Network Shutdowns: Users are in the dark about why they're cut off
Network shutdowns are a growing threat to human rights around the world. In a resolution passed in June 2016, the UN Human Rights Council affirmed that network shutdowns threaten freedom of expression and the right to access information, condemned them to be a violation of international human rights law and called on governments to refrain from taking these actions. Yet governments are increasingly ordering telecommunications companies to shut down their networks, which in turn puts pressure on companies to take actions that violate their responsibility to respect human rights.
Unfortunately, results of our indicator examining network shutdowns reveal that companies are failing to disclose sufficient information about how they handle government shutdown demands.
In response to growing concern by a range of stakeholders — from human rights groups to investors — RDR created a new indicator for the 2017 Index focused specifically on network shutdowns (F10). It reads:
"The company should clearly explain the circumstances under which it may shut down or restrict access to the network or to specific protocols, services, or applications on the network."
All telecommunications companies evaluated failed to meet this obligation to varying extents. None disclosed sufficient information about their policies for responding to network shutdown requests: of the 10 telecommunications companies evaluated, no company scored more than 38 percent on this indicator. Most companies provided some information acknowledging that they may shut down or restrict service to a particular area if they receive an order from the government or law enforcement. Very few companies provided more information beyond this acknowledgement.
While only Telefónica disclosed the number of network shutdown requests it received, no company disclosed the number of requests with which it complied. Without the latter information, it is impossible to know whether the company routinely complies with all government requests or whether it sometimes declines requests in any of the jurisdictions in which it operates. América Móvil is the only company for which researchers could find no disclosure on the company's policies on network shutdowns.
Telefónica and Vodafone disclosed the most information, but neither disclosed enough. While Telefónica and Vodafone stood above the rest by disclosing the most information about their policies for responding to network shutdown orders, both still fell short-and they disclosed different things. Telefónica disclosed more information about the number of requests it receives and the legal authority behind such requests, while Vodafone committed to push back against network shutdown requests.
In its first-ever transparency report issued in 2016, Telefónica disclosed the number of shutdown requests it received for each country in which it operates, as well as the specific legal authority responsible for making these requests-making it the only company evaluated to provide this information. It did not, however, disclose how often it complied with these requests. Telefónica also received credit for explaining the reasons why it may be required to shut down or restrict its networks, but it did not explicitly commit to push back against government network shutdown orders.
Vodafone, on the other hand, committed to challenge requests that are overbroad or do not have a proper legal basis. Like Telefónica, it also explained the legal reasons why it may be required to shut down service, explaining that it is bound by the legal powers that governments can invoke during an emergency or national crisis. For example, Vodafone cited an incident in January 2011 when "the Egyptian government forced all operators- including Vodafone-to shut down their networks entirely."
Disclosure among members of Telecommunications Industry Dialogue (TID) was inconsistent. TID members have publicly committed to uphold principles of freedom of expression and privacy, and have called for increased transparency by governments about their role in network shutdowns. However, our research shows inconsistent disclosure of policies and practices regarding network shutdowns among TID-members (AT&T, Orange, Telefónica, and Vodafone). While Vodafone and Telefónica disclosed the most, Orange and AT&T disclosed no more than companies that scored at or near the bottom of the Index. Neither company disclosed a commitment to push back on requests to shut down a network or restrict access to a service.
Orange scored on par with Etisalat and MTN for disclosing the reasons why it may restrict access to its networks, including "force majeure" events like natural disasters or legal restrictions. AT&T scored on par with Axiata, Ooredoo, and Bharti Airtel for its disclosure of reasons why it may restrict access to its networks, like in cases of national emergencies, major weather disturbances, or as a result of requests from any government, military, or civil authority. However, neither company disclosed any additional information about whether they push back on, or their rates of compliance with, these requests.
Companies should be more transparent.
While companies do not control government actions, or the laws that justify and enable governments to demand network shutdowns, companies do have a responsibility to disclose what actions they are taking under whose authority so that those responsible can appropriately be held accountable. In fulfilling their responsibility to respect human rights, companies also have an obligation to do everything possible to minimize the human rights harms that may result from compliance with government shutdown orders, to minimize the scope and extent of compliance, and to avoid compliance with orders of dubious legality.
In some cases, companies may be prohibited from disclosing certain information by laws in jurisdictions where they operate. However, there are areas where all companies could improve their disclosure without requiring a change in laws.
- Disclose more information about the company's process for responding to requests, including the reasons why access might be restricted and the specific legal authorities who can make such requests.
- Implement a policy to push back against or seek to narrow orders that lack sufficient legal basis or are overbroad, and disclose that this policy exists.
- To the extent legally possible, report the number of network shutdown requests received and complied with, in each country or jurisdiction where the company has operations, on a regular basis (preferably annually). Disclose any legal restrictions preventing the company from publishing these numbers.
Governments should not compel companies to shut down networks.
As the Internet Society puts it:
"We understand that governments are faced with sometimes challenging situations that may threaten public order and national security. But we do not believe that shutting down communications for whole or part of a country is an appropriate and proportional measure. We encourage governments to look at alternative means to address such issues."
In evaluating companies on their disclosure, the Ranking Digital Rights methodology penalizes the absence of disclosure, regardless of the reason. Thus when governments make it illegal-or otherwise forbid in licensing agreements-for companies to disclose information related to shutdown orders, the Index scores of companies operating under such governments' authority are brought down.
Companies should advocate that governments reform laws and licensing agreements so that companies can maximize transparency with users about the circumstances under which shutdowns and other demands occur and who is responsible for them. Ultimately, however, governments should commit to protect human rights principles and refrain from ordering network shutdowns, acknowledging that network shutdowns exacerbate threats to civilians during conflict and can have significantly detrimental economic effects.