Here’s something that merits a lot of reddit gold.
On Thursday, reddit published its first-ever transparency report covering all of 2014. It’s a summary of all the legal requests to take down content from the site as well as all government attempts to access reddit’s user data.
Lots of companies publish transparency reports, but not all of them do a good job. We took some time to look at exactly what reddit’s report included and found a whole bunch of stuff that impressed us. Here’s an overview of why you might be equally thrilled with the report.
- Published within 30 days of the reporting period. Lots of companies will publish transparency reports that cover a time period ending several months prior (for example, the transparency report will cover a period ending in December but the report itself won’t be published until March or April). Not reddit. Its transparency report covers all of 2014 and was published in the first month of 2015. That means more recent, and potentially more relevant data.
- Warrant for content. reddit won’t hand over user data for a law enforcement officer who gets his boss to sign off on a subpoena. Instead, reddit insists on a judge-ordered warrant—based on probable cause—before handing over content. reddit states: “reddit requires a search warrant based on probable cause to disclose user content information, which includes private messages and posts/comments that have been deleted or otherwise hidden from public view."
- Telling users about government requests. When it comes to protecting users, one of the strongest policies a company can adopt is to always inform users about a government request for their data. While there are a few occasions when a company may be legally prohibited from disclosing a government request, or where an imminent physical or injury requires expedient response, it’s a good rule of thumb to let users know about requests so they can seek legal counsel and fight back. reddit nimbly makes this pledge, stating: "Many government requests we receive contain demands to withhold notice from users that carry no legal weight. We actively disregard these non-binding demands. Our goal is to give users the information they need to seek legal advice before their records are disclosed. As stated in our privacy policy, we provide advance notice to affected users unless prohibited by a court order or where we decide delayed notice is appropriate based on clear criteria."
We think this is great, but there's some room for improvement here. reddit should make explicit that in an emergency situation, it will still inform users about government data request after the emergency is concluded (we call this post-hoc notification). This is implied with reddit's current statement, but could be even more explicit.
- All emergency requests in writing. In an imminent emergency –where there is threat of serious bodily harm or death—there are occasions when law enforcement will approach companies and ask them to turn over user data. Companies like to leave themselves flexibility to respond if it could mean potentially saving a life. We recommend that in such situations, companies always get a statement in writing from law enforcement, and reddit does exactly that, stating: "When notified of an emergency situation by law enforcement, we require that they provide as much information as possible and certify the request in writing."
- A warrant canary. While still an untested legal theory, a warrant canary basically means that a company is publicly pledging that it has not received a national security order or letter. If it does receive such process, it will be gagged from disclosing the fact. The idea with a warrant canary is that if a company were to delete this statement (or not publish it in future reports), a meticulous reader would notice and be able to raise an alarm. reddit added a warrant canary to its report, noting "As of January 29, 2015, reddit has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information."
- A strong stance against mass surveillance. As it reminds us in its transparency report, reddit and dozens of other companies and organizations publicly opposed mass, warrantless surveillance, signing a letter that said "This type of blanket data collection by the government strikes at bedrock American values of freedom and privacy. This dragnet surveillance violates the First and Fourth Amendments of the U.S. Constitution, which protect citizens’ right to speak and associate anonymously and guard against unreasonable searches and seizures..."
- No defamation takedowns. According to the report, reddit received 33 requests to remove content that didn’t have to do with copyright or trademark infringements, and reddit states that many of these have to do with alleged defamation. reddit stood by its users and refused to comply with any of these requests.
We’re impressed by reddit’s first transparency report. In fact, the report tracks remarkably closely to EFF’s annual Who Has Your Back report, which rates companies on factors like requiring a warrant for content and informing users about government data requests. While we have no way to know whether reddit could have done more to fight government requests for user data, we can say with certainty that it adopted industry best practices in first-ever transparency report.
When companies publish transparency reports, they take an uncomfortable step. They shine light on how vulnerable our digital lives are to the legal (and extra-legal) machinations of governments and corporations who wish to surveil and censor digital denizens. No company is legally obligated to publish such a report, and it's possible that users could be so upset by the data in a transparency report that they might be hesitant to use an online service. Nonetheless, reddit and dozens of other companies are still choosing to publish transparency reports, often with great detail.
The end result? We know a little bit more about government attempts to seek access to our digital lives. We see a little more clearly the work of copyright and trademark in taking speech off the Internet. And there is a hope that this transparency may even cause government to pause and reconsider before sending egregious demands for user data, knowing their requests will one day see the light of day and could well be met with resistance.