On July 15th, BT (formerly British Telecom) will hold its annual general meeting in London. Through our partner organization ShareAction, a responsible investment charity, Access is directing the following question to company’s CEO, as well as to its board: What specific next steps will BT take this year (that is, in the next 12 months) to better protect customers’ privacy and free expression rights, and to achieve greater transparency around its actions, in every country where you operate? (See our full statement below.)
Access has spoken out at the BT annual general meeting (AGM) for several years running. At last year’s meeting, BT confirmed that it would not be releasing a transparency report in the near future, citing as a substitute for the reports the United Kingdom’s Interception of Communications Commissioner’s Office (IOCCO) disclosures. In the meantime, industry norms have continued to progress, with 16 multinational and local telecom companies publishing transparency reports, including the UK-based Vodafone. Threats to user data have only increased: malicious users continue to break into government and corporate systems, while governments from France to Nigeria have sought to increase their surveillance powers without protecting human rights.
We returned to the AGM this year to urge BT to break the cycle of silence on UK government surveillance. Telecom companies can play a valuable role by pushing back on abusive requests, disclosing the scope and scale of surveillance orders, and urging rights-respecting reforms.
To date, BT has not taken concrete, public steps toward respecting user rights to privacy and free expression. However, we have recently seen statements from BT indicating that the company is paying more attention to users’ rights. In its annual report for 2015 [PDF], BT announced its completion of a “board-level review of its human rights policy.” And in the BT business practice standards document entitled The Way We Work [PDF], BT refers to “safeguarding information and the complex issues surrounding freedom of expression and privacy,” as “higher risk areas which BT gives special attention to.” In answering our question, we hope that BT will inform its shareholders about how such special attention is actually being put into practice in its operations around the world.
On transparency, the company said in a recent Socially Responsible Investing (SRI) presentation, “As we handle huge amounts of our customers’ data, we’re open, honest, and transparent about what we do with it.” Access believes that publishing a transparency report is one of the most concrete, fundamental ways that BT can put its stated commitment to transparency into practice. Such transparency is especially critical in the midst of UK surveillance reforms, which could build a new set of government powers from scratch. The new report from David Anderson, Independent Reviewer of Terrorism Legislation, recommends that judges, not government officials, sign off on all interception warrants. Yet the Independent Reviewer also proposes preserving the UK government’s ability to conduct mass surveillance, and to require telcos to retain user data. Companies must fight these proposals, which put users’ data at risk of security breach or collection by intelligence agencies. They must protect their ability to transparently communicate security risks to their customers, and notify users when the government has gained access to their data.
We look forward to hearing BT’s answer to our question, and we’ll follow up with an analysis in the coming days.
Below is the full text of the statement we submitted for BT’s AGM:
Dear Chairman Rake,
I represent ShareAction, and would like to pose a question on behalf of Access, an international human rights organization whose mission is to defend and extend the digital rights of users at risk around the world.
Last year, Access asked if BT had plans to publish a transparency report. These reports reveal the scope and scale of government requests for user data. Access also asked how BT is making sure that governments in the 170 countries where they operate are prevented from gaining direct access to their networks.
BT has not published a transparency report, or taken concrete, visible steps to protect user data. The company is becoming an outlier in the sector.
However, we note and appreciate BT’s recent statements showing increased awareness of the human rights impacts of their operations. For example, in a recent SRI presentation, BT stated: “As we handle huge amounts of our customers’ data, we’re open, honest, and transparent about what we do with it.”
Likewise, in the business practice standards document titled “The Way We Work,” BT refers to “safeguarding information and the complex issues surrounding freedom of expression and privacy,” as “higher risk areas which BT gives special attention to.”
My question is directed at Gavin Patterson and Sir Michael Rake: Mr. Patterson has said that BT’s reputation strengthens each time it sticks to its principles. We are now asking you to put your words into action. What specific next steps will BT take this year (that is, in the next 12 months) to better protect customers’ privacy and free expression rights, and to achieve greater transparency around its actions, in each country of operations?
Photo credit: Keith Edkins