Surveillance companies: real responsibility goes beyond the letter of the law
Earlier this year, Privacy International began research into the corporate social responsibility policies of companies that sell communications surveillance technology. Given that this technology is known to facilitate human rights abuses in repressive regimes around the world, surveillance tech companies that claims corporate responsibility might be expected to address such concerns in their CSR policy documents.
Of the 246 companies known to partake in the communications surveillance industry, only 62 had publicly available CSR policies. Of these, only four companies had policies that placed specific constraints on doing business with regimes that might use their technology to commit human rights abuses.
Typically, social and ethical commitments to groups other than employees, business partners or shareholders amounted to vaguely-worded assurances to ‘practice good corporate citizenship’ or to ‘act with integrity’. Charitable donations, environmental sustainability and employee fundraising were also frequently showcased. As for concrete CSR commitments with respect to international trade, the vast majority consisted of a promise not to break the law.
The widespread conflation of the broad concept of 'responsibility' with legal obligations is illustrated by statements like this one from surveillance technology company Verint:
As a global company and good corporate citizen, Verint complies with the law in the jurisdictions in which we operate.”
But corporate social responsibility is not fulfilled simply by following the letter of the law. Nor is it the same as undertaking media-friendly charity projects. If a product you sell has the capacity to dramatically undermine fundamental human rights when in the wrong hands, an assessment of your corporate responsibility must hinge on who you are willing to do business with. The vagueness and flexibility of ‘CSR’ has enabled surveillance technology firms to claim they act responsibly while supplying their products to foreign governments with appalling human rights records.
However, the introduction of global standards of corporate responsibility may help dispel the notion that legal compliance and the odd employee bake sale make for a socially responsible company. The UN Guiding Principles on Business and Human Rights, for example, set out the most comprehensive and detailed work in recent years defining corporate responsibility with regard to human rights. The Guiding Principles, developed by Special Representative of the UN Secretary-General Professor John Ruggie over six years of research and consultation, state that the responsibility of businesses to respect human rights, and address their impact in this area, exists over and above compliance with national laws and regulations, and independent of a state’s willingness to fulfill their own human rights obligations. Put simply, if your business impacts negatively on the human rights situation in a foreign country, you cannot claim to fulfill your corporate responsibilities, no matter how carefully you adhere to the law of the land. Moreover, there is no such thing as ‘CSR offsetting’: a company’s socially positive impact through charitable initiatives in no way mitigates ‘a failure to respect human rights throughout their operations’.
The Guiding Principles call for all businesses to design and implement policies that enable them to know and demonstrate how they respect human rights. These must include a due diligence process to identify, prevent and mitigate negative effects on human rights, and and remediation processes to respond to adverse human rights impacts. Privacy International would welcome a response to these requirements from any surveillance technology company claiming to behave 'responsibly'.
Many thanks to Georgia Ardizzone and Nick Smallwood for their detailed research into CSR policies within the surveillance industry.