Archives for October 2017

Telegram faces challenges from Russian authorities, U.S. and EU publish first annual Privacy Shield review, and data breach exposes millions of South Africans’ personal information

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Telegram faces challenges from Russian authorities

Image via Wikipedia

The messaging app Telegram has been fined for refusing to give Russian authorities access to encrypted communications. A Moscow court fined Telegram 800,000 Rubles (around 14,000 USD) after the company refused to turn over encryption keys allowing  authorities to decrypt and access the contents of user communications. In June, Telegram agreed to register as an “information distributor” with Russian communications regulator Roskomnadzor, a requirement under Russian data laws. Telegram founder Pavel Durov said this was a formality and that the company would not share private user data with the government. Durov also said the company would appeal the court ruling.

This case highlights the crackdown on encrypted communications by many governments throughout the world—both through efforts to legislate “backdoors” and law enforcement efforts to break encryption. It is important that companies publicly commit to implement high encryption standards, and advocate and push back against government efforts to undermine encryption. This also highlights challenges that many companies face in dealing with government requests for access to user information. As noted in our 2017 Corporate Accountability Index recommendations, companies should also commit to push back against excessively broad or extra-legal requests, and should use every opportunity available to pressure governments to move away from mass surveillance and institute meaningful oversight over national security and law enforcement authorities.Continue Reading

German telecommunications regulator makes landmark net neutrality decision, Twitter suspension raises questions about rules enforcement, U.S. government revives encryption debate

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

German telecommunications regulator makes landmark net neutrality decision

Photo by fdecomite (Licensed CC BY 2.0)

In a key decision affecting net neutrality in Europe, Germany’s telecommunications regulator has said that Deutsche Telecom’s zero rating program can continue. Zero rating programs allow telecommunications companies to offer certain services for free without counting against a customer’s data cap. Net neutrality advocates say that zero rating undermines the principle of net neutrality, and in some countries, like India, zero rating has been ruled in violation of net neutrality laws. The EU’s net neutrality rules, adopted in 2015, do not prohibit zero rating, and its 2016 implementation guidelines left it largely up to regulators to determine if zero-rated services are permissible. According to ZDNet, Germany’s zero rating decision is the first from an EU regulator since the EU net neutrality rules were implemented, and may influence how other countries approach the issue.

Our Corporate Accountability Index indicator on network management evaluates companies on whether they clearly disclose that they do not prioritize, block, or delay certain types of traffic, applications, protocols, or content for reasons beyond assuring quality of service and reliability of the network. It considers zero rating as a type of traffic prioritization, and look for companies to clearly disclose that they do not engage in such practices. If they do, we look for them to clearly disclose their purpose for doing so. Of the ten telecommunications companies evaluated in the 2017 Index, Vodafone was the only one to receive full credit on this indicator, for clearly disclosing that it does not prioritize, block, or delay certain types of traffic, applications, protocols, or content for reasons beyond assuring quality of service and reliability of the network.Continue Reading

Google and Apple report increase in user data requests from U.S. government, new German law imposes steep fines on social media companies, EU-US data transfer case referred to EU high court

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Google and Apple report jump in U.S. government requests for user data

U.S. Department of Justice (Image via Wikipedia, licensed CC BY-SA 3.0)

Google and Apple both report a significant increase in U.S. government requests to hand over user information, according to the companies’ latest transparency reports covering a six-month period from January to June 2017. Apple reported an increase in U.S. government requests for user information, affecting 6,407 accounts, a 62 percent increase compared to the previous six-month period. Google reported that requests from U.S. government authorities for user data affected more than 33,000 accounts, a 23 percent increase. Both companies also reported an increase in government requests worldwide.

Internet and telecommunication companies often receive requests from governments to restrict content and to hand over user information. As noted in the Index, companies should publish information about their process for handling such requests, as well as the number of they receive and comply with. Companies should also disclose that they push back on overly broad requests so that the public can make informed decisions about potential freedom of expression and privacy risks associated with products and services they use. In the 2017 Corporate Accountability Index, although 15 of the 22 companies evaluated published some information on their processes for responding to government requests for user information, only 11 published any data about these requests.Continue Reading