Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.
After Russia, Iran moves to ban Telegram
The Iranian government has moved to block encrypted messaging app Telegram, following its threats to restrict access to the service. On April 30, the Iranian judiciary issued a directive banning the service and requiring all internet service providers (ISPs) to implement the ban by the end of the day.
On its website, the judiciary cited “propaganda against the establishment, terrorist activities, spreading lies to incite public opinion, anti-government protests and pornography” as the reasons behind the ban, according to the BBC.
Immediately after the directive was issued, Telegram users in Iran started reporting difficulties accessing the service. Apple’s App Store was also blocked in an attempt to ban users from downloading Virtual Private Networks to circumvent the censorship. “Now would be a good time for Apple to develop circumvention technology for their app store, as it appears to be blocked in Iran,” Mahsa Alimardani, the Iran programme officer at Article19 tweeted. “Iranians looking to get new tools for circumventing the #filternet are either left without options or have to turn to risky sideloaded apps.”
The use of Telegram is widespread in Iran, with 45 million users in the country. In response to anti-government protests in December 2017, authorities resorted to blocking and throttling access to the service, which dominates the messaging market app inside the country.
The Telegram ban in Iran comes just two weeks after Russian ISPs started blocking the service for refusing to comply with court demands to hand over encryption keys to Russian authorities. On Monday, thousands demonstrated in the capital Moscow and threw paper planes, the logo of Telegram, in protest of Russia’s ban of the service.
Telecommunications companies should be transparent about their processes for responding to government requests to restrict access to networks or to certain services and platforms. They should disclose information about how they handle government network shutdown demands, including under whose authority a shutdown is ordered, so that those responsible can be held accountable. None of the 10 telecommunications companies evaluated in the 2018 Corporate Accountability Index disclosed sufficient information about how they handle government network shutdown demands. Vodafone was the only company to clearly disclose its process for responding to these types of government demands and to clearly commit to push back against demands when possible. Telefónica was the only company that disclosed the number of shutdown requests it received.
Ride hailing app Careem announces data breach
Dubai based ride-hailing app Careem, which operates across the Middle East, recently announced a data breach affecting 14.5 million riders and drivers. The company said that it learned of the breach, which occurred in December 2017, on 14 January. “Online criminals gained access to our computer systems which hold customer and captain account data,” including customers’ names, email addresses, phone numbers and trip data, Careem explained in a statement. The company added that there was “no evidence” that passwords and credit information were affected, and that it “launched a thorough investigation.” However, Beirut-based digital rights organization SMEX said that information released by the company is “scant.” The company “did not provide more detailed information on what specific steps it has taken or will take to prevent a similar breach from happening again,” the organization wrote in a blog post.
Internet, mobile, and telecommunications companies should clearly disclose how they respond to data breaches, including their processes for notifying relevant authorities and data subjects who might be affected by a data breach, and what kind of steps they take to address the impact of a data breach on users. Only one internet and mobile ecosystem company, Apple, evaluated in the 2018 Index disclosed information about their processes for responding to data breaches. Just three out of 10 telecommunication companies evaluated revealed information about such processes.
Senate democrats to force net neutrality vote
U.S. Senate democrats have been gathering signatures to force a vote to overturn a Federal Communications Committee (FCC) decision repealing net neutrality protections. On May 9, thousands of websites are expected to post “red alerts” for net neutrality ahead of the vote. The campaign run by the battleforthenet.com aims at raising awareness about the vote and calling on constituents to write to their lawmakers to repeal the FCC decision. Although Democrats might win the vote in the Senate, the measure would still need to pass the House of Representatives. If it does, President Trump will likely veto it, the Verge reports.
A free and open internet depends on the ability for all users to have equal access to content and services, which is not possible if ISPs block or delay certain types of content or apps. Telecommunications companies should commit to not prioritize or block certain types of network traffic. As the 2018 Corporate Accountability Index research shows, most of the world’s leading telecommunications companies fall short of making such a public commitment. Of the ten telecommunications companies evaluated, Vodafone was the only company to clearly disclose that it does not prioritize, block, or delay certain types of traffic, applications, protocols, or content for reasons beyond assuring quality of service and reliability of the network.