At what point does a company that intentionally builds tools that are specially designed for governmental human rights abuses become liable for the use of those tools for their intended (and known) purposes?
Chinese citizens who suffered forced detention, torture, and a panoply of brutal human rights abuses at the hands of the Chinese government have been engaged in a high profile court case against Silicon Valley mainstay Cisco Systems for many years. Those Chinese citizens suffered yet another indignity in a California court a couple of weeks ago: a district judge dismissed the case against Cisco without even giving them the chance to gather evidence on the key point where the court found them wanting. The court noted that even though Cisco may have designed and developed the Golden Shield system for the purpose of tracking, identifying and facilitating the capture of Chinese religious minorities, Cisco would not be held liable because it didn’t do enough in the U.S. to facilitate human rights abuses. EFF attempted to file an amicus brief in the case after oral argument, but it was rejected.
The case seems high tech—it’s about Cisco’s Golden Shield, a set of sophisticated technologies that include specific purpose-built parts for persecution of the Falun Gong. But it’s actually fairly simple: at what point does a company that intentionally builds tools that are specially designed for governmental human rights abuses become liable for the use of those tools for their intended (and known) purposes?
No tech company should be held accountable when governments misuse general use products to engage in human rights abuses. This isn’t about bare routers or server logs. The case alleged and presented some strong early evidence that Cisco did far more – including:
– A library of carefully analyzed patterns of Falun Gong Internet activity (or “signatures”) that enable the Chinese government to uniquely identify Falun Gong Internet users;
– Highly advanced video and image analyzers that Cisco marketed as the “only product capable of recognizing over 90% of Falun Gong pictorial information;”
– Several log/alert systems that provide the Chinese government with real time monitoring and notification based on Falun Gong Internet traffic patterns;
– Applications for storing data profiles on individual Falun Gong practitioners for use during interrogation and “forced conversion” (i.e., torture);
It also included a presentation by Cisco to the Chinese authorities highlighting the special tools Cisco offered for persecuting what it called “Falun Gong evil religion.” Using such terms about any ethnic or religious group in an internal presentation regarding a government project should be a red flag for anyone concerned about human rights.
The court acknowledged these allegations, noting that the complaint alleges “individual features customized and designed specifically to find, track and suppress Falun Gong,” and that the tools were actually used for those purposes: “Golden Shield provided the means by which all the Plaintiffs were tracked, detained and tortured.” The complaint also alleged that much of Cisco’s work building the specific tools to target this religious minority was conducted from its San Jose offices.
In an ordinary lawsuit, those allegations, which are credible and in some places confirmed, would be enough to let a party get into the evidence phase of a case, passing a motion to dismiss. Think about federal criminal law, where all that is needed for a criminal conspiracy is an agreement to commit a crime and an overt act. Similarly, in patent and copyright law, the standard of “inducement” liability allows responsibility for someone else’s actions when someone “distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement.” And there is no question that some Cisco’s “overt acts” and “affirmative expressions” to foster human rights abuses—like designing and developing Falun Gong identification and tracking modules—took place in San Jose.
In fact, the US government felt that there was a sufficient nexus to the U.S. to launch an indictment of Megaupload in Virginia based on far fewer connections to possibly illegal acts by its customers in the U.S. than Cisco had with its Chinese governmental customers. Good thing for Cisco that the Chinese government is just arresting, torturing and forcibly converting Falun Gong rather than committing copyright infringement.
So why is the standard so much higher for engaging in torture or forced conversion than it would be for bank robbing or patent or copyright infringement? The answer is that it shouldn’t be. The key law relied upon in the case, the Alien Tort Statute, requires, after a 2013 Supreme Court decision called Kiobel v Royal Dutch Petroleum, that plaintiffs show that the matter “touch and concern” the United States in order for the case to proceed here. The phrase that is not defined and courts have not yet developed a unified approach to it, but the District Court here apparently decided that since the actual human rights violations—the torture, forced conversions and arbitrary arrest—occurred in China, there wasn’t a sufficient nexus even though there were strong allegations that the specific technologies developed to target the Falun Gong for those abuses was intentionally and knowingly developed here.
We are deeply disappointed in the ruling and think the court got it wrong, as did an earlier court in Maryland. As our world becomes more networked, technology has the capacity to connect people worldwide to unlimited information and other people. But technological advances have also been abused by authoritarian regimes to repress people and to facilitate crimes against humanity. The Golden Shield in China has been a tool for social repression, censorship, surveillance like no other one earth, and China relied on it to hunt down, detain, imprison and “disappear” untold numbers of people.
As a great exporter of advanced technology, American companies like Cisco can’t plead ignorance about the ways in which our technology is used when they specifically and knowingly build the tools for those uses. And when a company like Cisco customizes and crafts technology for an authoritarian regime, it has a responsibility to consider the very human consequences of its actions. That’s why EFF has created guiding principles for technology companies to help them avoid assisting repressive governments. While the District Court here fell short in holding companies accountable (it also failed to take into account a decision of the Ninth Circuit just days before that lowered the standard for holding companies like Cisco liable), we still have an opportunity to teach US companies to act in ways that respect and uphold human rights, both in the courts and elsewhere. Cisco may have blood on its servers, but other Silicon Valley companies can choose a different path.