Insight

Respecting human rights, when the products your company sells can be misused: illustrative examples

Anna Triponel

November 11, 2021

Anna Triponel | September 2021

With thanks to Nora Mardirossian for valuable support and input.

Consider the following examples:

  • GE sells portable ultrasound machines in India. The machines have significant positive use in healthcare, including in obstetrics and disease detection, and they also enable access to healthcare in rural areas. At the same time, these portable ultrasound machines have supported an increase in female feticide in India. What is GE to do?
  • Nokia Siemens Networks delivers a monitoring centre (a tool used to activate lawful interception and to analyse intercepted data) to the Mobile Communication Company of Iran. This monitoring center is misused by the Iranian government following an election to illegitimately monitor communications of political dissidents, leading in some cases to imprisonment and torture. What could Nokia have done differently?
  • Ericsson sells information and communications technology hardware to customers, that in turn enhances the connectivity of end users. At the same time, customers, and other third parties, can use Ericsson’s technology, services and knowledge in a way that infringes upon end-users’ rights to freedom of expression and privacy. What can Ericsson do to seek to prevent this?
  • Biometric face recognition contained in AnyVision facial recognition gear makes it easier for security teams to create a safe environment. At the same time, it can be used for illegal surveillance, such as surveillance in Palestinian territory. What is an appropriate role for Microsoft as a minority investor in AnyVision?
  • Maersk is the world’s largest container shipping company and its vessels simplify global trade. Once the shipping vessels approach the end of life, Maersk sells them to a new owner who manages the shipbreaking and recycling process. Shipbreaking, the practice of dismantling the world’s ships, is a dangerous activity involving deaths and accidents. What can Maersk do to support human rights respect in shipbreaking yards once the vessels have been sold on?
  • BikeCo sells Fuji police bicycles, that are specifically designed to enable police to use these bikes on patrol for lengthy periods of time. Police officers use their Fuji bikes to push back against protestors, and as riot shields and batons during Black Lives Matter protests. Is there anything BikeCo can do about this?

As we can see, all of these cases have a question in common. What can a company be reasonably expected to do when the products that they provide can be used for a purpose that is harmful? In other words, what kinds of measures can a company put in place to prevent the misuse of its products?

A growing number of companies are asking themselves this question. The area of dual use and misuse has evolved significantly over the past ten years, since the UN Guiding Principles on Business and Human Rights were endorsed. It is now established that companies have a responsibility to seek to prevent harm connected to the products that they sell or commission. The greater the possible harm to people, the greater the burden on companies to seek to prevent the harm.

However, in practice, it can be a challenge to do. It’s not easy to put measures in place that prevent misuse of equipment, when that misuse tends to be outside of the company’s hands (e.g. it might be in the hands of a business partner, or a customer).

We have compiled examples of how companies have thought about this question. All of the information contained in this article is based on information that is in the public domain, it is not based on any confidential information we may have gathered through client projects.

This article is intended to help companies think about the art of the possible when it comes to navigating dual use and human rights respect considerations. It does not seek to delve into effectiveness of actions. If there are other examples you have come across that you think would be helpful for companies, feel free to reach out and we can add them.

The sector that has made the most progress in thinking about this question is the telecommunications sector, in part because of the well-documented risks of misuse of lawful interception to place certain groups (e.g. journalists, environmental and human rights defenders, opposition parties, certain ethnic/ religious/ sexual minorities) under surveillance, which can in turn lead to arbitrary arrest, detention, torture, and/or death, amongst other human rights impacts. As our examples above demonstrate, other sectors are also increasingly thinking about how they can build their leverage to manage misuse of products. Although GE’s experience seeking to ensure that its ultrasound machines are not used to abort female fetuses in India is an older one, it remains particularly illustrative because it demonstrates how a company can bring together a range of various measures to build leverage to tackle the issue of misuse.

In short, we see from company responses seeking to tackle misuse of their products that a helpful response tends to be a combination of two kinds of measures:

  • There are measures that can be put in place with the customer/ buyer, such as a policy governing use, contractual restrictions on use, trainings, the right to audit and monitor, and support to ensure the correct usage. In practice, companies have sought to extend their leverage beyond a mere policy and contract, to create an ongoing relationship with the customer/ buyer that enables them to have a degree of control over use.
  • In parallel, there are measures that the company can put in place that seek to tackle the issue as part of an eco-system approach. This often entails working with peers in the sector, as well as other interested parties – including where necessary governments – to seek to create a more supportive eco-system to prevent the misuse.

This note delves into the following examples:

  • GE Healthcare’s portable ultrasound machines (India)
  • Nokia Network’s surveillance equipment, software, and other services (Iran)
  • Ericsson’s information and communications technology hardware (Global)
  • AnyVision facial recognition gear (Palestine)
  • Maersk’s shipping vessels (India, Bangladesh, Pakistan)
  • Fuji police bicycles (U.S.)

1) GE Healthcare’s portable ultrasound machines (India)

The product

  • GE first entered India in the early 1990s. By 2006, GE had 51% market share of portable ultrasound machines in India.
  • The machines had significant positive use in healthcare, including in obstetrics and disease detection.
  • Their portability also enabled access to healthcare, since they could be brought to patients in rural areas where healthcare resources are scarce.

The misuse

  • Disproportionately high rates of female feticide is a significant, documented problem in India due to the preference for male children, despite government legislation and action to prohibit sex-selective abortions.
  • Female feticide has been assisted by increasingly easy access to portable ultrasound machines.
  • India’s decline in the child sex ratio has been linked to increased ultrasound use and the UN Children’s Fund stated this decline could exacerbate child marriage and trafficking of women for prostitution.[1]
  • The compact, portable and relatively low-cost nature of the technology increases the complexity of preventing its misuse.

The company’s response

Starting in the early 2000s, GE Healthcare (GEHC) worked with GEHC India to develop improved safeguards to reduce the risk of its ultrasound machines being misused, going beyond what was legally required. The first year these new measures were implemented was 2004.[2] GE reports that in 2004, GE’s sales in India shrank by about 10% from the year before.

Traditional commercial leverage with business partner

GEHC increased the number and rigor of internal checks on sales of MRI machines, including detailed conditions on use in contracts. In particular, the company demanded affidavits from customers that they wouldn’t use the machines for sex selection, and followed up with customers with periodic audits.

Contracts and dealer agreements now contain terms and conditions including “it is illegal to use pre-natal diagnostic techniques like ultrasonography, amniocentesis, etc. to determine and communicate the sex of an unborn child.” A product warning label was added to the machines stating that GEHC “does not support use of ultrasound technology for fetal sex determination.”

Creative leverage with business partner

GEHC provided clear guidance to and training for sales staff on how to identify purchaser-related concerns, how to advise end users of the equipment on the implications of the legal prohibition on fetal sex determination, and how to escalate any concerns about observed or suspected non-compliance to their managers.

GEHC requires sales staff to terminate all sales discussions where a sales person has reason to believe the potential customer may use the product unethically, or the product may fall into the wrong hands. GEHC has also made efforts to investigate noncompliance and audit performance.

Leverage with peers in the sector

GEHC pushed for industry-wide action, including through using the Confederation of Indian Industries (CII) to reach out to other companies and discuss solutions to addressing female feticide.

Leverage with other stakeholders

GEHC increased its engagement with critical stakeholders to share its efforts and seek their input on further actions GEHC India could take. GEHC had meetings with key critical civil society organizations, including Centre for Enquiry into Health and Allied Themes (CEHAT). The company further provided quarterly sales data and customer lists to the government to facilitate monitoring and accountability.

Eco-system approach

GEHC funded a broad publicity campaign within India “Rights of the Girl Child” to help empower women in India in order to contribute to a culture change to help stop this misuse. The company also started funding educational programs for girls in India.

2) Nokia Network’s surveillance equipment, software, and other services (Iran)

The product

  • For a number of years, Nokia Networks has provided basic 2G/2.5G mobile networks to the Mobile Communication Company of Iran (MCCI) and Irancell, two mobile network operators in Iran. These basic networks incorporated a standards-based lawful interception capability.
  • In the second half of 2008, Nokia Siemens Networks delivered a monitoring centre (a tool used to activate lawful interception and to analyse intercepted data) to MCCI.
  • Monitoring centre features allow for the legally required lawful interception of pre-defined suspects – a right of all states as defined in the constitution of the International Telecommunications Union (ITU) (e.g. for the purposes of addressing national security and serious crime).

The misuse

  • According to media reports, the monitoring center was misused by the Iranian government after the 2009 election to illegitimately monitor communications of political dissidents. One lawsuit brought in the United States related to an Iranian journalist, who alleged he was subsequently imprisoned and tortured by Iranian officials.[3]
  • Three months prior to these reports, Nokia Networks had exited the monitoring centre business and sold the related business line to another company called Trovicor.
  • The challenge Nokia Siemens Networks faced related to the dual use of the monitoring centre. This otherwise legitimate functionality was allegedly used to infringe upon free speech and the confidentiality of communications of political dissidents.

The company’s response

Following these reports about the company’s relationships in Iran, Nokia Networks publicly acknowledged that it should have better understood the possible implications for human rights in Iran before providing a monitoring centre to MCCI in 2008.[4] The company proceeded to put a number of processes in place to seek to prevent the misuse of its equipment – including the development of a new human rights policy relating to product misuse.[5]

Creative leverage with business partner

Pro-actively assessing risks involved with sales

Nokia created a Human Rights Due Diligence (HRDD) process which is a mandatory part of the company’s sales approval process. The company defines its HRDD process as a non-commercial cross company investigative process covering sales as well as R&D to help mitigate human rights risks related to misuse.

Through this process, the company reviews the intended use of technology it will be selling and the customer type to identify potential human rights risks early in the process. This risk assessment in turn can trigger further investigation and senior-level approval/denial review. The company reports that this process includes reviewing on an ongoing basis relevant training, tracking, communication, checkpoints and triggers.[6]

Withholding sales to certain business partners

Nokia has committed not to pursue direct business with intelligence agencies or similar institutions involving or relating to active surveillance or interception of communications.[7] In addition, where mitigation of the risk is not possible, the company commits to walk away from the sale.

For instance, the company reports that in one instance, the company declined pursuing a request for video surveillance technology because it determined “the ability to put any sort of controls around the misuse of the specific technology and any resulting data were extremely limited.”[8] The company also reports that it will chose not to go forward with transactions involving extreme risk countries in which Nokia would not be able to ensure the principles of necessity, proportionality, or legality on authority use of end-user data.[9]

Withholding sales of certain network elements

Nokia has a screening system in place whereby the company identifies high-risk customers from a human rights standpoint. The company then considers whether it may supply these high-risk customers with certain network elements that pose a low risk of misuse, while withholding the sale of other network elements. The company can do this since it typically sells packages of equipment to enable a communications network, rather than individual pieces of equipment.

Minimization mechanisms

In other cases, Nokia considers whether its solutions can be customized to minimize the risk that its products will be misused to cause adverse human rights impacts. Minimization mechanisms include limiting the personal information generated by or captured during the operation of a product and licensing the use of a software product as a separate item, as opposed to including it as a default feature.[10]

Changing the offerings

Nokia has voluntarily restricted itself to meeting only the minimum requirements for passive standards-based elements of lawful interception in its products.[11] By only providing passive lawful interception capabilities to customers who have a legal obligation to provide such capabilities, the company does not engage in any activity relating to active lawful interception technologies, such as storing, post-processing or analyzing of intercepted data gathered by the network operator.[12]

Leverage with other stakeholders

Following reports about the company’s relationships in Iran, Nokia Networks started to engage with a range of different stakeholders, including human rights experts and governmental stakeholders and NGOs, to better understand the issues. Through this engagement, the company sought to receive essential input for the strengthening of the company’s internal policies and processes.

The company also enhanced its communication and transparency efforts, both on its website as well as during talks and conferences, such as at a European Parliament public hearing on ICT companies. This included increasing information in the public domain related to Nokia Networks’ business in Iran, as well as the monitoring centre it sold to MCCI.

Eco-system approach

Nokia has placed specific emphasis on engaging with key industry stakeholders as well as civil society through membership, including board membership, of the Global Network Initiative (GNI). GNI is a multi-stakeholder group involving ICT companies, investors, academics and civil society groups which seeks to promote the ability of ICT companies to implement principles on freedom of expression and privacy.[13] Through this multi-stakeholder group, the company seeks to enhance the ability of the sector to prevent misuse of equipment and respect human rights.

Nokia also engages in active industry level dialogue on issues related to the balance between the right to privacy, freedom of expression, and personal security as fundamental human rights. As part of those efforts Nokia has called for increased transparency from governments related to their surveillance activities and for greater clarity about the laws and regulations related to these topics.[14] Nokia also participates in the EU Commission High-Level Expert Group on AI, where it helped create guidelines for trustworthy artificial intelligence.[15]

3) Ericsson’s information and communications technology hardware (Global)

The product

  • Ericsson sells information and communications technology hardware to a wide range of customers. This technology helps enable the full value of connectivity by creating technology and services that are easy to use, adopt, and scale for customers, that in turn enhances connectivity of end users.[16]

The misuse

  • Customers, and other third parties, can use Ericsson’s technology, services and knowledge directly or indirectly in a way that impacts negatively on human rights, including in particular end-users’ rights to freedom of expression and privacy.[17]

The company’s response

Creative leverage with business partner

Ericsson has integrated due diligence about human rights into its sales process through its sensitive business process. The company’s Sensitive Business Policy aims to emphasize Ericsson’s commitment to respecting human rights in its business engagements and operations.

The company created a Sensitive Business Board, a cross-functional forum that consists of high-level representatives of Group Functions and Business Areas. This Board is responsible for ensuring that business opportunities and engagements are conducted according to the Policy.[18]

The process is as follows:[19]

  • When a high-risk sales opportunity is identified by the sensitive business automated tool, the Market Area submits an approval request in accordance with the sensitive business process.
  • The parameters for evaluation of sensitive busines risk include risks related to the country, the portfolio, the customer and/or the purpose.
  • Submissions are evaluated according to the sensitive-business risk methodology and may be rejected, approved or approved with conditions.
  • Conditional approvals include technical and/or contractual mitigations to prevent unintended use of sensitive functionality.
  • Ericsson follows up on decisions in a separate dedicated process.

Ericsson reports that in 2019, country human rights risk assessments were conducted for Uzbekistan, Kirgizstan and Saudi Arabia. These risk assessments included mitigating actions that need to be implemented for further business engagements. Such actions included ensuring that certain functionalities or products were not sold in specific countries, conducting occupational health and safety screenings of potential business partners, and providing training to Ericsson personnel as well as customers and suppliers on responsible business practices.

4) AnyVision facial recognition gear (Palestine)

The product

  • Biometric face recognition contained in AnyVision facial recognition gear makes it easier for security teams to create a safe environment.[20]

The misuse

  • Microsoft invested in Israeli firm AnyVision, whose facial recognition gear has been deployed by Israeli authorities at Palestinian checkpoints.
  • Specifically, AnyVision’s technology was in use at checkpoints in border crossings between Israel and the West Bank.[21]

The company’s response

Creative leverage with business partner

After media reports that AnyVision’s equipment was used for surveillance in Palestinian territory, Microsoft said such use “would violate our facial recognition principles.”[22] Microsoft hired former U.S. Attorney General Eric Holder to lead a team from law firm Covington & Burling to conduct an audit of AnyVision’s compliance with its ethics guidelines.[23]

Microsoft recognized “the audit process reinforced the challenges of being a minority investor in a company that sells sensitive technology, since such investments do not generally allow for the level of oversight or control that Microsoft exercises over the use of its own technology. By making a global change to its investment policies to end minority investments in companies that sell facial recognition technology, Microsoft’s focus has shifted to commercial relationships that afford Microsoft greater oversight and control over the use of sensitive technologies.”[24]

Leverage with other stakeholders

Microsoft financially supports The Office of the United Nations High Commissioner for Human Right (OHCHR)’s B-Tech project, which has a focus on product end use and misuse.[25] Microsoft also participates in the project’s “community of practice”, a roundtable of major technology companies that are trying to address the complex issues involved with managing end use risks and impacts associated with their products and services by learning from shared experiences.

5) Maersk’s shipping vessels (India, Bangladesh, Pakistan)

The product

  • A.P. Moller-Maersk Group’s shipping vessels. Maersk is the world’s largest container shipping company and its vessels simplify global trade.[26]

The misuse

  • Once the shipping vessels approach the end of life, Maersk sells them to a new owner who then manages the shipbreaking and recycling process.
  • Shipbreaking, the practice of dismantling the world’s ships, has long been known to be a dangerous activity. Deaths and accidents take place every year in the shipbreaking yards, most of which are situated in Bangladesh, India and Pakistan. When ships are broken apart directly on the beach (instead of in an industrial site), this is known as “beaching.”[27]
  • Accordingly, some of the yards at which shipbreaking takes place are sub-standard and result in a number of impacts on workers. In contrast, recycling of ships can take place following certain procedures, outlined in an international agreement (the Hong Kong Convention).
  • In this case, Maersk faced criticism for its handling of two cases related to ship recycling: one in which the new owner disregarded Maersk’s contractual provision that recycling should be done following the Hong Kong Convention, and one in which Maersk instructed the new owner to recycle the sold ships at the best price, which led to the ships being recycled at sub-standard yards. In this second case, “Maersk has publicly acknowledged, and regrets that it indirectly incentivised the owner to recycle at sub-standard yards.”[28]

The company’s response

Traditional commercial leverage with business partner

Maersk put in place a specific procedure in 2016 – 2017 to ensure that two of its ships would be recycled at the shipyard in Alang, India, with decent health, safety and environmental standards.[29]

Education

Maersk engaged with the yard before the ships arrived in Alang and throughout the recycling in order to ensure that the yard not only agreed with and upgraded its policies to comply with Maersk’s standard but also that the recycling of the vessels was carried out accordingly.

Maersk also engaged in training and monitoring with the yard. This resulted in 72 stop-work instructions issued by Maersk’s onsite team, and the number of training sessions and drills conducted increasing by 30%. These numbers point to a cultural change at the shipyard: workers were viewed as being able to proactively report safety hazards and near misses. This enabled Maersk to insert risk mitigation measures in a timely manner before things went wrong.[30]

Financial support

Maersk was paid less than the actual value of the two vessels; in return, the yard invested in upgrading its health, safety and environmental performance.

Necessary equipment

Prior to signing contracts, the yard invested in heavy-duty cranes to lift steel blocks directly from the vessels onto an impermeable surface, so that steel blocks do not come into contact with the intertidal zone and tidal water does not enter the hull of the vessel.

Creative leverage with business partner

Following this, the company created new procedures (in September 2016) to strengthen implementation of its responsible recycling policy and minimise the financial incentive for buyers to recycle irresponsibly.[31]

These procedures depend on the value of the vessel at the time of sale:

  • If the value is low (less than 25% of the highest recycling price), Maersk will not divest but will recycle the vessel according to its standards.
  • If the value is higher (25-40% above the highest recycling price), the new owner would be required to operate the vessel for a further two years or to recycle in accordance with Maersk’s standards.
  • If the value is high (more than 40% above the highest recycling price), the vessel can be resold without restrictions (since at this point, there is no financial incentive for the buyer to recycle.)

6) Fuji police bicycles (U.S.)

The product

  • BikeCo sells Fuji police bicycles, that are specifically designed to enable police to use these bikes on patrol for lengthy periods of time.[32]

The misuse

  • Police misuse of police bicycles during Black Lives Matter protests in 2020.
  • This included police officers using bikes to push back protestors, and using bikes as riot shields and batons.[33]

The company’s response

Creative leverage with business partner

BikeCo, LLC, the North American distributor for Fuji Bicycles began a dialogue with police departments nationwide to address how bikes are used in police activity and to ensure that police’s on-bike training reinforces that bicycles are not used as a weapon against community members. The company suspended the sale of Fuji police bikes until a conversation with these departments had occurred and the company was confident that real change could be made.[34]

[1] https://www.wsj.com/articles/SB117683530238872926

[2] https://www.wsj.com/articles/SB117683530238872926; https://www.washingtonpost.com/case-in-point-engage-the-larger-social-issues-behind-product-misuse/2011/08/29/gIQAt70XzJ_story.html; https://hrbdf.org/case_studies/product-misuse/product_misuse/misuse_of_companys_ultrasound_technology.html#.YCkK-S2l1pQ  

[3] https://www.zdnet.com/article/nokia-siemens-networks-sued-by-iranian-activist-for-human-rights-abuses/

[4] https://hrbdf.org/case_studies/product-misuse/product_misuse/addressing_the_misuse_of_telecommunications_technology_in_iran.html#.YBWK2cVKj_Q

[5] https://www.nokia.com/sites/default/files/2019-12/Human_rights_policy.pdf

[6] https://www.nokia.com/sites/default/files/2020-03/Nokia_People_and_Planet_Report_2019.pdf

[7] https://www.nokia.com/sites/default/files/2019-12/Human_rights_policy.pdf

[8] https://www.nokia.com/sites/default/files/2020-03/Nokia_People_and_Planet_Report_2019.pdf

[9] https://globalnetworkinitiative.org/wp-content/uploads/2020/04/2018-2019-PAR.pdf

[10] https://globalnetworkinitiative.org/wp-content/uploads/2020/04/2018-2019-PAR.pdf

[11] https://hrbdf.org/case_studies/product-misuse/product_misuse/addressing_the_misuse_of_telecommunications_technology_in_iran.html#.YBWK2cVKj_Q

[12] https://www.nokia.com/sites/default/files/2020-03/Nokia_People_and_Planet_Report_2019.pdf

[13] https://www.nokia.com/sites/default/files/2020-03/Nokia_People_and_Planet_Report_2019.pdf

[14] https://www.nokia.com/sites/default/files/2019-12/Human_rights_policy.pdf

[15] https://www.nokia.com/sites/default/files/2020-03/Nokia_People_and_Planet_Report_2019.pdf

[16] https://www.ericsson.com/en/about-us

[17] https://www.ericsson.com/en/about-us/sustainability-and-corporate-responsibility/responsible-business/human-rights

[18] https://www.ericsson.com/494fc1/assets/local/about-ericsson/sustainability-and-corporate-responsibility/documents/2019/ungps-reporting-framework-index-2018.pdf

[19] https://www.ericsson.com/49830a/assets/local/about-ericsson/sustainability-and-corporate-responsibility/documents/2020/2019-sustainability-and-corporate-responsibility-report.pdf

[20] https://www.anyvision.co

[21] https://www.reuters.com/article/us-microsoft-anyvision-idUSKBN21E3BA

[22] https://www.reuters.com/article/us-palantir-investors/activist-investors-to-pressure-privately-held-palantir-on-human-rights-idUSKBN1XW1XH

[23] https://www.reuters.com/article/us-palantir-investors/activist-investors-to-pressure-privately-held-palantir-on-human-rights-idUSKBN1XW1XH

[24] https://m12.vc/news/joint-statement-by-microsoft-anyvision-anyvision-audit/

[25] https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=21620&LangID=E

[26] https://www.maersk.com

[27] https://triponelconsulting.com/2020/02/10/new-uk-high-court-case-shines-the-spotlight-on-the-need-for-companies-selling-ships-to-conduct-human-rights-due-diligence/

[28] https://www.maersk.com/news/articles/2019/04/04/maersk-tightens-its-ship-recycling-procedures

[29] https://www.maersk.com/news/articles/2019/04/04/maersk-tightens-its-ship-recycling-procedures

[30] https://www.maersk.com/news/articles/2017/01/03/responsible-ship-recycling-in-alang-is-possible

[31] https://www.maersk.com/news/articles/2019/04/04/maersk-tightens-its-ship-recycling-procedures

[32] https://www.policebikestore.com/fujipolicebikes.htm

[33] https://www.cyclingweekly.com/news/latest-news/fuji-bikes-suspend-sale-of-american-police-bikes-used-in-violent-tactics-as-trek-faces-criticism-457378

[34] https://www.cyclingnews.com/news/fuji-suspends-bike-sales-to-us-police-after-violence-against-protestors/; https://www.instagram.com/p/CBEI0ajlins/

You may also be interested in

This week’s latest resources, articles and summaries.