Brief substantive summary of the workshop and presentation of the main issues that were raised during the discussions
• Marc Crandall, Google
• Susan Morgan, Global Network Initiative
• Patrick Hiselius, Teliasonera
• Wendy Seltzer, World Wide Web Consortium
• Ryan Budish, Berkman Center at Harvard University
• Juliana Nolasco, Institute of Technology and Society of Rio de Janeiro
• Pranesh Prakash, Centre for Internet and Society in Bangalore
• Kevin Bankston, New America’s Open Technology Institute
Kevin Bankston from the Open Technology Institute introduced the panel and set the stage for the conversation by discussing a brief history of transparency reporting by Internet companies. Google was the first company to issue a transparency report in 2010, followed by a handful of companies (including Twitter) in the next few years. The practice really exploded after the Snowden revelations, and today several dozen major Internet and telecommunications companies have released reports. The panel discussion will cover the past, present, and future of transparency reporting—not only by companies, but also by governments—and how these reports have been a useful tool for accountability in the Internet governance space.
Marc Crandall from Google discussed how and why Google has been issuing transparency reports in the past few years. He described the ways in which the type of information Google discloses has grown and evolved over the years. Today, Google issues reports that cover six broad categories of information: (1) user data requests from government agencies, (2) government removal requests, (3) copyright removal requests, (4) traffic history patterns of services in different countries to help visualize disruptions in the free flow of information, (5) safe browsing data, including how many users see malware and phishing linked from search results as well as which networks around the world host malware sites, and (6) safer email reports which detail how much email sent between Google and external email providers is encrypted. Crandall explained that Google started issuing the reports because they believe that more transparency leads to better Internet regulation, and the data allows us to judge if existing laws are relevant or ineffective, and if they enhance or otherwise erode fundamental freedoms. Bankston added that Google’s reports have been useful in a number of political contexts, including ECPA and national security law reform, as well as changing the behavior of companies through the safer email report.
Susan Morgan offered the perspective of the Global Network Initiative, a multistakeholder initiative that brings together companies, human rights groups, investors and academics to promote best practices around the freedom of expression and privacy rights of users. As part of this mandate, GNI focuses on what companies can do when they get requests from governments and how to assess or narrow the scope of the request if needed. Morgan discussed why transparency is broadly important, and how transparency reports are a key tool that has developed in the past few years as a way for companies to communicate with users. She highlighted the importance of having informed public debate based on facts, and cited anecdotal evidence that transparency reports have been helpful for civil society in particular countries that are trying to advocate for policy changed. At the same time, Morgan emphasized that transparency reports are only part of the story, giving users a broad overview of company practices, and also argued that it’s not just about company reporting. Governments can also play a critical role in terms of transparency around their practices, legal interpretations, and oversight, and that they play a unique role in reporting the number of users affected by requests as well as setting the parameters for what companies can legally report on. Although there has been some government reporting on specific issues such as lawful interception in the UK and limited reporting in the US, there is much more to be done. Finally, Morgan discussed the emergence of transparency reporting as a best practice and GNI’s role, particularly as a member of the Freedom Online Coalition working group on privacy and transparency, which held its first meeting at the 2014 IGF.
Patrick Hiselius spoke on behalf of Teliasonera and the Telco Industry Dialogue, an initiative launched last year by nine telecom companies to promote respect for freedom and privacy in the telecommunications sector. First, he offered the viewpoint from the Industry Dialogue, which has included aspects of transparency in their guiding principles (which are available online in seven different languages) and have committed to reporting yearly on their progress toward implementing the principles. The members of the dialogue have also committed to reporting on “major events” such as network shutdowns, and as a group they have committed to compiling information on national legislation and regulation that covers this area. Hiselius pointed out that a single telecom company or operator only has a partial view on the extent of surveillance, and that they believe it is the primary role of the government to report on these practices with help from the companies. He then described the recent Teliasonera transparency report, which contains figures on Sweden and Finland as well as text on major events throughout the 20 countries in which Teliasonera operates. In January, he said that the company will add Denmark, Estonia, Nepal, Norway, and Spain to its reporting. The goal of the company, he explained, is to protect the privacy of its customers, and as such thy encourage governments to be transparent about their laws and aim to provide information and transparency about a major event when it happens. Bankston added that it’s remarkable how many telecoms have issued transparency reports after the Snowden revelations, pointing out that the recent Vodaphone report also highlights the need for good quantitative data about government requests as well as good qualitative data about the types of laws that they face.
Wendy Seltzer appeared on the panel in her capacity as the founder of the Chilling Effects Clearinghouse (https://www.chillingeffects.org/), a project of the Berkman Center for Internet and Society in collaboration with the Electronic Frontier Foundation and a number of law school clinics. She described the history of the Chilling Effects Clearinghouse, a database of online content removal requests which started in 2001, which they originally expected to mostly consist of individual self-reporting about cease-and-desist takedown notices. Very quickly, however, Chilling Effects found that that many of the requests were being sent to Internet intermediaries (search engines, blogs, and content hosts) and they started to get submissions of takedown demands in bulk from companies who received them and wanted to be transparent. Now, the database contains submissions from individuals, from companies including Google, Twitter, and the Wikimedia Foundation, and major Internet service providers. In recent years, those numbers have grown in leaps and bounds. By far, the largest number of complaints are related to copyright, in some cases with people pushing the boundaries of the law or even abusing it to stifle competition or try to take down criticism. Twitter sends Chilling Effects the requests for country-based removal of content, and there are many complaints under Turkish law in the database. This is where the effort feeds into governance, Seltzer explained, because the Internet experience is shaped not only by the law and government enforcement, but also by private enforcement and the choices of intermediaries acting under pressure from both government and private actors. Chilling Effects aims to make all of these kinds of governance more transparent and more visible to the public, to allow people to see how laws are being applied. She emphasized the particular importance in light of the recent European Court ruling on the Right to Be Forgotten.
Ryan Budish from the Berkman Center at Harvard University discussed his team’s research on transparency reports, describing some of the quantitative challenges and the difficulties of reporting numbers about government requests for information from particular individuals. The Berkman Center began studying the issue over a year ago when only Google, Twitter, and a handful of other companies were issuing transparency reports, with the goal of identifying some of the emergent best practices, particularly with regard to government requests for user data. The researchers conducted interviews with companies, asking what challenges they faced and how those issues were addressed. Budish described the ecosystem of transparency reports that has developed as more and more companies have started to release reports in the past year, highlighting that the diversity of reporting is great in terms of innovation but makes it very difficult to compare across reports. This led to further questions about identifying best practices from existing reports in order to offer a framework to make it easier for companies to release transparency reports, as well as improving consistency across both new and existing reports to increase the value overall. Through this research, they have identified benefits which include more informed policymaking, better compliance practices at many companies, and competition between some companies who see this as a differentiating factor, which has led to reports of a higher quality overall. At the same time, there are a number of challenges: the reports vary widely in terms of what they include, and they can be difficult for non-lawyers to create as well as for ordinary users to understand. What’s more, many of the reports do not give a level of granularity that helps on an international scale – some U.S. companies, for example, break down requests by country, while others lump all international requests into a single category despite rich and detailed reporting on U.S. requests.
Juliana Nolasco from the Institute for Technology and Society in Rio de Janiero described whether and how transparency has been useful in the Brazilian context. Nolasco began with the legal context, describing a breadth of laws including the Marco Civil da Internet and Brazil’s information, election, and defamation laws, highlighting how Brazil promotes transparency in some areas while also limiting how information about politics moves around the country, in both online and offline mediums. She noted that Google’s transparency report from 2012 shows how Brazil tops the list of countries regularly requesting removal of content, most of which is related to politics and defamation. Transparency reports, she argued, can provide really rich indicators about the use of the Internet and how politicians see the Internet.
Finally, Pranesh Prakash from the Center for Internet and Society in Bangalore, India, spoke as a researcher, explaining where transparency reports have been useful and what they do not show. He discussed some examples from India, including how government reporting of the number of phone taps that were happening appeared to be in direct contrast with a report from a large telecom company – highlighting the fact that company reporting can provide a useful check on the numbers being provided by the government. Prakash also discussed how the Google transparency reports show a large number of requests for takedown for government criticism, which prompted the Minister of Communications to state publicly that Google was lying and that nobody from his office had sent requests to Google. He noted that some small ISPs in India revealed the list of websites that they have been required by the Indian government to block, but the practice has not spread to larger companies yet. Finally, Prakash discussed “invisible censorship,” explaining that traditionally, the largest and most visible form of censorship is governmental censorship which can be fought and has to be acknowledged publicly when things are banned, but that this does not account for the increasingly common practice of voluntary takedowns by content providers.
A number of additional issues were raised during the question and answer session at the end of the panel. Rebecca MacKinnon, the Director of the Ranking Digital Rights project, pointed out that one gap in current transparency reporting is that it does not account for government requests for takedown that are submitted through standard forms or channels for Internet users (which are available for content that violates the terms of the service or community guidelines), asking about what can be done to encourage companies to be more transparent about private enforcement. Hiselius noted that these cases are another reason why government reporting is necessary to get the full picture and should include these types of requests. Prakash and Morgan pointed out that the IGF is a good forum to discuss standardized ways to report these things and how to develop best practices. Another member of the audience highlighted the importance for transparency around policies on the takedown of content related to violence against women, and transparency around who at the companies women can contact to get content taken down.
In response to a question about how to incentivize companies that are not huge multinational corporations but smaller, more local operators to issue transparency reports, Morgan pointed out that the role of the investor community in providing these incentives should not be underestimated. She highlighted active campaigns by groups of investors after the Snowden revelations as a positive example of the role that investors can play.
Finally, the panelists addressed the question of whether these transparency reports are actually going to change governmental approaches to content removal and censorship, particularly in emerging countries like India, Brazil, and Turkey. The key takeaway was that transparency reporting alone will not change things, but that these reports are a tool that provide the basis for accountability and for promoting broader policy changes.