Statement to the Public Hearing on New Information Technologies and Human Rights

Nokia Siemens Networks - June 2, 2010

Statement from Barry French
Executive Board Member and Head of Marketing and Corporate Affairs
Nokia Siemens Networks
European Parliament, Subcommittee on Human Rights
"Hearing on new information technologies and human rights¨
Wednesday, 2 June 2010,
15h30 - 17h30 European Parliament
Brussels Room ASP A3G-2.

Introduction

Thank you for inviting me here today. My name is Barry French, and I am a member of the Executive Board at Nokia Siemens Networks, responsible for corporate affairs.

I was asked to talk today about the experience of Nokia Siemens Networks related to Iran and the reported use of telecommunications technology in that country to suppress human rights.

I will do that, but will also try to make some broader points about the
underlying issues and lessons related to our experience. I would also note that that we have provided a longer statement to be included in the written record, as these are complex issues difficult to fully address in short remarks.

Iran Background

First, let me start with our experience related to Iran.

In 2009, media reports drew attention to the delivery of “surveillance technology” by Nokia Siemens Networks to Iran. The facts are that we delivered mobile networks for MCI and Irancell, the two leading mobile network operators in Iran, over the course of several years.

Our deliveries contributed roughly one third of the deployed capacity of those operators, with other vendors providing the remaining two thirds. We provided GSM voice network technology to MCI, and GSM voice and GPRS mobile data network technology to Irancell. As part of these networks we provided a Lawful Interception capability to both operators, as well as a related monitoring center to MCI.

LI and Monitoring Centers

Let me provide some background on each of these systems.

Lawful Interception – or LI – is the name given to an internationally agreed approach for law enforcement authorities to intercept communications running over networks within their jurisdiction. It is a principle noted in the constitution of the International Telecommunications Union; addressed in several resolutions of the Council of the European Union; and firmly embedded in transparent technical standards, including those set out by the European Telecommunications Standards Institute (ETSI) and the 3GPP (3rd Generation Partnership Project).

Today, governments in almost all nations require operators to deploy Lawful Interception as a condition of their license to operate. As a result, LI is present in almost every telecommunications network in the world, including those that are being used by probably everyone in this room today. And, for good reason: to support law enforcement in combating things like child pornography, drug trafficking and terrorism.

Lawful Interception capability is passive in the sense that it needs to receive instructions on what to intercept and where to send intercepted information. A system typically known as a monitoring center is the active tool that provides those instructions and then receives, records and orders the intercepted communications. For all practical purposes, for the lawful interception capability in a network to be useful, it must have some form of monitoring center.

Nokia Siemens Networks Perspective

Despite the fact that both the passive and active components of LI are needed to implement a right expressly acknowledged by the International Telecommunications Union – the right of member states of the United Nations, including Iran, to intercept communication in enforcement of their national laws—our company views those two components very differently. These different perspectives are based on our core competency and focus as a company; on the existence of well-defined and understood standards; and on our view of the potential risk to human rights related to each.

Our core competency is working with telecommunication operators, and providing network-focused products and services. The passive element of Lawful Interception is closely linked to the network; is a legal requirement for our customers to deploy; and is based on clear standards and a transparent foundation in law and practice.

This standards-based approach provides some safeguards over bespoke mechanisms, such as the ability to only intercept communications from pre-determined targets. LI follows a strict sequence that first requires identification of a subject, presumably based on appropriate legal procedures, and then restricts the interception of communication only to these individuals, but not from others.

Monitoring centers are, in our view, more problematic and have a risk of raising issues related to human rights that we are not adequately suited to address. Our core competency is not working with law enforcement agencies, who are not our typical customers. Those agencies could have an interest in expanding the capability of monitoring centers beyond the standards-based approach of Lawful Interception.

Such expansion could include more intrusive practices such as broad network scanning to detect new subjects based on the content of their communications, or filtering of content to block open debate and discussion. While tools to do just that are readily available from multiple sources, we have not and will not provide technology intended for such purposes.

As a result, soon after our formation as a company, we made a decision to exit from the monitoring center business, and closed a transaction to divest our remaining assets in March 2009, well before the disputed election in June. The monitoring center was provided to Iran in 2008 while the divestiture process was underway. While we do not intend to enter this business again, we will continue to provide standard Lawful Interception capability within the networks we build.

While we halted all work related to monitoring centers in Iran in 2009, including service and support, we believe that we should have understood the issues in Iran better in advance and addressed them more proactively. There have been credible reports from Iran that telecommunications monitoring has been used as a tool to suppress dissent and freedom of speech. We deplore such use of a technology that can bring so many positive benefits to society – and that, in fact, we believe has brought so many positive benefits to Iran.

While we cannot reinvent history, we can ensure we do better in the future. To help do this, we are in the process of assessing our policies and processes, as well as engaging with important stakeholders such as the people in this room today for input and feedback. Our target is to have our core policies in this area reviewed and approved by our full Executive Board by the end of July.

While it is premature to share those policies in any depth today, they will be shaped by some fundamental beliefs, including:
 

  1. A belief in the principles and values of The Universal Declaration of Human Rights, including freedom of speech and assembly. These are embedded in our Code of Conduct and in our thinking as a company.
  2. A belief that communication networks support human rights through enabling free expression, access to information, exchange of ideas and economic development.
  3. A belief that Nokia Siemens Networks has a responsibility to help ensure that the communications technologies we provide are used to support, and not infringe, human rights.
  4. A belief that the misuse of communication technologies to infringe human rights is wrong and, ultimately, that those who do so must be accountable for their actions.
  5. A belief that given the pace of technical innovation and widespread availability of communication technology, addressing the issues being raised in this forum requires a political and industry consensus, and not just a technical solution.

Inherent Tensions

As we work to go from these beliefs to specific policies, it is clear that there are inherent tensions related to the issues being addressed here that will not be easy to resolve.

Consider the fact that the systems that we provided to Iran were designed to implement a right that the ITU has explicitly said is held by member states, and are required by law in the vast majority of those member states. Yet, when we help to meet those requirements, we are subject to considerable criticism, including in the European Parliament resolution on Iran of 10 February 2010.

Of course, there are other underlying conflicts as well, several of which I believe are appropriate to raise here.

The first is the conflict between appropriate and inappropriate content filtering. Content filtering is not directly related to lawful interception, but is an area of our business where we believe there is some risk of abuse.

While it is easy to say that there should be no filtering of any kind, we do not believe that would be a wise policy. The fact is that filtering technology is deployed in many, many countries, by many, many operators, for very legitimate purposes, such as the removal of spam text messages and pornography of various kinds, and the identification of software viruses and malware.

On the other hand, there is filtering that we believe is inappropriate and
would be inconsistent with widely accepted human rights. While this is not something that has ever been requested from us as a company, and not a capability we would agree to provide, it is not inconceivable that filtering could be used for purposes such as blocking messages designed to coordinate the assembly of people in order to engage in legitimate political discourse.

The second conflict is between local law and human rights such as those defined by the Universal Declaration of Human Rights, including freedom of speech and assembly. Again, it is certainly not inconceivable that local law could be inconsistent with those rights, and it is not always easy to bridge this gap. We believe that there is a broad consensus that telecommunications technology and the sharing of ideas and information that it enables, is a tool for social good. Thus, we do not believe that an “absolutist” policy entailing steps such as a full market exit in the face of evidence of human rights infringements would be a wise approach.

Our belief is that each circumstance needs to be looked at in a way that on balance provides the best outcome for human rights. That requires a nuanced view of each situation; an ability to assess what technology is best sold to what customers in what countries; and the flexibility to find creative ways to mitigate the risk of harm. Our draft policies, and indeed the processes we have in place already, seek to avoid black and white declarations, focus on intent, and give room for management review, debate and discussion.

There is an additional conflict rooted in the fact that the human rights environment that exists in any particular country can change dramatically during the lifespan of the networks we provide. We are always at risk of finding that we have deployed technology that seemed appropriate for use by one government only to find it misused by the next.

Conclusion

I hope I have been able to provide a greater understanding of the role we played in Iran, as well as some sense of the complexity of the issues at stake here. Ultimately, we believe that we have a responsibility to assess what technology is sold where and, on balance, make decisions that are in the best interests of human rights.

At the same time, we believe that there should be no doubt where ultimate accountability rests. We provide technology that is intended to be used in ways that support human rights. When that technology is misused, the accountability must sit with those who misuse it.

We also need your help to address some of the underlying conflicts that give rise to a situation where we are criticized for providing technology that is designed to meet requirements specified by organizations such as the European Union.

I am optimistic that we can work together in good faith to make real progress on these difficult issues.

Thank you very much.