Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Google, Microsoft, Yahoo & Others Nearing Completion of Online Human Rights Code

Document is designed to set IT standards for users' rights to privacy, freedom of speech

The group of companies that promised to write an online code of human rights for Internet users in 2006 is close to completing the document.

In a letter to two U.S. senators about the human rights code, Yahoo's top legal executive said earlier this month that the group is "working as swiftly as possible" on the code and gave a rough idea on how it will be implemented.

Back in January 2007, Google, Microsoft, and Yahoo led a group of IT companies that promised to "produce a set of principles guiding company behavior when faced with laws, regulations and policies that interfere with the achievement of human rights." The idea was to create a code of conduct that would help companies do the right things in protecting user privacy and provide a method to resist censorship and jailing of bloggers and political dissidents by governments.

If the code is accepted and widely adopted, it could change some enterprises' privacy policies and make it more difficult for corporations or governments to duck through loopholes in rapidly changing and frequently outdated laws, observers say.

In his letter of Aug. 1, Samway gave an outline of the code's basic principles.

"[These will] provide direction and guidance to the [IT] industry and its stakeholders in protecting and advancing the enjoyment of freedom of expression and privacy globally," he said. "The Principles describe key commitments in the following areas: Freedom of Expression; Privacy; Responsible Company Decision Making; Multi-Stakeholder Collaboration; Governance, Accountability & Transparency."

The group will not only define the principles, but also a method of verifying compliance, as well the means for holding companies accountable "through a system of independent assessment" if they don't comply, Samway said.

The code appears to focus most heavily on the practice of censoring Internet content, as well as on recent instances of legal or criminal action being taken against bloggers who speak out against their government. However, the more thorny question has to do with the rights of government or corporations to monitor users' online behavior, which is a common practice by both groups today. Samway's letter gave no indication on how the group will codify such practices.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...