Disclose All the Things! Access launches Transparency Reporting Index

Three billion of us are on the internet, using this innovative platform to access and exercise our human rights. As we now know, though, we’ve paid a price: Our privacy has been steadily eroded by government intrusions, often with the help of companies we entrust with our data.

To shed more light on the dark landscape of government surveillance online, Access has pushed for greater transparency from companies on the requests they receive to share data and disrupt networks. To that end, we are excited to announce the release of our new Transparency Reporting Index, a one-stop-shop for users to see whether their favorite app or service discloses user data, and to learn about corporate policies on government demands for data and disruptions. The index features a record of transparency reports from today’s leading internet companies and telcos, and will be continuously updated with new data.

Transparency Reporting

Transparency reporting is becoming the norm for the tech sector. Around 40 companies have released the reports, which are becoming more comprehensive and global in scope. The reports show the scale of online surveillance, network disruptions, content removal, and other practices impacting rights online. And these reports are powerful — they can even influence government policy. For example, Vodafone’s recent report may have led Ireland’s Department of Justice to release data that it made 10,000 requests for stored data last year.

But the fight for transparency is far from over:

  • We’re pushing additional companies, including companies from the global south, to release reports showing both statistics and the laws allowing access to user data.
  • Reporting is a two-way street for corporations and governments — both must issue transparency reports to provide checks and balances on the data, and to portray a more complete picture of privacy and free expression online.
  • We need an integrated framework to define a baseline: What types and categories of granular data, rates, and information are necessary for a strong transparency report? Access and our partners like CitizenLab and OTI are hard at work answering that crucial question.

Varied Statistics

The variety of data released can be overwhelming, but can also provide an insightful snapshot. For example, Facebook removed 4,960pieces of content” in India over the first six months of 2014. That’s almost 30 takedowns per day! And it’s more than twice what Pakistan and Turkey, the next highest countries, demand.

Why are there so many takedowns in India? The country is Facebook’s second largest market, with more than 100 million users. The government requests the takedowns under “local laws prohibiting criticism of a religion or the state,” a provision ripe for censorship (India led worldwide takedowns in the previous Facebook report, too). The company doesn’t give a compliance rate for takedown requests, but on requests for user data, Facebook’s compliance rate slightly dipped during this period from around 53% to 50%. The drop suggests Facebook either tightened its standards, or India is throwing more inadequate data requests at the wall, hoping they’ll stick. That could be the case with takedown requests, too, as the country’s democratic traditions run up against widespread prosecutions for hate speech, which includes expression critical of religions, or for mundane posts — even “likes” — criticizing city government decisions.

TeliaSonera recently became one of the first European telcos to release statistics on government access to user data. In the first six months of 2014, it received 1,145 wiretap requests. The company also reports “Major Events,” like full network shutdowns — a good innovation that shows how reporting can reach beyond privacy to tell us how free expression rights rank worldwide. Greater transparency on its relations with governments, and how it conducts due diligence on its business partners, could help TeliaSonera prevent another scandal like the one that occurred in early 2013, when CEO Lars Nyberg stepped down after reports of corruption and complicity in surveillance that led to arbitrary arrests and torture.

As we all know, sunlight is the best disinfectant for shady practices like corruption and the invasion of privacy. For this reason, we look forward to seeing TeliaSonera’s transparency reporting from its subsidiaries in Denmark, Estonia, Nepal, Norway, and Spain next year. However, more disclosures are urgently needed from TeliaSonera’s far-flung subsidiaries like AzerCell (Azerbaijan), Tcell (Tajikistan), and Ucell (Uzbekistan), all countries that lack rule of law. The mother company may say it doesn’t have complete “operational control” over those entities — TeliaSonera owns 38.1% of AzerCell, 60% of Tcell, and 94% of Ucell, for example — so it can’t force them to report. However, the company has joined other firms in the Telecommunications Industry Dialogue, a group of telcos and vendors who “seek to use their influence” to promote human rights principles even “where they do not have operational control.” Prodding the local firms to release transparency reports is one clear, immediate way to exercise influence in the name of respecting human rights.

Next Steps

Increasing transparency is not only a matter of Corporate Social Responsibility or compliance in European capitals, but a way to advance human rights norms worldwide. Transparency reports are a great first step that shed some light on this dark landscape.

But reporting alone will not guarantee respect for rights. More pushback is needed against data retention mandates, national security programs (like GCHQ’s Tempora), related gag orders, and direct police access to networks. For their part, telcos must continue to ensure that their subsidiaries adopt and follow the human rights policies of the parent companies.

In the meantime, tech companies need to clarify the murky landscape of data sharing, network shutdowns, and back door deals that impact privacy and other human rights. Transparency reporting is crucial for all stakeholders, including NGOs and public institutions. But the tech companies who directly receive such requests are in the best position to take leadership in this initiative.

Transparently, of course.

Correction: This blog originally posted with incorrect statistics on TeliaSonera’s ownership of its subsidiaries AzerCell, Ucell and Tcell, and has been updated with correct numbers.