Tech Companies Are Quietly Phasing Out a Major Privacy Safeguard
More and more companies are failing to issue transparency reports to tell consumers how much of their information governments have demanded.
TikTok can tell you a lot about internet culture, but the massively popular Chinese-owned social-media app doesn’t seem to know much about Hong Kong protests.
Searches for hashtags like #HongKong do surface some videos of demonstrations, but not anywhere near the volume you’d find on, say, Twitter. You might then wonder—as The Washington Post did in a September piece—whether that reflects interference by TikTok’s Beijing-based parent firm, ByteDance.
On Wednesday, The Guardian reported on leaked documentation indicating that the company did suppress certain videos, specifically about Tiananmen Square, Tibetan independence, and the banned religious group Falun Gong. ByteDance told the paper that the documents in question were no longer in use, but their existence was enough to invite further speculation.
And TikTok isn’t doing one thing that would help its users stop wondering. Unlike such older social platforms as Snapchat, Instagram, and Twitter, which post regular transparency reports documenting how often governments around the world have demanded data about its users or the removal of their posts, TikTok does not. (The company did not respond to my request for comment.)
Google pioneered the concept of the transparency report in 2010, but it took off after Edward Snowden revealed massive surveillance by the NSA, in 2013. Within the next two years, transparency reporting had spread to almost every large tech firm with a large consumer business—not just Apple, Facebook, and Microsoft, but even more politics-averse corporations such as Amazon and the largest telecom carriers.
Digital-rights advocates routinely point to transparency reports as an essential tool to hold companies accountable for defending their customers when governments ask for their information or the disappearance of their speech.
“That’s the only way we can start to shed light on what’s happening,” Gennie Gebhart, associate director of research at the Electronic Frontier Foundation, told me. The San Francisco digital-rights organization has been rating corporate transparency since 2013 in its annual “Who Has Your Back?” reports.
But these days, companies are turning away from transparency reports. Corporate transactions have shuffled tens of millions of customers to service providers who don’t practice transparency reporting, while other tech firms have quietly dropped the practice or weakened their support for it. And not a single household-name tech firm seems to have adopted this habit since early 2016.
“The momentum has faded,” says Peter Micek, general counsel with Access Now. The digital-rights advocacy group is updating its index of transparency reports, which it last posted in 2016, and this pending revision will document serious stagnation in these disclosures.
The worst rollbacks have happened when companies have merged or sold off large parts of their customer base, leaving the people involved doing business with new management that lacks the old management’s commitment to transparency.
For example, Charter Communications’ 2016 purchase of Time Warner Cable ended a roughly two-year spell of transparency for some 15 million TWC customers. Charter also erased past TWC transparency reports from its website, leaving just a reference to their existence on a TWC customer-help page. (The reports do remain readable on the Internet Archive’s copy of that page.) Charter, now doing business as Spectrum, said in a statement that it follows the law and that customers can consult its privacy policy.
Frontier Communications’ 2016 acquisition of some 2.2 million broadband accounts from Verizon had a similar effect, moving those customers from a provider that started issuing transparency reports in 2014 to one that has yet to post any. Frontier did not answer multiple emails requesting comment. (I also write for Yahoo Finance, a Verizon media property.)
Other firms needed no outside encouragement to drop transparency. Ebay, for instance, appears to have posted its last report in 2013—and like TWC’s farewell filing, this one now only exists on the Internet Archive. The company did not answer email queries.
The Internet Archive’s own last transparency report? The year 2015.
“We have not compiled the stats,” the Internet Archive founder Brewster Kahle said in an email. “Not for lack of desire, just lack of time. We hope to get back on it soon.”
Meanwhile, firms that didn’t adopt transparency reports during the post-Snowden stampede seem in no rush now. Take the biometric-security firm Clear, which sells expedited screening at airports, sports stadiums, and other venues. It has yet to produce a transparency report, and its vague privacy policy says it may provide user data “in response to requests by government agencies.” A Clear spokesman declined to speak on the record about the company’s responses to requests for customer data—mainly driver’s-license and Social Security numbers, which federal and state governments already have, and eye and fingerprint biometrics, which they may not—and how many it has fielded. He pointed to a May 2019 CNBC interview in which Clear CEO Caryn Seidman-Becker said, “We’re all about trust,” and added, “It’s really important that people know what they’re opting in for.” But subscribers to Clear’s $179-a-year service won’t know how much government scrutiny they’ve opted in to without transparency reports.
Payment platforms also still tend to shy away from transparency reporting, despite a public scolding on EFF’s blog in June 2018 that led the payments company Stripe to tell Axios it would publish its own disclosure “in the near future.” Since then: $0.00 in change. Stripe, which endorsed this ideal on its corporate blog in 2012, still says it plans to publish a report, but has offered no timetable.
PayPal, the other firm EFF name-checked in its post’s headline, did not answer queries about its attitude toward transparency reporting. The company does back transparency for many of its customers’ financial dealings—its Venmo funds-transfer service leaves receipts public by default—but it seems content to keep its responses to governments opaque.
And some of the companies that do still issue transparency reports have moved to make them more opaque. Amazon’s most recent disclosures, posted in January and July, don’t inventory court orders to remove user content—a line item in the June 2018 document, which reported zero such demands. The Seattle tech giant also has yet to break out government requests for Alexa recordings and transcripts, which it currently retains indefinitely unless a customer manually deletes them. On Wednesday, Amazon announced that it would let customers schedule their automatic deletion for after three or 18 months.
The EFF’s Gebhart offered a dismissive review of Amazon’s recent output: “As somebody who spends a lot of time on transparency reports, this is not an impressive one.” Emails to Amazon tech-policy representatives and its general media-relations inbox went unanswered. The company does, however, profess itself a privacy advocate; in September, CEO Jeff Bezos signed an open letter from the Business Roundtable asking Congress to pass a data-privacy law that would secure “rights to transparency.”
But Amazon is still Amazon. Stripe and PayPal keep processing transactions. Clear now has more than 3 million subscribers.
Advocates of transparency reports say they remain an important factor for privacy-conscious consumers. “We got a ton of emails from people everywhere in the world who have read the privacy policy and have questions,” Gebhardt told me.
They also note the benefits of this exercise in public self-assessment for companies and their shareholders.
Jules Polonetsky, CEO of the Washington industry group Future of Privacy Forum, said in an email that these documents help stamp corporate priorities for employees. And Micek notes a benefit for investors: “It shows that the company’s not going to get blindsided by what they’ve been handing over.”
But their appeal to the mass market is harder to pin down.
“Transparency reports are not easy to interpret for the public,” says Jim Harper, a visiting fellow at the American Enterprise Institute who supports the reports. “You can expect to see transparency reports diminish over time without continuous public pressure.”
The federal government doesn’t seem likely to pass any laws requiring transparency reporting, and the groundbreaking California Consumer Privacy Act also says nothing about them. That’s by design. “We decided to only focus on the private collection of information rather than government collection,” Mary Stone Ross, who helped draft the act as president of Californians for Consumer Privacy, said over email. “During the campaign phase [we] were worried that the opposition would argue that the CCPA would undermine law enforcement investigations.”
Ross admitted that her own attention to transparency reports in everyday shopping amounts to “very little.”
And then there’s me, a frequent Amazon shopper and a Clear member since 2017. I had been meaning to reconsider that last subscription. But as I began researching this story, it renewed automatically, after which United Airlines comped my renewal fee. I have to admit that using Clear saved my daughter and me a good 10 minutes off the TSA Pre-check line at National Airport on my next flight, and I did not feel bad about that.