Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.
Turkey tightens internet controls
Lawmakers in Turkey have adopted new measures that further tightens the government’s control over the internet. A new law adopted on March 21 will require video-streaming services and media or websites broadcasting through the internet to obtain a license from the country’s broadcasting regulator, RTÜK.
A protest against internet censorship in Istanbul, Turkey in May 2011. Photo credit: Erdem Civelek [CC BY 2.0] via Wikimedia Commons.
If a service does not secure a license, courts would order ISPs to block that service. Courts would also be able to request “broadcasters” to remove content deemed “illegal.”
The law is also expected to apply to video platforms hosting user-generated content, like Youtube, or platforms that allow users to host live video streams, like Facebook and Periscope.One RTÜK member said that “there’s little difference between what YouTube does and some of the video streaming services that will be subject to the new law.” Reporters Without Borders noted in a statement that such platforms have been used by “many censored media outlets to circulate their content.”
This is the latest move by the Turkish government to crack down on internet freedom. The 2017 Freedom on the Net report by Freedom House rated the country’s internet environment as “Not Free.” The Turkish government often resorts to blocking or throttling social media platforms and instant messaging apps. Thousands of websites, including Wikipedia, news sites, LGBT-related websites, and VPN services are blocked. The country’s authorities recently banned the encrypted email service ProtonMail, and they are reportedly considering “solutions” to block VPNs.
In addition, Turkish authorities are notorious for pressuring social media platforms to comply with their requests to remove content, often threatening to block them. For example, during the first half of 2017, Turkey made 2,710 content removal requests to Twitter, topping the list of countries making such requests.
Internet and telecommunications companies should be transparent about how they handle government requests for content restrictions, and publish data about the number of requests received, the number they complied with, and the types of subject matter associated with these requests. Most companies evaluated in the 2017 Corporate Accountability Index lacked transparency about how they handle government requests to restrict content or accounts, and did not disclose sufficient data about the number of requests they received or complied with, or which authorities made these requests.
Companies should also notify users when they restrict content. Services that host user-generated content should notify those who posted the content, and users trying to access it. The notification should include a clear reason for the restriction. The 2017 Index found that companies do not disclose sufficient data about their user notification policies when they restrict content or accounts.
FTC confirms Facebook is under investigation
The U.S. Federal Trade Commission has confirmed that it is investigating the ‘’privacy practices’’ of Facebook in relation to the Cambridge Analytica revelations. According to these revelations, data of an estimated 50 million of the platform’s users was harvested without their consent. In 2014, a researcher at the University of Cambridge developed a personality quiz app that collected data from 270,000 users. The app also enabled the researcher to collect data about those in the friend networks of the quiz respondents without their knowledge. According to reports, the developer then sold the data to data mining firm Cambridge Analytica, which used the data to build detailed profiles of American voters and target them with pro-Trump political ads.
The FTC is investigating whether the company engaged in “unfair acts that cause substantial injury to consumers,” Tom Pahl, acting director of the FTC’s bureau of consumer protection said in a statement. In 2011, Facebook agreed to a settlement barring it from sharing users’ data without their consent. If found in violation of that settlement, the FTC could fine Facebook $40,000 for each of the 50 million users which would amount to trillions of dollars of fines, The Guardian reports.
Internet, mobile, and telecommunications companies should be transparent about what user information they share, with which parties and for what purposes. Companies should also give users options to control how their information is collected and used for targeted advertising. Companies evaluated in the 2017 Corporate Accountability Index did not disclose enough information about such options. Facebook disclosed less about these options than any of the other 12 internet companies evaluated. The company did not disclose options allowing users to control the company’s collection of their user information, and how their information is used for targeted advertising.
Dropbox pledges not to prosecute external security researchers
File hosting service Dropbox has updated its Vulnerability Disclosure Policy (VDP) to include a “clear statement” welcoming external security research and a commitment not to “initiate legal action for security research conducted pursuant to the policy.”
Internet, telecommunications, and mobile ecosystem companies should be transparent about how they address security vulnerabilities discovered by external security researchers. Companies should disclose mechanism through which researchers can report such vulnerabilities and specify the timeframe within which they will review such reports. They should also commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company’s reporting mechanism. The 2017 Corporate Accountability Index found that companies do not reveal sufficient information about these policies. Two out of 12 internet companies evaluated by the Index did not reveal any information, while 10 companies revealed some information. Among the 10 telecommunications companies evaluated, only AT&T and MTN revealed some information.
