For Immediate Release: August 8, 2011
Washington, DC – According to news reports, London rioters may have used RIM’s Blackberry instant messaging service to coordinate their activities, taking advantage of the service’s encryption features to conceal their plans from the authorities. RIM has stated its intention to “engage with authorities to assist in any way we can.” According to Human Rights First, this case underscores how important it is for companies in this sector to have clear and content-neutral policies in place that identify when they will disclose user data to governments and other third parties, standards to guide them regardless of the specific circumstances on the ground in each case.
Bloggers are taking RIM to task in the blogosphere based on the assumption that RIM’s pledge to cooperate is an offer to hand over user information even absent a specific government demand.
What’s most important to note is that companies will face situations like these every day, in jurisdictions with and without robust legal process. To guide companies in these situations and to ensure consistent practices that address the questions raised here, Human Rights Firsts recommends that companies commit to three steps, including:
- Understand the laws governing data privacy and freedom of speech, including hate speech, in the jurisdictions where the company operates.
- Have clear policies in place to identify the circumstances in which the company will disclose user information or place restrictions on free speech. These guidelines should include the requirement of a legal process and a commitment to interpret government demands and jurisdiction in ways that minimize their impact on users’ freedom of expression and privacy.
- Inform users of the circumstances in which their data will be turned over to third parties or their communications will be censored.
This is not the first time that RIM has drawn scrutiny for its policies on disclosure of encrypted messages. Earlier this year, it was reported that several governments – including India, Saudi Arabia and the UAE – requested that RIM provide access to encryption information for its messaging service as a condition of doing business there. To date, RIM has not explained how it addressed those requests.
Human Rights First notes that RIM could avoid ongoing questions about its commitment to user privacy by adopting the steps outlined above, and could strengthen its commitment to user privacy and freedom of expression by joining the Global Network Initiative, a multi-stakeholder initiative to help private sector actors protect the freedom of expression and privacy rights of users in the face of government demands.