21 Sep Europe approves copyright reform, Benin levies internet tax, Amazon investigates reported data breach

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

European lawmakers approve contested copyright reforms

Photo by user OpenIcons on Pixabay

The European Parliament last week voted in favor of controversial copyright reform measures that tech experts and rights groups warn could threaten internet freedom. The directive, aimed at updating the EU’s copyright laws, includes provisions requiring online platforms to filter copyrighted material and to buy licenses from publishers for linking to their content. Critics have bashed the legislation as “a hammer blow to the open Internet.”

European lawmakers in June voted down the directive after intense pressure by rights groups and tech companies. The European Parliament last week approved the directive, despite only minor amendments to the original proposal.

The directive has sparked widespread criticism from tech lobbying groups, who warn the reforms will thwart access to information and could lead to censorship. Among the more contested provisions, Article 11 would prohibit online platforms from linking to news content unless they first get a license from the publisher for the digital use of their content, and Article 13 would require all content published online in the EU to be checked for copyright infringement. According to the Electronic Frontier Foundation (EFF), this means any website that allows users to post “text, sounds, code, still or moving images, or other copyrighted works for public consumption will have to filter all their users’ submissions against a database of copyrighted works.” Rights groups agree this would lead to excessive filtering and censorship. While digital rights groups have panned the measures, content producers, including many music and media organizations, have hailed the proposed reforms.

The approved legislation now enters into closed-door discussions between the European Commission, the Council of the European Union, and the European Parliament before a final vote in January 2019. If the vote passes, EU-member states will have two years to adopt new regulations.

Ranking Digital Rights recommends that companies push back against overly broad or vague regulations that infringe on users’ freedom of expression and privacy. Companies should be transparent about their policies and practices for filtering, removing, or otherwise blocking access to content, whether in compliance with national laws or for breaches to the company’s own rules. This involves clearly disclosing how they handle requests to restrict content.

Benin levies internet tax

The government of Benin has approved measures that will tax citizens for using the internet and social media. The measures require citizens to pay five CFA francs ($0.008) per megabyte of data used on “over-the-top” (OTT) services, which includes for regular internet access, as well as apps like Facebook, Twitter, and WhatsApp. An additional tax of five percent will be levied on the price of service—excluding VAT—of standard telephony-based calls and messages.

Benin’s internet tax is part of a growing trend by African lawmakers to curb access to online services. Similar tax regimes have been implemented by the governments of Tanzania, Uganda, and Zambia. Digital rights advocates in Nigeria warn that the government there may soon follow suit. The policies are likely to aid regional telecommunications companies, who have lost significant revenue as OTT services continue to grow, but they will also impede internet access in a region where penetration remains low.

Governments should refrain from introducing measures, such as taxing internet usage, that impede internet access and violate human rights. Both governments and companies should carry out human rights due diligence in order to ensure that policies do not negatively affect freedom of expression, in breach of international human rights standards and norms.

Amazon investigates reported data breach

Amazon is investigating reports that employees have been accepting bribes in exchange for leaking customer data and manipulating product reviews in order to give some online sellers an advantage, according to the Wall Street Journal.  

The incidents were first discovered among Amazon employees in China, but the company is also investigating similar reports involving Amazon employees in the US.

Studies show that “insider threats” account for a majority of breach incidents. The 2018 Corporate Accountability Index recommends that companies disclose basic information on what steps they take internally to keep user information secure, including if they limit and monitor unauthorized employee access to user information. They also should disclose information about their processes for handling data breaches once they do occur, including policies for notifying affected users.

14 Sep Tech companies oppose Australia’s surveillance plan, Google appeals global expansion of EU’s ‘Right To Be Forgotten’ ruling, Facebook and Twitter ban accounts

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Tech companies oppose Australia’s surveillance bill

Photo by user typographyimages on Pixabay

A group of top tech giants that includes Facebook, Google, Microsoft, Oath and Twitter has condemned a draft surveillance bill proposed by the Australian government’s Department of Home Affairs. The measures would require tech companies to aid law enforcement in decoding encrypted communications or face fines of up to A$10 million ($7.1 million). The government insists the legislation is needed to curb increasingly sophisticated criminal activity and will not undermine encryption, but critics say that the measures could compromise security and give authorities spying powers without proper judicial oversight.

The draft legislation represents a growing trend by governments around the world—including in the UK, the US, and Russia—to seek access to encrypted communications, a move that security experts warn risks users’ security and privacy. Last October, the messaging app Telegram was fined for refusing to turn over encryption keys to Russian authorities.

The UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression asserts that encryption and anonymity are essential for enabling people to exercise their human rights. Governments should refrain from enacting regulations that undermine encryption or weaken encryption standards, in order to avoid unintended consequences for freedom of expression. The 2018 Corporate Accountability Index also recommends that companies should publicly commit to implementing the highest encryption standards available and permissible by law.

Google appeals global expansion of EU’s ‘Right To Be Forgotten’ ruling

Google and French regulators were back in Europe’s top court this week to argue about applying the controversial “Right To Be Forgotten” ruling worldwide. The French privacy watchdog has been pushing to expand the ruling to Google sites globally, a move heavily criticized by the company and rights groups for threatening free speech.

The 2014 ruling by the European Court of Justice (Google v Spain) requires search engines to remove “irrelevant and outdated” links at the request of individuals who believe the material violates their privacy—even if the information is lawful. The original ruling sparked outcry from free press advocates and media outlets, who warned that it limits access to information and can be abused by public figures to remove embarrassing information that the public has a right to know.

The ruling also triggered a wave of legal issues over how, when, and in what jurisdictions Google should remove links to search results. Google has complied with the ruling on all European versions of its search engine but not to domains outside Europe. French data regulators in 2016 challenged the company after receiving complaints that content had not been taken down, and fined Google EUR 100,000 ($116,000) for not removing links on its search engines outside of Europe. The regulator demanded that Google delist content on all Google sites globally.

At a hearing at the European Court of Justice this week, Google argued that applying the ruling to all of its search sites outside of Europe would constitute an unreasonable interference with freedom of expression and information and lead to conflicts with countries that don’t recognize the ruling. The European Commission agrees.

In accordance with international human rights law, restrictions on freedom of expression is not permissible except where proportionate and justifiable. Companies must therefore demonstrate a strong commitment to transparency by clearly disclosing their processes for responding to private requests to remove or restrict content. Companies should also regularly disclose data about such requests.

Social media platforms make moves to police hateful content

Facebook and Twitter this week took moves to ban hateful content and the spread of misinformation on their platforms. Twitter permanently banned rightwing conspiracy theorist Alex Jones, while Facebook permanently banned the accounts of 18 military officials in Myanmar including the commander-in-chief of the armed forces, as well as 52 related pages with a combined following of nearly 12 million people.

Twitter joins a handful of other social media companies to ban Jones from their platforms, including Facebook, Apple, and Spotify (Jones’ InfoWars remains active on Google’s Play Store, Newsweek reports). Facebook’s decision to ban the accounts of several Myanmar military officials follows a United Nations report highlighting the Myanmar military’s use of the platform in inflaming ethnic and religious tensions. A recent Reuters investigative report also forced Facebook to admit it had been “too slow to act” in removing content that was fueling violence.

Social media companies in recent months have come under growing criticism for failing to  better police content, and for lacking clarity about their rules and how they are enforced. As noted by the 2018 Corporate Accountability Index, companies should clearly disclose what types of content and activities they prohibit on their services and the process for enforcing these rules. They should also publish data about the volume and nature of content or accounts they have removed or restricted for violating their terms of service. While Facebook and Twitter have made some progress in this area, both still fall short of being fully transparent.

11 Sep South Asian governments keep ordering internet shutdowns — and leaving users in the dark

This post is published as part of an editorial partnership between Ranking Digital Rights and Global Voices.

When students in Bangladesh protested, demanding improved road safety, mobile internet connections were cut. Image via Wikimedia Commons by Asive Chowdhury CC: BY-SA 4.0

When students in Dhaka, Bangladesh launched public protests demanding road safety after a speeding bus killed two students on July 29, mobile internet connections suddenly were no more.

When the protests turned violent on August 3, after rumors of rape and kidnapping triggered confrontations between police and protesters, authorities resorted to shutting down 3G and 4G networks in and around Dhaka.

Local media reported that the Telecommunication Regulatory Commission ordered service providers to reduce mobile phone network signals for 24 hours so that only 2G networks could operate.

The measures made it impossible to share multimedia and live video, which many protesters were using in an effort to show what actually was happening on the streets, in real time, and to debunk false claims. Telecom operators in Bangladesh gave subscribers no explanation of the cut in service.

These measures are not unique to Bangladesh. They represent part of a growing trend across South Asia, where access to networks or platforms is restricted or completely shut down when protests or violence erupts, and the public is left in the dark, with little or no information about what causes these shutdowns.

Trends in South Asia mirror what has become an increasingly serious human rights threat around the world. Although the United Nations Human Rights Council has condemned network shutdowns and other intentional restrictions on access as violations of international human rights law, governments continue to order telecommunications companies to restrict access. Advocacy group Access Now documented 116 network shutdowns around the world between January 2016 and September 2017.

Technical glitch or strategic shutdown?

Earlier this year, Sri Lankan authorities shut down the internet in the district of Kandy, in response to acts of sectarian violence. The government, which also ordered telecom operators to block Facebook, Viber and WhatsApp across the country, blamed social media for spreading hate speech and calls to violence.

While service providers alerted users prior to the shutdowns, “there was no indication as to why in the formal notice,” Amalini De Sayrah, an editor at GroundViews, an award-winning citizen media group based in Colombo told Global Voices. GroundViews contacted the Telecommunication Regulatory Commission for more information, but “there was confusion or just unwillingness to divulge more,” De Sayrah said. “We were told it [the shutdown] would end in a few hours, but it carried on for a few days.”

The lack of corporate transparency is also an issue in India, where the Software Freedom Law Center, documented 106 shutdowns across the country so far in 2018.

In India, users are “most often” not informed about these shutdowns before they take place, “leaving [them] to wonder if it is a technical glitch or a shutdown,” Mishi Choudhary, legal director at the SFLC told Global Voices in a previous story.

“Transparency in the operator-user relation has a long way to go in South Asia,” said Subhashish Panigrahi, a Global Voices author and co-founder of O Foundation (OFDN) a non profit organization working to preserve underrepresented languages and cultures through digital technology. “India had blocked as many as 23,030 websites by 2017. There are cases where the operators share about the shutdowns and there are many [others] where the users are left to be startled.”

Graphic by Oliva Solis

Research from the Ranking Digital Rights 2018 Corporate Accountability Index showed that the world’s most powerful telecommunication companies lack transparency about how they handle government shutdown demands. Out of ten telcos evaluated by the Index, only Vodafone clearly disclosed a process for responding to these types of government demands and clearly committed to push back against demands when possible. Telefonica was the only company that disclosed the number of shutdown requests it received. All other eight companies, including the Indian multinational telecommunication group Bharti Airtel, revealed almost nothing or no information at all.

‘Operators owe transparency to their users’

Telecommunications companies are facing increasing burdens in this area, from all sides. Companies that push back on shutdown orders can risk losing their licenses. While companies usually have little choice but to follow these orders, that should not absolve them from responsibility towards their users’ human rights.

In legally-challenging environments, companies should at least notify users when shutdowns are about to happen, name the authorities that ordered the shutdown, and specify its duration activists told Global Voices.

De Sayrah said that she would like to see operators not only publish alerts about shutdowns that are about to happen but also include information on who made the shutdown request and when and the duration of restriction.

“This way the companies are accountable to the people and are doing their part, which is one step up from the government,” she added.

Panigrahi noted that industry organizations like the Internet Service Providers Association of India’s (ISPAI), which represents 60 operators could address this issue by maintaining a public record of the ongoing shutdowns. While there are civil society groups and activists that document these restrictions, “ISPs have a wider and a direct reach to users and [can] always inform users prior to the shutdowns.” He added that activists and civil society groups “can at times put their own security at risk” in their efforts to document shutdown cases.

Transparency from the part of telcos can help media groups that play a key role in times of crisis to verify information and provide accurate media coverage prepare better. During the March shutdowns in Sri Lanka, GroundViews found it challenging to get information on the situation in Kandy, editor Raisa Wickrematunge told Global Voices.

“Providing justifications and ideally a potential duration of a block or shutdown can help assess what strategy to use to continue pushing out information,” she added.

Corporate transparency can also help digital rights activists and advocacy groups understand the scope, the impact and the legality of shutdowns.

Data such as revenue loss experienced by telcos, impact on e-commerce, reasons given by the state and terms of licensing could be useful for advocacy groups, Choudhary said.

“It is important to have a record of how long these blocks persist, and when and why they commenced, in order to help digital rights advocates prepare for possible clampdowns in the future,” Wickrematunge said. She added that transparency can be useful when engaging with the government “to try and prevent these types of shutdowns happening arbitrarily…”

Despite the outcry from civil society groups and a 2016 UN Human Rights Council resolution condemning “measures to intentionally prevent or disrupt access to or dissemination of information online,” governments across South Asia are very unlikely to stop ordering shutdowns anytime soon.

The Indian government, which has been blaming Whatsapp and other messaging and social media apps for a spike in mob killings and lynchings, has reportedly urged telecom operators “to explore various possible options” to block such applications “to protect national security.”

In Sri Lanka, activists fear that the the Kandy shutdowns may not be the last. “I do believe the incidents in March have now set a precedent for similar blocks in future, particularly on social media,” Wickrematunge said.

Following the recent 3G and 4G network shutdowns in Bangladesh, the ICT minister said that access to Facebook and networks could be restricted again for the “security of the state and its people.”

In the absence of government transparency, corporate transparency can help users and digital rights groups prepare to fight shutdowns when they are about to happen, hold to account those responsible, and raise awareness about their negative impacts.

“Operators owe complete transparency to their users, as consumers who are paying them money and also in the interest of accountability,” De Sayrah.

Companies should inform the public of how they respond to government network shutdown demands, and commit to directly notify users about these types of restrictions, and to push back on requests to shut down a network or restrict access to a service. They should also publish data about the number of shutdown requests they receive, and name the authority that ordered the shutdown, so that those responsible can be held accountable.