Corporate Accountability News Highlights is a regular series by Ranking Digital Rights that highlights key news related to tech companies, freedom of expression, and privacy issues around the world.
John Oliver emphasizes corporate role in net neutrality debate
Screenshot via Last Week Tonight, YouTube
The debate over government enforcement of net neutrality principles in the U.S. has remerged in full force. On April 27, the FCC released a notice of proposed rulemaking (NPRM) that outlined its intention to deregulate the telecommunications industry and reverse the net neutrality provisions that were established with the 2015 Open Internet Order. This weekend, comedian John Oliver, in an echo of his hit 2014 net neutrality tirade, once again brought the topic of net neutrality to the masses with a feature segment. In addition to laying out his arguments in favor of net neutrality, Oliver also highlighted a point about corporate responsibility, noting examples in the past in which ISPs used their networks to favor their own content or services over that of their competitors. He argued that without regulatory enforcement, companies have little incentive to voluntarily abide by net neutrality principles.
Oliver’s remarks highlight the importance of regulatory enforcement to protect consumer rights in the absence of other accountability mechanisms. RDR’s methodology is based on companies’ disclosure of commitments and policies that respect users’ rights: in the Freedom of Expression category we evaluate whether ISPs disclose that they do not block, prioritize, or delay content for reasons beyond assuring network quality and reliability. The results of the 2017 Index show that of the 10 ISPs evaluated, only U.K.-based Vodafone disclosed that it does not engage in these types of traffic management practices.
More mobile apps are “listening” for marketing beacons
Last week, scholars from the Technical University of Braunschweig presented new research at the IEEE European Symposium on Privacy and Security documenting a potentially growing privacy threat to mobile app users. The research findings, which were covered by several media outlets, found 234 examples of Android apps that are “constantly listening for ultrasonic beacons in the background,” compared to 39 found in December 2015 and just six found in April 2015. These mobile apps are equipped with technology that, if users grant the app permission to access the device’s microphone, use the microphone to “listen” for ultrasonic tones that are emitted by advertisers. Companies such as Signal360 market products that use ultrasonic beacons to track users for advertising purposes — for example, a sports stadium might partner with a mobile app developer to send promotions to users of the mobile app when they walk into the stadium. These beacons aren’t only emitted at stadiums, though — they’re found in brick and mortar stores, billboards, online ads, television ads, etc, and can be used to link multiple devices to a single owner. These companies can then build profiles on users based on where they go and what they watch on TV or search for online. In 2015, the Center for Democracy and Technology filed comments with the FTC highlighting the privacy concerns presented by this type of cross-device tracking.
Mobile applications should clearly disclose what types of user information they might collect, how they collect this information, and the third parties with whom they share it, so that users can make informed decisions about the apps they choose to download and use. This includes information conveyed and collected via ultrasonic signals. In addition, companies that operate mobile ecosystems should make an effort to protect users by disclosing whether and to what extent they evaluate the privacy policies of the third-party apps in their app stores. The 2017 Index evaluated three mobile ecosystems—Google’s Android, Apple’s iOS, and Samsung’s implementation of Android—and found that, while companies may have guidelines regarding app privacy policies, none of these companies disclosed whether they evaluate the content of these policies.
Russia blacklists mobile messaging app WeChat
“Communication tools / iOS” (Image via Microsiervos on Flickr, CC BY 2.0)
On May 4, Russia’s telecommunications regulator, Roskomnadzor, added the mobile messaging app WeChat to its list of banned websites and information outlets for failing to register with the government as an “organizer of information.” The regulator has reportedly required ISPs to block more than two dozen IP addresses associated with Tencent, WeChat’s parent company. Companies that are registered as “organizers of information” are required to comply with a new set of amendments known as Yarovaya’s Law passed last July, including requirements to store users’ metadata and communications content on servers located in Russia, hand over this data at the request of Russian authorities, and assist the government in decrypting encrypted data.
As Freedom House noted in their Freedom on the Net 2016 report, more governments are cracking down on communication apps than ever before. Companies around the world face pressure from governments trying to censor content or conduct surveillance. RDR’s methodology awards credit to companies that report on the requests they receive from governments to block access to online content or to restrict services. It also rewards companies for disclosing that user communications and content are encrypted, and if not, it expects companies to disclose the sharing of user information with government authorities.
