Ranking Digital Rights at RightsCon

Corporate transparency is essential to building public trust, according to Annette Fergusson, head of Vodafone Group’s Sustainable Business unit, who spoke on a panel for the European launch of the Ranking Digital Rights 2017 Corporate Accountability Index at RightsCon in Brussels on March 29.

The event featured Ranking Digital Rights (RDR) project director Rebecca MacKinnon, who was joined by a group of panelists to discuss results of the 2017 Index, which ranked 22 of the world’s largest internet, mobile, and telecommunications companies on their disclosed commitments to users’ freedom of expression and privacy. Along with Vodafone’s Fergusson, panelists included Silvia Grundmann, head of the Media and Internet division at the Council of Europe, Adam Kanzer, managing director of Domini Impact Investments, a socially responsible mutual fund, and Afef Abrougui, a researcher with Beirut-based Social Media Exchange Network (SMEX) and an RDR research affiliate. The session was moderated by Malavika Jayaram, executive director of the Digital Asia Hub, an internet research center based in Hong Kong.

Panelists discussed why companies should be transparent about policies affecting users’ freedom of expression and privacy. According to Fergusson, companies need to be transparent in order to gain users’ trust: “Without trust, we don’t have a social license to operate,” she said. Vodafone tied with AT&T for the top spot among the ten telecommunications companies ranked in the 2017 Index. Vodafone earned the highest score among telecommunications companies on the Index’s governance indicators, which measure a company’s institutionalized commitments to human rights, including to freedom of expression and privacy.

While transparency is essential, companies should also work to ensure that human rights commitments made at the parent level are followed through at all levels of the company, according to Abrougui. Telecommunications companies, for instance, can have different policies, and varying levels of policy disclosure, in the different markets in which they operate, she said.  

Kanzer noted that while there is a difference between measuring company disclosure of their policies and measuring their actual practices, policy transparency is an important first step.

Talking so companies will listen, listening so companies will talk

Also at RightsCon, RDR senior research fellow Nathalie Maréchal led a roundtable discussion called “How to Talk So Companies Will Listen, and Listen So Companies Will Talk: Doing Company Advocacy and Research.” The session brought together researchers, advocates, and industry representatives to share best practices for communicating their research or advocacy initiatives to companies.

Participants shared their experiences and strategies for engaging with companies through their work on a variety of projects, including the Fundación Karisma’s and Digital Rights Foundation’s research evaluating the privacy policies of telecommunications companies in Pakistan, and OpenNet Korea’s work with Citizen Lab researching the Korean app “Smart Sheriff.” UCLA professor Sarah Roberts also offered insights into her experiences engaging with companies as part of her research on commercial content moderation. Strategies for company engagement depend on the company and political contexts, and can include building long-term relationships with human rights allies within companies, according to participants.

Michael Samway, former Vice President and Deputy General Counsel at Yahoo! Inc. who founded the company’s Business and Human Rights Program, noted that trust between advocates and companies is only formed through years of engagementand that for advocates, it is crucial to have practical solutions in mind before approaching a company.  

Samway, who serves as an RDR advisory board member, was also interviewed at RightsCon for a podcast discussion about evolution of the  broader business and human rights movement, and how advocates and other stakeholders can achieve meaningful engagement with companies.

This year’s RightsCon event in Brussels brought together 1,500 participants from 100 countries, according to event organizer Access Now. We look forward to seeing everyone next year at the seventh annual RightsCon conference in Toronto!

See you at RightsCon!

This week, the Ranking Digital Rights team is in Brussels for RightsCon, an annual conference on digital rights organized by Access Now. We are organizing and participating in several sessions and look forward to discussions with human rights and technology experts and advocates from all over the world.

On Wednesday March 29 at 2:30pm, we will host the European launch of the newly-released 2017 Ranking Digital Rights Corporate Accountability Index, which found that 22 of the world’s leading internet, mobile, and telecommunications companies are leaving users in the dark on their policies affecting free expression and privacy rights. Project director Rebecca MacKinnon will give a brief presentation highlighting the report’s key findings and recommendations, followed by a discussion with panelists and audience members. We hope the session will provide a jumping off point for further conversation throughout RightsCon with people interested in collaborating on research and advocacy. The launch event will be held in “Creativity & Exploration, 1st Floor.”

On Friday March 31 at 12pm, join us for “How to Talk So Companies Will Listen, and Listen So Companies Will Talk: Doing company advocacy and research.” In this roundtable discussion, seasoned researchers and advocates will share how they work to understand company policies and practices, and share insights on the most effective ways to engage with companies for change. Participants will discuss challenges they’ve encountered in their research and advocacy efforts as well as tips and best practices for overcoming them. This session will be held in “Evasion, 1st Floor.”

Rebecca MacKinnon is also speaking in the session, “Everything We Know About Internet Shutdowns,” on Wednesday March 29 at 12pm, in “Palace Ballroom I, Ground Floor.”

The full conference program is available here. Our team will be at RightsCon for the entire conference, so feel free to get in touch if you’d like to connect: info@rankingdigitalrights.org.

Can the internet sustain human rights?

People around the world increasingly rely on the internet and digitally networked devices in all aspects of their lives. But do we have a global information ecosystem in which future generations’ rights can be respected?

Unfortunately, the answer is “no,” according to our research. Ranking Digital Rights (RDR) on March 23 launched its 2017 Corporate Accountability Index which ranks 22 of the world’s most powerful telecommunications, internet and mobile companies disclosed commitments and policies affecting user’s freedom of expression and privacy. Findings showed that companies did not disclose enough information about policies affecting users’ rightsand as a result most of the world’s internet users lack the information they need to make informed choices.  

Click image to watch video of the full event. (Photo by Niels ten Oever)

“There is tremendous room for improvement by all companies,” said project director Rebecca MacKinnon, despite positive steps by some companies since organization released its inaugural Index in 2015. Only two companiesGoogle and Microsoftscored more than 60 percent on this year’s Index, with the remaining 20 companies evaluated receiving failing grades.

This year’s Index included an evaluation of the “mobile ecosystems” controlled by Apple, Google and Samsung. Findings showed that Apple’s iOS, Google’s Android, and Samsung’s implementation of Android all offered poor disclosure of policies affecting users’ freedom of expression and privacy. This is a particular concern given that most of the world’s new internet users are coming online with smartphones.  

MacKinnon also highlighted that companies overall struggled to disclose policies affecting users’ freedom of expression. For example, all telecommunications companies evaluated had insufficient disclosure on their policies for responding to requests for network shutdowns. Telefónica and Vodafone tied for the highest score on this indicator, but these companies still fell short. None of the telecommunications companies evaluated provided any information on the number of network shutdown requests with which they complied.

Companies that disclosed data breach-related policies.

While companies tend to focus more on privacy and security than freedom of expression, there are nonetheless serious gaps. On the indicator measuring company disclosure of their policies for responding to data breaches, only three out of all 22 companies evaluated, disclosed any information. This is troubling given recent news of various high-profile data breaches, and this issue is of particular concern for users and investors alike.

MacKinnon was joined for a panel discussion by Melissa Brown, Partner at Daobridge Capital and Arvind Ganesan, Director of Business and Human Rights at Human Rights Watch. Moderating the discussion was Niels ten Oever, Head of Digital at Article 19, and Open Technology Institute Director Kevin Bankston.

Panelists discussed whether rankings like the Index can motivate companies to change their policies make policy change. Does highlighting differences in company performance promote competition and a “race to the top”? Do companies that perform better do so because of their business models, because they have been exposed to public scrutiny for longer, or because of other factors?

As speakers noted, there have already been some improvements since the first Index in 2015. Bankston pointed out that in the 2015 report, not a single company received any credit for disclosure of data about content takedowns due to the company’s terms of service enforcement. In the 2017 Index, three companies received some credit on this indicator, and just this week Twitter released its latest transparency report, for the first time including some data on terms of service takedowns.

“With that domino falling, if the trend goes the way it usually does, this is going to become a common practice in the next five or ten years, and that will be due in no small part to the work of Ranking Digital Rights,” said Bankston.

Many people in the audience were concerned about poor company disclosure of the user information they collect, share, and retain. “If someone built a profile on me based on my use of Google, Facebook, AT&T, and my iPhone ecosystem, what kind of profile could be built about me? I need to have enough information that I have some sense of that so that I can then make informed choices. And right now, people are much too far in the dark on that.” One person asked whether it is harder to get companies to change when opacity about the handling of user information is connected to companies’ business model. Another audience member who works for  a company not covered by the Index responded: “If you don’t have people trusting you, you don’t have a business.”

The impetus for change can come not only from civil society activists and policymakers but also from investors. As Daobridge’s Capital’s Melissa Brown pointed out, investors are not monolithic:  some focus on human rights issues in general but few truly understand digital rights issues. However, Brown believes that the Index shows the extent to which “companies are outsourcing privacy and security risks to users,” without giving users enough information to understand or protect themselves against the risks. Over the long run, privacy and security will become “increasingly material” to investors, Brown said.

Fortunately, the Index provides a roadmap for companies to improve. Of course, the 2017 Index is just the beginning of the conversation. We look forward to continuing this dialogue, starting with RightsCon in Brussels next week!

A webcast of the event is available here.

Ranking Digital Rights 2017 Corporate Accountability Index launches on March 23rd!

We are excited to announce that on March 23rd at 9:30am ET (13:30 GMT/UTC) Ranking Digital Rights will launch the 2017 Corporate Accountability Index: a ranking of 22 of the world’s most powerful telecommunications, internet, and mobile companies on their commitments and disclosed policies affecting users’ freedom of expression and privacy.

The 2017 Index follows the inaugural 2015 Ranking Digital Rights Corporate Accountability Index which found widespread failure by companies to disclose key information about their policies and practices affecting freedom of expression and privacy. Users were left largely in the dark about how and why their information is collected, used, and shared, as well as many of the circumstances under which content is blocked or removed.

Click here to join us on launch day to find out what has changed since 2015, what companies can do to improve, and why it matters. Presentation of the Index results will be followed by a discussion about how consumers, activists, investors, and companies themselves can use that data to ensure that, as businesses power and shape our internet, they also do a better job of respecting our rights.

The launch will be webcast globally; visit this page on the day of the event to access the video. Join the conversation online by using #rankingrights and by following @rankingrights.

RDR @ the 2016 IGF

Last week, Ranking Digital Rights traveled to Guadalajara, Mexico for the the 11th Internet Governance Forum. The theme this year was “Enabling Inclusive and Sustainable Growth.” In all of the workshops and panels we participated in, our message focused on a central concern: as the next billion people get connected to the internet, their human rights need to be protected and respected by governments and companies. We believe that our Corporate Accountability Index produces data and analysis that can help governments, businesses, and civil society work together to address the concrete challenges in protecting, respecting, and defending human rights in the digital age.

Many of the official IGF sessions and side meetings provoked thoughtful discussion and provided us with ample opportunity to share insights from our work researching and analyzing Internet and telecommunications companies’ human rights-related public disclosures.

Some of the issues we highlighted included:

It is crucial that people have control over how their identities are presented online, as Rebecca MacKinnon noted in the session Human Rights: Broadening the Conversation. Real identity policies are pernicious, particularly for gender minorities and members of marginalized groups, and companies should bear this in mind when determining the choices they provide users.

We stressed the importance of companies disclosing information relating to government requests for user data – both in terms of their processes for responding to these requests, including indicating that they push back against inappropriate or overly broad requests, as well as data about the number of government requests received and with which they complied. This issue was also highlighted by civil society activists from Mexico, who noted that Mexican authorities often obtain user information without oversight or judicial warrants.

We also pointed out that governments have an important role to play to ensure companies adequately respect human rights. In some instances, regulatory ambiguity can leave companies unsure if the law prohibits disclosure on certain issues, and therefore they withhold publishing information on their policies or practices. We’ve also seen in our research that in countries that haven’t passed data protection laws, companies tend to not adhere to best practices for collection of user information.

Combatting online violent extremism was a recurring topic of discussion, particularly in light of the recent announcement that Google, Facebook, Microsoft, and Twitter planned to create “a shared industry database of ‘hashes’ — unique digital ‘fingerprints’ — for violent terrorist imagery or terrorist recruitment videos or images that [they] have removed from [their] services.” We again stressed the need for transparency and accountability for such a system, and for independent review for how images are included in it, as we’ve found that companies’ disclosure around their Terms of Service enforcement is often lacking. Companies have been under enormous pressure from governments to do something about this issue. At the same time, any new measures taken to facilitate the removal of content need to be carried out in a manner that is responsible, accountable, and respects users’ rights. It is vital that companies work closely with civil society to make sure that implementation of the new database system does not inflict new “collateral damage” on freedom of expression.  

Although much of the human rights trends highlighted by civil society at the conference were negative, as censorship and surveillance are on the rise around the world, there is also some cause for optimism. Many ICT companies, particularly those that are members of the Global Network Initiative, are making commitments to respect human rights throughout their operations and carrying out due diligence to ensure these commitments are upheld. This may include instituting board-level oversight on privacy and free expression matters, creating mechanisms for grievance and remedy, and conducting human rights impact assessments. These practices, among others, are evaluated in the “Governance” section of our 2017 methodology (previously referred to as “Commitment” in the 2015 Index). As MacKinnon concluded in the session Implementing Human Rights Standards to the ICT Sector, “Despite all of our complaints, which are many and justified, I think things would be a lot worse if we hadn’t had this system where companies are being held accountable to whether or not they are implementing their [human rights] commitments and whether or not they have a system in place.”

In addition to the official IGF sessions, we met with representatives from civil society, governments, the private sector, academia, and others to discuss a wide range of issues. Several of RDR’s research partners also attended the IGF, and we had a productive meeting with them to share and receive feedback on our ongoing research process and also begin brainstorming plans around the 2017 Index launch this March.

We’re looking forward to continuing many of these conversations in the new year, and in the lead-up to the launch of our 2017 Corporate Accountability Index, which will be launched in advance of RightsCon in late March. Stay tuned!