|

Scandinavia and Africa innovate while U.S. firms lose ground on transparency

This year has presented monumental challenges for the integrity and security of the free and open internet. In the past month or so alone, Verizon confirmed that hackers got access to the records of millions of people using Verizon networks, while Google reported that it removed 9,000 individual pieces of content at the request of the Russian government. That’s just the tip of the iceberg of the developments behind the scenes at tech companies, internet service providers, and telcos that impact our privacy and free expression. So it’s fortunate that even though our rights are at risk, we’re also seeing progress for corporate transparency, an issue that we help track through our Transparency Reporting Index.

Transparency reporting as we know it may have started in the U.S., but it was built on non-financial and sustainability reporting that European companies excel at. After the Snowden revelations of mass surveillance perpetrated by the U.S and the other “Five Eyes” countries, the practice of sharing demands for censorship or access to our private data has steadily gained traction across the globe. Now that we are six months into the Trump administration in the U.S., companies are beginning to release transparency reports covering that time period. So we felt it was the right time to update the Transparency Reporting Index and share what we’ve learned in our efforts to ensure corporate accountability for respecting human rights.

One key insight: we’re seeing innovation in these reports, and not always from the usual suspects.

Our aim with the index is to help define a baseline for disclosures of government demands, and promote transparency as the first step toward online corporate accountability. Currently, we list 68 companies in the index, with headquarters or offices in more than 90 countries. Over the past seven years, we’ve seen more and more companies disclose data on their privacy and free expression impacts. However, we’ve also seen many countries propose or implement regulations that will likely increase the number of surveillance demands government agencies make of private corporations. This will make transparency reports that much more important for ensuring accountability.

Below, we provide a “snapshot” from our work on transparency with a look at four companies — Telia, Facebook, Alphabet (now parent to Google), and Liquid Telecom  — to examine how their involvement will be vital in protecting users’ data and the right to freedom of expression over the next year. We provide recommendations for each company to help bolster their efforts to meet their obligations to respect human rights.

Telia’s “responsible exit” from Eurasia

Telia, the Swedish-Finnish telecommunications company, has recently made strides in furthering telco accountability by partnering with sustainability nonprofit Business for Social Responsibility (BSR). The two firms conducted an internal Human Rights Impact Assessment to gauge the effect of Telia’s ongoing withdrawal from countries east of its European base. In 2015, Telia announced it would pull out of Azerbaijan, Georgia, Kazakhstan, Moldova, Nepal, Tajikistan and Uzbekistan, home to two-thirds of its subscribers at the time. The reasons cited were difficulty repatriating profits, and trouble determining the true identity of its partner companies, which in Uzbekistan led to a major corruption scandal.

Other tech companies have pulled out of markets (think of Google leaving China in 2010). But telcos often have more on the line than software or internet firms, which can operate without physical offices, equipment, or even employees on the ground. This report bolsters Telia’s record for transparency, since it is now the first telecommunications company to emphasize “ensuring local human rights due diligence and a responsible exit” from a region. This reflects a level of accountability that is so far unmatched by U.S. corporations.

Since it has disruptive effects on users, civil society partners, and personnel, telcos should consider withdrawal only as a last resort. However, as our Telco Remedy Plan makes clear, when companies recognize that their operations directly contribute to systemic ongoing abuses – such as when they give abusive governments direct access to their networks, as some Telia subsidiaries have done – they must consider withdrawal in order to respect human rights and mitigate harms. As the company makes its withdrawal from Eurasia, Telia should maintain its commitment to regional human rights, offering its expertise to those continuing to fight for openness there after its exit by the end of 2017.

Every corporation must make respect for human rights a priority, and Telia has set a positive example through many of its actions, including a campaign for free expression in the use of its products, with specific goals and deadlines.

Listing annual objectives on privacy and free expression is a best practice that more companies ought to follow. We’ll stay in close contact with Telia to help ensure they meet these goals.

Additionally, Telia’s transparency reports track the company’s actions starting in 2013, and these reports are among the most detailed accounts we have so far of corporate interaction with law enforcement. The latest, 22-page document includes a letter from the Telia’s general counsel, and provides details on the initiatives and challenges the company faced in completing the report. All listed data are thoroughly explained and annotated, and Telia includes an FAQ section and outlines its objectives for future reports.

In doing so, the company has far surpassed most telecommunications firms – with full respect to Vodafone, whose 2017 report on encryption laws we will soon review  – in its commitment to accountability to its customers, and has become a leader for corporate transparency. We would like to see Telia continue to champion freedom of expression in its work, and we encourage its competitors to do the same.

We make one specific recommendation for Telia: The company should calculate and publish the costs it incurs in responding to government demands for interference with user privacy and free expression. This cost includes the time necessary for legal, operational, and other staff to review requests; reputational and trust damage to the firm; and infrastructure and equipment fees, to start. We have also asked Vodafone for an estimate like this, and we hope the firms can together begin constructing a standard for this type of disclosure.

Facebook and free expression

Facebook has come under increased scrutiny for its removal of content. In late June, ProPublica published documents and analysis that raise critically important questions about Facebook’s internal rules governing content moderation. One of the rules — which Facebook says it no longer follows — mandates censorship of posts that endorse “violence to resist occupation of an internationally recognized state.” This is highly problematic and would have unintended consequences in reporting on developments such as those that took place in 2011 during the “Arab Spring.”

Another problematic area is Facebook’s policies regarding “protected groups,” wherein the company categorizes particular people as requiring special protection from what it considers hate speech. One issue is that Facebook has been unilaterally determining who belongs in these protected groups, without consulting with people who use the platform, outside experts, or any regulatory body. As a result, the mechanisms that have been in play reflect bias in favor of groups such as white males. For instance, moderators have evidently been systematically removing speech that targets white populations, while leaving untouched speech that glorifies violence against Jewish populations. There are some vulnerable and marginalized users that have not been protected.

Facebook can make some simple changes to its public policy rules to support human rights and improve its accountability to its users. All of its foundational rules – Community Standards, Principles, and Statement of Rights and Responsibilities – lack language on the human right to freedom of expression, a strange omission. Facebook must raise its civil and privacy rights standards for all its users, in addition to engaging with outside experts to examine and improve its content moderation policy. We recommend that Facebook use international human rights law and norms as the framework for content moderation, consulting with human rights experts as well its own user base to avoid contributing to censorship. We also recommend that all moderation policies be circulated for wide and diverse external feedback before they are implemented.

It’s also important to present information in a way that is accessible and user-friendly. The company’s transparency report web page is minimal, showing a lack of interest in engaging readers. Even though the site has data reaching back to 2013, there is little context for the information, and the report surfaces fewer data points than reports by Facebook’s contemporaries. The most recent report, providing data from June to December 2016, is a simple six-column spreadsheet. There is no additional information, such as FAQs or company policies, that might help us better understand how the company aims to protect privacy and free speech.

Our recommendations for Facebook: Work to improve content moderation within a human rights framework, including making explicit commitments to uphold human rights such as the right to free expression in its public pages and its transparency report. In addition, invest the necessary resources to make its report easier to read and understand, applying the same level of care to presentation of the data as it does to presentation of its Community Standards.

Alphabet continues to innovate, and should follow Telia’s lead

It was in 2010 that Alphabet, then known only as Google, set the standard for other companies by releasing its first transparency report. Since then, it has continued its groundbreaking work in disclosures and public accountability. Its latest report, released on July 18, added user-friendly charts and graphics to the company’s already extensive set of data. Alphabet now lists multiple reports on the site, allowing customers to seek out data regarding government requests for private user data, demands for censorship, and reasons for service shutdowns. The site is actively updated, and still features the most recent full report for download.

Still, Alphabet cannot boast Telia’s defined freedom expression and transparency objectives. The company’s equivalent initiative, Google Take Action, encourages people to sign a petition demanding free expression in regions with censorship, but there is no literature to explain exactly how Alphabet itself will work toward that goal. Its “Take Action Timeline” is out of date, failing to reflect even the challenge under the Trump administration to the U.S. Federal Communications Commission’s regulations to protect the open internet.

Our recommendations for Alphabet: If Alphabet seeks to maintain its record of leadership in corporate transparency policy, the company should update its standing freedom of expression objectives, and boost community outreach in this initiative (just as Telia did through its Human Rights Impact Assessment).

Companies like Facebook and Twitter can also do more work to engage the public in transparency efforts, especially in countries where access to an uncensored internet is a persistent challenge. It’s important for all of these incredibly popular communications platforms to increase transparency so the public is aware of and can fight intrusive data requests and internet censorship. We welcome every effort by these companies to make progress in this area.

Liquid Telecommunications takes leadership in Africa

Internet service provider Liquid Telecommunications is an example of a transparency champion in a country with a developing network infrastructure. Liquid is a Kenya Mauritius-based subsidiary of Econet Wireless, a telecommunications group with operations in Africa, South America, Europe, and the Asian Pacific Rim. Liquid manages and owns a fiber optic network spanning East and South Africa, and in December 2015 announced plans to connect its network through undersea cables with high-speed internet systems in the Middle East.

Aside from its pioneering infrastructure, Liquid also implements an accountable sustainability policy, releasing annual reports replete with statistics and appealing infographics. The reports are a result of Liquid’s commitment in November 2015 to the Code of Ethics for Business in Kenya (CEBK), which “effected a zero-tolerance approach to corruption, achieved strong sales and improved customer service, and made substantial fuel and electricity savings.”

The company has made significant strides in the two years since aligning its policies with the CEBK, which it outlines in detail in its reports. These inquests cover everything from the impact of business growth in under-connected regions, to the company’s gender makeup and maternal health policy. Featured as part of the documents’ anti-corruption section is Liquid’s annual transparency report, which is displayed in text rather than a statistical table as is common among reports.

A relatively small business-to-business ISP, Liquid reports that it has received only three requests for user data from the Kenyan government last year, which it upheld and fulfilled. The company also asserts that it denies all requests for information received from non-governmental entities, but does not disclose the number of these requests. Regardless, Liquid’s has made its commitment to customers’ privacy and general well being obvious through its robust sustainability reports and pushback against internet shutdowns.

Access Now would like to see other companies follow Liquid’s approach in drafting accountability materials, especially those in regions without established corporate networks of domestic telecommunications companies.

Our recommendations for Liquid: We hope Liquid is the first of many African telcos to issue transparency reports and disclose third-party requests impacting user privacy and freedom of expression. We recommend that Liquid further this trend by convening its peer companies with civil society and government regulators to discuss the obstacles to fuller transparency in the African telecom sector.  

So what happens in the year ahead? We’ll be watching.

These four companies are sharing vitally important information for defending our digital rights, and we encourage them to keep pursuing transparency on government and third-party demands, and new ways to engage users on these crucial topics. To meet their human rights obligations, companies must constantly innovate and push the boundaries of disclosure. We’ll keep watching to help ensure that this work continues and progresses in a way that helps more people find, understand, and make use of the information.