Connect with us

Privacy

Ranking Digital Rights Project Seeks to Compare Privacy and Free Expression by Big Tech and Internet Companies

Published

on

Photo of Rebecca MacKinnon from November 2008 by J.D. Lasica used with permission

WASHINGTON, September 5, 2019 – In the context of the increasing scrutiny faced by global technology and internet companies, the think tank New America has taken a stab at producing a comprehensive overview of how these powerful and influential global companies address and respect users’ privacy, transparency and freedom of expression.

Many of the companies listed on New America’s Ranking Digital Rights Index are “unaccountable sovereigns of cyberspace,” said Rebecca MacKinnon, director of the project, in an interview. Based off the principles of the Global Network Initiative, RDR’s goal was to establish standards based on the challenges governments have created with censorship and surveillance.

Tim Berners-Lee, inventor of the World Wide Web, called last year for a new “Contract for the Web,” in order to rebuild trust in the web and increase internet access on fair and affordable terms.

The comes as many are questioning the future of the internet. Is it still – or was it ever – a force for democratization?. Although the internet has helped people circumvent traditional barriers to hold governments and corporations accountable for their actions, it has also contributed increasing vulnerability to mass surveillance, disinformation, censorship and much more.

RDR aims to assist in that endeavor. As the number of internet users increases, global internet freedom has suffered an overall decline. The internet’s growth has provided more insight to issues concerning democracy and freedom of expression, yet practices of worldwide corporations have also hindered them.

Evaluating 12 tech company and 12 internet companies

The 2019 index evaluated 24 of these companies, based on their disclosure of commitments, policies, and practices affecting freedom of expression and privacy. The study focused on three key areas: privacy, expression and governance. These areas had their own respective indicators, which went into depth on how each company abided or failed to abide by the guidelines.

Additionally, the companies were grouped and graded within two categories: Internet and mobile ecosystem (think consumer electronics and big tech), and telecommunications/broadband providers.

Because some companies, such as Google and Apple, also produce software and devices, the study combined internet and mobile ecosystem firms. All the companies were evaluated with their respective subsidiaries.

The report’s results are described as a benchmark of how well companies are meeting their responsibility to respect users’ rights. It also provided recommendations ICT companies should take to uphold the principles of free internet.

Weaknesses exposed in even high-ranking companies

Even the supposedly highest-ranking companies were found lacking in some critical areas. This year, Microsoft earned first place among internet and mobile ecosystem companies, whereas Madrid-based Telefónica lead the way with telecom firms. However, their respective total scores were only above average on a 100-point scale: 62 and 57 percent.

Microsoft’s result is primarily due to an 85 percent score in governance, indicating that it disclosed more about its commitments and policies affecting users’ human rights than all other ranked companies. It scored moderately well for freedom of expression and privacy, rounding up to 55 and 59 percent.

Telefónica’s governance scored an astronomical 94 percent, the highest value of any other company in the three categories. On the other hand, its freedom of expression and privacy rankings were 47 and 49 percent, slightly below average.

It comes as no surprise that some companies received low scores, such as China’s Baidu and Tencent services as well as Russia’s Mail.ru. As they are based in countries with highly restrictive political systems, they are unable to commit to privacy and free expression as human rights.

The big tech giants in America received mixed results

On the other hand, other major corporations, including some prominent members of the “GAFA” faction, received mixed results. Apple is typically highly regarded for its privacy approach, yet its privacy ranking only totaled up to 58 percent while scoring poorly in other categories.

Facebook’s 78 percent governance score resulted from its clear commitment to protect human rights and strong management oversight. However, the social media giant was insufficient about disclosing due diligence efforts and had one of the lowest scores of any company in the index for its appeal mechanisms. Lack of disclosure about content and account restriction as well as poor network management and shutdown procedures earned Facebook a below average freedom of expression ranking.

Samsung, one of the leading producers in personal electronics, scored poorly in all three categories. It received the second lowest score of all internet and mobile ecosystem companies in the privacy category. Additionally, South Korean companies are required by law to provide grievance and remedy mechanisms for freedom of expression and privacy complaints. Samsung, however, failed to disclose any information about its mechanisms.

Amazon, one of the biggest tech giants, has yet to be included in the RDR Index, although MacKinnon said it will be in the near future. The products and services that Amazon provides are different enough from the other companies in the ranking that the methodology is not developed enough to support it.

Future indices would have to include more indicators, she said. RDR would also have to formulate a consensus from technical experts as well as human rights communities on what companies need to do to improve their standards.

Privacy grades are uniformly low

Even though these 24 companies operate differently, the most striking result is that none of them received excellent privacy grades. The two frontrunners in each group, Microsoft and Telefónica, earned scores that were average at best. Even Deutsch Telekom, which went above and beyond the standard of the EU’s General Data Protection Regulation – and received the highest privacy score in the index – earned 60 percent.

Simply put, corporations have not been prioritizing privacy, MacKinnon said. Everyone should be concerned about how these companies are conduits for information, yet they are still not disclosing enough.

Even the GDPR, she said, is not effective enough in enforcing better privacy practices. Companies are mainly required to inform regulators what they are doing. Consumers, on the other hand, don’t necessarily know more about company practices.

It’s also unclear, MacKinnon said, if U.S. multinationals that must abide by the GDPR perform better overall, because RDR evaluates the work they do on the domestic level.

Theoretically it is possible for an entity to reach a near “perfect” privacy score on the Index, she said. However, it’s unlikely that the companies on the evaluation list could succeed in doing so. Countries with more stringent political systems may not allow their companies to publicize the data found in RDR. On the other hand, jurisdictions with more liberal policies will more likely incentivize human rights assessments.

Perhaps as RDR’s methodology continues to develop, companies may start to display more profound results in privacy and freedom of expression. Still, the main goal of the Index, MacKinnon said, is to pick a series of companies with a high global reach and apply international human rights standards to their products and services.

Robocall

Lawmakers, FCC Take More Action Against Illegal Robocallers

There are new proposed rules that offer legal protections to those aiding in enforcement efforts against illegal robocalls.

Published

on

Rep. Bob Latta, the primary sponsor of the Robocall Trace Back Enhancement Act

WASHINGTON, April 27, 2022 – Regulators and legislators in Washington continued their efforts to curb unlawful telephony use with proposed rules designed to crack down robocalls.

On Wednesday, Rep. Bob Latta, R-Ohio, introduced the Robocall Trace Back Enhancement Act – an amendment to the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act.

If signed into law, the bill would provide legal immunity for a broad range of entities engaging in private efforts to track, surveil, and report on illegal robocalling scams.

The protected parties include registered consortiums that handle call receiving, sharing, and publishing and all voice service providers and any informants that share covered information.

It would also grant the Federal Communications Commission jurisdiction to take enforcement actions based on the information collected during the aforementioned activities.

FCC measures on cease-and-desist letters

In addition to this legislation, as part of her agenda to combat scam calls, on April 26 FCC Chairwoman Jessica Rosenworcel proposed closing a loophole to the STIR/SHAKEN regime afforded to small telcos.

Most telcos are required to adhere to cease-and-desist orders regarding illegal spam-calls and generally comply with actions taken by the FCC. The loophole in question gave smaller telcos greater latitude in how they chose to respond to FCC requests.

If adopted, the proposed regulation would require small telcos to abide by cease-and-desist orders, participate in robocall mitigation, cooperate with FCC enforcement, and take responsibility for facilitating illegal robocall traffic.

“International robocallers use these gateways to enter our phone networks and defraud American consumers,” Rosenworcel said in a statement, “We won’t allow them to bypass our laws and hide from enforcement.”

The new rule will be voted on at the FCC’s open meeting on May 19.

Continue Reading

Privacy

Federal Privacy Legislation Needed As State Legislation Could Harm Smaller Players, Event Hears

Different state privacy laws stifle competition and places burdens on small companies, experts say.

Published

on

Maneesha Mithal (far-left), Sara Collins (middle-left), Lartease Tiffith (middle-right), Brandon Pugh (far-right) on stage at "Beyond the Basics: The Many Pillars of a U.S. Privacy Law"

WASHINGTON, April 25, 2022 – While experts agreed that federal legislators need to take action on comprehensive privacy legislation, they disagreed on the specifics of how such regulation should be enforced.

Though some states have begun to establish their own frameworks for consumer privacy regulation, each framework puts forth different standards that online platforms would have to adhere to. These varied frameworks have raised concerns among many experts who consider a patchwork of legislation to raise the bar of compliance – a bar that could be lowered by federal legislation.

During an R Street panel on Monday, experts from the technology industry weighed in on the matter with their perspectives.

In March, Utah joined  California, Colorado, and Virginia and became the fourth state to successfully pass consumer privacy legislation. Several additional states, including Florida, Massachusetts, New York, and Connecticut have experienced mixed success with their bills and have not yet signed anything into law.

Lartease Tiffith, executive vice president for public policy at the Interactive Advertising Bureau, said that the US is an outlier among developed countries. “We are one of the few developed countries that [does not have a federal privacy law],” he said. “I think that in order to reflect the same common values as our colleagues who are in Europe and elsewhere around the world, we need [to make] one.”

Beyond the international perspective, Tiffith also emphasized domestic justifications for federal legislation. “I cannot think of a subject matter that is not more under the purview of Congress than interstate commerce,” he said. “The internet is everywhere – it is not limited by borders. So, we need to have one standard, one set of laws. It should not matter where you live – California, Utah, Virginia, Colorado – you should have the same basic privacy rights as anyone, anywhere.”

Various state legislation harder for smaller companies

Tiffith also explained that a patchwork of regulation would hit smaller businesses the hardest. “If you are a small or medium sized business and you are looking at investing more money into your products and service and delivering and reaching customers – you want to do that rather than spending time on hiring more lawyers to deal with ever complicating regulations.

“We need this for the next set of Amazons and Googles of the world to exists,” he said.

While the panelists were able to agree on the fact that current patchwork of laws is not sustainable, they did not agree on how to enforce a federal framework.

A federal body for consumer data protection

Sara Collins, senior policy counsel for internet advocacy group Public Knowledge, voiced benefits to creating a new data protection authority in the US – a body distinct from the Federal Trade Commission – that would focus expressly on matters related to consumer data protection.

Tiffith pushed back, however, arguing that the FTC already does a good job at handling these issues, and is only held back by what he views as under-resourcing. “If you compare the FTC to other protection authorities, they are very under-resourced,” he said. “So, I think instead of us standing up a whole new data protection authority, I think instead, let’s invest that money in the FTC, give them some rules, some limited rulemaking authority, and let’s give them a lot more staff and a lot more money.

“Let them be the cop on the beat,” he said.

Continue Reading

Robocall

FCC Announces Majority of States Now Signed Onto Robocall Investigation Partnership

The FCC signed on five states this month and seven last month.

Published

on

Illustration from C-Zentrix

WASHINGTON, April 7, 2022 – The Federal Communications Commission said Thursday it has partnered with further five more state attorneys general to combat illegal robocalls.

The agency said Thursday it had signed on Alaska, California, Tennessee, Pennsylvania and Washington state to investigate the robocalls, which can lead to scams. Thursday’s news comes on the heels of a March 28 announcement, when the agency said it signed similar memorandum of understanding with Connecticut, the District of Columbia, Idaho, Kentucky, Minnesota, New Jersey, and Wyoming.

Altogether, the agency, which announced the federal-state partnership effort in February, said it has signed on the majority of the United States.

“It shows that we are united when it comes to fighting robocalls—urban, rural, north, south, east, and west,” said FCC Chairwoman Jessica Rosenworcel. “Today I invite every state and U.S. territory to join this effort and establish information sharing and cooperation structures with the FCC so we can work together to investigate and put an end to spoofing and robocall scam campaigns.”

The agency, which has made fighting illegal robocalls a key mandate, has previously credited states with catching those that allow robocalls.

Earlier this month, the FCC credited the North Carolina Department of Justice in an investigation that identified thinQ Technologies as a “facilitator” of robocalls. The agency, which is working with the Traceback Consortium to identify the culprits, has already sent more than a dozen cease and desist letters to those it has identified in investigations.

Continue Reading

Recent

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Trending