Russia moves forward with banning anonymous use of messaging apps, Australian government sets its sights on encryption, and research finds majority of apps share user data with third parties

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights that highlights key news related to tech companies, freedom of expression, and privacy issues around the world.

Russian legislature considering banning anonymous use of messaging apps

Identity policy scores from the 2017 Corporate Accountability Index

Russian lawmakers are discussing a bill that would ban anonymity on certain messaging apps. If passed, the law would require users to verify their identities using their mobile phone number, and services that continue to allow anonymous users could be fined or blocked. Russian law requires telecommunications companies to verify the identities of their subscribers; mobile phone numbers are therefore directly linked to an individual’s offline identity. In a similar move against online anonymity, Russian lawmakers also recently submitted draft legislation to ban Virtual Private Networks (VPNs) and other internet anonymizers that allow internet users to access blocked content.

The ability to communicate anonymously is essential to ensuring freedom of expression. The 2017 Corporate Accountability Index evaluates if companies disclose whether they require users to verify their identity with a government-issued identification or with other forms of identification that could be connected to their offline identity. Our research showed that 10 of 12 internet and mobile companies disclosed a policy requiring users to verify their identity as a condition of using at least one of the company’s services evaluated. Of the two Russian companies, Yandex disclosed that it may require users to verify their identities for all services, while Mail.Ru disclosed this requirement for one of its services.

As noted in our recommendations, governments should respect the right to anonymous online activity as central to freedom of expression, privacy, and human rights, and refrain from requiring companies to document users’ identities when it is not essential to the provision of service.

Australian government suggests plans for greater access to encrypted communications

The Australian government announced it is considering legal measures that would place greater obligation on companies to assist authorities in decrypting user communications. Prime Minister Malcolm Turnbull called for stronger cooperation between tech companies and authorities to fight extremism, so that “terrorists and organized criminals are not able to operate with impunity in ungoverned digital spaces online.” The Australian government said it plans to raise this issue with the other members of the Five Eyes intelligence network (the U.S., UK, Canada, and New Zealand), during the group’s next meeting later this month.

As highlighted in the 2017 Corporate Accountability Index, governments should not adopt measures to undermine encryption. Strong encryption is vital not only for human rights, but also for economic and political security, and technical experts note that weakening encryption creates significant risks to privacy and security.

Research finds majority of apps share user data with third parties

According to researchers at UC Berkeley and IMDEA Networks Institute, more than 70% of apps share user data with third-party services. Once users give an app permission to access their data, app developers can share this with third-party companies, potentially without the user’s knowledge or consent, according to the research. And if different apps use code from the same third-party software library, these software library developers may be able to aggregate user information from different apps to build detailed user profiles.

These findings are based on data collected through an Android app called the Lumen Privacy Monitor, which allows users to monitor what information the apps they have installed are collecting, and with whom it is being shared. The app, after obtaining user consent, also shares non-personal data with researchers about the scope of data being collected and shared.

Of the three mobile ecosystem companies (Apple, Google, and Samsung) evaluated in the 2017 Corporate Accountability Index, none disclosed that they evaluate whether the third-party apps offered in their app stores disclose what information they share with other third-parties, and with whom they share it.

Leave a Reply