Ranking tech companies on privacy and free expression standards
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Part Number | 165 | |
| Number of Parts | 177 | |
| Author | ||
| License | CC Attribution - ShareAlike 3.0 Germany: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this | |
| Identifiers | 10.5446/31853 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language | ||
| Production Place | Berlin |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
re:publica 2015165 / 177
1
3
4
8
10
12
20
21
23
28
29
30
34
37
40
46
48
49
54
55
59
63
65
67
70
71
72
73
76
86
87
89
91
96
97
98
102
103
110
117
121
127
132
136
142
149
153
157
158
170
171
175
00:00
Goodness of fitRight angleDigitizingInformationAxiom of choiceQuicksortInformation securityContent (media)PressureLink (knot theory)Standard deviationClosed setInformation privacySlide rulePresentation of a groupSelectivity (electronic)ExpressionTouchscreenSoftware frameworkWage labourEmailData structureInformation and communications technologyInternetworkingMultiplication signProjective planeSet (mathematics)Degree (graph theory)XMLComputer animationLecture/Conference
03:46
FreewareExpressionRight angleInformation privacyStandard deviationOrder (biology)Price indexMedical imagingSoftware frameworkTraffic reportingSet (mathematics)Quicksort2 (number)Computer animationLecture/Conference
05:46
InternetworkingDifferent (Kate Ryan album)Web 2.0Information privacyRight angleWage labourSimilarity (geometry)ExpressionStandard deviationComputer animationLecture/Conference
06:24
Right angleBitQuicksortExpressionProjective planeInformation privacyPattern recognition
06:54
Revision controlObservational studyTraffic reportingSoftware developerCellular automatonInformation technology consultingDimensional analysisQuicksortMultiplication signLimit setCASE <Informatik>Group actionRight angleCivil engineeringArithmetic meanBitFeedbackLecture/Conference
08:33
Proper mapTraffic reportingRight angleIntegrated development environmentCategory of being1 (number)Slide rule
09:10
Natural numberRight angleDecision theoryConstructor (object-oriented programming)Information privacyTerm (mathematics)Product (business)Address spaceWeb serviceAxiom of choiceContent (media)ExpressionLecture/Conference
10:00
QuicksortInformation securityTraffic reporting
10:31
Group actionStandard deviationRight angleKey (cryptography)Range (statistics)Different (Kate Ryan album)Endliche ModelltheoriePoint (geometry)GradientLecture/Conference
11:38
Web serviceProduct (business)Zyklische GruppeCivil engineeringDecision theoryFreewareDependent and independent variablesRight angleGroup actionContent (media)ExpressionWhiteboardOpen sourceTheory of relativityAxiom of choiceSource codeInformation privacyDesign by contractMeeting/Interview
13:03
Decision theoryNumberGroup actionExpressionInformation privacyRight angleResultantFreewarePhysical lawPoint (geometry)InformationLecture/Conference
13:38
Analytic setPhase transitionRight angleTelecommunicationGroup actionArithmetic meanInternetworkingLecture/Conference
14:10
Price indexDecision theoryGroup actionResultantDatabaseFront and back endsInformation technology consultingQuicksortSoftwareElectronic program guideWorkstation <Musikinstrument>
15:11
Presentation of a groupSign (mathematics)Moment (mathematics)DigitizingWeightRight angleSubject indexingEmailError messageResultantWebsiteTraffic reportingVideo gamePattern recognitionLecture/Conference
16:25
Ocean currentTerm (mathematics)Default (computer science)Information privacyIndependence (probability theory)Lecture/Conference
16:53
Centralizer and normalizerSelf-organizationOrder (biology)Proof theoryPosition operatorDefault (computer science)Point (geometry)GoogolState of matterComputer animation
17:44
Element (mathematics)Price indexDifferent (Kate Ryan album)Information privacyConsistencyOperator (mathematics)Reading (process)WordMeeting/Interview
19:06
Projective planeRight angleTerm (mathematics)MathematicsSpeech synthesisInformation privacyBit rateLecture/Conference
20:06
Semiconductor memoryIntegrated development environmentPrice indexRight angleTerm (mathematics)Key (cryptography)MathematicsDifferent (Kate Ryan album)Data structureWeb service2 (number)Motion captureQuicksortInformation privacyMultilaterationLecture/ConferenceMeeting/Interview
21:28
Integrated development environmentArithmetic meanFrequencyExtension (kinesiology)Lecture/Conference
22:38
Integrated development environmentTraffic reportingResultantSocial classMathematicsPhysical lawRight angleOptical disc driveWeb serviceMeeting/Interview
23:50
Different (Kate Ryan album)Lecture/ConferenceMeeting/Interview
24:12
InferenceExtension (kinesiology)Traffic reportingWeb 2.0ExpressionSubject indexingSpacetimeQuicksortLinear regressionFreewareLecture/ConferenceComputer animation
24:45
File formatProjective planeLecture/Conference
25:08
Projective planeSet (mathematics)WebsitePresentation of a groupIndependence (probability theory)Sinc functionMeeting/Interview
25:58
Element (mathematics)Similarity (geometry)Social classAutomatic differentiationProjective planeQuicksort2 (number)Commitment schemeFacebookTwitterPoint (geometry)Lecture/Conference
26:43
Point (geometry)Multiplication signOrder (biology)QuicksortGroup actionCASE <Informatik>Commitment schemeInformation technology consulting
27:28
Lecture/ConferenceComputer animation
Transcript: English(auto-generated)
00:18
Hi, good morning everyone.
00:21
I think we're still fixing the PowerPoint slide that will appear behind me at some point, but in the meantime I want to thank you very much for coming out here. It's the third day of Republikan, I know there are a lot of very interesting things going on at the same time, so I really appreciate your choice of coming here and talking with me about this subject of how to rank technology companies on human
00:42
rights standards. Let's see if we get the PowerPoint working. In the meantime I'll just start with that PowerPoint. We just heard a presentation about corporate surveillance and really sort of digging deeper into how that works when companies collect
01:04
information about users. Okay, close enough. That's totally fine, thanks. So corporations play an increasingly important role in our daily lives, but
01:21
first before I go into that I just want to introduce myself. My name is Alon Barr and I work on this project, ranking digital rights, and I'm also a visiting fellow with the Stiftung Neufransfotung here in Berlin. So, technology companies. So in this slide that I created the companies were kind
01:41
of dispersed all over the screen with more names and more letters, so the selection that you see here is not representative of what we're looking at but it's just some sort of impressions of the kind of companies that exist out there that influence our lives in some way, right? Nowadays more and more we use some sort of corporate structure when we email, we have
02:03
an email provider, we have an internet provider, we have a cell phone that was built by a manufacturer, we use a social network, and this just means that a lot of these communications that we're using are controlled to a large degree by companies. So while companies have this increasing role and have enabled so
02:27
much of what we want to do in our daily lives, they are also making choices that actually have an impact on our rights to privacy and rights to free expression which are both very important to recognize international human
02:42
rights. So these companies make choices for example about when governments put pressure on them and this happens more and more to hand over user data or when governments ask them to take down certain content or for example when they set up privacy policies, what do these policies consist of? Do they
03:03
collect user data themselves or do they not? What kind of security practices do they have in place? What kind of content do they permit or do they not permit? So all these choices that companies make have an impact on our human rights. This link between companies and human rights has gained
03:22
more problems over the last few decades with regards to labor rights or with regards to sustainability issues and the United Nations has formulated guiding principles over the last few years to sort of explain what governments should do so that the businesses in their country protect the rights of their citizens and what businesses should be doing and on such
03:44
frameworks we have built our ranking digital rights methodology. I'll get to that in a second. So while we recognize that the policies and practices of technology companies impact privacy and freedom of expression, there's a but. We
04:07
often don't really know what those policies and practices are so we know that it's important that they do the right thing but we don't really know if they are doing the right thing and that's where we're trying to come in with our ranking. So ranking this right is not going to solve all the big
04:25
problems of freedom of expression, privacy for everyone in the world but we do think that we can make a step forward and that our ranking can help with that. To that end we're doing two main things. One is we're setting standards
04:42
with our methodology, with our indicators, with the criteria that we're using. We are setting a bar that companies should meet in order to respect the rights of their users. So we're very clearly explaining to companies what the best practices are that they should be doing if they want
05:01
to respect the rights of the users. The second thing that we do is now that we've set those standards in place and those standards they are built on widely respected human rights frameworks, on international human rights, on the guiding principles that I mentioned before. While we have those standards in place we are researching what companies are actually
05:22
doing compared to those standards. So we're measuring companies' performance on those specific standards. Now we are not the first kind of ranking out there. There are all sorts of rankings in the world. For example, even in this ecosystem of human rights and Internet, human
05:40
rights and technology, there are country rankings. Freedom House is doing a Freedom on the Net report that looks at a lot of countries in the world and says which one is more free and less free when it's concerning Internet freedom. The World Wide Web Foundation is doing something similar called the Web Index, looking at a few different kind of aspects. And there are also company rankings that
06:01
look at other issues. For example, as I mentioned before, labor standards, sustainability, access to medicine, such rankings exist. But what we don't have, and that is why we're talking here today, what we don't have is a ranking that looks at globally operating technology companies and how they protect and how they respect
06:21
the rights to freedom of expression, privacy of their users. I want to explain a little bit about the background of how this project came about and what we are trying to do. So Ranking Digital Rights is focused on the globally operating technology companies, focusing on two specific human rights that are most relevant for technology companies, namely the rights to
06:42
freedom of expression and the right to privacy. The project started in 2013, which means that we've been on our way for almost two and a half years now to develop the right sort of questions, the right criteria that we should be asking companies when we want to find out what they're doing to respect their users' rights. And we've done case study research
07:03
with a couple of dozen researchers around the world. We've had methodology development, methodology revisions throughout this time. We've had stakeholder consultations, meaning talking to a lot of civil society groups, talking to companies, talking to academics, and learning what the best way is and the most meaningful way to measure a company's
07:21
performance. We've also conducted a pilot study, I'll tell you a little bit more about that later, in the last few months, where we looked at a limited set of companies and to see how does our methodology actually work in practice. And what is important to us is to be transparent in our approach. So on our website, rankingdigitalrights.org,
07:42
you can see all our versions of our methodology. You can find reports about how we came to the steps that we are now, to the status where we are now, to sort of give insight into why this approach that we're taking now seems to be the best approach. And of course, we are very open to any feedback that you may have in this
08:01
regard. The pilot that I mentioned, we looked at 12 companies, and since it was a very experimental pilot, we did not disclose the company names. It is not a public pilot. But we did release a report to give you insight into what we found out. So without company names, we can see, well, company A did this, company B did that,
08:22
et cetera. And what is very noticeable that if you look at all these companies, and you can reach a total score of 100, the best performing company only reaches a score of 65. And I think the second best reaches a score of 48 or something like that. So it just goes
08:40
to show that even though there may be other reasons that companies have not performed well, there may be some regulatory environments that they have to deal with, but all companies, even the best performing ones, have a long way to go to respect the rights of the users properly. Our website, rankingdigitalrights.org, has a report about a pilot, so feel free to have a look
09:00
there. To give you some insight into the kind of things that we're looking at, the criteria that we're including in our ranking, I've listed some of those here, just some of the topics that we're reviewing. So one is human rights impact assessment. Does the company do due diligence when they make their choices, when they choose to go into a new market which may
09:23
have an authoritarian regime operating? Do they consider the impact that their products can have on the privacy or freedom of expression of their users? So that kind of impact assessment. We look at how companies construct and communicate to the users their terms of service and their privacy policies. We look
09:41
at what paths to remedy companies offer, because if your privacy is being violated or your content is being taken down and you don't feel happy about how the company handled that, you want to find some way to complain or to ask for address or to say hey what's going on, I'm not sure you made the right decision here. And quite often companies don't have such
10:03
remedies in place. So that's something that we're looking at. We're looking at the sort of traditional transparency reporting kind of things like disclosure about requests from governments to handle user data. Do companies publish that? How do they publish that? What detail do they publish about? We're asking about
10:21
what data they collect, with whom they share it, what kind of security practices they have. So these are the sort of things that we're trying to understand when we create our ranking of technology companies. There are a wide range of stakeholders that we believe could use this ranking. And I think
10:42
Republica has a lot of people from different stakeholder groups present, so I'm very happy to see you all here because I think that this ranking might also benefit you in one way or another. First and foremost, we hope that this ranking benefits companies. Companies ultimately are the end goal of a ranking. We want them to improve their policies and practices.
11:04
By doing our ranking, we are offering them insight into how they are faring compared to their peers, into how they are faring on these standards that are based on recognizing national human rights provisions. And we're offering them very concrete, measurable steps to understand what they could
11:23
be doing to do better. So it's not like, well, you've done poorly, you've done great. For every company, there will be something that they will be able to learn. Actually, this is something that I could do better on. And to do better, I should do this. So companies are a key stakeholder group for us.
11:41
Civil society, another very important stakeholder group. More and more civil society groups are doing campaigning on privacy free expression issues, especially in relation to what companies are doing. By offering them our data, our research, and all of this is available, open source, what we produce.
12:02
By offering them that data, we hope that they will be able to do their campaigning in a more effective way. So if they want to do advocacy on company policies, that they have a better insight into what those company policies actually consist of. Investors, another important group. There are more and more socially responsible investors that take human rights issues into consideration
12:22
when they make investment decisions. And CEOs and boards tend to listen more to investors than to some other groups that talk to them. So by offering them, investors, this raw data, we hope that we'll be able to inform their investment decisions. Obviously, users are also very important.
12:43
When you choose a product or service, and I assume this goes for all of you in this audience, you want to know most of what you can expect from a company. So for users making such a choice, we want to inform them about how the company that they might start a contract with, that they might join a service for,
13:01
that they might buy a product from, how they generally protect, respect the right to freedom of expression and privacy. Last group that I point out is policy makers. When governments are making laws, they need to know best they can what is actually happening, what business practices are.
13:20
So we want to inform their decision making as well. This year we're going to do our first public ranking. So this year, at the end of this year, we'll have a result that says this is number one, this is number two, et cetera, et cetera. Our ranking is going to be based on publicly available information, so mainly that means what companies disclose.
13:40
We're working closely with an investment research firm called Sustainalytics, which is very experienced in doing research into company policies and practice. This year, 2015, we are likely to rank 16 companies, meaning eight internet companies and eight telecommunication companies. So for this first phase of our ranking, we're focusing exclusively on those two groups of the ICT, right?
14:03
So, is that in telecommunication companies? We'll announce what companies they are early June, when we start our research. Next year, and this is intended to be an annual ranking, we hope to tag on to that another group of companies within the ICT sector, namely device manufacturers,
14:21
equipment manufacturers, software producers. Just to give you some sort of insight into where we are, what we've been doing so far this year, so we've had stakeholder consultations based on our pilot results, and the stakeholder consultations have helped us a lot in making decisions
14:40
about methodology, about indicators that we have in there. So that is what we're currently working on, revising that methodology to be the most precise as possible, the most meaningful as possible, and also the best researchable as we can. We're creating a research guide, setting up a back-end database for that. Early June, we're going to start our actual research
15:02
on companies. In July, we want to share our initial results with the companies that we've included in our ranking, and the purpose for that is if we somehow made a gross error, something that we missed, then companies have a chance to inform us about that. September, October, we're going to be finalizing
15:20
our research results, analyze the data, write up the report, et cetera, and November is supposed to be the big moment we're going to launch on the first ranking digital rights ranking corporate accountability index. So that is what I wanted to share with you today in a nutshell, so thank you very much for listening.
15:42
If you are interested in what we are doing, and if you want to be kept updated, please sign up on our website, rankingdigitalrights.org, we have a mailing list, but I do want to use this opportunity to open up the floor for any questions that you may have, and also if there are things that you feel well, when you look at companies, I feel it's very important
16:01
that you look at this particular aspect or that you give more weight to this particular aspect, please feel free to speak up, this would be a good moment to do so. Thank you very much. Thanks Alan, okay, we have a question here.
16:22
Hi Alan, thank you for that presentation. This is very exciting actually with what we're doing with Indy as well, with independent technology. One question that I have, and quite possibly a concern, would be, how are you approaching the ranking in terms of what doesn't exist right now
16:42
in terms of approaches to privacy? So, private by default solutions, do they feature in the ranking, or is it looking at the current crop of corporations and taking a centralized collection of data to be the starting point, and is it based on that, or are you also considering possible future solutions
17:03
where companies don't gather this data or don't have access to it, and does that influence the ranking? Because what I'd love to see is, if we have future corporations or organizations that are based on solutions that are private by default, I would love to see those rank at the highest positions on these,
17:21
versus like a company like Google, where they start from collecting your data and then maybe implement protections. I'm not sure if I've been able to articulate that, but I'd love to hear your thoughts. Thanks very much, that's an excellent question. First of all, we do want to be as future proof as we can
17:40
in order to be able to rank consistently across years. So we want to be able to understand what companies are currently doing, but also in a way obviously encourage better practice over the coming years, and also be able to see how that compares over years. But as to go to the substance of your question about different approaches to privacy,
18:02
for us it is very important in this ranking methodology that we do not only reward companies that are transparent about what they're doing, but in as much as we can, and that, to be frank, that is quite a challenge, to do that in a methodology in a consistent way across globally operating companies.
18:21
We are trying to reward behavior that we regard as best practice. So we are trying to formulate indicators in a way that is not only do you inform users about what data you collect, with whom you share it, how you collect it, why you collect it, but we also try to include elements that says well actually, if your answer to this
18:43
is this is not relevant to us, because we do not collect any data, then that gets the highest reward. So your concern is well appreciated, and that's definitely what we are trying to get at in as much as we can. And so please stay tuned for our final methodology
19:01
when it comes out, but thank you for that. Hi, thanks a lot. It actually really does look like an exciting project. I have basically two questions. One of them is in terms of the flexibility of the ratings, because as we know, a lot of these kind of terms and uses
19:21
the way that these companies use our data in this way or another, are changing quite rapidly. So in terms of how flexible would these ratings be, how would they change according to these kind of contracts, and we will be notified when these kind of changes are gonna happen. And the second one is in terms of the two rights
19:42
that you present in freedom of speech and privacy, which are quite, I think it's challenging, because obviously these two rights are not obsolete in every place in the world. So for example, the European Union and the US are quite different in the way that they perceive these kind of rights.
20:00
So I was wondering how are you approaching that? Sure, also a very good question. So just to start with the first one, and my memory is short, so you might have to remind me of the second one later. But the first one, so we are trying to make it possible to include changing practices.
20:22
I just mentioned we want to be as future-proof as we can, and we try to be as consistent as possible over the years but we recognize that yes, company behavior does change, and the things that we right now feel are very, very important may not be as important in three years, we may have very different concerns.
20:40
Obviously, nothing of this is set in stone. The key things that we are trying to do is finding a methodology, finding indicators that are as meaningful as possible in terms of companies respecting the rights of their users. In terms of, and maybe I misunderstood, but a sub-aspect of the questions you asked about informing users of these changes,
21:01
that is actually an indicator that we have included in our methodology so far. So we ask, do companies disclose how they inform the users when they change their terms of service or their privacy policy? Do they give a timeframe before they make that change, et cetera? So we do want to include that. Then, as to your second question
21:20
about different sort of policy environments and how that affects company performance, does that capture what you're getting at? So this is one of the most challenging issues that we've encountered, meaning when we talk to companies and we say, well, we're doing this ranking and this is what we're looking at,
21:42
with some frequency, companies say, that is wonderful, but obviously, we're not the bad guys. We are bound by laws, we're bound by government policies that dictate what we can do and what we cannot do. So we recognize that such circumstances exist and we recognize that to some extent,
22:01
companies that operate in one environment, for that reason, might perform differently than companies that operate in another environment. So keeping that in mind, what we are trying to promote is for companies to be as transparent as possible in what they are actually doing.
22:22
So even when companies are operating in an environment where they cannot do very much or where they don't have as much leeway to say no to a government when they come requesting for user data, we do want them to be very clear about the policies that they have in place in responding to governments and that they disclose user data requests
22:41
that have come in in as much as they can. Ultimately, we recognize that this is not going to even out the circumstances for all companies. So we are trying to promote transparency in as much as we can and aside from that, in our narrative reporting, when we explain our ranking results to a wider audience, we will have to include some sort of narrative
23:02
that says the company in this country could have performed better if it was not held back by the legal environment in which it operates. Now if they would actually perform better or not, that is hard to predict because you can't really dissect intent but the legal environment here is holding them back.
23:22
So by that, indirectly, we are also hoping to encourage policy change, policy advocacy toward the government by the company, by others that says, well, actually, our rights could be better respected by the company if your laws would change.
23:43
Luckily, I worked out there. Hi, my question is, are you also planning to make a ranking of governments? I mean, governments of different European countries, governments also more
24:01
because the policy of the government is different and as you just said, it has a huge influence on companies. Yes, you're absolutely right. They have a very big influence on companies but there are other rankings that already do that.
24:21
So Freedom House is a ranking called Freedom on the Net, World Wide Web Foundation is a ranking called the Web Index, Reports Without Borders is doing also a review that looks a lot at freedom expression provisions and also surveillance to some extent in a lot of countries around the world. So that is not something that we will be focusing on. We are really focusing on the corporate sides
24:41
to the company behavior. Any more questions? Well, I apologize if I've missed that but did you explain or give us an hint how do you finance the whole project?
25:03
You have not missed it, I have not explained it. So thank you for that question. We are funded by different foundations. So all our funders are listed on our website so feel free to take a look and that since we're all so transparent, we do not take corporate money so obviously the independence of our ranking
25:23
is critical for its success and for its ability to thrive. So, so far we've been lucky to have been financed by a different set of mostly United States based foundations also some European based foundations that have helped us to get where we are right now and to help us start with the ranking
25:42
that we are doing for this year. Obviously, as many startup projects we are also looking for future funding so anyone who has a pile of bags somewhere in their pocket please step up and come talk to me after the presentation. But that is how we are currently funded.
26:01
One last question, here you go. Alan, I was gonna ask something similar actually as a second question but I've been seeing a trend with these sort of initiatives where like Adblock Plus for example starts off as an independent project blocking all ads and then once it gains legitimacy,
26:21
Google and Facebook can buy access and can circumvent it, right? Do you have a commitment to staying independent once you have the legitimacy you need? So is there a commitment that you have made or will make to say we will not take corporate finance that at some point once we have legitimacy
26:43
that we won't accept that at that point also? I think the commitment that we've made is that we will not take money from corporations that we would include in our ranking. So far we don't take any corporate money
27:01
and I don't foresee that changing anywhere in the near future. But in any case obviously in order for our ranking to make any sense to retain legitimacy and for that we've been talking to people all the time, we've done stakeholder consultation with many groups.
27:20
In order for us to maintain that legitimacy we will not be able to take any such corporate money. Thank you Alan.