Add to Watchlist

Ranking Digital Rights

0 views

Citation of segment
Embed Code
Purchasing a DVD Cite video

Automated Media Analysis

Beta
Recognized Entities
Speech transcript
and the if you want to hear it and the and
the types but due that object to the hello has today we're going
to be talking of the ranking Digital Rights project ends the findings of the 2017 corporate accountability
index i which ranks 22 Internet and telecommunications companies on their respect for freedom of expression and privacy I'm these agreements and program Manager of ranking degenerates and I'm also a visiting researcher here in Berlin at the Humboldt Institute Internet and position shaft the Hague and I'll on all men policy
and communications analyst with ranking digital rights and I'm also a fellow at the Center on Media data and society at Central
European University in Budapest cases so just to give you an overview of what we're going to cover
today our kinetic about the background of the rank Detroit's project and then talk about the methodology and process and what goes into building and of an
index like this and then we're going to talk about the findings of the 2017 index in uh the categories of governance freedom of expression and privacy and to close so we
will give recommendations for companies and recommendations for governments and then will open up for questions and you can also treat questions
that you have with the hashtag ranking right and also visit the website of making digital rights . org slash index 2017 as we go along and you will this will become clear as fairly soon but we will not be able to
cover nearly even a quarter of the data that is part of this index the we want to give a few introductory findings on such a system background to how the project came about on ranking
digital rights founder Rebecca MacKinnon wrote the book called consent of the network and it looked at this question of how can we structure technology in a way that promotes the rights and liberties of all Internet users and 1 of the key issues that she looked at in this book was the growing role that Internet and telecommunications companies play in our daily lives and the impact they have on our digital rights but unlike Governments where we have methods of accountability like collecting officials and there are more clear accountability mechanisms on there is lingering question of how can we hold of companies accountable on how can we as medicines and Internet users make sure that they're respecting our digital rights and so additionally on the UN power plots the Guiding Principles on Business and Human Rights which state that government governments have a responsibility to protect human rights but that companies and businesses in the private sector also have a responsibility to respect human rights and so an organization called the Global Network Initiative at the GNI was formed to implement these principles and
apply them to ICT companies and so companies can join the GNI and commit to uphold a certain level of standards on freedom of expression and privacy issues on and even with all these efforts there is still a gap fell and so the GNI is a voluntary organization what about the companies that don't choose to join or what about issues that the GNI perhaps doesn't are get to you aren't we also
know that rankings work as a mechanism to encourage company improvement when you compare a company to its competitor and show where there may be falling short on it it is a really important incentive on to changing that behavior and we've seen that with companies in other sectors already on so that was sort of a lot of the a background into how the project came about in 2013 OK and in the same vein I'm just as sustainable business practices have become a mainstream expectation in the environment from 1 of the
overarching goals of ranking to rights and we've heard this echoed in other spaces including the uh Mozilla Internet health reports that we really want to mainstream this idea where this expectation of Internet and telecommunications companies that are digital rights will be respected ends uh in order to provide for a sustainable digital environment I am and here is of the map of companies that we
evaluated our we this is a global index we didn't want to uh to be read in enlarged European focus American focused with and we know that the blue is where companies are headquartered but does not encompass the reach so and for example we all know that's the reach of Facebook and Google and Microsoft is worldwide and then we also wanted to get companies that were used more widely in other areas of that for example long and I had never interacted with before doing the research like cacao in South Korea or 10 cent invite you in in China alone and so we look at
3 categories of indicators and the 1st is governance and so we look at other companies to disclose a
commitment at the corporate level to respect freedom of expression and privacy so for example we look for companies to disclose that they conduct human rights impact assessments to determine the ways in which their services may infringe upon user rights and to mitigate those on so for example before launching a news service or before entering a new market that might have a negative human rights record on but also in in their day-to-day application using existing services are they understanding the risks to human rights of the users on that the services may presented and an odd in mitigating those on and surreal notice that the
GNI our companies and on that telco telecommunications industry dialog are which has recently merged with the GNI by which previously was the only telecommunications companies on organization on they tended to do better in this category than the other companies because part of that membership requires them to have this sort of corporate commitment and so the next category that we look
at is freedom of expression and we look at a wide range of issues and less on so for example on Terms of Service enforcement each company has their own rules for what content is and isn't allowed on the platforms and a lot of the times when they're enforcing these Terms of Service it's really unclear how the standards are being applied and are in we don't have very much information about the volume or nature of content that they're removing for violating the terms of service and we also look at if they require users to provide a
government-issued ID or information that would tie a user to his or her offline identity on and if they do then they are docked points on because users cannot be fully anonymous on their platforms and so finally the 3rd category that we look at is privacy
are we look for companies are for example to disclose how they are collecting using sharing and retaining user
data we look for information about how they respond to government and other 3rd party requests for user data and for them to publish things like transparency reports that have the number of those requests they receive from law enforcement and the number with which they comply action go a bit deeper into the specific privacy indicators and the results of the companies on and soon and but before then um we wanna talk
a little bit about process and what goes into making an index of of of this nature of the scale and so firstly to be clear we look at publicly available documents I'm and disclosures
um and we work with a team of international researchers based in over 19 countries around the world and this is mostly for that language purposes of for example neither of on or I speak Korean and this and that in those environments he needs that's that knowledge and also as they have the contextual knowledge so in the same vein we haven't used those products we don't know how how they are used within society that you don't have that local knowledge of the so we have 7 steps of the research process we start with a basic primary research of each researcher gets a company and goes to all 35 indicators in all 3 categories of them and then we do a secondary review so as different researcher looks at that same company and goes through its use if there's any if they I disagree with the judgment of the 1st researcher
or any of the forces your missed a piece of disclosure I'm and then we do an internal step 3 as we do an internal of review and reconciliation of those 1st 2 steps and then what we find is really important as we do a horizontal review and where where up until this point we've been looking at that company by company and and at this point we take each indicator and look at them across all companies and make sure that we're judging them equally and that were not being too strict with or more stress than other companies on on an indicator or that of researcher interpreted something differently on a specific company and then we have
preliminary draft results and this is an important part of our process because we send those staff results to each of the companies and we
offer them a chance to respond to comments on in so in some cases if there was maybe a document on the website that we missed or if they've
published a a new document that's relevant that was published after we began the research then it's an opportunity for them to point us to that and and again we're only looking at publicly available documentation so if they perhaps have a really great internal policy on for encryption or 1 of the other issues we look at that would not affect the
scorer because part of R and theory of change and part of what we're looking for is improved transparency with their policies so if the public and the users don't know it what is going on on on a given issue then they don't receive credit on not on and then we decide whether or not any new information or new contexts are merits a score change and
then we conducted another horizontal review our for quality assurance and just again nature were applying uniform standards across the board and is then we have our final score which look like that I'm so this is these are the
results from our index which was released in March of this year on the far left column is the total score which is out of a hundred and then it's broken down into governance freedom of expression and privacy the Internet and mobile companies are at the top and the telecommunications companies are at the bottom and so are the highest performing company was Google is 65 per cent of what Microsoft was a few points behind it 62 per cent on an average score for all the 22 companies was around 33 per cent so by any standard that is really a failing grade and we found that there is significant room for improvement across the board and and additionally your steps that the sum of these companies could take tomorrow or in the near future without any regulatory change or a legal on change on
these are a subset the companies themselves could take on and so for example on the and what are the lower performing companies or you which is a telecommunications company based in cut are and they actually did not have any privacy
policy that was publicly available on their website on so they didn't get any points for privacy yeah the and so
some of the key findings on that we took away from the report where as I mentioned company disclosure is really inadequate across the board on every company has areas in which they can make a significant improvement on mobile ecosystems which will talk about in a bit but have the least amount of disclosure of the services we looked at so we still don't know enough about the impact of smartphones on our digital rights and freedom of information is getting short changed so the majority of the companies we looked at published more detailed information relating to privacy than they did on our policies relating to freedom of expression handling of user information is very OK so if someone were to make a
profile on me based on the different services I use and the data that I give them and the data that they share with other 3rd parties on what would that look like what would my iPhone combined with my telecommunications mobile phone carrier combined with you know Google and Facebook and whatever other platforms I use what would someone be able to tell from all the data that I'm giving them we still don't know enough to be able to really answer that question on and
finally on 1 of the other key takeaways was that security commitments lack evidence so there may be some companies that are known for having really robust security or the the strong encryption or other things like that but if they don't make the user is aware that users don't know to what extent or even if the data is being protected and how secure they really are it so to go
into a little bit of detail and we're gonna cover 3 indicators today out of the 35 so again I do
encourage I'm going to go insane finding which indicators someone most interesting to you or that you want to find out more about but but this is key 3 so the 3rd privacy indicator of
a collection of user information and so the questions that we ask when we evaluate this indicator are does the company clearly disclose what types of user information it collects for each type of user information the company collects does a clearly disclose how it collects the information and does the company to
clearly disclose that limits the collection of user information to what is directly relevant and necessary to accomplish the purpose of a service is it not
collecting superfluous information from and this is an interesting indicator in any case cow was the South Korean company actually best of of the internet companies and a lot of the arguments you would expect when evaluating corporations on this basis and also the during the average score of 33 per cent is that our expectations are too high and that it's not achievable what we're asking more expecting of them but the fact that cacao was able to get 90 89 per cent some on this indicator and Google could only get 60 % an Apple Fellow at 29 person as of those worst scoring um in this indicator is kind of telling about what's possible and what choices these companies are making on disclosure of this 4th privacy indicator sharing of user information and so again similarly and those of a row of these so it goes from collection to sharing to
retention and actually see there that the whole average score a kind of go down as you get deeper into
into other questions but so does the company clearly this goes with it shares user information just as a basis does the company disclose which types of 3rd parties it shows information and but so what's interesting and we have seen done is does it disclose the names of all the 3rd parties with which it shares user information and so on and so 1 of the new indicators
that we looked at in this year's index was company policies for responding to data breaches i it seems like every other week in the news there's another high-profile data breach of a given
service that impacts a lot of users on a very personal level and so that's 1 of the reasons it was really surprising and and also concerning that actually have the 22 companies we look back there were only 3 they actually all telecommunications companies are Telefonica
18 t and Vodaphone were the only 3 out of all 22 companies to disclose information about the processes for responding to data breaches so usually in after a data breach a company may put out a press release or a blog poster will speak to to the media or will maybe e-mail users that were affected on but this is different than a comprehensive policy that expresses a commitment to always respond come in a certain way on ended and so we look for companies to disclose that they'll notify the relevant authorities without delay the bill notify data subjects who may have been affected and we look for them to disclose ways that they will try to mitigate the impact of the breach and so it's also important to note that a lot of these
companies are operating in countries that do have laws governing response to data breaches so they may be legally of thought are required to notify authorities were users and all this doesn't mean that they're not doing that on but it means that they're not disclosing to users that this is what they do and users shouldn't need to be experts in data breach response law our data protection law of a given country to know you know if they're secure in their data and to have that sense of security and so on I
1 of the other new areas we looked at this year was mobile ecosystems answer so by that we mean the combination of the device the operating system
of your smartphone your user profile and the App Store are where you download your act so for Apple that would be your iPhone your Apple ID I O S and Apple App Store and we found that all 3 companies we looked at Apple Google and trade and the
Samsung implementation of Android all 3 failed to disclose on sufficient policies on held a sufficiently disclose policies affecting users freedom of expression and privacy rights so Google as you can see from this graph outperforms both Apple on the left and Samsung on the right in all 3 categories on but really over all this is the category we soloists disclosure on and we also found that app stores are points for freedom of expression so an app
company with an app store might receive a request from government on so the Chinese government requests for Apple to remove the New York Times Apr from its App Store for users in China and we want to know you know what is Apple's response corresponding to this request how many of these types of opacity received how many did they comply with and we still don't have enough information about that process on and additionally appstores don't provide clear disclosure about whether they enforce their
privacy policy rules for app developers so any app developer making an app that collects user information should have a privacy policy for how they treat that information and additionally source should
provide evidence that they're removing apps that don't have sufficient privacy policies and that's another thing that we haven't seen yet and so and of the other really interesting things from this year's report was for the 1st time we looked
at 2 Russian companies and to Chinese companies and so for China we looked at by do and 10 cents and the Russia we looked at me and mailed out are you and on this really allowed us to examine if there are areas in which these companies do you have room to increase their disclosure so obviously these are very restrictive legal
environments for both freedom of expression and our privacy issues on but we found that by looking at the gaps in scores between the 2 Chinese companies and the 2 Russian companies it showed that they actually do you have some degree of flexibility on certain issues to decide how much information to disclose and what their policies are so for example yandex ended up
outperforming mailed out are you on several security indicators which would mean that despite the restrictive legal environment Mail . ru could still improve its disclosure the
case element and then the other from this whole study we have some general recommendations that we can offer to companies so I'm from our findings we
recommend that companies carry out risk assessments for freedom of expression and privacy and show evidence that the company has
institutionalized commitments on the transparent and accountable not only about government request but also private requests and Terms of Service enforcement so this is about transparency reporting and communicate clearly about what happens to users information we saw already in the 2 indicated the 3 indicators that we covered that there's a lot that could be done and there's a lot that's not being done and we really don't have enough information about the data that was collected and establish effective grievance and remedy mechanism so when someone's digital rights are violated there is a mechanism in which that they can report this and communicate with the company and if damages
done that there is a remedy mechanism in place I'm and provide evidence of strong security practices so
this is even if companies have really strong security practices they should disclose that information additionally
and so we also provide recommendations for Governments aren't to promote committee transparency and to remove legal restrictions that may be preventing companies from disclosing more about what they're doing with user information so we I believe that laws and regulations must at least enable if not require companies to respect user rights on also maximize transparency from companies about things like content restrictions and requests are were sharing user data with 3rd parties and governments themselves to be accountable and transparent about requests they make on companies both restrict content are and also for user information so that's that so we
have a we have a little bit of time for questions but again would really encourage you to review our full report we can find more information about the issues recovered and all the other indicators that thinking a right that words flash index 2017 thank thank
you
few minutes for questions we have if you have a question resumed now is the time yeah no you no 1 and OK so thanks for coming to stay if you want to play again of whether you want you don't punish by the thank you very much here to
the if my weight room
Computer animation
Meeting/Interview
Line (geometry)
Digital media
Projective plane
Right angle
Regular expression
Object (grammar)
Ranking
Data type
Digitizing
Information privacy
Computer programming
Digital media
Expression
Information privacy
Subject indexing
Digital rights management
Centralizer and normalizer
Meeting/Interview
Internetworking
Telecommunication
Right angle
Ranking
Devolution (biology)
Digitizing
Position operator
Subject indexing
Category of being
Process (computing)
Computer animation
Meeting/Interview
Personal digital assistant
Projective plane
Expression
Ranking
Information privacy
Subject indexing
Computer animation
Website
Right angle
Ranking
Electronic program guide
Auto mechanic
Mereology
Power (physics)
Telecommunication
Meeting/Interview
Internetworking
Computer network
Software
Ranking
Physical system
Covering space
Projective plane
Plot (narrative)
Mechanism design
Subject indexing
Internetworking
Computer animation
Telecommunication
Computer network
Self-organization
Dependent and independent variables
Right angle
Ranking
Digitizing
Data structure
Standard deviation
Expression
Projective plane
Auto mechanic
Information privacy
Expected value
Mechanism design
Internetworking
Computer animation
Integrated development environment
Telecommunication
Computer network
Software
Energy level
Self-organization
Ranking
Ranking
Quicksort
Data structure
Area
Focus (optics)
Spacetime
Mapping
Digital signal
Expected value
Subject indexing
Facebook
Computer animation
Integrated development environment
Internetworking
Telecommunication
Order (biology)
Right angle
Traffic reporting
Expression
Cartesian coordinate system
Information privacy
Information privacy
Subject indexing
Category of being
Web service
Computer animation
Commitment scheme
Negative number
Energy level
Right angle
Commitment scheme
Implementation
Digital rights management
Row (database)
Address space
Multiplication sign
Range (statistics)
Mereology
Rule of inference
Content (media)
Web service
Natural number
Term (mathematics)
Computer network
Ranking
Commitment scheme
Regular expression
Implementation
Digital rights management
Computing platform
Standard deviation
Information
Element (mathematics)
Expression
Volume (thermodynamics)
Term (mathematics)
Information privacy
Category of being
Content (media)
Computer animation
Commitment scheme
Web service
Mathematics
Telecommunication
Netzwerkverwaltung
Self-organization
Quicksort
Identity management
Address space
Point (geometry)
Category of being
Computer animation
Information
Shared memory
Information privacy
Identical particles
Computing platform
Group action
Scaling (geometry)
Process (computing)
Information
3 (number)
Bit
Information privacy
Number
Subject indexing
Latent heat
Computer animation
Natural number
Traffic reporting
Resultant
Point (geometry)
Category of being
Subject indexing
Process (computing)
Product (category theory)
Computer animation
Integrated development environment
Meeting/Interview
Stress (mechanics)
Forcing (mathematics)
Coma Berenices
Formal language
Process (computing)
Computer animation
Personal digital assistant
Feedback
Encryption
Website
Staff (military)
Process (computing)
Mereology
Resultant
Context awareness
Standard deviation
Mathematics
Computer animation
Information
Natural number
Whiteboard
Mereology
Theory
Mobile Web
Point (geometry)
Standard deviation
Greatest element
Gradient
Expression
Information privacy
Subset
Subject indexing
Summation
Mathematics
Internetworking
Computer animation
Internetworking
Telecommunication
Subject indexing
Film editing
Resultant
Point (geometry)
Mobile Web
Area
Email
Information
Expression
Bit
Weight
Digital signal
Information privacy
Web service
Internetworking
Facebook
Computer animation
Whiteboard
Subject indexing
Ranking
Smartphone
Right angle
Information
Whiteboard
Digitizing
Traffic reporting
Facebook
Web service
User profile
Computer animation
Telecommunication
Charge carrier
Computing platform
Bit
Digital signal
Limit (category theory)
Subject indexing
Type theory
Computer animation
Commitment scheme
Whiteboard
Web service
Sheaf (mathematics)
Encryption
Ranking
Information
Extension (kinesiology)
Information security
Subject indexing
Information
3 (number)
Information
Information privacy
Data type
Axiom of choice
Information
Shared memory
Basis (linear algebra)
Limit (category theory)
Parameter (computer programming)
Information privacy
Expected value
Subject indexing
4 (number)
Web service
Type theory
Computer animation
Computer cluster
Personal digital assistant
Internetworking
Web service
Information
Row (database)
Subject indexing
Type theory
Computer animation
Information
Meeting/Interview
Basis (linear algebra)
Information
Data type
Subject indexing
Web service
Computer animation
Telecommunication
Energy level
Process (computing)
Address space
Process (computing)
Digital media
Information
Physical law
Expert system
Information privacy
Arithmetic mean
Computer animation
Commitment scheme
Blog
Authorization
Dependent and independent variables
Process (computing)
Information security
Address space
Area
User profile
Mobile app
Computer animation
Data storage device
Operating system
Combinational logic
Smartphone
Information privacy
Point (geometry)
Android (robot)
Mobile app
Implementation
Graph (mathematics)
Information
Software developer
Expression
Information privacy
Information privacy
Category of being
Computer animation
Data storage device
Dependent and independent variables
Right angle
Energy level
Data type
Mobile app
Computer animation
Information
Software developer
Software developer
Multiplication sign
Source code
Energy level
Information privacy
Rule of inference
Traffic reporting
Information privacy
Area
Degree (graph theory)
Computer animation
Information
Integrated development environment
Expression
Information privacy
Flow separation
Subject indexing
Email
Computer animation
Integrated development environment
Observational study
Personal digital assistant
Element (mathematics)
Information security
Information
Expression
Internet service provider
Auto mechanic
Sound effect
Term (mathematics)
Information privacy
Information privacy
Subject indexing
Carry (arithmetic)
Computer animation
Commitment scheme
Web service
Right angle
Information
Information security
Digitizing
Traffic reporting
Information
Regulator gene
Physical law
Auto mechanic
3 (number)
Maxima and minima
Maxima and minima
Content (media)
Content (media)
Computer animation
Internet service provider
Right angle
Information
Information security
Speech synthesis
Subject indexing
Word
Computer animation
Information
Multiplication sign
Right angle
Bit
Traffic reporting
Computer animation
Meeting/Interview
Multiplication sign
Weight

Metadata

Formal Metadata

Title Ranking Digital Rights
Subtitle Internet and Telco companies’ respect for Privacy and Freedom of Expression
Alternative Title RDR 2017 Findings: Internet and Telco companies’ respect for Privacy and Freedom of Expression
Title of Series re:publica 2017
Author Gutermuth, Lisa
Ullman, Ilana
License CC Attribution - ShareAlike 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
DOI 10.5446/33129
Publisher re:publica
Release Date 2017
Language English

Content Metadata

Subject Area Information technology
Abstract Ranking Digital Rights (RDR) recently launched its second annual Corporate Accountability Index in March 2017, which evaluates 22 internet, mobile, and telecommunications companies on commitments, policies and practices affecting users’ freedom of expression and privacy. We will take this opportunity to present the findings to the Re:publica community and discuss actions that companies, activists, researchers, investors, and end-users can take for improvement.

Recommendations

Loading...
Feedback
AV-Portal 3.5.0 (cb7a58240982536f976b3fae0db2d7d34ae7e46b)

Timings

  565 ms - page object