Obtaining adequate information about a public-private partnership is often difficult, especially when sensitive areas of government are involved, such as intelligence and law enforcement. Information about such activities is often purposefully withheld from the public and guarded by excessive laws and punishments.
But if it is safe to access them, there are many methods and resources out there which can help. Many of these sources are already readily available online, while others require desk work and engaging people who might be able to help.
Not all of these are readily accessible or safe to access from everywhere: governments around the world are known to punish activists, journalists, and others for exposing or even seeking information about such contracts, so risk assessments and mitigations are required.
A. Using access to information laws
A request under freedom of information (FOI) or other access to information laws (such as right to information laws (RTI)) is a formal request you make to a public body (your local, regional, or municipal authorities, the police, a ministry etc.) in order to access information that the public is entitled to know about. You may be trying to obtain a contract the partners have signed, some correspondence (emails or letters) between the partners, some official statistics, or simply an answer to a question, or even other documents such as a presentation given to the public authority by a company. Some laws specify what you can and cannot request – Uganda for example requires you to request specific documents, meaning you can’t ask questions.
Information obtained under such requests are an invaluable tool for journalists, activists, and the public: the more information that is available to the public, the better informed we are as a society and the easier it is to demand changes.
However, while such laws typically promise much, and while more than 90 countries have laws which require officials to provide public records, in practice getting them to do so is not so simple.
When submitting such requests, it is important to remember a few key recommendations:
- Check what you’re looking for is not already out there
- Know who you are sending to
- Keep it focused!
- Speak their language
- Be prepared to be patient!
Privacy International has a guide that outlines some of the lessons we have learned from filing such requests around the world.
The Global Investigative Journalism Network has an excellent list of FOI resources available in many countries across every continent. We really recommend you take a look at it – many of the FOI guides we love are in that repository.
It’s important to remember that useful public records may exist in other jurisdictions. In cases where a company is headquartered in one country but is operating in another, it may be worth submitting requests in either jurisdiction. For example, journalists have been able to find out more information about the provision of surveillance technology to North Macedonia by submitting requests to authorities in the UK which oversaw the authorisation of the export. Although some countries (e.g. India) only allow requests from citizens.
What our partners say:
Access to information laws can be useful tools but can also be disappointing. You should keep in mind that your request might be left unanswered and plan accordingly for other ways to obtain information.
Some of our partners told us they found information requests most useful for confirming things they already found from other sources, others found them more useful from a public communications perspective or to learn more from the reason the request was rejected.
B. Other Sources
i. Open Source Intelligence
When trying to find out more information on public-private partnerships, there are a lot of publicly accessible sources that can provide additional information – gathering and using this information is sometimes referred to as Open Source Intelligence (OSINT).
Organisations such as Bellingcat have used OSINT extensively to uncover governments’ unlawful practices and human rights abuses – including on some of the most well-protected and secretive government agencies around the world.
Access to useful information however depends on a number of factors, including the country in which the partnership is based, the type of company involved, and the type of technology or service it is providing.
There are multiple resources online and across publications that provide information on OSINT gathering, including:
Many techniques however raise important security, ethical and legal questions that must be considered. The Human Rights Center at Berkeley School of Law and the UN Office of the High Commissioner for Human Rights have developed a guide on the use of OSINT in investigating violations of international criminal, human rights and humanitarian law, which provides some guidance on such considerations.
For example, as the guide notes, it might be illegal in some jurisdictions to misrepresent your identity on social media. Even if it is not, it may still be a breach of the terms of service of the social media company, and if a false identity is used to access or solicit otherwise inaccessible information from an individual or group, it may violate ethical principles or the law.
Open sources of data for accessing information on public-private partnerships include:
- Company websites, which may outline their products and sometimes even publish lists of customers.
- Company filings to regulators, which often outline important information like their business activities, structure, and revenue. Researchers have been able to make detailed analyses of companies’ corporate structures using such information. Such information is available on platforms such as OpenCorporates.
- Job advertisements placed on commonly accessible recruitment and social media sites like LinkedIn. These often provide clues or details as to what business activities a company is engaged in and where, and what innovations are in the pipeline: for example, a UK journalist was able to access information on a secretive government “super database” using job posting information.
- Shipping and trade data, commonly made available by some governments and companies. For example, Indian authorities publish shipping data about imports and exports, some of which are then accessible on commercial websites. This can be used to identify certain exports: for example, Forensic News identified that an Israeli spyware company had shipped equipment to Uzbekistan’s secret police using shipping data.
- Government aid transparency data. This can often outline instances where government authorities have provided equipment, financing or training to counterparts around the world and therefore provide information about what software or equipment they have access to. For example, using US aid data, it’s possible to map surveillance companies whose products have been provided to governments in Central America.
- Social media networks, including for example professional social networks such as LinkedIn. This is a common source for journalists and can be used to identify certain information regarding individuals and companies but must be used ethically and legally (see above).
ii. Procurement Data
Government procurement data is one of the best open sources for finding information about public-private partnerships. Centralised government procurement sites are available in addition to tender documentation on agencies’ dedicated websites, though in-depth details are often restricted.
Publicly accessible information on tenders – notices which specify that a government authority is seeking to procure a service or product from the private sector – can provide valuable insights. Often the tender will only provide general information, but it can nevertheless serve as a basis for further research, for example through the submission of a Freedom of Information Access (FOIA) request.
For example in the UK, a centralised, publicly-available, and searchable platform exists that allows anyone to search for tenders by government agencies (though in practice many details are withheld on national security grounds).
Similarly, the US, the EU, Russia, and other countries around the world publish tenders on government websites.
Using such government procurement documents in the run up to the Sochi Winter Olympics in 2014, for example, journalists were able to establish and map how the Russian security services were planning to monitor phone and internet communications throughout the games.
After spotting a tender from Frontex (the EU’s border agency) looking for a surveillance company to track people on social media, Privacy International responded with detailed questions about the scheme’s legality. Two days later Frontex cancelled the tender.
Sometimes, these same sites or similar ones will also provide information on which contracts have been awarded to which company. For example, in the US the federal procurement website provides data on which companies have been awarded contracts. These are regularly used by journalists to access and report on such information, although details are again usually minimal. Tech Inquiry provide a searchable platform through which contracts reported by Australian, Canadian, US, and UK authorities can be searched.
Privacy International also have a guide aimed at researchers and journalists on some available open sources which can be used to identify surveillance exports.
A free online course to learn more about privacy and researching surveillance technology developed by Privacy International is available on Advocacy Assembly.
iii. Stakeholders as sources of information
In addition to desk research and formal requests, getting in touch with individuals that are involved in or might know about a public-private partnership can give access to information or perspectives that are crucial to your work.
Academics, members of the government, people working in similar private companies can all be useful sources of information for your work when approached properly and with adequate research practices in place (such as anonymisation).
Journalists that have covered the partnership you are looking into might also have had access to important sources and be willing to share additional details with you when contacted directly.
Similarly, there might be other organisations or groups looking into the same partnership. Try to coordinate with these groups to share information and potentially build stronger advocacy later.
When approaching people involved directly with the partnership at stake, you should ensure that they feel safe and that you understand their position. Being accommodating and avoiding accusation are key to obtaining important information. You should always be sensitive to concerns that they may have. Under all circumstances, it is essential to discuss and agree in advance on the conditions of this exchange of information. Always seek help and advice if you are not sure how to handle a source.
Disclaimer: Before undertaking any interview make sure you have done a proper risk assessment and seriously considered risks to your organisation, as well as to the people you are talking to. You should ensure you can provide an adequate level of privacy and security, and the you understand the legal implications, before engaging with people who may be putting themselves at risk by sharing information.
What our partners say:
If the PPP you are looking at is targeting a specific region or area, looking into local newspapers, Facebook groups, and local organisations can reveal important information. These groups might have access to information that isn’t widely known or might be in contact with key people involved in the partnership.
ADC, in Argentina, once obtained key information by looking at a Facebook group of locals trying to rally against a project happening in their area.
Our anonymous partner found that interviewing stakeholders who’ve recently left an organisation can help you to understand where, for example, policies aren’t an accurate reflection of reality.
C. Checklist – Uncovering Information
To help you in in your research you might want to use this checklist:
- Have you considered the ethical, legal and security implications of accessing and/or sharing the information you are looking for?
- Have you considered possible risks and mitigations unique to your context and circumstances?
- Is the information you are looking for already easily accessible in the public domain?
- Does the jurisdiction you are interested in have freedom of information or access to documents law that you could use?
- Are there relevant guides or courses available on how to conduct certain open source research techniques that might help find what you are looking for?
- Are there any open sources you could access in your country to find the information?
- Are there any open sources you could access that are located abroad to find the information?
- Are there any individuals or organisations out there who might be able to help you find the information that you can engage securely?
- Have your sources given you appropriate and properly informed consent?
- Have you considered how to handle the information you receive from your sources?
- Where will you save the information?
- Do you need to anonymise it? Pseudonymise it?
- Do you need to redact information? How will you do that thoroughly?
- Are there any contextual details in the information that might point towards your source or anyone else?