. At last year's Wikimania meeting in Taipei, Jimmy was adamant in stating that neither Wikipedia nor his company, Wikia, will ever agree to censor content at the request of Chinese authorities. Google's decision to offer a censored search engine in China, he said last year, was  "a bad business decision for Google...When there is a sufficient amount of change that the Great Firewall is torn down, the Chinese people will appreciate that Wikipedia stood its moral ground."

Jimmy told me last Saturday that the State Council meeting had been a "get to know each other" kind of conversation. He raised concerns about the blockage of Wikipedia, welcomed its unblocking, and expressed the hope that it would remain unblocked.

They did not discuss the fact that the Great Firewall is getting more sophisticated: it doesn't need to block whole websites anymore, anyway. It can just block individual pages or sections as needed. While China is no longer blocking all of Wikipedia, individual pages on the Chinese website continue to be blocked, in my own experience. For example: you can access the Chinese Wikipedia page for "Tiananmen Square" from at least some ISP's in mainland China, but when I tried to access the page for "June 4th Incident" from Beijing on Sunday, I got an error message.

Since my conversation with Jimmy about his meeting was in a casual social context and I didn't get a chance to take notes, I thought it best to e-mail him to re-confirm some things before blogging about it. Here is the full text of our exchange:

MacKinnon: Am I correct in understanding that you didn't reach any specific agreement with Cai Mingzhao or other State Council people?

Wales: That's right.  It was a friendly meeting to get to know each other a bit.

MacKinnon: I understand he said he'd like the state council to be able to communicate with you about concerns they have in the future about content appearing on Wikipedia. Is that correct?

Wales: Yes.  The idea is to open up lines of communication.

MacKinnon: Am I also correct in understanding that you are open to making changes if they point out content that does not comply with NPOV ["neutral point of view"] standards?

Wales: Yes, the same as with such concerns from anyone.  If content is not in keeping with our policies, we appreciate people pointing it out to us.

MacKinnon: I understand that in your conversation with Cai, you welcomed the unblocking of Wikipedia in China and said you hoped it would stay that way, correct?

Wales: I mentioned that there have been problems of access in the past, though things are currently good, and we hope that things will remain good going forward.

MacKinnon: Did you raise any concerns about the fact that, while the English and Chinese sites as a whole are unblocked, individual pages (for instance, pages about Falun Gong or the Tiananmen Crackdown) continue to be blocked?

Wales: Actually, in English, I was able to access those pages and similar ones.  I am unsure about the exact current situation with respect to what pages are being filtered.  Since I wasn't sure of the exact details, and just due to the way the conversation went (more high level than about specific details), I didn't raise this question.

MacKinnon: Did you say that you want those pages to be unblocked? Or are you cool with the fact that a few politically sensitive pages are blocked as long as most of Wikipedia is unblocked?

Wales: We didn't discuss it.  But, I am not cool with any censorship of Wikipedia. However, I do think it is much better for a few politically sensitive pages to be blocked than for everything to be blocked.  And we will never cooperate with any blocking or censorship of neutral encyclopedic content.

MacKinnon: What are the next steps? Did either side designate points of contact for further discussions?

Wales: We will follow up by email with them to designate points of contact, and I am going to try to visit again in a few months time, perhaps to visit with more direct implementors.

If Wikipedia gets the Chinese government to engage in an open and transparent discussion with its community about whether certain content is or isn't adhering to "neutral point of view" standards and whether it should be deleted or changed, that would be unprecedented. As a member of the Wikimedia advisory board, I hope and expect that Wikipedia will not engage in an un-transparent manner with any government.

Will China change Wikipedia or will Wikipedia change China? Or will they both change each other? So far, Western Internet companies working in China, and engaging with Chinese regulators, have inevitably seen themselves changed by the experience. Will a non-profit grassroots citizen media organization be able to maintain a higher moral ground and get Chinese government officials to engage in a public discussion about censorship?  Or will the State Council, by pressuring local Wikipedians who are vulnerable to state subversion and state secrets laws, find ways to bend Wikipedia subtly to its will?

Stay tuned...