🌐 Fireside chat with Global Network Initiative

Welcome back to Cloudflare TV. I'm Patrick Day from the public policy team in Washington, DC. We are in the middle of impact week. This is day four with all things promoting human rights. So a perfect time to have our good friend and colleague, Jason Pielemeier, executive director of the Global Network Initiative, to join us. Hey, Jason, how are you? I'm well, thanks. Thanks for having me. Happy you're back. Thank you. You're back from London. Are you back in D.C. or where are you? Where are you? Yeah, I'm in D.C. I'm at home escaping this cold, rainy day. It's a lovely London day here in D.C.. That's right? So as I mentioned today, we're talking to all things human rights. Cloudflare is very pleased to be now a full term member of the Global Network Initiative. And we talk about it often sort of internally. But for folks who are tuning in or for folks at Cloudflare who are watching, if you as executive director, if you could do just sort of the 30,000 foot, what is GNI, how did it get started? Sort of what's the core mission? Yeah, absolutely. Well, thanks again for for having me. And we are over the moon that Cloudflare is a part of GNI, I'm very excited to continue building on our already really strong relationship. So GNI is a really interesting organization. I'll try and keep this quite brief, but yeah. Don't, don't let yourself. I could go on forever. So I was started, it's 14 years old as an organization and really was birthed out of some of the original questions and concerns that arose as Internet companies began to expand their operations globally around the world in the mid 19, the mid 2000s providing products and services like email and search in different languages, targeting users in different countries around the world. And not surprisingly, in retrospect, the response to that was governments around the world to reach out to those companies and seek user data or to censor content that was being featured. And the companies at that time didn't have a very clear roadmap or how to deal with the disparate legal frameworks and different approaches to privacy and freedom of expression. And that was evident in some of the controversies that ensued around particular cases of government demands that the companies were facing, some of which they ultimately provided information or acquiesced to in response. And and that provoked a backlash among folks, users and those representing user interests, as well as legislators and democratic countries. So there were a series of conversations and that kind of early to mid 2000 period that that percolated up in a really kind of organic fashion among companies, among investors, among academics that ultimately coalesced into a multi stakeholder dialog that produced the principles on freedom of expression and privacy, which were intended to serve as a global framework based on international human rights standards that could help guide company decision making in the face of government demands, pressures, restrictions. And so GNI, the institution was established as the sort of governance mechanism for the principles, and there were really kind of two objectives. One was to have a way to accompany companies as they were implementing these principles. So it's notable that at that time all the stakeholders felt that it wasn't enough to just declare a set of principles and then hope that they would be implemented in practice. They really felt the need to develop a system that would allow for ongoing dialog, including about confidential information with the companies, would share through about how they were implementing these processes and systems and practice and sort of how that was going, what they were learning about facilitate sort of good practice exchange. And that has sort of evolved into our current assessment process for company members. Then the other objective was to work collectively across these different stakeholder communities to help influence governance so that ideally we could promote laws that would facilitate the respect for freedom of expression and privacy around the world and push back against those government initiatives that that went in the other direction. So for 14 years now, we've been doing both of those things. We also provide a shared space for learning, which is a little bit more kind of time sense. Active and flexible from that assessment process that I that I alluded to earlier, which is a kind of retrospective exercise that we do every few years. And then increasingly we engage with other stakeholders, whether that's multilateral bodies or other NGOs, foundations, to make sure that as the conversations about the digital economy and human rights proliferate and expand, that everyone knows that there is a set of principles out there that have been road tested now for 14 years and a set of lived experiences and shared experiences about how you build trust and how you foster collaboration across different stakeholders and different perspectives. So we do a lot of kind of outreach and engagement with UN entities and regional bodies as they begin to think about different initiatives, about whether it's around AI or 5G or specific technologies that are emerging. This is just a personal privilege because we just spoke with Lene Wendland at B-Tech. right before this segment, and this may precede your time again, I think you're probably still in government, but I am leading on that. You have a lot of experience in this field generally. Was I sort of involved? You mentioned sort of the early 2000s. Were they involved in sort of the UN guiding principles drafting or how did the GNI principles develop and coincide with you? Now they're synchronous now, but I'm curious sort of how that developed. Yeah, that's a great question and Lene is great. I'm glad you had her on for a long time. Really great. Yeah. And the work that she and the B-Tech team there are doing is great and we're continuing to partner with them on that. Yeah. So the answer is yes. There was a very conscious sort of cross pollination. So the principles development process was happening at the same time that John Ruggie as the UN, I think at that time Special Rapporteur was developing the Protect Respect Remedy framework, which became the UN Guiding Principles on Business and Human rights. One of his advisors was actually embedded in the GNI sort of negotiations and conversations. So there was a sense that as we were thinking about what responsible tech company conduct looked like and how human rights principles should inform that, that needed to be consistent with this broader conversation around corporate responsibility and respect for human rights. And I think in general that, as you noted, is sort of the two have emerged quite synchronous. We did go through an exercise, and this was right before I started a journey of kind of looking back and making a few tweaks to just make sure that the principles and our more detailed implementation guidelines were 100% consistent with the UNDP's and kind of emerging understanding and good practice there. So that's something that we are continuously thinking about, is how do we as a multistakeholder initiative focused on the tech sector and how do we make sure that we are feeding back into the broader conversation around corporate respect for human rights? And how do we share our learnings with other sectors and other stakeholders and vice versa? What can we learn from them? I think there's a recognition, and this really is reflected in that the founding of the tech project by UN Human Rights, that while there are some lessons that can be drawn from human rights, due diligence, for instance, around supply chain management and labor issues to the tech sector, there are a lot of tech specific scenarios and concerns that really are distinct in some pretty material ways from the way you might approach similar questions, whether it's about privacy or free expression in the context of an extractive operation or manufacturing. So it's been really great to see that recognition and the sort of maturing of those conversations. And B-Tech, the Danish Institute for Human Rights, BSR, Business for Social Responsibility, we're actually all now part of an action coalition on Responsible Tech, where we're trying to sort of synchronize and make sure that we're all singing from the same song sheet and coordinating on our work to develop further guidance for the tech sector. That's really helpful. It occurred to be sort of as you were giving your first answer, that having come into GNI, when Cloudflare did sort of as an observer member two years ago reading so. Learning quite a bit about the UN guiding principles and also the principles. At the same time. I was sort of seeing the synchronized version that sort of tailored very nicely together and looked like they had always been that way. So it was interesting to hear about in the context of these two conversations how those were sort of developing in coordination but have merged more closely over time. So that's just interesting to me. One of the things I really like that you said was sort of and this is something I just talked with Lene about, too, is it applied something like the UN guiding principles to the tech sector? There are sort of those material distinctions that separate sort of as an industry. I think most of the folks watching today sort of live and breathe tech issues on a daily basis and would probably be interested from your seat as a macro human rights analysis what some of those distinct. I didn't prep you for this so I apologize for putting. You on sort. Of maybe more too much of an academic point. But one of the things that stood out to you that are unique to the tech sector that deals with on a regular basis, that are perhaps more present for us in terms of human rights, that, say, manufacturing or extraction or some of those other multinational companies, what they might deal with. Yeah, absolutely. So there's there's quite a few. And I first want to kind of acknowledge that the tech sector with this sort of digital economy is itself, of course, quite diverse. And so the kinds of issues that a company like Cloudflare might run up against are going to be different than a telecommunications company or an equipment vendor or over the top services provider. So but I think at a higher level of abstraction, there are a few sort of common elements that distinguish how we might think about it and approach business and human rights in the tech space from the analog environments that really were the kind of early use cases that a lot of people were thinking about, right? So extraction of minerals and oil and. Gas or. Apparel and footwear manufacturing and things like that. One, of course, is just the fact that the stakeholder. Community or universe for any given tech product or service is almost by definition huge and geographically dispersed. And so when you think about the important elements of stakeholder engagement and stakeholder sort of community management, it's very different to think about what that means in the context of a company like Cloudflare than it is for the operator of a particular mine in a specific region of a particular country. Right? So that sort of and that scale issue, I think also then kind of reverberates through the broader human rights due diligence process because you have to think about the different ways in which any particular product or service or scenario that might emerge could have different impacts at the same time in different environments. Whereas again, if you're thinking about your manufacturing supply chain as a company like Adidas, you can pinpoint, well, specific places where you may be producing goods and services or services and think specifically about those. Whereas as far as you know, right, your your services are, are global kind of by default. And so it presents some real challenges. And that's where issues like salience really I think are critical. Right. For the tech industry to be able to sort of say, yes, everybody is using our products or services, but there may be particular geographies or particular users who are more vulnerable to these particular use cases or scenarios. So that's another one. I think the there's also in the sort of digital realm and especially for us as Gini, because our focus is really on this interaction between governments and companies. Companies are just distinctly positioned vis a vis governments when it comes to global networked products and services. Then they are in the context of a mining operation or a supply chain because they don't always have physical presence. Right now, this is where some of these extensions within the tech sector are important, right? Telecommunications companies operate typically through a licensing regime, oftentimes, but not always. Depending on the products and services they provide, they will have to have physical infrastructure and employee in-country, which then gives the government leverage points over those companies. So that's more similar perhaps to the scenario that you might imagine for manufacturing company. But for a company like Cloudflare or for a company like Mita or a company like Zoom, you're not always present in the jurisdiction. And sometimes that can that can be problematic or challenging from a company perspective, but other times that can be helpful in the sense that the government can't knock physically on someone's door. And we've seen these kinds of scenarios, unfortunately, play out more and more where they use the presence of local staff as a leverage point to get what they want from that company. So that's another sort of important distinction. And I can go on and on. I think there's a lot of interesting distinctions to be drawn, but I think those two really help illustrate some of the ways in which the sort of tech space is fundamentally different. Yeah, that was perfect. But I think when we talk about we started human rights training Cloudflare, our employees are familiar with sort of our commitments and our policies, but I think it's helpful to hear from someone with your expertise about sort of validation that some of the complexity that they deal with and applying sort of concepts, international human rights concepts can be more difficult than, say, conventional industry and you mentioned extraction, oil and gas, etc. in the nineties with these first conversations were happening how those envisioning regime, as I mentioned, sort of the complexity of applying to a company like Cloudflare, which is real. And so I think it's helpful to hear from you that, that's well understood. And I also see it too it's interesting reading some of the materials, whether it's from some of the special rapporteurs or B-Tech from the, I should say, even preceding like sustainability standards like GRI that have human rights elements to them. When you read those, you see the subtextual element that they're thinking about multinational companies. And that idea is a sort of mining in oil and gas exactly as you stated. And then you sort of move forward to some of the early dialog and maybe the 20 tens with the special rapporteurs. And it's all about content, moderation and sort of companies, Internet tech companies, but those who sort of interact with users or host content or deal with content issues and then sort of I think what has been really helpful for us and I think part of the conversation we enjoy playing GNI or B-Tech and other places is sort of representing. Sort of that diversity in the tech sector. You talked about that throughout the network stack where Cloudflare operates. Manifestation of those issues is somewhat different. Whether it's content moderation, which we don't typically as well. We don't typically serve as a host to the content. So the way that we evaluate those issues and the human rights issues for us are materially different than, say, a platform who deals with those issues on a regular basis. So it's been really cool and interesting to see that evolution over time, not just sort of understanding the issues the tech sector itself faces, but as you rightly pointed out, the diversity even within those sets of issues and then their sort of global reach and how they play. So that's probably way in the weeds and I will acknowledge partly on my own interest, is why I steer the conversation that way. So thank you for indulging that. But so stepping back a bit for our employees or folks who may be watching other tech companies who may not be part of G&A, if you were sort of back to the very 30,000 foot level, if you were sort of talking to a new company that was vaguely familiar with the work that you and I did but didn't sort of understand the day to day back and forth between a member company and the organization, sort of what are what are the state of mind of? The most helpful thing for me are policy calls that we do on a regular basis and we have the company assessment that we're prepared for. But sort of what's the standard interaction between sort of a company and G&A and what's that back and forth like? Yeah, Yeah, it's a good question and I'll come to it a second, but I did want to just pick up on your last point to say that I think it's been extremely valuable, the role that Cloudflare has chosen to play and it's very much a choice. And you can see that there are other similarly situated companies who prefer not to be quite as engaged and quite as vocal about the questions that arise when providing the kinds of products and services that you do. But it's been really, really useful, I think, to the broader community of people working around tech and human rights to have Cloudflare engaged in these conversations all the way from Matthew Prince through Doug Reamer and Alissa Yu, to kind of raise these flags and say, Hey, but wait, these issues are sometimes coming up, privacy, trade suppression issues where we sit and it's different. It's different in these ways for these reasons. And so some of the same answers may apply, but in some cases we need to think about these questions in a different way. And I think that is that's just really appreciated. I wanted to kind of take the chance to note that on your question about sort of the day to day experience for companies that are part of. When I talk to companies that are thinking about joining G and I often sort of frame it as a it's a choose your own adventure in a sense, because there are so many different opportunities that we try and curate for engagement and interaction with companies. And so that ranges from the sort of standard monthly policy committee calls that you mentioned. So we bring together usually 50 to 70 members every month from around the world to sort of sit in a space with a shared agenda, but also the opportunity to kind of raise new questions and concerns, talking about what's happening in the world from a policy perspective, where can guys or most usefully leverage its unique voice in terms of sort of helping to advocate for human rights? So that's really useful. I think it's a kind of intel exercise for a lot of companies to be able to hear from a civil society organization in Colombia and academic and South Korea and different people from around the world who are following these missions who they know share a sort of similar take on what's happening and what can and should happen. We then and we do. That's kind of similarly, we do our learning calls and those can be on a wide range of topics. And one thing that we've offered and done for Cloudflare and for many other companies is to say, look, if you've got a particular situation or a particular question that you're grappling with as you're developing your own internal systems and policies or as your products and services are evolving, use us to help curate a conversation that would be useful to you. And we have this confidential umbrella under which we can facilitate those kinds of engagements, and it could be a conversation that's open to the entire membership to kind of let anybody wants to participate, engage, or we can make that a smaller conversation with particular regional experts or particular people who have subject matter perspective to provide on whatever the question or issue is. So that's something I think companies have found quite useful is to be able to kind of work through us to because we have now close to 90 members from really every region of the world. So it's not everybody in the world that might be relevant for a particular topic, but a pretty good cross-section. And then on a more kind of company, systematic level, you reference the assessment process. And so there. What we offer and what I hope is useful to companies is a sort of benchmark. We have this tool kit that we developed. It's publicly available on our website that translates the principles and those more detailed implementation guidelines into what you would look for if you were an independent third party sort of checking against these human rights due diligence and human rights specific policies and systems and frameworks. And so we offer companies the opportunity to not only develop their own internal systems and policies, we try and strike that balance between acknowledging that there is no single sort of formula that will just apply universally across companies. There needs to be, for the reasons we've already talked about, lots of flexibility and application. But where we are, we are sort of helping you make sure that you aren't missing anything, that you've kind of got all the bases covered and then providing this opportunity through the assessment exercise to really hear from a diverse group of experts who have been looking at peer companies, systems and policies over time as well, and that are informed by that expertise and can then say, hey, you know, I've noticed we really think you've done something great here with this approach to training. It's really innovative compared to what we've seen. We'd like to highlight that and share that with other company members so that they may learn from that. Maybe here on this other issue of kind of how you've structured your escalation procedure for sensitive demands from governments, we think you might benefit from some of the learning that we can take away from companies who have been doing this in this particular region for longer. So that kind of sort of specific feedback from experts who bring different perspective and who are committed to the same journey in terms of enhancing protection for human rights, but that they can sort of provide that feedback in a constructive way through a framework that is confidential in nature. So those are the kind of primary ways that I think companies benefit from participating in GNI. And I think at the end of the day, there is also this ability to sort of speak through GNI, which for some companies in particular is very useful when they are in a position either because they're under tremendous pressure from the host government or they have a licensing framework that makes it very difficult for them to speak out about particular things that might be gag orders involved. They can share information about what they're experiencing and their concerns confidentially through GNI. And then we can speak as the Global Network initiative about these issues, sometimes directly, sometimes a little bit obliquely, obviously always in close coordination with them so that we're not putting them in an uncomfortable position. But there are a number of occasions where we've been able to sort of articulate positions that I think our companies would feel difficult to articulate, stand alone as an individual company. But we can speak for this broader multi-stakeholder community. Yeah, I think that's a phenomenal job of describing exactly why Cloudflare and I'm sure many other companies find GNI so helpful. And you hit on, I think absolutely every one of them. The first one of the one that stood out you mentioned was sort of in the self assessment process, sort of that second pair of eyes, but a diverse group of experts across academia, civil society, other member companies who have experience in these areas. It's as we talked about with the previous segment and guiding principles and the principles for that matter, are not that old of a discipline, right? Maybe a couple of decades, in addition to sort of the evolution of the tech industry over the same period and then lay that across, as you described earlier, so many different jurisdictions and contexts, etc., particularly based on whatever type of service is at issue for a relevant company. So having that feedback in all these sort of developing young, developing areas is incredibly helpful for practitioners and I think helpful for us to take back to the rest of our team and explain this is why we think this is important. This is why we think implementing this is important. The other one that you mentioned is which I personally find incredibly helpful, and I alluded to this and highlighting the policy calls is you're exactly right. The reach of membership is so large by the time we are sort of in a policy team Cloudflare, where 10 to 20 people spread around the world and in every jurisdiction that covers theoretically a lot of our job is prioritizing those issues we think we can respond to. And by the time we are sort of becoming aware of a tangential issue in Brazil or South Korea or Germany, etc.. Two days later, we're sort of participating in this call that Jenny has put together with relevant attorneys and experts in those countries who've been involved in that legislative debate for a period of time, who have sort of not just an explanation of what the issue is, what's sort of an intuitive understanding of the context and the culture, and so that we would never be able to replicate that at a company of our size. And I think most companies would struggle to replicate that kind of insight. So those are incredibly valuable, not just to sort of the human rights team, but we funnel those out to the rest of our public policy team. Folks located in Brussels in a pack. We're covering an incredibly diverse area. We may not be have the same focus on the human rights dimension or lens of a particular technology proposal. It's already sort of pretty big for us from a really thoughtful and effective way. So that often incredibly helpful. And then the last one you mentioned, too, I, I normally don't just repeat what the person just said, but I think it's really important to sort of drive home For folks to clap for watching is the ability to respond. Say there's a new regulation in country X in a pack that we think is not sort of does it advance human rights online. But Cloudflare alone not a large presence in that country? Not likely not. Doesn't have the resources or tools to influence the influence of policy outcome in that jurisdiction. Speaking through G nine, which is now after two decades, sort of a very well understood global brand with human rights expertise. And I. I'll say this for you. Incredibly well respected in all of these conversations. Having that sort of entity speak out, even apart from the member companies who may feedback may be viewed in a different light because we're private sector entities. But coming from I, which is rooted in sort of human rights expertise and has been since the very beginning of this conversation, it's a fundamentally different proposition, I think, in sort of being a participant, even indirectly in these policy conversations which give the resources of our team. We wouldn't be able to influence anyway. So for all of those reasons, the sort of the global reach, the rapid sort of communication, the feedback, the feedback that we get sort of internal policies I think are some of the reasons we are so excited to participate in July and why we're so. We only have 30 seconds left, so that was maybe a long drawn out. That's music to my ears. I'm hoping we can that this recording will be publicly available so we can share it with other potential members as we seek to recruit them. No, but I think it's great. And I just want to close by saying I think we really going back to what I said earlier, we really appreciate the opportunity to not only do that in terms of real day issues that are happening all over the world, and there are more and more of them every day and more and more places, but also to sort of co-create based on this experience that we've had and the trust that we're able to build to co-create sort of understandings of how these same principles should help guide application of both regulation and company internal policy to new scenarios and new products and new services. And I think that's really the next frontier. Not just because it's new, but I think that's really where we as Jenny, are looking to be able to expand our capability and our and our engagement and really appreciate Cloudflare Support with that. basically?