Public Spaces, Private Infrastructure – Open Video Conference

I’m speaking at the Open Video Conference in New York City today on a panel with noted Indian legal activist, Lawrence Liang. The panel is titled “Public Spaces, Private Infrastructure”, and we’re going to talk about the challenges that come from hosting the “networked public sphere” on platforms owned by private, for-profit companies. Here’s what I’m planning on putting forward to open the conversation.

Wael Abbas is one of the leading lights of independent media in Egypt. He’s a blogger, journalist and activist whose blog, Al-Waay Al-Masry (“Egyptian Awareness”) logs over a million visits a month. In 2007, he won the Knight International Journalism Award, the first time the International Center for Journalists awarded the prize to a blogger.

Much of the focus on Abbas’s work is on exposing police brutality in Egypt. His weblog features more than 200 videos, which include some extremely graphic footage. One shows 22-year-old microbus driver Emad El-Kebir being sodomized with a stick by a police officer – the video was recorded by another police officer, who intended to send it to El-Kebir’s fellow microbus drivers, further humiliating him. Other videos document women being forced to strip before male officers, another woman being hung upside down to force a confession of murder, and election officials marking ballots to rig an election.

Needless to say, a lot of Egyptians in power would like Abbas to shut up. He’s routinely arrested and beaten by the police, and he’s basically unemployable because anyone who dared to hire him would face intense government scrutiny. But the entity that finally managed to shut him up – at least for a week – was YouTube.

Abbas hosts his blog with Paris-based bloghosting site Blogspirit and maintains a channel on YouTube – the videos embedded on his site are served from YouTube’s servers. In late November 2007, YouTube suspended Wael’s account and deleted his videos, indicating that they’d violated YouTube’s terms of service by featuring gratuitous violence. An international outcry led YouTube to reverse their decision after a week – initially, they restored his account, but not the 180 or so videos he’d hosted there. Later, they restored the videos as well, though asked that Abbas add “sufficient context so that users can understand his important message.”

YouTube and the human rights community both learned some useful lessons from this encounter. The advice to add “sufficient context” has now become a best practice for human rights activists using hosting services – unless there’s an explanation in English (because, alas, the customer service people for YouTube don’t speak much Arabic) for controversial content, there’s a chance that content’s going to get flagged for removal. (In the case of Abbas’s videos, it’s likely that a viewer who didn’t know anything about Egyptian politics complained about the explicit content. In other cases – including some recent Facebook removals of content – it’s quite possible that ideological opponents of the content flagged it for removal, hoping to censor it.) Activists are learning to maintain copies of their videos, and special purpose archives like the WITNESS Video Hub (no longer accepting new material) were launched in the wake of the Abbas situation.

YouTube has learned as well – I recently worked with my friend Sami ben Gharbia to help restore a video he’d uploaded of Tunisian street kids sniffing glue. YouTube removed the video, fearing that it was celebrating substance abuse. When Sami complained, they restored the video and asked him to add more context to the video, which he did. It wasn’t a perfectly smooth procedure, but it was easier than the process Wael Abbas went through, and I saw strong indicators that YouTube understood the importance of hosting human rights video and ensuring it remains available. My colleague Jillian York published an excellent paper reviewing the mechanisms five major content hosting and social networking sites have for addressing Terms of Service violations and seeking restoration of content, and gives YouTube high marks.

Still, this situation makes me uncomfortable. Wael Abbas’s ability to report on police brutality is seriously constrained by the Egyptian government, who can harass and arrest him. (They could also filter his website, or YouTube, though – surprisingly – there’s currently no evidence of internet filtering in Egypt.) But he’s also constrained by YouTube, their terms of service and the interpretation of that terms of service. Hosting your political movement on YouTube is a little like trying to hold a rally in a shopping mall. It looks like a public space, but it’s not – it’s a private space, and your use of it is governed by an agreement that works harder to protect YouTube’s fiscal viability than to protect your rights of free speech. Even if YouTube’s rulers take their function as a free speech platform seriously and work to ensure you’ve got rights to post content, they’re a benevolent despot, not a representative government. (Here I’m borrowing a formulation from Rebecca MacKinnon, who’s working on a book on this topic.)

Of course, we’ve got an alternative. This is the internet – we can always run our own server, right? You would think that one of the responses to Wael’s problems with YouTube would be to establish an independent video hosting site focused on the human rights community. A site like that could use different terms of service from YouTube, focusing on disseminating information on human rights abuses rather than protecting the sensibilities of a wide audience. And there was – WITNESS, a video advocacy organization based in Brooklyn, launched a platform to do precisely that. They abandoned it two years later, deciding to shift towards a Hub that didn’t host its own video, but curated and featured video hosted with services like YouTube.

WITNESS’s reasons for getting out of the hosting business are complicated, but they include the realization that hugely prominent sites like YouTube are where activists are going to look to post their videos, not to much smaller, special purpose sites. And they discovered that hosting lots of video is a tremendous technical challenge. I want to spend a couple moments discussing one of those challenges, a challenge that I believe means we can’t sidestep the challenges of public speech in private spaces by simply running our own servers.

Irrawaddy is the leading Burmese dissident website, providing information that’s unavailable in official Burmese media to audiences around the world, including readers in Burma who use filtering circumvention software to access the site. In September 2008, Irrawaddy was hit with a powerful distributed denial of service attack. Machines around the world flooded the site with malformed packets, generating so much bogus traffic that the attack briefly knocked most of Thailand – where the servers were hosted – offline. Irrawaddy moved to a host with access to much higher bandwidth, who charges premium rates for DDoS-resistant hosting. This week, they were knocked offline again by a DDoS attack – this one was roughly four times the volume of the attack that had crippled them previously, and it arrived on the third anniversary of the Saffron Revolution. As Irrawaddy was coping with this attack, two other major Burmese dissident sites suffered similar DDoS attacks.

Irrawaddy is far better prepared to fend off DDoS attacks than most websites. They’ve got dedicated system administrators who fend off attacks routinely, and they have an ISP whose reputation is built on weathering these storms. And yet, they spent at least two days where the only site available was their backup… hosted as a Blogspot blog. The choice of Blogspot is not an accident – human rights organizations who experience frequent DDoS often use Blogspot as a backup because it’s unlikely that even a very powerful adversary will succeed in DDoS’ing Google. (My friends at Viet Tan decided to skip a step when they launched their new anticensorship site, No Firewall – they simply set it up as a Blogspot blog.)

My colleagues Hal Roberts, John Palfrey and I have been researching DDoS and other attacks on human rights and independent media sites for the past year. We’re gradually coming to the uncomfortable conclusion that it may not be possible for most independent media and human rights organizations to maintain their own sites if they come under repeated attack, either through DDoS or intrusion attacks. Companies like Blogger have dozens of staff dedicated to fighting off DDoS attacks – because they’ve seen dozens of different types of DDoS attacks, they can often fend off an attack in a few minutes. A sysadmin who hasn’t seen an attack might take hours or days to fend one off. Berkman recently had one of our servers come under attack. We’ve got utterly brilliant sysadmins and the might of Harvard’s network connection behind us, and we were down for about twelve hours. Put aside for the moment the cost of serving video from a connection bought at retail prices, or the technical challenges associated with running your own site – DDoS alone may be a reason for many independent media and human rights organizations to seek service from some of the internet hypergiants.

Why not run a dedicated human rights hosting platform? This may be a good idea – I’m still looking for arguments for and against. But at least three good reasons why not spring to mind:
– A dedicated platform is going to get blocked by governments hostile to free speech much more quickly than general platforms like YouTube. I make this case in my talks on the Cute Cat Theory, so I won’t belabor the point here.
– A dedicated platform can mean a successful attack affects multiple sites. If we’re all using the same server farm, a successful DDoS on Irrawaddy doesn’t just affect Burmese media, it takes down Vietnamese, Iranian and Chinese dissidents as well.
– I’m not convinced we can fend off powerful attacks. The folks who were handling DDoS for Irrawaddy are smart, experienced guys. But it’s possible to organize extremely powerful attacks these days with few resources, and there’s a very limited set of sysadmins with the skills and resources to fend attacks off.

So what should Wael Abbas do? He doesn’t have the time, money or experience to keep his website running in the face of sustained attack. He should probably host his blog with a service like Blogspirit and his videos with YouTube… just what he’s doing.

Here’s the tension. I’d love to be able to offer a stern warning that we risk our freedoms of speech by allowing critical debates that should take place in the public sphere be hosted on private platforms. I’d love to urge everyone to to think twice about whether they want YouTube, Vimeo, DailyMotion or Facebook to have veto power over their expression. But realistically, these platforms are better equipped to protect the speech of the people I’m trying to help than many alternatives. And they’re the platforms many activists are going to seek out when they need to express themselves because they’re vastly more visible and well known than human rights-focused alternatives.

I think the challenge we need to undertake is to start engaging with companies like Google, Yahoo, Facebook and others to ensure that they understand the role they’re playing as quasi-public spaces. My colleague danah boyd suggests that we might regulate platforms that end up serving the function of key social infrastructure in the same way we regulate utilities. Rebecca MacKinnon is working on a book tentatively titled “Consent of the Networked” that suggests that these companies need to move from being benevolent despots to a state that respects their users who consent to being governed by terms of service. I think those are interesting ideas that probably require book-length durations of thought to think through.

In practical terms, I think that people who care about online speech need to demand that the services they use permit and protect users rights of free expression. This means ensuring that there are transparent appeals processes for content removal, human-readable terms of service agreements, and people within the corporations whose job it is to advocate for human rights and independent media users of tools. (This isn’t as far out as it sounds – Yahoo’s Ebele Okobi-Harris, director of the business and human rights program, serves this role in her company.) We should switch from companies that don’t take these issues seriously when possible, and force companies to compete on their free speech policies, not just their service offerings. We should cover our asses as well, archiving key content in case the sites we’re using kick it off – AccessNow is doing an excellent job of archiving video associated with the Iranian Green Movement.

In the long term, I think there are technical solutions that might let the pendulum swing back towards hosting sensitive content somewhere other than on the servers of the supergiants. Peer to peer distributed webhosting is a technology that’s still in the labs, but it could conceivably address the concerns I have about DDoS and hacking as well as concerns about Terms of Service enforcement. But I don’t think we can wait for these solutions and avoid addressing these question for much longer. I think much of the key public speech of the next decade is moving inexorably onto privately owned platforms, and that we need to start working to protect our ability to have a public dialog in private spaces.