Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.
U.S. Supreme Court to hear Microsoft email case
On February 27, the U.S. Supreme Court is set to hear a landmark case in which the U.S. Department of Justice is seeking to force Microsoft to hand over content of emails stored in a data center in Ireland. The case dates back to 2013 when a New York state judge issued a warrant requesting that Microsoft hand over Outlook email information belonging to a user, who was the subject of a drug-trafficking investigation. While the company agreed to hand over metadata stored in the U.S., it refused to hand over the content of the emails, which are stored in Ireland. If the Supreme Court rules in favor of the U.S. government, it would set a new precedent allowing governments to obtain data stored in other countries.
In July 2016, the U.S. Second Circuit Court of Appeals ruled in favour of Microsoft and quashed the U.S. government search warrant. The U.S. government sought the emails’ content unilaterally, under the Stored Communications Act, instead of submitting a Mutual Legal Assistance Treaty (MLAT) request to Ireland. MLATs are bilateral, multilateral or regional agreements that allow governments to exchange information related to an investigation.
The U.S. government argues that using an MLAT process is “costly, cumbersome and time-consuming,” and is not needed since “the privacy intrusion occurs only when Microsoft turns over the content to the Government, which occurs in the United States.”
Microsoft argues that the emails stored in its data center in Dublin are protected by Irish and EU privacy laws, and the U.S. government should try to obtain the sought-after information using the United States-Ireland MLAT process. More than 250 signatories including leading tech companies, members of Congress, European lawmakers and advocacy groups signed 23 amicus briefs in support of Microsoft.
Companies should disclose information about their process for responding to government requests for user data including their processes for responding to non-judicial government requests and court orders, and the legal basis under which they comply with requests. In addition, companies should publicly commit to push back on inappropriate or overbroad government requests. Companies should also disclose and regularly publish data about these requests including, listing the number of requests received by country and number of accounts and pieces of content affected, and specifying the legal authorities making the requests.
Congolese government cuts internet services
For the second time in less than a month, authorities in the Democratic Republic of Congo cut internet and SMS services ahead of anti-government protests. On January 21, as demonstrators took to the street to protest delayed elections and demand an end to the presidency of Kabila, who remain in power despite his second term officially coming to an end in December 2016, internet and SMS services were cut around 1am local time. The shutdown lasted three days according to activists on the ground. Ahead of protests scheduled on New Year’s Eve, the Congolese government also resorted to shutting down networks for 48 hours. The government can order these restrictions for reasons related to national security or public defense, under the country’s telecommunications law.
Shutting down networks and restricting access to online communications violate human rights. A resolution adopted by the UN Human Rights Council in June 2016 (A/HRC/32/L.20) condemns “measures to intentionally prevent or disrupt access to or dissemination of information online in violation of international human rights law.” While governments should refrain from ordering telecommunications companies to restrict services, companies should be transparent about the circumstances under which they may comply with such orders. They should disclose information about how they handle government network shutdown demands, including under whose authority a shutdown is ordered, so that those responsible can be held accountable. None of the telecommunications companies evaluated in the 2017 Corporate Accountability Index disclosed sufficient information about how they handle government network shutdown demands.
Twitter suspends Russia-linked propaganda accounts
Twitter reports that it suspended 1,062 accounts linked to the Russian government as part of its investigation about alleged Russian interference in the 2016 U.S. presidential election. The accounts are “connected to a propaganda effort by a Russian government-linked organization known as the Internet Research Agency (IRA),” and they were suspended for violating the company’s terms of service by mainly posting spam, Twitter’s Public Policy team said in update about its investigation on January 18.
In total, the company identified 3,814 IRA-linked accounts. Of those suspended, only a few accounts “were restored to legitimate users.”
Companies should be transparent about their process for enforcing their terms and rules by disclosing information such as the types of content or activities they do not allow, the processes they use to identify infringing content or accounts, and whether any government authorities receive priority consideration when flagging content for violating the companies’ terms. Companies should also disclose and regularly publish data about the volume and nature of actions taken to restrict content or accounts that violate their rules. Of the 22 internet, mobile, and telecommunications companies evaluated in the 2017 Corporate Accountability Index, only three published such data.