The RADAR: How is Big Tech doing on encryption?

Share Article

London street art. Photo by Annie Spratt. Free to use under Unsplash license.

This is the RADAR, Ranking Digital Rights’ newsletter. This special edition was sent on October 21, 2021. Subscribe here to get The RADAR by email.

Since the Wall Street Journal’s release of the Facebook Files and the subsequent debut of whistleblower Frances Haugen in the public conversation, we’ve seen a lot of pushback from Facebook. Company executives have claimed that Haugen didn’t have sufficient knowledge about the practices she brought to light, argued that the WSJ series “mischaracterized” Facebook’s approach, and attacked a network of journalists working on a series of follow-up reports drawing on the documents.

The company can obfuscate and deflect as it wishes, but the data Facebook is willing to release—and that which it keeps private—speaks for itself. Companies often wax poetic about the social and commercial benefits that they bring to people and businesses, but when it comes to their concrete effects on people’s lives and rights, policies and practices are what actually count. That is what RDR is here to measure. Although we have a strong focus on company policies, which establish a baseline for what they say they will do, we also ask companies to publish concrete evidence of their practices, with things like transparency reports.

Last week, we “cross-checked” Facebook, comparing company statements and policies with the Haugen revelations, and with our own data and findings since 2015. Again and again, we see that in areas where Facebook is most opaque about its practices, such as targeted advertising and use of algorithms to enforce ad content policies, the hard evidence laid out by Haugen and other whistleblowers like Sophie Zhang paint a troubling picture of how the company treats its users. As Haugen told the U.S. Congress a few weeks ago, profits do take priority over the public interest at Facebook.

Read “Cross-checking the Facebook files” →

If Facebook’s decisions are mainly driven by profit, then we need to follow the money. Facebook’s earnings reports show that at least 98% of the company’s revenue comes from advertising, and we know that ad sales on Facebook are driven by the company’s vast data collection machine. That’s why we’ve joined Fight for the Future’s call on Congress to pass federal privacy legislation. We hope our friends and allies will consider doing the same.

See our 2020 report card for Facebook →

RDR’s 2020 encryption scores for digital platforms. See full results.

State and corporate eyes are still watching us. So let’s encrypt!

Happy Global Encryption Day! At RDR, we push companies to encrypt user communications and private content so that users can control who has access to them. In our 2020 research, we found that some of the world’s biggest companies still have a very long way to go on encryption.

Since 2015, we’ve evaluated companies’ use of encryption by looking for evidence that they encrypt the transmission of user communications by default and using unique keys. We also look for evidence that the company allows users to secure their private content using end-to-end encryption, or full-disk encryption (where applicable), and ask if these things are enabled by default. The chart above shows digital platforms’ scores on our encryption indicator from 2020.

We observed a steep decline in encryption standards for the Russian companies that we evaluate, Yandex and Mail.Ru, owing to proposed regulations that would limit its use. While Mail.Ru (owner of VKontakte) never had especially strong practices in this area, search engine leader Yandex distinguished itself on encryption in years past, out-performing Google, Facebook, and Microsoft as recently as 2019.

Of course private companies like the ones we rank are only part of the equation. Companies specializing in surveillance software continue to reap huge profits from sales to government agencies that target legitimate criminal activity, but also people like activists and journalists who are working to hold their governments to account. Thanks to years of research by groups like The Citizen Lab and Amnesty International, and the more recent revelations around the broad-based use of NSO Group’s Pegasus software, there is more hard technical evidence in the public domain than ever before of how these technologies are used and who they harm.

This week, we are proud to support a letter to the U.N. Human Rights Council pushing members to mandate independent investigations of the sale, export, transfer, and use of surveillance technology like Pegasus. We also join civil society groups around the world, in a campaign organized by the Internet Society, to call on both governments and the private sector to enhance, strengthen, and promote use of strong encryption to protect people everywhere.

Global investors are calling on tech companies to implement our recommendations

A group of global investors with more than $6T in assets called on the 26 tech and telecom companies we ranked in the last RDR Corporate Accountability Index to commit to some of our high-level recommendations. In concert with our report, the Investor Alliance for Human Rights brought together nearly 80 investor firms to support this effort. The group calls on companies to:

  • implement robust human rights governance;
  • maximize transparency on how policies are implemented;
  • give users meaningful control over their data and data inferred about them;
  • and account for harms that stem from algorithms and targeted advertising.

RDR Media Hits

Tech Policy Press: Will creating third-party recommender systems or “middleware” solve content problems on Facebook? At a recent symposium hosted by Tech Policy Press, featuring Daphne Keller, Francis Fukuyama, and moderated by Richard Reisman, RDR Senior Policy and Partnerships Manager Nathalie Maréchal explained why she’s not convinced. Alongside the numerous privacy-protection pitfalls with third-party recommender systems, this solution doesn’t address the core issue at hand: the surveillance capitalism business model. Read the transcript at Tech Policy Press.

MIT Tech Review: RDR Projects Director Ellery Biddle spoke with the Tech Review’s Karen Hao about the viability of Facebook whistleblower Frances Haugen’s proposal to regulate algorithms by creating a carve-out in Section 230 of the Communications Decency Act. In short, she says we’ll need a lot more transparency around algorithms before we can look to solutions like this one. Read via MIT Tech Review.

The Logic: The Government of Canada’s proposed online harms bill is “unworkable,” according to RDR’s Maréchal. She offered key points from RDR’s comments on the bill, in an interview with The Logic, a Canadian publication covering the innovation economy. Read via The Logic (paywalled).

National Journal: Maréchal also spoke with the National Journal to push back on Rep. Pallone’s proposed bill to reform Section 230, saying that the bill “falls into the same trap of all the other well-intentioned 230 bills.” Pointing to the experience of sex workers in the wake of SESTA/FOSTA carve-outs, Maréchal asserted that the carve-outs often lead to companies erring on the side of mass removals of content posted by users, forcing marginalized individuals off the internet. Read via National Journal.

Events

UCLA Institute for Technology, Law & Policy | Power and Accountability in Tech
November 5 at 4:00 PM ET | Register here

RDR Director Jessica Dheere joins UCLA’s week-long conference examining corporate power, multi-stakeholder engagement, and solutions to uphold human rights. Jessica will speak on a panel alongside Nandini Jammi, co-founder of Check My Ads; Lilly Irani, associate professor of Communication and Science Studies at UC San Diego; and Isedua Oribhabor, business and human rights lead at Access Now.

UCLA Institute for Technology, Law & Policy | Transparency and Corporate Social Responsibility
November 17 at 3:00 PM ET | Register here

RDR Senior Policy and Partnerships Manager Nathalie Maréchal will join UCLA professor Lynn M. LoPucki and SASB Standards Associate Director of Research Greg Waters to discuss the importance of transparency for accountable corporate governance in the tech sector.

Highlights

A decade of tech accountability in action

Over the last decade, Ranking Digital Rights has laid the bedrock for corporate accountability in the tech sector by demanding transparency from both Big Tech and Telco Giants.

RDR Series:
Red Card on Digital Rights

A story of control, censorship, and state surveillance during the FIFA World Cup in Qatar

Related Posts

Sign up for the RADAR

Subscribe to our newsletter to stay in touch!