The world’s top tech companies are failing when it comes to privacy and freedom of expression, according to the most comprehensive assessment to date of their user agreement policies.
Tech firms including US giants Facebook, Google and Microsoft, Europe’s top mobile companies Vodafone and Orange, China’s Tencent, and South Korea’s Daum Kakao (which makes the 140 million-user-strong KakaoTalk) were among the public companies surveyed in an ongoing project called Ranking Digital Rights.
All of the firms failed to offer their users basic disclosures about privacy and censorship, according to the survey, which was conducted by the New America Foundation thinktank. One didn’t even provide user agreements in the proper language.
“There are no ‘winners’,” said the group in its executive summary. “Even companies in the lead are falling short.”
Given a percentage grade on privacy, freedom of expression and their commitment to those value based on an exhaustive analysis of their user agreements, no single company scored an aggregate grade above 65%. “On the one hand, it’s not like nobody’s trying at all, but the best-scoring company got a D,” said Rebecca MacKinnon, who runs the ranking project.
The low scores, each out of a possible 100%, highlight serious deficits at a time when data breaches frequently attributed to carelessness affect entities from married dating site Ashley Madison to CIA director John Brennan. They also illustrate how little control users have over the posts and videos they create on tech companies’ platforms.
Google was the highest scorer on the index of 16 publicly traded companies – eight web-based firms and eight telecoms – with 65%. The lowest was Mail.ru, the Russian email service often used to create spam accounts, which had a score of 13%.
While users need tech companies, said MacKinnon, tech companies need users as well. She hopes the database will offer people across the globe a new ability to make informed choices about exactly how their data is being used. And the companies will be pressed to do more, if the findings are any indication:
- Only six companies of the 16 surveyed scored at least 50% in the poll.
- Seven companies – nearly half – scored less than 22%, demonstrating “a serious deficit of respect for users’ freedom of expression and privacy”, the report found.
- Tech firms universally failed to disclose internal censorship. If Google decides to edit or remove someone’s content, the report found, it does not feel the need to publicly disclose either that it has done so or why.
- When it came to whether web-based companies allowed encryption of private content and control access, the average score across all eight was 6%.
- Transparency varies wildly within a single company: Facebook owns WhatsApp and Instagram, but disclosures at its flagship product and Instagram were far better than those at WhatsApp, which sometimes did not even publish privacy agreements in the correct language.
- While local laws block companies from disclosing national security-related government requests in some countries, in every case the survey identified ways that the companies could improve their standing even without changes to extant laws.
- Despite the revelations about their cooperation with the National Security Agency (NSA), US companies were far from the worst offenders. European companies, notably Orange, had serious cooperation issues as well.
“The picture is quite remedial,” said MacKinnon. “Part of the problem is that this is a new world with the internet, and we are so dependent on these companies that we really need them to get it right. And they have a lot of work to do.”
MacKinnon said clarity for users was vital and a lack of it could have serious consequences.
“About a year and a half ago, Syrian opposition groups started getting locked out of Facebook and having photos taken down because they were ‘against terms of service’,” she said. “There was no clarity about why or how those terms of service are being enforced. And a lot of activists that depend on Facebook feel like the opacity, given how dependent people are on the platform, is not socially responsible.”
“Users are left in the dark about many company practices affecting freedom of expression and privacy,” wrote the researchers. “Disclosure about collection, use, sharing and retention of user information is poor.
Staff attorney Nate Cardozo of the Electronic Frontier Foundation said that despite the trend toward better privacy standards in the wake of revelations about domestic spying, tech companies liked to keep things unclear, even at companies that pride themselves on free speech and privacy. “It would be very difficult for the policy people and the lawyers within Twitter to make a business case for handicapping itself in the terms of service,” Cardozo said. “The business people say ‘Hey, this is great, we can make the choice on case by case basis.’”
Overall, the group determined that while disclosures were becoming more common – including deep reports on government requests for data – they were often couched in terms that only regulators could understand. Rarely do users have any recourse when their data was censored or disclosed without their consent, the group said.
No one reads those interminable terms of service agreements onInstagram, WhatsApp and their like. But they could make the difference between life and death, according to Rebecca MacKinnon.
“It may be about whether you get tortured for what you wrote on Facebook or not, or whether you get tried based on some of the stuff you had in your text messages or something you uploaded. They’re worth a lot to human beings,” said MacKinnon, the leader of a new project that hopes to show people just what they are signing away when they blindly click “agree”.