Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.
German telecommunications regulator makes landmark net neutrality decision
In a key decision affecting net neutrality in Europe, Germany’s telecommunications regulator has said that Deutsche Telecom’s zero rating program can continue. Zero rating programs allow telecommunications companies to offer certain services for free without counting against a customer’s data cap. Net neutrality advocates say that zero rating undermines the principle of net neutrality, and in some countries, like India, zero rating has been ruled in violation of net neutrality laws. The EU’s net neutrality rules, adopted in 2015, do not prohibit zero rating, and its 2016 implementation guidelines left it largely up to regulators to determine if zero-rated services are permissible. According to ZDNet, Germany’s zero rating decision is the first from an EU regulator since the EU net neutrality rules were implemented, and may influence how other countries approach the issue.
Our Corporate Accountability Index indicator on network management evaluates companies on whether they clearly disclose that they do not prioritize, block, or delay certain types of traffic, applications, protocols, or content for reasons beyond assuring quality of service and reliability of the network. It considers zero rating as a type of traffic prioritization, and look for companies to clearly disclose that they do not engage in such practices. If they do, we look for them to clearly disclose their purpose for doing so. Of the ten telecommunications companies evaluated in the 2017 Index, Vodafone was the only one to receive full credit on this indicator, for clearly disclosing that it does not prioritize, block, or delay certain types of traffic, applications, protocols, or content for reasons beyond assuring quality of service and reliability of the network.
Twitter suspension raises questions about rules enforcement
Twitter’s terms of service enforcement policies are once again in the spotlight, after actress Rose McGowan was suspended from the service after tweeting about sexual assault allegations aimed at Hollywood producer Harvey Weinstein. According to Twitter, McGowan’s account was locked because one of her tweets included a screenshot with the private phone number of an individual, which violates the platform’s rules. However, the move was criticized by some users, including by those who claim they reported harassment and accounts that published their private information that went unpunished.
The issue highlights the need for internet and telecommunications companies to be transparent about what their rules are and how they are enforced. Companies should clearly disclose the circumstances under which they can restrict content or a user’s account and their processes for enforcing these rules. Companies should also publish detailed data about the volume and nature of content and accounts they restrict due to terms of service violations, so that users can understand the enforcement process. In the 2017 Corporate Accountability Index, all 22 companies evaluated published at least some information about what types of content and activities are prohibited according to their terms of enforcement policies, but only three provided any data about what types of content and the number of accounts they restrict for violations these rules.
U.S. government revives encryption debate
In a speech on October 10, U.S. Deputy Attorney General Rod Rosenstein criticized U.S. tech companies that offer strong encryption and indicated the U.S. government is preparing to revive the policy debate about government access to encrypted communications, otherwise known as “backdoors.” This debate occurred in the 1990s, and more recently, in a showdown in 2016 between the Federal Bureau and Investigations (FBI) and Apple over access to an iPhone that belonged to a gunman who carried out the 2015 mass shooting in San Bernardino, California. Governments of other countries, such as the UK and Australia, have also recently suggested that companies should be compelled to allow government access to encrypted communications.
Computer science experts and privacy advocates warned that allowing government access to user communications would fundamentally weaken a service’s encryption and undermine the security and privacy for all users. As noted in the 2017 Index, governments should not enact laws or policies that undermine strong encryption, and where permitted by law, companies should publicly commit to implement the highest encryption standards available. If the law prohibits strong encryption, companies should clearly disclose this to users, explaining the specific legal barrier and the potential consequences for user privacy and safety.