Sarah T. Roberts and Nathalie Maréchal

It seems hard to believe that only a few years ago, asserting that private ICT companies were the “sovereigns of cyberspace,” as Rebecca MacKinnon put it in “Consent of the Networked” (2012), was a fairly new idea. Researching companies’ impact on human rights and pressuring them to amend their practices and provide greater transparencies is now a mainstay of digital rights advocacy, yet many researchers and activists struggle to apply their training and expertise in researching and lobbying governments to the private sector. At a time when network shutdowns, media manipulation, and cybersecurity are making headlines around the globe, it is more vital than ever for civil society to understand how companies make these consequential decisions, how they are implemented, what their effects are, and what kinds of advocacy efforts are most likely to have an impact.

With support from the Internet Policy Observatory, we (Sarah T. Roberts and Nathalie Maréchal) launched this research project to not only better understand how ICT companies operate vis-à-vis privacy, free expression, and other human rights issues, but also to investigate the epistemology of company research and the repertoire of company-oriented advocacy. This blog post is the second of four planned deliverables. The first was a roundtable discussion held on March 31 at RightsCon (more below); next, we plan to write a civil society-friendly white paper on company research and advocacy as well as a more formal academic paper on the topic. The rest of this blog post describes the RightsCon roundtable and sets the stage for the forthcoming white paper.

How to Listen So Companies Will Talk, And Talk So Companies Will Listen

On Friday, March 31st, eight speakers from a variety of sectors and global perspectives convened, alongside a full house of audience participants, at this year’s Brussels-based RightsCon. Participants included:

Moderated by Ranking Digital Rights’s Nathalie Maréchal, the event brought policy makers, academics and NGO leaders together to talk about their successes, as well as their difficulties, engaging in research related to ICT companies. The session was timely, as it coincided with RDR’s launch of their latest Corporate Accountability Index, covering 22 of the world’s most powerful internet, telecommunications, and mobile firms and their public, disclosed policies and commitments related to users’ freedom of expression and privacy. RDR’s 2017 report served as an excellent jumping-off place, as it is a powerful example of the kind of research that can be undertaken largely without deep corporate cooperation or access to a firm’s inner circle.

Following this baseline, each participant shared insights about his or her own research on internet and telecom firms and policy, describing how they have undertaken their work in the face of varying degrees of cooperation or blocking, and at various registers and levels, from company-specific to country- or region-specific.

Maréchal commenced discussion by asking Botero, of Fundación Karisma, for specific insights around that group’s efforts to research ISPs in Latin America. Botero highlighted the influence of the EFF’s Who Has Your Back research into government data requests on Karisma’s approach, but highlighted the need for cultural sensitivity and an adjustment in approach when working locally. She described the dangers of one size fits all policy approaches in local contexts, by reminding the audience that, while the European Union advocates for “a right to be forgotten,” many in Latin America are more compelled, due to their own history, to seek “a right to remember.” Finally, Botero was quick to point out that attempting to research companies and corporate practices often presents many hurdles that may not be present when researching government behavior. She pointed out the use of FOIA, and similar tools, to obtain government information, and noted that such tools and tactics are often useless when pursuing information held by corporate entities. This was the first point in the session where a participant made the appeal to finding point people within firms as one important strategy, and noted that such relationship building is a process that will take time.

Next up was Sarah T. Roberts, Assistant Professor in the Department of Information Studies at UCLA. Her work focuses on what she calls “commercial content moderation,” or the large-scale, industrial practice of human beings adjudicating user-generated content online. Roberts has been studying these practices, and the workers who undertake them, for seven years, with virtually no blessing or support (or even the knowledge) of the companies that her participants worked for. In response to the title of the panel, “How to talk so companies will listen,” Roberts quipped, “They won’t so I don’t.” She went on to elaborate that there can be great value in “not going through the front door,” and that while researchers may wish to employ official channels to engage with companies when doing research about them, they should “take such information [gained in this way] with a very large grain of salt,” or use it in conjunction with information gleaned by other means.

Attorney Nighat Dad then described her experiences seeking information from telecoms in Pakistan. She discussed the great difficulty she had in receiving responses from these firms, stating that, by and large, “We don’t know how to [effectively] reach them.” She also talked about the key differences in the Pakistani legal landscape, which lacks a data protection law. She described how this situation allowed international companies in the internet/telecom/mobile space to trade on a reputation of being data-responsible when “at home,” but who come to Pakistan and exploit the lack of protections there. Interestingly, Dad pointed out that she suddenly began to hear from some firms that had previously not cooperated with her requests for information after they received negative press due to research she had conducted. This was a reminder to all would-be researchers in the room that sometimes such sticks may function as well or even better than carrots.

Industry veteran Michael Samway provided interesting insider perspective on what methods work to connect with firms, based on his ten years at Yahoo and his advocacy work since, notably through the Global Network Initiative. He listed several different approaches to advocacy, to include:

  1. Naming and shaming
  2. Grassroots advocacy
  3. Press coverage
  4. Shareholder actions
  5. Regulatory advocacy.

Obviously different approaches work best at different times and when implemented by appropriate parties – you have to be a shareholder, or connected to a group of them, in order to introduce a motion or initiate a lawsuit, for example. Samway also pointed out that advocacy work is often built on relationships; long-term relationships may directly allow for members of civil society, activists and others to have a direct influence on the way firms do business (he cited RDR as an example of an organization that has employed tactics from the former list while also attending to relationship-building over the long haul).

An audience member who self-identified as an employee of a European telco not ranked by RDR echoed Samway’s call for relationship-building, and also gave a tip that those having difficulties reaching anyone within a firm might just try emailing the CEO directly – a bold move that could well pay off.

As Hong Kong-based researcher Ben Zhou described his own challenges using formal channels such as public relations representatives for firms, the familiar story of being ignored repeated itself; in his case, only one out of five firms directly contacted responded to his queries. Zhou decided to make an end-run around the individual firms themselves, approaching industry trade groups and larger associations, instead. Finally, he wasn’t afraid to use his own personal and family connections within some firms to make inroads, as well as his relationships built when he worked in the industry prior to becoming a researcher. In the case of Chinese firms that he studied, he felt that these companies’ global expansion goals were a site of vulnerability for them; many were quite keen to project a positive image and to likewise know how the world viewed them. Knowing about a firm’s self-image and goals, such as expansion plans, can all help inform researchers’ choice, and timing, of approach.

Discussion from lawyer Kelly Kim of Korea and ‘Gbenga Sesan of Nigeria again underscored how critically important it is to understand local context when doing research. In South Korea, Kim noted that there is a great corporate cultural difference between internet firms and telecom companies, in no small part due to the newer, upstart nature of the former and the entrenched, powerful role of the later. The legal requirements of specific sites are also important to know and understand. In the case of Korea, Kim described the “Smart Sheriff” child online activity monitoring app that was mandated by South Korean law, and later pulled when internet privacy and advocacy organizations (among others), pointed out security flaws and privacy concerns with the app. For Sesan, he described the difficulty his work takes on in Nigeria, where many assume that anyone representing an NGO (such as his) must be asking for money. Where his research activities were concerned, he found more success effectively rebranding his NGO as a “social enterprise,” so that preconceived notions and bad experiences related to past relationships with NGOs wouldn’t unfairly hamper his work.

Ultimately, Internet Sans Frontières’s Julie Owono noted that those in civil society may wish to change their own attitudes that can also unduly color research activities when approaching internet and telecom firms, reminding us that such firms are made up of human beings of all different stripes and persuasions, the vast majority of whom are likely interested in doing good in the world. Such goodwill should not be discounted by the enterprising researcher and can be a central part to the kind of relationship-building that Samway had advocated earlier. Samway closed with thoughts about the changing nature of how firms view issues such as user privacy and data security; the fact is that the encounters with and outputs from researchers indeed go a long way to showing firms that such concerns are not simply the niche obsessions of D.C. policy wonks but, actually, have currency in the lives of their everyday users, from whom they earn their revenue. Showing the value of such concerns can be door-opening, in and of itself.

What comes next

The RightsCon roundtable was a fruitful start to what we hope will be a sustained conversation between academics, civil society researchers, activists, funders, government officials and even companies themselves about how knowledge and insight about internet intermediares’ exercise their private governance functions can be generated, and how that knowledge and insight can be used to advance human rights, democracy, and other important values. We look forward to sharing our research with this blog’s readers over the next several months.