London protest. Photo by G. Miessi, licensed for reuse (CC BY-NC-ND 2.0)
This is the RADAR, Ranking Digital Rights’ bi-monthly newsletter. This edition was sent on December 10, 2020. Subscribe here to get The RADAR by email.
In 2020, we’re marking International Human Rights Day by looking back on a very special protest chant. It went like this: “Fuck the algorithm! Fuck the algorithm!”
Last August, this was the refrain among students and parents gathered outside the U.K. Department for Education in London to voice their anger over a government decision to issue end-of-year secondary school grades using an algorithm, after students were unable to sit for final exams due to the COVID-19 pandemic. When Ofqual, the government department that regulates qualifications and exams in England, published the data behind the algorithm, it was plain to see that it carried a bias against high-performing students at schools with historically lower test scores, thereby reducing these students’ prospects for university admission.
This loud and certain public response, and its keen focus on the algorithm itself, signals an inflection point in public awareness of the potential harms of technologies that try to predict who we are and what we want. Digital rights advocates, technologists, and researchers are no longer the only people who understand the problems that arise when our rights are determined (or denied) by technologies that are built without basic measures of accountability to the public. The people most affected by these technologies have raised their voices in 2020, and they have been heard.
While students in the U.K shouted “fuck the algorithm,” Black Lives Matter protesters in the U.S. demanded that local governments suspend their use of facial recognition technologies—including software built by two companies we rank, Amazon and Microsoft. Although researchers showed compelling evidence in 2019 that Amazon’s Rekognition software wrongly identified women and people with dark skin at alarmingly high rates, it wasn’t until this summer’s Black Lives Matter protests that Amazon, alongside Microsoft and IBM, vowed to stop selling this software to law enforcement, at least temporarily. And despite the specter of COVID-19, people around the world are wary of contact-tracing apps, in many cases deciding that their privacy rights are not worth trading for the unproven promises of these move-fast solutions.
As we look back at big wins and losses for human rights in 2020, this feels like something to celebrate. Tech companies can no longer operate without worrying about how their actions will be judged by the public. The barriers that have guarded against public scrutiny of new technologies seem to be crumbling.
In our work at RDR, we see evidence of this in several places. Facebook’s long-awaited Oversight Board finally launched and the group announced its first set of cases for review just last week. A few days later, Twitter posted an open call for comments on its process for assigning “verified” status to high-profile users—we tweeted a few thoughts on this. And two leading companies in the RDR Index, MTN and Yandex, released transparency reports for the very first time.
Transparency graphic by Access Now, licensed for reuse (CC BY 4.0)
‘Tis the season for transparency?
South African telco MTN’s report came on the heels of an open letter to new CEO Ralph Mupita, written by Access Now and signed by allies including RDR, pushing for the company to adopt stronger human rights practices. In a blog post for Access Now, Isedua Oribhabor and Berhan Taye called the report a milestone, but pointed to many more steps MTN can take to truly champion transparency.
Russian tech giant Yandex also released its first transparency report in late October. RDRʼs company engagement lead, Jan Rydzak, acknowledged the move, but said the company still has a long way to go to better safeguard and respect users’ human rights
Apple responded to our open letter!
Apple’s global head of privacy, Jane Horvath, responded to our call for the company to implement critical privacy protections and also took an unprecedented swipe at Facebook’s ad-targeting practices. In our October letter to Apple CEO Tim Cook, signed by several partners, including Amnesty International, Human Rights Watch, and the Electronic Frontier Foundation, we urged Apple to implement long-awaited anti-tracking measures initially promised as part of iOS 14 and later delayed to 2021. As noted in our letter, this move left many users vulnerable to surveillance and harmful disinformation during the ongoing COVID-19 pandemic and in the critical weeks leading up to the 2020 U.S. election.
In her response, Horvath offered a detailed breakdown of the different layers of privacy and data collection that can occur in the mobile ecosystem and acknowledged that “tracking can be invasive and even creepy.” She also took Facebook executives to task, saying that they “have made clear that their intent is to collect as much data as possible across both first and third party products to develop and monetize detailed profiles of their users…”
This letter is a big win for the RDR team as we continue to push companies including both Apple and Facebook to be accountable to users across the globe and uphold the universal right to privacy. Read more about our letter and Apple’s response in the Guardian, Yahoo Finance, Bloomberg, and Fast Company.
COMING SOON: THE 2020 RDR INDEX!
Mark your calendar: The next RDR Corporate Accountability Index will launch on February 24, 2021! For the first time, we’ll be ranking companies on what they say publicly about how they build and use algorithms and ad-targeting systems. And we’ll be adding two new companies to our roster, Amazon and Alibaba. Read more about the forthcoming RDR Index
Evaluating Iranian chat apps with RDR’s methodology
Our rankings inform research and advocacy all around the world and our methodology is public—so anyone can use it! At a virtual event last month, our colleagues at Taraaz and Filterwatch used our methodology to analyze popular local messaging apps in Iran and evaluate their companies’ commitments to privacy and freedom of expression. At a recent virtual event hosted by Small Media, RDR Research Analyst Afef Abrougui and RDR Director Jessica Dheere discussed the findings with lead researchers Roya Pakzad and Melody Kazemi along with Kaveh Azarhoosh and UC Irvine’s David Kaye.
Learn about our other partnerships, or reach out to info@rankingdigitalrights.org if you’d like to talk with us about using our methodology!
Watch: Replay of Digital Rights & Technology Sector Accountability in Iran hosted by Filterwatch and Taraaz.
Pings: RDR events and activities in brief
Global Conference for Media Freedom: RDR Director Jessica Dheere moderated a star-studded panel, including Estonian Foreign Affairs Minister Urmas Reinsalu, UN Special Rapporteur on the promotion and protection of the right to freedom of expression and opinion Irene Khan, Folha de S. Paulo journalist Patrícia Campos Mello, Internet Sans Frontieres’ Julie Owono, BuzzFeed’s Craig Silverman, and Facebook’s Miranda Sissons. Watch the replay.
Bread and Net 2020nline: RDR Research Analyst Afef Abrougui spoke with Wafaa Heikal on how digital rights organizations in the Arab region can keep large tech companies—namely Etisalat and Ooredoo, both of which we evaluate—accountable to their users.
IGF 2020: RDR Editorial Director Ellery Biddle kicked off RDRʼs participation in the IGF with a session of the Dynamic Coalition on the Sustainability of Journalism and News Media, presenting key findings from our It’s the Business Model report series. Later in the program, RDR researchers Afef Abrougui and Jan Rydzak co-led a very 2020 session on how companies respond to crisis.
The Scan: What we’re reading (and buying)
From the RDR team, we wish you a restful and safe end of 2020! You’ll find us back in your inbox on February 18 with a sneak peek at our 2020 RDR Corporate Accountability Index. Until then, keep an eye on our latest ideas and activities on Twitter
Put us on your radar! Subscribe to The RADAR to receive our newsletter by email.
Photo by Petr Kratochvil (CC0)
With rampant fears of digital disinformation about the U.S. presidential election and COVID-19 making the rounds, U.S. lawmakers from both parties are seeking to restrict the targeting of political ads online. Legislators like Anna Eshoo, Josh Hawley, and David Cicilline are pushing bills that would tackle ad targeting on platforms like Facebook and YouTube.
We know these and other companies’ algorithms feed users the most attention-getting content, even when it is misleading, hateful, or otherwise harmful to human rights—our spring 2020 report series, It’s the Business Model, looks at this in depth. But by focusing mainly on digital platforms, legislators let a very important player off the hook: U.S. telecommunications companies.
Telecommunications companies (telcos) like AT&T (ranked by RDR), Sprint, Comcast, and Verizon* offer customers different combinations of voice, text, broadband, and cable TV service. This means that they also have the ability to collect and combine customers’ data from multiple streams.
If I subscribe to a bundle of services from AT&T, the company can collect, combine, and correlate data from my internet browsing history, my TV-watching habits, and the infinite riches of my mobile phone activity and location data. On top of all this, AT&aT has my home address and billing information—valuable pieces of data that suggest a lot about what demographic groups I belong to.
Telcos’ access to demographic data allows them to bring a unique level of precision to their calculations about customers’ interests. In the digital advertising world, this information doesn’t just benefit telcos—it can benefit a whole ecosystem of actors (including advertising companies, ad networks, and digital platforms themselves) who want to target specific groups of people with specific interests.
In the 2020 RDR Corporate Accountability Index (due out in February 2021), we will rank digital platforms and telcos on a new set of indicators measuring corporate policies and practices around targeted ads. We apply these indicators to every company we rank that engages in or enables any type of ad targeting, and to every company that shares or sells user data and insights to third parties for any type of advertising or sponsored content.
In our last post, we explained why we decided to apply these standards to both digital platforms and telcos. Here, we’ll get into some of the ways telcos are claiming a piece of the targeted advertising pie.
Selling ads on cable TV
Telcos have long used demographic data to entice advertisers. On cable TV, while television networks claim most of the advertising slots, providers (like Comcast) get a few minutes of ad time per hour as well. Since the 1980s, cable providers have been able to increase the price they charge advertisers for those meager slots by geographically targeting the ads by postal code.
Today, mirroring the techniques of digital platforms like Facebook and YouTube, some telcos are beginning to let advertisers target cable ads on a much more granular level. Telcos are taking into account what they know about each household, based on data they collect from people’s internet behavior, mobile activity, and TV-watching habits. Telcos then target ads accordingly. This means that even if my neighbor and I are both watching Trevor Noah’s show on Comedy Central, we may see different ads during the commercial breaks.
Cable companies Comcast, Charter, and Cox have a partnership called Ampersand under which they synthesize user data in order to target TV ads. They added significant new ad-targeting capabilities—including letting advertisers target on the level of individual households instead of zip code—in time for the ad spending period leading up to the presidential election. For viewers, new systems like this are making the cable TV ad experience feel closer to what happens online. We’re seeing fewer ads for things we’d never buy, but having more of that uncanny feeling of being followed by advertisers who seem to know a lot about our interests.
While there are stronger transparency requirements for ads on television, targeted advertising on cable still could exacerbate the same problems that it has inflamed on social media: misinformation, polarization, and further fracturing of the public sphere.
Selling demographic data for the online targeted-advertising ecosystem
Telcos also sell user data to other players in the targeted-ad market when this proves more profitable than simply using it in-house. While some telcos sell user data outright (as T-Mobile, Sprint, and AT&T were caught doing with location data in the U.S.) others, like Verizon, sell “insights” based on user data. The “first party data” in telcos’ coffers can include mobile users’ location data and internet browsing history.
However, for online advertisers, the most important data from telcos is often their mundane but exceptionally accurate demographic data.
Precise demographic data, such as postal code and income level, adds an incredibly potent ingredient to the digital profiles that are used to target consumers, and can thus compound the very real problems that targeted advertising creates. While advertising companies may be able to target a political ad at certain users based on their online behaviors, they can do this much more precisely when they have users’ demographic data on hand.
Online advertisers and digital platforms often cannot directly access accurate and precise demographic data about users. This means that telcos are providing the industry with the much-needed “truth set” that demographic data represents. When combined with other data collected from data brokers and internet companies surveilling users’ online behavior, the “truth set” provided by telcos can anchor and enhance the value of data collected and inferred by these other actors. As such, telcos are helping online platforms increase their already unprecedented concentration of information and the power that comes with it.
To give an example, I live in a densely populated area of Washington, D.C. Before COVID came along, I either rode my bike or took the Metro to work every day. My mobile provider, AT&T, could probably glean these patterns by combining my location data (which would reveal my frequent Metro rides), my browsing behavior (indicative of my age and interests, like bike-riding), and my address. This would explain why, on the web, I’m less likely to see car ads, and more likely to see ads for Lyft or a local bikeshare. Most TV-based ads are still targeted nationally, by zip code. But when telcos can’t do the targeting themselves, they are more than happy to sell user data to the online advertisers who can take the final leap to targeting specific individuals as they browse the web.
It doesn’t end there. Many telcos also plug their data into parts of the internet-based targeted advertising “stack,” as AT&T has done with its Xandr advertising subsidiary. But, as our research has shown, telcos are hesitant to clearly describe these activities to the public, making it difficult to hold them accountable for these practices.
In European Union countries, the General Data Protection Regulation (GDPR) provides some privacy protection not just against Google and Facebook’s use of data, but against that of telcos as well. But the United States is still struggling to pass such a law.
Convergence…towards what?
This correlation of personal data collected by telcos and digital advertising companies as customers use different services leads to what people in advertising call “convergence”—the ability of an advertiser to use all these data streams to capture audiences “across screens.”
The involvement of telcos is a key driver of this convergence because it brings otherwise inaccessible demographic data streams into the targeted-ad world. When it comes to political campaigns, these systems can enable candidates to ensure that voters see the same messages—misleading and hateful ones included—on every device they own, no matter what services they are using.
We’ve begun evaluating telecommunications’ companies targeted-advertising policies because we worry that the targeted-ad practices of telcos are no less harmful than those used by digital platforms like Google and Facebook.
As the movement to constrain targeted advertising gains momentum, advocates must look more critically at the role that telcos play in this milieu. Wherever it emerges, it is the targeting-advertising business model, more than anything inherent about social media in particular, that is driving many of the problems in our public sphere and that could undermine the integrity of next week’s elections in the U.S.
*Ranking Digital Rights evaluates Verizon Media, which owns Yahoo! Mail and Tumblr. We do not evaluate Verizon’s telecommunications services.
“Digital Marketing” by Wichai Wi from the Noun Project. (CC BY)
Last month, AT&T announced that it may soon roll out a new, low-cost mobile internet plan subsidized by advertising. This came as no surprise to the RDR research team: We’ve been tracking telecommunications companies’ steady push into the mobile ad market for nearly two years.
In the 2020 RDR Index (due out in February 2021), we will rank telcos and digital platforms on a new set of indicators measuring corporate policies and practices around targeted ads.
This move by AT&T is part of an industry-wide trend by telcos to jump into the digital ad market that up to now has been dominated by digital platforms like Google and Facebook. All of the telecommunications companies we rank have ventured into the mobile ad market, tapping into the troves of data and insights they have on their customers in an effort to compete with digital platforms for a slice of the lucrative digital advertising pie.
While digital platforms have been in the much-deserved hot seat for building a business model that trades on user data for profit, telcos thus far have slid under the radar for cashing in on this very same model.
Telcos profit from this data in a variety of ways, only some of which are known to the public. We know that they serve ads to their subscribers via SMS networks, and that they sell user data to third-party ad companies that can influence what kinds of ads subscribers might see on other digital platforms or apps. And we suspect that AT&T’s proposed plan would compound this issue by effectively putting a price on privacy, leaving low-income consumers likely to opt for a mobile plan that subjects them to additional targeted advertising.
All told, we worry that the targeted advertising practices of telcos are no less harmful than those used by digital platforms like Google and Facebook.
For these and other reasons, our new research indicators on targeted advertising are industry-agnostic: We apply them to every company we rank that engages in or enables any type of targeting, and to every company that shares or sells user data and insights to third parties for any type of advertising or sponsored content.
Yet some of the telcos we rank have pushed back on our approach. When we’ve asked for their feedback on our preliminary research, some company representatives have argued that RDR should not evaluate telcos on our targeted advertising indicators—at least not in the same way as digital platforms. They say their SMS-based ad services are more limited in scale and fundamentally different in substance—and less risky, from a human rights perspective—than the kind of ad targeting that is happening on social media and other digital platforms.
The implication is that they are engaged in a more benign form of ad targeting that simply connects commercial retailers with potential customers through SMS-based ads that market footwear or face cream, for example. But they aren’t telling us precisely how ads are bought and sold, or how users’ data is changing hands along the way. We don’t know what we don’t know. But we do know the devil is often in the details.
We recognize that targeting a group of users who might be interested in buying new running shoes is not the same thing as targeting a segment of the population with political messages that could influence who people vote for. But the road from commercial advertising to political disinformation is pretty short: Just ask Facebook, which originally jumped into the online ad game to serve as a platform for retailers and is now one of the planet’s dominant vehicles for political messaging and targeting—with all the problems that this has brought. Indeed, for political campaigns, SMS messaging is gaining ground in the U.S., and has been a major force in other countries like India for the past few years.
Perhaps even more important is the fact that most telcos today are not simply offering SMS-based ads to commercial marketers. They are also selling or sharing user profiles and data with other parties. Data brokers, ad networks, and even political operatives then use that information to target specific individuals with personalized ads on other platforms and around the web. These practices could incur significant harms, putting users’ human rights at risk.
For all these reasons, we expect digital platforms and telcos alike to conduct human rights risk assessments on how their targeted advertising policies could harm the right to information, the right to privacy, and how they could be discriminatory—and to take steps to mitigate those harms. We expect companies to clearly disclose what types of ad targeting is not permitted—including listing restrictions against using certain audience categories, like race, gender, or political affiliation. We expect companies to offer users the ability to opt-in to whether they are targeted at all—targeting should be off by default—and we expect companies to give users the ability to control how their data is being used and shared with any third party that can exploit that information for targeting purposes.
When we pilot tested our indicators on targeted advertising last spring, we even found that telcos are far less transparent about these policies than digital platforms—and yet the human rights risks of their targeted advertising practices are equally grave. These initial findings affirmed our position that telcos need to be held to the same transparency and accountability standards about their targeted advertising policies and practices as digital platforms.
The Apple Store in Hong Kong. Photo by Robert Pastryk via Pixabay, labeled for reuse.
This is the RADAR, Ranking Digital Rights’ bi-monthly newsletter. This edition was sent on October 9, 2020. Subscribe here to get The RADAR by email.
As the U.S. general election approaches, digital disinformation and targeted political ads are fueling debates among policymakers and politicians of all stripes.
At RDR, we’re looking closely at what drives these things—chiefly, big tech companies’ pervasive collection of user data. While Facebook and Google are front and center in the public conversation, they aren’t the only players deciding the fate of our digital data.
For iOS users, Apple holds plenty of power too. We were heartened this past summer when the company announced plans to roll out a suite of anti-tracking measures for iOS 14, marking a big win for user privacy. The widespread corporate practice of tracking users’ online activity without their informed consent violates the fundamental human right to privacy, and enables data-driven discrimination.
But soon thereafter, app developers and major companies—Facebook among them—began complaining that the changes would put a dent in their advertising revenues. In September, Apple decided to postpone the changes until 2021, leaving iOS users vulnerable to tracking during this critical time.
This week, we published a joint letter urging Apple CEO Tim Cook to implement the anti-tracking measures immediately. Human Rights Watch, Amnesty International, the Electronic Frontier Foundation, and other leading NGOs were among the signatories. We closed the letter arguing that “implementing and fully enforcing this policy would position Apple as a standard-setter in the industry.”
And we know that Apple wants to be exactly that. In September, the company made headlines with its first-ever explicit commitment to uphold human rights across its operations, from policies for users to its hardware supply chain. This was big news, especially coming from the most valuable publicly traded company in the world. But it has been a long time coming!
For three years, our researchers have been sounding the alarm on Apple’s failures in this realm. While it has taken some steps to build and publish policies on privacy and security, the company had never committed to upholding freedom of expression, until now. This is why Apple has ranked last among U.S. companies evaluated in the RDR Index every year since 2017.
The downstream effects of these decisions have had real consequences for users, especially in greater China, where hundreds of apps —including apps for the New York Times, Quartz, and a Hong Kong protest-mapping app—have been censored from the App Store. Despite strong media coverage and public condemnation, the company has never published its policies governing App Store (or other content) removals, or met other key human rights benchmarks in this area.
Alongside RDR, other NGOs and even shareholders have been pushing to change this. In February 2020, the UK-based advocacy group SumofUs helped to organize and put forth a shareholder resolution—citing RDR’s 2019 evaluation of Apple—that would have required Apple’s board of directors to report annually on the company’s policies on freedom of expression and access to information. The measure was defeated but received more than 40 percent of votes cast, effectively putting the company on notice.
The Financial Times described the resolution as a major driver of Apple’s new human rights policy, and also mentioned RDR’s role in the change. All told, these forces—big public reactions to censorship, impact-oriented policy research, civil society advocacy, and shareholder pressure—came together and pushed Apple to change its ways. This is our theory of change in action.
The company’s published policy committing to uphold human rights is a huge measure of progress. But the strongest test of this commitment will be Apple’s actions moving forward.
RDR Director Jessica Dheere. Photo by Dan Jones.
Leadership transition: Changes are happening at RDR!
Jessica Dheere was promoted to director from deputy director in September 2020. Rebecca MacKinnon will stay on as founding director into 2021.
“I’m both honored and excited to carry this vision forward with our remarkable team,” Dheere said in New America’s official announcement. “We see 2021-22 as a time for us to bring our rich body of research and policy recommendations to bear as technology companies continue to play a pivotal role in the protection of human rights, civil liberties, free and fair elections, and democratic institutions.”
Write to her at dheere@rankingdigitalrights.org and follow her on Twitter at @jessdheere.
Fall 2020 Investor Update: Geopolitical risks are rising—and regulation is coming
Hot off the presses this week is our Fall 2020 Investor Update, which gives investors a close look at key digital rights concerns and questions to ask in 2021. This edition highlights proposals from shareholders at Apple, Facebook, and Alphabet that addressed digital rights issues—there were 12 of these in 2020, including four that cited 2019 RDR Index findings. It also looks at Facebook’s business model and the recent #StopHateForProfit ad boycott, Twitter’s summer security breach, and the unique risks that foreign companies face when operating in China.
Our take on Trump’s attempt to ban TikTok and WeChat
The administration’s executive orders banning Chinese-owned platforms, and other policies that would have the effect of carving up the internet along national borders, are no way to protect users’ security or other human rights. In an interview with Forbes, RDR Founding Director Rebecca MacKinnon compared Trump’s efforts to China’s internet censorship regime, the so-called “Great Firewall.”
Prior to the September rulings by federal judges blocking Trump’s TikTok and WeChat bans on First Amendment grounds, we urged both Google and Apple—whose app stores control access to both apps—to push back against the order. After all, both companies publicly commit to conducting due diligence on government demands to censor content, and to resisting overly broad demands like these.
But it’s not all bad. In an opinion piece for Slate, MacKinnon offered some reassurance (she says it’s not too late to save the internet!) and concrete solutions to these problems, starting with strong laws protecting privacy and mandating corporate transparency.
So Long Internet, Hello Internets: Rebecca MacKinnon, Ann Marie Slaughter, Madhulika Srikumar, and Joshua Keating discussed the #DividedInternet at a virtual event hosted by New America and Slate’s Future Tense project.
Protests, network shutdowns, and our call for transparency at Africa’s largest telco
Protest movements sometimes inspire governments—like that of Alexander Lukashenko in Belarus—to shut down social media platforms, in hopes of quelling demonstrations. But do these shutdowns actually achieve the desired effect?
“Rarely do we actually see a shutdown being followed by a complete drop-off in the number of protests,” said RDR Company Engagement Lead Jan Rydzak, in a VICE interview about a report he recently co-authored. “It’s about creating an atmosphere of fear and uncertainty,” he told VICE. When shutdowns do happen, telcos are usually the ones to pull the plug. In these situations arise, RDR pushes companies to explain the circumstances under which they shut down or restrict access to the network.
In South Africa, Ralph Mupita recently became the new CEO of telecommunications giant MTN, which serves more than 20 countries in Africa and the Middle East. RDR joined a coalition letter to Mupita that highlighted MTN’s poor performance in the RDR Corporate Accountability Index, due in part to the company’s role in facilitating government-mandated internet shutdowns. The letter, alongside an op-ed for Business Day, by Access Now’s Berhan Taye, urges Mupita to make good on the company’s human rights commitments by improving transparency and engagement with civil society.
Ad transparency is vital to democracy: Our submissions to the DSA
Since our last edition, we’ve made two contributions to the European Commission’s public consultation on the Digital Services Act (DSA)—a forthcoming package of rules that will address the legal responsibilities of platforms regarding user content, ads, and more. In our solo submission, we called for universal transparency by default for all online ads. And in a joint submission with Global Partners Digital, we voiced concern that certain aspects of the DSA pose a risk to individuals’ digital rights and are inconsistent with EU member states’ international human rights obligations.
The scan: What we’re reading
The summer culminated with two knockout stories citing leaked internal communications from Facebook confirming widespread suspicions—and our own research findings—that Facebook’s approach to addressing users’ grievances needs work. The Verge offered a trove of comments from company-wide discussions, exhibiting employee concerns about Facebook’s content moderation practices, among other things.
BuzzFeed exposed a 6,600-word memo from fired Facebook data scientist Sophie Zhang, who wrote that in reviewing problematic content from around the world, she had “made decisions that affected national presidents without oversight, and taken action to enforce against so many prominent politicians globally that I’ve lost count…”
Final pings
