June 20, 2020

1697 words 8 mins read

Perus Third Who Defends Your Data? Report: Stronger Commitments from ISPs But Imbalances and Gaps to Bridge

Perus Third Who Defends Your Data? Report: Stronger Commitments from ISPs But Imbalances and Gaps to Bridge

Hiperderecho, Peru’s leading digital rights organization, has launched today its third ¿Quién Defiende Tus Datos? (Who Defends you Data)–a report that seeks to hold telecom companies accountable for their users’ privacy. The new Peruvian edition shows improvements compared to 2019’s evaluation.  Movistar and Claro commit to require a warrant for handing both users’ communications content and met

adata to the government. The two companies also earned credit for defending user’s privacy in Congress or for challenging government requests. None scored any star last year in this category. Claro stands out with detailed law enforcement guidelines, including an explanatory chart for the procedures the company adopts before law enforcement requests for communications data. However, Claro should be more specific about the type of communications data covered by the guidelines. All companies have received full stars for their privacy policies, while only three did so in the previous report. Overall, Movistar and Claro are tied in the lead. Entel and Bitel lag, with the former bearing a slight advantage.  Quien Defiende Tus Datos is part of a series across Latin America and Spain carried out in collaboration with EFF and inspired in our Who Has Your Back? Project. This year’s edition evaluates the four largest Internet Service Providers (ISPs) in Peru: Telefónica-Movistar, Claro, Entel, and Bitel.     Hiperderecho assessed Peruvian ISPs on seven criteria concerning privacy policies, transparency, user notification, judicial authorization, defense of human rights, digital security, and law enforcement guidelines. In contrast to last year, the report has added two new categories – if ISPs publish law enforcement guidelines and a category checking companies’ commitments to users’ digital security. The full report is available in Spanish, and here we outline the main results:

Regarding transparency reports, Movistar leads the way, earning a full star while Claro receives a partial star. The report had to provide useful data about how many requests received and how many times the company complied. It should also include details about the government agencies that made the requests and the authority’s justifications. For the first time, Claro has provided statistical figures on government demands that require the “lifting of the secrecy of communication (LST).” However, Claro has failed to clarify which type of data (IP addresses and other technical identifiers) is protected under this legal regime. Since Peru’s Telecommunications Law and its regulation protect under communications secrecy both the content and personal information obtained through the provision of telecom services, we assume Claro might include both. Yet, as a best practice, the ISP should be more explicit about the type of data, including technical identifiers, protected under communication secrecy. As Movistar does, Claro should also break down government requests’ statistical data in content interception and metadata.   Movistar and Claro have published their law enforcement guidelines. While Movistar only released a general global policy applicable to its subsidiaries, Claro stands out with detailed guidelines for Peru, including an explanatory chart for the company’s procedures before law enforcement requests for communications data. On the downside, the document broadly refers to “lifting the secrecy of communication” requests without defining what it entails. It should give users greater insight into which kind of data is included in the outlined procedures and whether they are mostly focused on authorities' access to communications content or refer to specific metadata requests. Entel, Bitel, Claro, and Movistar have published privacy policies applicable to their services that are easy to understand. All of the ISP’s policies provide information about the collected data (such as name, address, and records related to the service provision) and cases in which the company shares personal data with third parties. Claro and Movistar receive full credit in the judicial authorization category for having policies or other documents indicating their commitment to request a judicial order before handing communications data unless the law mandates otherwise. Similarly, Entel states they share users' data with the government in compliance with the law. Peruvian law grants the specialized police investigation unit the power to request from telecom operators access to metadata in specific emergencies set by Legislative Decree 1182, with a subsequent judicial review. Latin American countries still have a long way ahead in shedding enough light on government surveillance practices. Publishing meaningful transparency reports and law enforcement guidelines are two critical measures that companies should commit to. Users’ notification is the third one. In Peru, none of the ISPs have committed to notifying users of a government request at the earliest moment allowed by law. Yet, Movistar and Claro have provided further information on their reasons and their interpretation of the law for this refusal. In the digital security category, all companies have received credit for using HTTPS on their websites and for providing secure methods to users in their online channels, such as two-step authentication. All companies but Bitel have scored for the promotion of human rights. While Entel receives a partial score for joining local multi-stakeholder forums, Movistar and Claro fill up their stars for this category. Among others, Movistar has sent comments to Congress in favor of user’s privacy, and Claro has challenged such a disproportionate request issued by the country’s tax administration agency (SUNAT) before Peru’s data protection authority. We are glad to see that Peru’s third report shows significant progress, but much needed to be done to protect users’ privacy. Entel and Bitel have to catch up with the larger regional providers. And Movistar and Claro can also go further to complete their chart of stars. Hiperderecho will remain vigilant through their ¿Quien Defiende Tus Datos? Reports.

Author: Veridiana Alimonti

Date: 2020-10-21

URL: https://www.eff.org/deeplinks/2020/10/perus-third-who-defends-your-data-report-stronger-commitments-isps-imbalances-and

eff.org
InternetLab’s Report Sets Direction for Telecom Privacy in Brazil (2020-11-16) Five years have passed since InternetLab published Quem Defende Seus Dados? Who defends your data? a report that holds ISPs accountable for their privacy and data protection policies in Brazil Since then major Brazilian telecom companies have provided more transparency about their data protection and privacy policies a shift primarily fueled by Brazils new data protection law InternetLabs fifth an.. InternetLab’s Report Sets Direction for Telecom Privacy in Brazil
The Cost of the “New Way to Message on Instagram” (2020-11-02) If you are on Instagram you have been probably bombarded by Instagram Stories and notifications about new features like emojis chat themes selfie stickers and cross-platform messaging that will allow you to exchange direct messages with and search for friends who are on Facebook But the insistent messages to Update Messaging minimize the extent of this change which will blur the lines between the ..
Privacy Badger Is Changing to Protect You Better (2020-10-07) Privacy Badger was created to protect users from pervasive non-consensual tracking and to do so automatically without relying on human-edited lists of known trackers While our goals remain the same our approach is changing It is time for Privacy Badger to evolve Thanks todisclosures from Google Security Team we are changing the way Privacy Badger works by default in order to protect you better Pri..
The Github youtube-dl Takedown Isn’t Just a Problem of American Law (2020-11-02) The video downloading utility youtube-dl like other large open source projects accepts contributions from all around the globe It is used practically wherever theres an Internet connection Its especially shocking therefore when what looks like a domestic legal spatinvolving a take-down demand written by lawyers representing the Recording Industry Association of America RIAA a US industry group to ..
Double the Impact of Every Donation (2020-12-01) Power Up Your Donation Week has begun! EFF is calling on tech users everywhere to give today and instantly double their impact on Internet freedom while the world needs it most Power Up DOnate today and get an automatic 2x match! For one week starting on #GivingTuesday anyone who donates to EFF will have their gift automatically matched Thats all thanks toa group of passionate supporters who have ..
The FCC’s Independence and Mission Are at Stake with Trump Nominee (2020-11-23) When there are only five people in charge of a major federal agency the personal agenda of even one of them can have a profound impact Thats why EFF is closely watching the nomination of Nathan Simington to the Federal Communications Commission FCC Simingtons nomination appears to be the culmination of a several-month project to transform the FCC and expand its purview in ways that threaten our ci.. The FCC’s Independence and Mission Are at Stake with Trump Nominee
EFF Files Amicus Brief Arguing That Law Enforcement Access to Wi-Fi Derived Location Data Violates the Fourth Amendment (2020-10-28) With increasing frequency law enforcement is using unconstitutional digital dragnet searches to attempt to identify unknown suspects in criminal cases In Commonwealth v Dunkins currently pending before the Pennsylvania Supreme Court EFF and the ACLU are challenging a new type of dragnet: law enforcements use of WiFi data to retrospectively track individuals precise physical location Phones compute..
Content Moderation and the U.S. Election: What to Ask, What to Demand (2020-10-26) With the upcoming US elections major US-based platforms have stepped up their content moderation practices likely hopingto avoid the blame heaped upon them after the 2016 election where many held them responsible for siloing users into ideological bubblesand in Facebooks case the Cambridge Analytica imbroglioIts not clear that social media played a more significant role than many other factors inc..
EFF to Supreme Court: American Companies Complicit in Human Rights Abuses Abroad Should Be Held Accountable (2020-10-21) For years EFF has been calling for US companies that act as repressions little helpers to be held accountable and now were telling the US Supreme Court Despite all the ways that technology has been used as a force for goodconnecting people around the world giving voice to the less powerful and facilitating knowledge sharingtechnology has also been used as a force multiplier for repression and huma..
Thank You For Your Transparency Report, Here’s Everything That’s Missing (2020-10-13) Every major social media platformfrom Facebook to Reddit Instagram to YouTubemoderates and polices content shared by users Platforms do so as a matter of self-interest commercial or otherwise But platforms also moderate user content in response to pressure from a variety of interest groups and/or governments As a consequence social media platforms have become the arbiters of speech online defining..
telecom telecommunication security
Latin American Governments Must Commit to Surveillance Transparency

Latin American Governments Must Commit to Surveillance Transparency

June 19, 2020

This post is the second in a series about our new State of Communications Privacy Laws report, a set of questions and answers about privacy and data protection in eight Latin American countries and Spain. The series’ first post was “A Look-Back and Ahead on Data Protection in Latin America and Spain.” The reports cover Argentina, Brazil, Chile, Colombia, Mexico, Paraguay, Panama, Peru, and Spain.
6 IT projects to boost your tech career

6 IT projects to boost your tech career

June 20, 2020

Most tech professionals don’t need prodding to upskill — adopting new technology is just part of the appeal for working in the field. But the COVID pandemic has heightened focus and revealed needs in a few areas in particular: remote work, cloud computing, and self-learning. For proactive tech workers, self-directed projects in emerging areas can provide new career opportunities and a sense of sec
BrandPost: A CIO approach to advancing healthcare through cloud

BrandPost: A CIO approach to advancing healthcare through cloud

June 20, 2020

This Public Sector Innovation series, in association with AWS Institute and Intel, outlined how CIOs can advance innovation using cloud services, acknowledging business challenges while outlining examples of best practice within the healthcare sector.- - - - -In battling on the Covid-19 frontline and weathering a storm with no end date in sight, the healthcare sector is seeking innovation at speed
Going Postal

Going Postal

June 20, 2020

When a service is constructed using diverse components, then the way in which service revenues are distributed to the various suppliers of the components of the service can follow a number of quite distinct models. There are various forms of revenue redistribution models where the revenue per transaction is distributed to the various suppliers according to their inputs to support each transaction.
Pakistan bans TikTok; calls videos immoral and indecent

Pakistan bans TikTok; calls videos immoral and indecent

June 20, 2020

The Pakistan Telecommunications Authority (PTA) has officially banned TikTok for providing access to “immoral and indecent” videos though it remains to be seen how permanent this ban will be. TikTok has recently had similar troubles in the United States; however, it is becoming increasingly clear that these software bans being executed or threatened by Continue reading “Pakistan bans TikTok; cal
Sonrai Security Raises $20M to Uncover and Map Cloud Platform Security Risks

Sonrai Security Raises $20M to Uncover and Map Cloud Platform Security Risks

June 20, 2020

Brendan Hannigan and Sandy Bird are repeat entrepreneurs. They founded Q1 Labs, a company they started, scaled, and sold to IBM for ~$600M. The duo is now building Sonrai Security, an enterprise identity and data governance platform for AWS, Azure, Google Cloud, and Kubernetes. Hannigan joined AlleyWatch to share more about the company, the process of fundraising, and the company’s recent funding
The Self-Driving Car Is a Red Herring - Issue 92: Frontiers

The Self-Driving Car Is a Red Herring - Issue 92: Frontiers

June 20, 2020

Ten years ago this fall, Google gave us a glimpse of a new device unlike any it had ever built before—a computer-controlled car. It seemed such a strange thing for an Internet company to spend its time and energy on, a “moonshot” as the company’s engineers called such massive efforts. But with a single blog post, the search giant promised to reinvent our cars, and our communities, too.It was a big
Augmented Reality Must Have Augmented Privacy

Augmented Reality Must Have Augmented Privacy

June 19, 2020

Imagine walking down the street, looking for a good cup of coffee. In the distance, a storefront glows in green through your smart glasses, indicating a well-reviewed cafe with a sterling public health score. You follow the holographic arrows to the crosswalk, as your wearables silently signal the self-driving cars to be sure they stop for your right of way. In the crowd ahead you recognize someon
California Is Putting Together A Broadband Plan We Have Thoughts

California Is Putting Together A Broadband Plan We Have Thoughts

June 19, 2020

Right now the California Public Utilities Commission and the California Broadband Council are collecting public comments to create the California Broadband Plan, per Governor Newsom’s Executive Order 73-20. The order’s purpose is to find a way to deliver 100 mbps-capable Internet connections to around 2 million Californians who lack access to at least one high-speed connection. These Californians