In an increasingly interconnected and complex world, dozens of companies and thousands of workers could be involved in technology supply chains, but so far the industry’s efforts to root out forced labour and slavery have failed to eliminate the problem.
Despite the high reputational cost that tech companies face in being seen to benefit from such practices, decision-makers within these enterprises continue to rely largely on voluntary reporting measures and static audit processes to deal with forced labour and slavery – something that is exacerbated by a culture of corporate and governmental inaction.
Forced labour and slavery, far from being consigned to the dustbin of history, are significant and continuing problems. The International Labour Organization (ILO) estimates there are 24.9 million victims of forced labour globally, while the Global Slavery Index estimates there to be 40.3 million victims of modern slavery.
When it comes to tech sector supply chains, such practices are particularly prevalent in the mining of raw materials and the production of components that make up technology products.
Along with tin, tantalum, tungsten and gold (otherwise known as 3TG minerals), copper, silver, cobalt, nickel, lithium and aluminum are all vital components needed in vast quantities to build a variety of modern technologies – from everyday electronic products such as laptops and phones to more specialised equipment such as semiconductors and electronic car batteries.
But the extraction of these raw materials is only one aspect of the supply chain. Once out of the ground, they need to be refined, shipped and assembled in factory production lines before emerging as final products to be sold elsewhere.
From the mines of the Congo to the factory floors of China, technology supply chains criss-cross the entire globe, but the sector has been largely unable – or unwilling – to deal with the issues of forced labour and slavery that exist throughout its supply chains.
In June 2020, for example, KnowTheChain (KTC), an organisation attempting to drive awareness and corporate action on the issue of forced labour, found that the majority of major technology companies remain “negligent in their efforts to address forced labour”, lacking the essential processes and tools needed to tackle, let alone eliminate, abuses in their supply chains.
Before that, in December 2019, the families of children killed or injured while mining for cobalt in the Democratic Republic of Congo (DRC) launched a landmark legal case against five of the world’s biggest tech companies – Alphabet, Apple, Dell, Microsoft and Tesla – accusing them of knowingly benefiting from forced labour practices.
Although the case was dismissed after a drawn-out legal battle in November 2021 – on the basis that there was not a strong enough causal relationship between the firms’ conduct and the miners’ injuries – the victims are currently appealing the decision.
The onset of the Covid-19 pandemic has also exacerbated the issue of forced labour, with KTC’s June 2020 report noting increases in “excessive overtime, poor and hazardous working and living conditions, wage withholding, and the abuse of workers who lack alternative livelihood options – all indicators of forced labour”.
Separate research has come to similar conclusions. The United Nations (UN) University Centre for Policy Research’s Delta 8.7 unit, for example, found in March 2020 that the pandemic had heightened the risk for those already exploited, increased the general risk of enslavement, and had a disruptive effect on response efforts.
To understand better why technology companies have been slow to make progress on the issue, Computer Weekly spoke to KTC researchers and digital supply chain management firms about how forced labour can be identified, and the limits of the tech sector’s current approach.
Lack of transparency
According to KTC researcher Rosie Monaghan, while the complex structure of technology supply chains makes it difficult to determine exactly how suppliers are linked, many tech companies are failing to do even the most basic due diligence.
In KTC’s 2020 benchmark, only six of the 49 major tech companies evaluated disclosed their first-tier supplier lists with names and addresses, which Monaghan says “is quite poor compared to other sectors”.
As to why so few companies are disclosing this information, the Responsible Business Alliance (RBA) – a multi-industry coalition led by the tech sector that also runs the Responsible Labor Initiative (RLI) to promote the rights of vulnerable workers – said: “The decision to disclose is a company-by-company decision and not one that we mandate. However, in general, we know that supplier lists are often considered business confidential information because the composition of a supply chain can be a competitive advantage.”
Craig Melson, associate director for climate, environment and sustainability at TechUK – a trade association with more than 850 member companies, from startups to large corporates such as Amazon and Apple – says some companies’ lack of disclosure is down to their corporate culture. “For example, a lot of Asian tech companies will tell you behind the scenes a lot of good stuff they’re doing – like ‘we’ve got lots of people on the ground doing lots of projects, we’re funding a lot, but we won’t tell anyone about it’,” he says.
Melson adds: “Just because companies aren’t disclosing it doesn’t mean they’re not doing it, and some have good reason to. I was speaking to some people [from tech firms] and they were like ‘we don’t want to know what they’re doing because we don’t want to reveal what we know to criminals, to the people doing it’.”
Identifying forced labour practices
According to Vishal Marria, co-founder and CEO of data mapping firm Quantexa, the most effective way organisations can start identifying suppliers is through financial data, as businesses will always end up conducting some form of transaction in paying for goods or services from each other.
He adds that once these base connections are established, overlaying this information with a formal risk policy and then advanced analytics will help organisations to understand their value chains better.
To do this, companies need to begin integrating a number of different siloed datasets to see the “spider’s web” of connections, says Marria.
“How do you understand the connectivity of your supplier in its totality? Looking at UBO [ultimate beneficial owner] structures, looking at child-parent relationships, looking at other stakeholder relationships that your supplier may have indirectly to other organisations, which could be breaking your risk tolerance levels,” he says.
Leo Bonanni, co-founder and CEO of supply chain transparency firm Sourcemap, says step one is “supplier discovery”, which essentially means asking suppliers where they buy or source from and “repeating the process until you get to the raw material”.
Step two, says Bonnani, is to then verify all the data by collecting the financial information, such as receipts, needed to determine that the goods produced and sold match the chain already outlined.
“That really changes everything because we can say: ‘Are there enough workers in this factory to make this many pairs of blue jeans?’, ‘Is there enough land in this farm to produce this many kilos of cocoa?’, and so on,” says Bonnani.
Marria agrees that it is important for organisations to gather this information to help identify malpractice, because without boots on the ground, it can be hard to know what is actually happening.
“If you look at corporate registry data, externally validated data, they will have brackets… [indicating the number of employees] so then you can start applying some anomaly detection on the contextual view of the data to do analysis,” he says.
“So for example, if you’re a company with between one and 50 employees, but your revenues are six times more than any other organisation that matches your number of employee base, either your team are super-efficient, or you’re actually exploiting your labour force in some shape or form.”
Moving away from structured data, Marria says tech firms should also bring in the “negative news data publicly available” and apply that to their supply chain risk analysis.
He adds, however, that although many companies with already-established supply chains will have to apply this process retroactively to suppliers already in use, the best outcome would be for risks of forced labour to be identified at the onboarding stage. “You want to have that context when you’re onboarding that supplier, so you don’t onboard someone who is already going to bring your risk threshold from day one,” he says.
“If companies have poor forecasting or make last-minute changes to orders that lead to a sudden increase in workload, those factors are going to contribute to an increased risk of forced labour”
Rosie Monaghan, KTC
Monaghan says that, having identified all their suppliers, firms must go on to conduct thorough risk assessments of each entity throughout the chain – not just at the top level, as the KTC benchmark showed some were doing – as well as how their own purchasing practices impact working conditions down the line.
“If companies have poor forecasting or make last-minute changes to orders that lead to a sudden increase in workload, those factors are going to contribute to an increased risk of forced labour,” says Monaghan. “If you have a code that prohibits forced labour, but then your own purchasing practices are making it impossible for suppliers to meet those obligations, that’s not a reasonable ask.”
But according to Áine Clarke, head of KTC investor strategy, tech companies are not necessarily putting these kinds of measures in place – on the one hand because of the potential cost, and on the other because “forced labour is illegal, and companies don’t want to identify or report on that for fear of being reprimanded”.
Clarke says it is difficult to find actual data on how many workers in tech supply chains are in forced labour because companies are simply not disclosing the information, and there is nothing in place to make them.
Code of conduct
As for what tech companies are currently doing to monitor and identify the risks of forced labour in their supply chains, the RBA says “adherence to a robust code of conduct” anchors the behaviour of its members. These include Alphabet, Amazon, Apple, BT, Citrix, Dell, Fujitsu, Foxconn, Huawei, IBM, Microsoft, and others.
“Members of the RBA and its initiatives have access to numerous RBA tools to complement their individual responsible sourcing obligations,” it says, adding that there are four membership categories, which reflect progress in responsibilities and benefits.
“This structure enables companies to join at the appropriate level, given the maturation of their responsible sourcing programme and is designed to help build their assurance and compliance programmes at their own pace while driving continuous improvement of supply chain practices. Those membership levels are: Supporter, Affiliate, Regular and Full.”
The RBA adds: “The extensive set of tools provided by RBA includes various types of risk assessments, a supply chain mapping tool, a worker voices app with customisable surveys and trainings, worker grievance mechanisms, data analytics and benchmarking dashboards, and third-party validated audits conducted by RBA-approved audit firms. In concert, these tools are used to prevent, identify and correct issues related to forced labour risks in supply chains.”
Melson says the problem with tech products is that, beyond tier two of the supply chain, “it’s really hard to get visibility”, adding that many larger tech firms are trying to deal with the issue by “requiring and actually being involved in cascading the training and [transparency] requirements throughout the supply chain”.
He says this approach entails making “your tier one suppliers… exert the same pressures on their suppliers that you do originally”, and repeating the process until it reaches the bottom of the chain.
However, Melson also notes that the mandatory supply chain due diligence requirements being introduced in both the US and Europe will put a lot more information out there. “It’s moving into that ESG [environmental, social and governance] route of ‘here’s what our risks are, and here’s what we’re doing about it, and here are the metrics to show what we’re doing’,” he says.
Lack of enforcement
Bonanni says Sourcemap has been working with a variety of multinational companies to manage the risk of forced labour over the past decade, using its mapping software to allow its corporate clients to monitor suppliers and make data-driven decisions about where to source raw materials.
“Supply chains are complicated and forced labour is endemic to them, but at the same time, we have the technology to make sure that every shipment that enters Europe or the US is free of forced labour – and that technology is called supply chain mapping and traceability,” he says.
“We are taking technology that was developed to trace cocoa from smallholder farmers in West Africa, and we are gradually deploying it to very high-tech industries like pharma, biotech, semiconductors and automotive. There is a reverse technology trend here where we’re taking stuff that was built to help very low-tech supply chains become digital, and now we’re finally seeing demand in the digital sectors.”
Bonanni adds that when Sourcemap started in 2011, supply chain mapping was “a niche business process” only done by “the most sustainable brands”, but that companies globally are now “scrambling to get visibility down to the raw material” since it has become more of a compliance issue.
He says the main driver of this slow change, in the US at least, is a “ratcheting up” in enforcement of Section 307 of the 1930 Tariff Act – which prohibits companies from importing products made with forced labour into the country – following action by the Obama administration in 2016 to close the “consumptive demand” loophole in the legislation.
This loophole meant that if there was not sufficient supply of products to meet domestic demand, imports were allowed regardless of how they were produced.
However, because this enforcement has largely been focused on other resource-intensive sectors, namely the food and apparel industries, Bonanni says a variety of raw materials needed to build and power a range of technologies – particularly the likes of nickel and lithium required for renewables – are, by and large, not being traced.
This is despite the fact that, according to Bonanni, many of these materials are being sourced from areas that are widely known to use forced labour, and are explicitly listed in the US Department of Labor’s ‘list of goods produced by child or forced labour’.
Asked about the impact of the “consumptive demand loophole”, the RBA says it does not take a position either for or against any regulations or legislation, adding: “Our aim is to facilitate responsible business conduct, ethical sourcing, due diligence and compliance in support of our member companies’ efforts and aspirations regardless.”
Voluntary measures
Although international frameworks to deal with forced labour have proliferated in the past decade, all of them are based on companies taking voluntary action, and where there are mandatory requirements, such as in national legislation, they are not backed up by strong enforcement measures.
These voluntary, non-binding frameworks include the United Nations’ Guiding Principles on Business and Human Rights, the updated Organisation for Economic Co-operation and Development’s (OECD) Guidelines for Multinational Companies, and the International Labour Organization’s Tripartite Declaration of Principles Concerning Multinational Enterprises and Social Policy.
Legislation includes the UK’s 2015 Modern Slavery Act, which forces organisations to publish a yearly statement of the steps they are taking to eradicate slavery or forced labour, but gives companies significant leeway in choosing what information to disclose about their efforts to eliminate these practices from their supply chains. There are also no enforcement measures or mechanisms for failure to comply with the Act.
According to a report calling for mandatory supply chain due diligence published by the European Parliament in October 2020, such voluntary measures are “insufficient” and “do not prevent violations of human rights”.
It added: “The voluntary approach does not guarantee a level playing field and can create competitive disadvantages for companies that do undertake due diligence.”
Bonanni makes a similar observation, noting that while “it’s eminently doable”, not every company in the IT sector traces its raw materials down to the level of extraction. “As long as only some companies are doing it, it’s really an unfair playing field – some people are getting by only knowing who they buy from directly, and other companies have gone through all the due diligence to map every farm that they buy raw materials from,” he says. “Right now, they’re both competing in the same market.”
“An act like the Modern Slavery Act that has no enforcement mechanisms is not going to get us to where we need in terms of the real identification and eradication of forced labour issues”
Áine Clarke, KTC
KTC’s Clarke says the positive is that voluntary reporting is likely to be a precursor to “more stringent regimes with teeth and proper enforcement”, adding that things are already starting to move in this direction – such as with the Corporate Sustainability Due Diligence Directive that is currently undergoing consultation in the European Union (EU) – and “will be increasingly prevalent in the coming years”.
She adds: “We can all agree that, for example, an act like the Modern Slavery Act that has no enforcement mechanisms is not going to get us to where we need in terms of the real identification and eradication of forced labour issues.”
As to whether mandatory measures should be included in either international agreements or individual pieces of national legislation, the RBA said that it “supports the globally established and widely recognised existing international standards that set out business responsibility toward human rights”, including the UN Guiding Principles and the OECD Guidelines.
“The UN Guiding Principles recognise that both voluntary as well as mandatory measures are an important part of the state duty to protect human rights. We believe that industry collaborative initiatives play a key role in supporting individual companies in implementing their responsibilities in the area of supply chain due diligence,” it said, adding that collaborative industry initiatives are an important vehicle to supply firms’ implementation of emerging legal requirements.
“We believe it is important that regulatory requirements are based on those existing and widely accepted international standards, such as the UN Guiding Principles and OECD Guidelines, and that public policies are harmonised to avoid inefficiencies and duplication of industry efforts and allow optimal use of companies’ resources to achieve the most important positive impacts for people and the planet.”
Static auditing processes
While there are technologies out there that can help tech firms map and monitor their supply chains, most are still conducting physical audits – often through third-party auditors, at least – to deal with issues around forced labour and slavery.
However, KTC researcher Evie Clarke says effective due diligence is a “continuous process, rather than a single snapshot in time”, which current auditing attempts are failing to achieve.
Speaking to Computer Weekly about 3TG conflict minerals from the DRC in March 2020, Ben Radley, political economist and lecturer in international development at Bath University, said the audit processes in place in that country were static and unable to account for changes in the situation on the ground.
“You go to a mine, audit for a few days every few years, but of course if you’re an operator, all the children can stay at home and you can be on your best behaviour,” he said. “But the situation is also fluid, so in two or three months’ time, it might be completely different – somewhere that was classified as a green mine and ‘conflict free’ may change very quickly.
“My own research documented the continuation of human rights abuses in the mine sites that had been certified as conflict free, and so just the inherent nature of this quite static audit system makes it difficult to continue to determine what is going on at the level of the mine sites.”
Radley adds that a huge amount of investment would be required to gain proper visibility of the situation on the ground in a location as vast as the DRC.
However, the RBA says it uses independent, specially trained third-party auditors, workers surveys, and runs a validated assessment programme (VAP) for verification.
“A typical VAP on-site audit at a single manufacturing facility may last two to five days and includes a thorough document review, interviews with management and workers and a visual site survey,” it says. “The VAP uses local, native-speaking auditors where possible and they are trained to spot hard-to-find violations, including risks of forced labour.”
The Alliance says such audits are conducted on a two-year cycle, with “closure audits” conducted throughout that time on any open findings – something that is a condition for “full” or “regular” membership of the RBA.
“The RBA audit programme also includes a robust worker interview process,” it says. “Each auditor is also trained to understand violations such as excessive working hours, which are more common in areas with high migrant worker populations. VAP reports written by the independent audit firms must be submitted to the audit quality manager for review and quality control.”
It adds that when VAP audits do uncover non-compliance, the findings are rated by severity as “minor,” “major” or “priority”, each of which has specified time periods within which the facility must remedy the issues.
The RBA further adds that audits are just one component of comprehensive due diligence and continuous improvement efforts. “RBA members, for example, have access to resources that enable them to address findings that are identified during an audit and to monitor their supply chains in real time and address issues before they become larger problems,” it says. “These include risk assessments, our worker voice platform with worker surveys and training capabilities, worker grievance mechanisms, and advanced data analytics capabilities.”
TechUK’s Melson adds that while some tech companies may have previously been overly reliant on audits, the pandemic has forced them to shift their thinking somewhat, as national lockdowns and border closures around the world made getting boots on the ground almost impossible.
He says this includes looking at what companies can do “when you can’t actually audit”, adding that TechUK has been helping its members, particularly small and medium-sized enterprises (SMEs), understand the signs of forced labour or slavery from things like supplier responsibility clauses in tender documents or contracts.
From a technology perspective, Quantexa’s Marria says the more data a company has to understand its suppliers and their contextual relationships to other suppliers the better, but there can still be issues around the frequency and availability of data from providers.
“It is not a technology challenge,” he says. “The technology will run daily, weekly monthly, you know, four times a day, 10 times a day, whatever your process is. The tech will run, but if the data’s not changing, or is a static file for a month, a week, a year, whatever, you’re hamstrung by it.”
“The RBA offers advisory services to its members and their suppliers to help identify and remedy instances of forced labour or risks of forced labour”
Responsible Business Alliance
Marria adds that with suppliers using forced labour obviously having an incentive to keep it hidden, the onus is on tech companies themselves to “look at the externally, readily available data and connect that back as well”.
Using data analytics capabilities in RBA-Online, the RBA’s online sustainability data management system, the Alliance says its members can search for risks associated with forced labour across their supply chains. “This includes audit findings on excessive working hours, unreasonable restrictions on freedom of movement, illegal confiscation of passports, and other violations of the RBA code of conduct, as well as geographical or material indicators that put certain suppliers at greater risk. RBA members can also benchmark their individual supply chains against aggregated industry data from the wider RBA membership.”
It adds that if forced labour or its indicators are identified, the RBA works with its members to implement a “corrective action plan” to help remedy the findings and implement systems to prevent reoccurrences.
“At the end of the correct action plan term, a closure audit can be conducted to ensure the issues have been resolved,” it says. “The RBA also offers advisory services to its members and their suppliers to help identify and remedy instances of forced labour or risks of forced labour using a combination of audits, surveys and trainings.
“In addition, the RBA’s Responsible Labour Initiative provides specialised audits, such as the Supplemental Validated Audit Process on Forced Labour and trainings for facilities as well as recruiters and labour agents.”
Empowering workers in the chain
To address the issue of static auditing processes, KTC’s Clarke says companies should also adopt worker-driven monitoring, whereby the due diligence process is built around those with boots on the ground who are “facing these risks every day – they are really the most appropriate people to be reporting on such risks”.
She adds that workers themselves should also be included in the design and operation of grievance mechanisms, which would help circumvent the static nature of current auditing processes by making oversight more continuous.
“A way that companies can show whether grievance mechanisms are effective is to publish data on those mechanisms,” she says. “Obviously where companies can’t publish that data, it’s an indication that the mechanism itself isn’t used or trusted by workers.”
Clarke adds that although examples of worker-led monitoring and grievance mechanisms do exist, they are limited in scope and are “particularly poor on the ICT sector as well – that goes hand in hand with how poorly companies in the ICT sector do in terms of ensuring workers’ rights to freedom of association and collective bargaining more generally”.
According to KTC’s 2020 benchmark report, each of the 49 major tech companies evaluated failed to show how they make sure workers have the right to organise, and since 2016, every company reviewed in its three benchmarks so far have scored zero on freedom of association for supply chain workers.
“We’ve seen no improvement,” says Monaghan. “We would say that enabling the right to organise is critical to tackling forced labour because it’s one of the only ways that workers can challenge abusive working conditions.”
KTC is currently compiling its next ICT benchmark report, which is due to be published in November 2022.
According to the RBA: “Companies are increasingly engaging workers in their supply chains through surveys, grievance mechanisms and app-based trainings, such as those offered by the RBA. In many cases, companies may require suppliers to provide their workers with access to surveys, grievance mechanisms and trainings and can monitor participation on aggregate levels.”
“There are some companies that are just deliberately put their heads in the sand and are willing to accept less than good practices”
Craig Melson, TechUK
Summing up from the TechUK perspective, Melson says the major remaining barriers for tech firms to eliminating forced labour are: being able to operate effectively in “source countries” again after Covid; “corporate fear of disclosure”; a lack of partnerships with non-governmental organisations and others on the ground, which can better help understand risks; and corporate culture.
“There are some companies that are just deliberately put their heads in the sand and are willing to accept less than good practices because it might be more efficient, or they are just embarrassed by it,” he says.
For Marria, despite the tech’s capabilities, ultimately it alone is not enough, and there need to be processes in place so that when red flags come up, they are dealt with effectively and efficiently.
“That connected view of the data is critical for this problem, but you must also, in parallel, have your risk policy agreed, the governance and the process agreed, the training of the investigation – all of this needs to come together… it’s the whole piece,” he says. “You also need to look at it from onboarding as well as the monitoring – and you have to do both. You might onboard someone and the are absolutely squeaky clean. Twelve months down the line, they’re not so squeaky clean. So it’s a continuous monitoring capability. You need to be understanding context.”
Bonanni adds: “It’s been proven time and time again that even industries that have raw materials coming from some of the most remote parts of the planet can have real-time traceability on their goods from end to end – it’s just a matter of more widespread adoption and, I’m not going to lie, there does need to be a change in culture at a lot of companies.”