Anna Triponel | September 2021
With thanks to Nora Mardirossian for valuable support and input.
Consider the following examples:
As we can see, all of these cases have a question in common. What can a company be reasonably expected to do when the products that they provide can be used for a purpose that is harmful? In other words, what kinds of measures can a company put in place to prevent the misuse of its products?
A growing number of companies are asking themselves this question. The area of dual use and misuse has evolved significantly over the past ten years, since the UN Guiding Principles on Business and Human Rights were endorsed. It is now established that companies have a responsibility to seek to prevent harm connected to the products that they sell or commission. The greater the possible harm to people, the greater the burden on companies to seek to prevent the harm.
However, in practice, it can be a challenge to do. It’s not easy to put measures in place that prevent misuse of equipment, when that misuse tends to be outside of the company’s hands (e.g. it might be in the hands of a business partner, or a customer).
We have compiled examples of how companies have thought about this question. All of the information contained in this article is based on information that is in the public domain, it is not based on any confidential information we may have gathered through client projects.
This article is intended to help companies think about the art of the possible when it comes to navigating dual use and human rights respect considerations. It does not seek to delve into effectiveness of actions. If there are other examples you have come across that you think would be helpful for companies, feel free to reach out and we can add them.
The sector that has made the most progress in thinking about this question is the telecommunications sector, in part because of the well-documented risks of misuse of lawful interception to place certain groups (e.g. journalists, environmental and human rights defenders, opposition parties, certain ethnic/ religious/ sexual minorities) under surveillance, which can in turn lead to arbitrary arrest, detention, torture, and/or death, amongst other human rights impacts. As our examples above demonstrate, other sectors are also increasingly thinking about how they can build their leverage to manage misuse of products. Although GE’s experience seeking to ensure that its ultrasound machines are not used to abort female fetuses in India is an older one, it remains particularly illustrative because it demonstrates how a company can bring together a range of various measures to build leverage to tackle the issue of misuse.
In short, we see from company responses seeking to tackle misuse of their products that a helpful response tends to be a combination of two kinds of measures:
This note delves into the following examples:
Starting in the early 2000s, GE Healthcare (GEHC) worked with GEHC India to develop improved safeguards to reduce the risk of its ultrasound machines being misused, going beyond what was legally required. The first year these new measures were implemented was 2004.[2] GE reports that in 2004, GE’s sales in India shrank by about 10% from the year before.
Traditional commercial leverage with business partner
GEHC increased the number and rigor of internal checks on sales of MRI machines, including detailed conditions on use in contracts. In particular, the company demanded affidavits from customers that they wouldn’t use the machines for sex selection, and followed up with customers with periodic audits.
Contracts and dealer agreements now contain terms and conditions including “it is illegal to use pre-natal diagnostic techniques like ultrasonography, amniocentesis, etc. to determine and communicate the sex of an unborn child.” A product warning label was added to the machines stating that GEHC “does not support use of ultrasound technology for fetal sex determination.”
Creative leverage with business partner
GEHC provided clear guidance to and training for sales staff on how to identify purchaser-related concerns, how to advise end users of the equipment on the implications of the legal prohibition on fetal sex determination, and how to escalate any concerns about observed or suspected non-compliance to their managers.
GEHC requires sales staff to terminate all sales discussions where a sales person has reason to believe the potential customer may use the product unethically, or the product may fall into the wrong hands. GEHC has also made efforts to investigate noncompliance and audit performance.
Leverage with peers in the sector
GEHC pushed for industry-wide action, including through using the Confederation of Indian Industries (CII) to reach out to other companies and discuss solutions to addressing female feticide.
Leverage with other stakeholders
GEHC increased its engagement with critical stakeholders to share its efforts and seek their input on further actions GEHC India could take. GEHC had meetings with key critical civil society organizations, including Centre for Enquiry into Health and Allied Themes (CEHAT). The company further provided quarterly sales data and customer lists to the government to facilitate monitoring and accountability.
Eco-system approach
GEHC funded a broad publicity campaign within India “Rights of the Girl Child” to help empower women in India in order to contribute to a culture change to help stop this misuse. The company also started funding educational programs for girls in India.
Following these reports about the company’s relationships in Iran, Nokia Networks publicly acknowledged that it should have better understood the possible implications for human rights in Iran before providing a monitoring centre to MCCI in 2008.[4] The company proceeded to put a number of processes in place to seek to prevent the misuse of its equipment – including the development of a new human rights policy relating to product misuse.[5]
Creative leverage with business partner
Pro-actively assessing risks involved with sales
Nokia created a Human Rights Due Diligence (HRDD) process which is a mandatory part of the company’s sales approval process. The company defines its HRDD process as a non-commercial cross company investigative process covering sales as well as R&D to help mitigate human rights risks related to misuse.
Through this process, the company reviews the intended use of technology it will be selling and the customer type to identify potential human rights risks early in the process. This risk assessment in turn can trigger further investigation and senior-level approval/denial review. The company reports that this process includes reviewing on an ongoing basis relevant training, tracking, communication, checkpoints and triggers.[6]
Withholding sales to certain business partners
Nokia has committed not to pursue direct business with intelligence agencies or similar institutions involving or relating to active surveillance or interception of communications.[7] In addition, where mitigation of the risk is not possible, the company commits to walk away from the sale.
For instance, the company reports that in one instance, the company declined pursuing a request for video surveillance technology because it determined “the ability to put any sort of controls around the misuse of the specific technology and any resulting data were extremely limited.”[8] The company also reports that it will chose not to go forward with transactions involving extreme risk countries in which Nokia would not be able to ensure the principles of necessity, proportionality, or legality on authority use of end-user data.[9]
Withholding sales of certain network elements
Nokia has a screening system in place whereby the company identifies high-risk customers from a human rights standpoint. The company then considers whether it may supply these high-risk customers with certain network elements that pose a low risk of misuse, while withholding the sale of other network elements. The company can do this since it typically sells packages of equipment to enable a communications network, rather than individual pieces of equipment.
Minimization mechanisms
In other cases, Nokia considers whether its solutions can be customized to minimize the risk that its products will be misused to cause adverse human rights impacts. Minimization mechanisms include limiting the personal information generated by or captured during the operation of a product and licensing the use of a software product as a separate item, as opposed to including it as a default feature.[10]
Changing the offerings
Nokia has voluntarily restricted itself to meeting only the minimum requirements for passive standards-based elements of lawful interception in its products.[11] By only providing passive lawful interception capabilities to customers who have a legal obligation to provide such capabilities, the company does not engage in any activity relating to active lawful interception technologies, such as storing, post-processing or analyzing of intercepted data gathered by the network operator.[12]
Leverage with other stakeholders
Following reports about the company’s relationships in Iran, Nokia Networks started to engage with a range of different stakeholders, including human rights experts and governmental stakeholders and NGOs, to better understand the issues. Through this engagement, the company sought to receive essential input for the strengthening of the company’s internal policies and processes.
The company also enhanced its communication and transparency efforts, both on its website as well as during talks and conferences, such as at a European Parliament public hearing on ICT companies. This included increasing information in the public domain related to Nokia Networks’ business in Iran, as well as the monitoring centre it sold to MCCI.
Eco-system approach
Nokia has placed specific emphasis on engaging with key industry stakeholders as well as civil society through membership, including board membership, of the Global Network Initiative (GNI). GNI is a multi-stakeholder group involving ICT companies, investors, academics and civil society groups which seeks to promote the ability of ICT companies to implement principles on freedom of expression and privacy.[13] Through this multi-stakeholder group, the company seeks to enhance the ability of the sector to prevent misuse of equipment and respect human rights.
Nokia also engages in active industry level dialogue on issues related to the balance between the right to privacy, freedom of expression, and personal security as fundamental human rights. As part of those efforts Nokia has called for increased transparency from governments related to their surveillance activities and for greater clarity about the laws and regulations related to these topics.[14] Nokia also participates in the EU Commission High-Level Expert Group on AI, where it helped create guidelines for trustworthy artificial intelligence.[15]
Creative leverage with business partner
Ericsson has integrated due diligence about human rights into its sales process through its sensitive business process. The company’s Sensitive Business Policy aims to emphasize Ericsson’s commitment to respecting human rights in its business engagements and operations.
The company created a Sensitive Business Board, a cross-functional forum that consists of high-level representatives of Group Functions and Business Areas. This Board is responsible for ensuring that business opportunities and engagements are conducted according to the Policy.[18]
The process is as follows:[19]
Ericsson reports that in 2019, country human rights risk assessments were conducted for Uzbekistan, Kirgizstan and Saudi Arabia. These risk assessments included mitigating actions that need to be implemented for further business engagements. Such actions included ensuring that certain functionalities or products were not sold in specific countries, conducting occupational health and safety screenings of potential business partners, and providing training to Ericsson personnel as well as customers and suppliers on responsible business practices.
Creative leverage with business partner
After media reports that AnyVision’s equipment was used for surveillance in Palestinian territory, Microsoft said such use “would violate our facial recognition principles.”[22] Microsoft hired former U.S. Attorney General Eric Holder to lead a team from law firm Covington & Burling to conduct an audit of AnyVision’s compliance with its ethics guidelines.[23]
Microsoft recognized “the audit process reinforced the challenges of being a minority investor in a company that sells sensitive technology, since such investments do not generally allow for the level of oversight or control that Microsoft exercises over the use of its own technology. By making a global change to its investment policies to end minority investments in companies that sell facial recognition technology, Microsoft’s focus has shifted to commercial relationships that afford Microsoft greater oversight and control over the use of sensitive technologies.”[24]
Leverage with other stakeholders
Microsoft financially supports The Office of the United Nations High Commissioner for Human Right (OHCHR)’s B-Tech project, which has a focus on product end use and misuse.[25] Microsoft also participates in the project’s “community of practice”, a roundtable of major technology companies that are trying to address the complex issues involved with managing end use risks and impacts associated with their products and services by learning from shared experiences.
Traditional commercial leverage with business partner
Maersk put in place a specific procedure in 2016 – 2017 to ensure that two of its ships would be recycled at the shipyard in Alang, India, with decent health, safety and environmental standards.[29]
Education
Maersk engaged with the yard before the ships arrived in Alang and throughout the recycling in order to ensure that the yard not only agreed with and upgraded its policies to comply with Maersk’s standard but also that the recycling of the vessels was carried out accordingly.
Maersk also engaged in training and monitoring with the yard. This resulted in 72 stop-work instructions issued by Maersk’s onsite team, and the number of training sessions and drills conducted increasing by 30%. These numbers point to a cultural change at the shipyard: workers were viewed as being able to proactively report safety hazards and near misses. This enabled Maersk to insert risk mitigation measures in a timely manner before things went wrong.[30]
Financial support
Maersk was paid less than the actual value of the two vessels; in return, the yard invested in upgrading its health, safety and environmental performance.
Necessary equipment
Prior to signing contracts, the yard invested in heavy-duty cranes to lift steel blocks directly from the vessels onto an impermeable surface, so that steel blocks do not come into contact with the intertidal zone and tidal water does not enter the hull of the vessel.
Creative leverage with business partner
Following this, the company created new procedures (in September 2016) to strengthen implementation of its responsible recycling policy and minimise the financial incentive for buyers to recycle irresponsibly.[31]
These procedures depend on the value of the vessel at the time of sale:
Creative leverage with business partner
BikeCo, LLC, the North American distributor for Fuji Bicycles began a dialogue with police departments nationwide to address how bikes are used in police activity and to ensure that police’s on-bike training reinforces that bicycles are not used as a weapon against community members. The company suspended the sale of Fuji police bikes until a conversation with these departments had occurred and the company was confident that real change could be made.[34]
[1] https://www.wsj.com/articles/SB117683530238872926
[2] https://www.wsj.com/articles/SB117683530238872926; https://www.washingtonpost.com/case-in-point-engage-the-larger-social-issues-behind-product-misuse/2011/08/29/gIQAt70XzJ_story.html; https://hrbdf.org/case_studies/product-misuse/product_misuse/misuse_of_companys_ultrasound_technology.html#.YCkK-S2l1pQ
[3] https://www.zdnet.com/article/nokia-siemens-networks-sued-by-iranian-activist-for-human-rights-abuses/
[4] https://hrbdf.org/case_studies/product-misuse/product_misuse/addressing_the_misuse_of_telecommunications_technology_in_iran.html#.YBWK2cVKj_Q
[5] https://www.nokia.com/sites/default/files/2019-12/Human_rights_policy.pdf
[6] https://www.nokia.com/sites/default/files/2020-03/Nokia_People_and_Planet_Report_2019.pdf
[7] https://www.nokia.com/sites/default/files/2019-12/Human_rights_policy.pdf
[8] https://www.nokia.com/sites/default/files/2020-03/Nokia_People_and_Planet_Report_2019.pdf
[9] https://globalnetworkinitiative.org/wp-content/uploads/2020/04/2018-2019-PAR.pdf
[10] https://globalnetworkinitiative.org/wp-content/uploads/2020/04/2018-2019-PAR.pdf
[11] https://hrbdf.org/case_studies/product-misuse/product_misuse/addressing_the_misuse_of_telecommunications_technology_in_iran.html#.YBWK2cVKj_Q
[12] https://www.nokia.com/sites/default/files/2020-03/Nokia_People_and_Planet_Report_2019.pdf
[13] https://www.nokia.com/sites/default/files/2020-03/Nokia_People_and_Planet_Report_2019.pdf
[14] https://www.nokia.com/sites/default/files/2019-12/Human_rights_policy.pdf
[15] https://www.nokia.com/sites/default/files/2020-03/Nokia_People_and_Planet_Report_2019.pdf
[16] https://www.ericsson.com/en/about-us
[17] https://www.ericsson.com/en/about-us/sustainability-and-corporate-responsibility/responsible-business/human-rights
[18] https://www.ericsson.com/494fc1/assets/local/about-ericsson/sustainability-and-corporate-responsibility/documents/2019/ungps-reporting-framework-index-2018.pdf
[19] https://www.ericsson.com/49830a/assets/local/about-ericsson/sustainability-and-corporate-responsibility/documents/2020/2019-sustainability-and-corporate-responsibility-report.pdf
[21] https://www.reuters.com/article/us-microsoft-anyvision-idUSKBN21E3BA
[22] https://www.reuters.com/article/us-palantir-investors/activist-investors-to-pressure-privately-held-palantir-on-human-rights-idUSKBN1XW1XH
[23] https://www.reuters.com/article/us-palantir-investors/activist-investors-to-pressure-privately-held-palantir-on-human-rights-idUSKBN1XW1XH
[24] https://m12.vc/news/joint-statement-by-microsoft-anyvision-anyvision-audit/
[25] https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=21620&LangID=E
[27] https://triponelconsulting.com/2020/02/10/new-uk-high-court-case-shines-the-spotlight-on-the-need-for-companies-selling-ships-to-conduct-human-rights-due-diligence/
[28] https://www.maersk.com/news/articles/2019/04/04/maersk-tightens-its-ship-recycling-procedures
[29] https://www.maersk.com/news/articles/2019/04/04/maersk-tightens-its-ship-recycling-procedures
[30] https://www.maersk.com/news/articles/2017/01/03/responsible-ship-recycling-in-alang-is-possible
[31] https://www.maersk.com/news/articles/2019/04/04/maersk-tightens-its-ship-recycling-procedures
[32] https://www.policebikestore.com/fujipolicebikes.htm
[33] https://www.cyclingweekly.com/news/latest-news/fuji-bikes-suspend-sale-of-american-police-bikes-used-in-violent-tactics-as-trek-faces-criticism-457378
[34] https://www.cyclingnews.com/news/fuji-suspends-bike-sales-to-us-police-after-violence-against-protestors/; https://www.instagram.com/p/CBEI0ajlins/