The Berkman Center for Internet & Society and the Open Technology Institute surveyed U.S. Internet and telecommunications companies to identify best practices and encourage standardization in transparency reporting
In 2013, Edward Snowden revealed details of the U.S. government’s classified surveillance programs, including those permitting access to Internet users’ data and the bulk collection of telephone records. In the wake of those revelations, Internet and telecommunications companies scrambled to rebuild lost trust. One approach many companies took was publishing “transparency reports,” publicly disclosing data on the number and type of government requests for user information they received. However, a diversity of approaches to reporting quickly led to a fragmentation of practices that have made it impossible to meaningfully compare metrics across companies.
A new report from the Berkman Center for Internet & Society at Harvard and the Open Technology Institute at New America (OTI) seeks to begin addressing this gap. Written by Liz Woolery, Ryan Budish ’07, and Kevin Bankston, “The Transparency Reporting Toolkit: Survey and Best Practice Memos” is a compilation of eight memos that look at the major challenges that U.S. Internet and telecommunications companies face when reporting on U.S. law enforcement and government requests for user information, and identify industry best practices for this transparency reporting. Researchers from the two organizations have spent more than two years cataloguing the diversity of transparency reporting approaches and engaging with a variety of companies and stakeholders about the goals and challenges of transparency reporting.
“For companies thinking of creating transparency reports, this hopefully will be a starting place,” said Budish, report coauthor and Berkman senior researcher. “These memos can help them anticipate the decisions they have to make, the information about requests they can track, and the approaches others are using. For companies already offering transparency reports, this will hopefully offer an opportunity to compare, improve, and innovate.”
This report is the first of three components of The Transparency Reporting Toolkit, an initiative which seeks to address this problem. The second part of the toolkit, The Template & Guide to Reporting, will be launched in draft format for a comprehensive review process at RightsCon on April 1, 2016. The final piece of the toolkit, an interactive online portal to help companies create and publish their reports using a standardized format, will be launched later this summer.
“Over the last few years, the number and variety of transparency reports has exploded,” said Budish. “The Transparency Toolkit Survey & Best Practice Memos is the most in-depth look at how U.S. companies are using transparency reports — identifying current practices and highlighting some of the most innovative and useful approaches.”
The report is available for download at https://cyber.law.harvard.edu/publications/2016/transparency_memos.
A Q&A with report co-author Ryan Budish
Ryan Budish ’07 is a Senior Researcher at the Berkman Center for Internet & Society. He has contributed policy and legal analysis to a number of Berkman projects and reports and has led several significant initiatives relating to Internet censorship, corporate transparency about government surveillance, and multistakeholder governance mechanisms.
Why did you conduct this research and what’s the goal of publishing these memos?
When we started this work, before the Snowden leaks, we saw a handful of companies releasing these reports and our question was simply, “Can we figure out how to help more companies create transparency reports? What are the obstacles within these companies to transparency reporting?” Many of the companies we talked to in those early days were not particularly excited about transparency reports.
Then the Snowden story happened, and suddenly around 50 U.S. companies have released these reports, with even more worldwide. The challenge then shifted. As we looked across these reports, we struggled to compare them. They used different definitions, different categories, different time periods, and different approaches. While the innovation and experimentation was good, it also presented a real problem for trying to understand the entire landscape of government requests for user data.
This report shows the immense diversity within transparency reporting today, and highlights some of the most helpful and innovative approaches. By putting all of these approaches side-by-side, we hope to start a conversation about how to enable greater consistency and interoperability across these reports.
Why do some companies publish transparency reports and others do not? What’s the value, and what’s the risk?
In talking to companies, we’ve learned there are a lot of reasons why companies do and do not publish transparency reports. For smaller companies, in particular, transparency reports can require a lot of time and resources that they may not have. Some companies worry that transparency reports may actually increase the number of law enforcement and surveillance requests. And some companies may find the whole process of starting a transparency report daunting. Hopefully this report, and the rest of the toolkit that will be available over the next few months, will help with that last part, by identifying the menu of options that companies can use in crafting their own reports.
There are many reasons why companies choose to publish reports. Some do it to signal a commitment to openness, others to bolster a case for changes to the law, and others in order to try to outdo competitors. Perhaps the most surprising benefit that we learned about in the course of this research was that many companies found that the process of creating a transparency report required them to make valuable investments and improvements in how they handled government requests.
Should an ordinary person care about transparency reports? If so, why?
Ordinary people should care about what transparency reports say about the relationship between the companies with their data and their governments. The Apple-FBI debate was just one example of the government seeking customer data from a company; these transparency reports show us just how often those kind of requests for user data happen. It would be nice if intelligence agencies and law enforcement agencies at the federal, state, and local levels would make this data available themselves. But they don’t. Because of that, transparency reports are the only way that we can learn about the scale and scope of government requests for user data from U.S. companies.