Privacy is on the minds of tech companies and their customers thanks to a steady stream of data breaches, disclosures about NSA mass surveillance, and government pressure for encryption backdoors. The Electronic Frontier Foundation released its fifth annual "Who Has Your Back?" privacy report on Wednesday, ranking top tech companies on how well they do at "protecting your data from government requests."
Nine tech companies received a perfect 5-star ranking: Apple, Yahoo, Adobe, Dropbox, Wickr, Wikimedia, WordPress, CREDO and Sonic. Meanwhile, WhatsApp and AT&T received the lowest score, each only fulfilling a single EFF privacy criteria. Other tech giants, like Amazon, Google, LinkedIn and Snapchat fell somewhere in the middle, and nearly all the companies opposed encryption back doors.
While the battle for consumer privacy is far from over, the EFF took an optimistic tone in the report, noting the amount of progress that has been made since the first report was released in 2011. This year, the EFF raised the stakes of the rating, requiring much more from companies in order to earn a perfect 5-star rating.
“Every day, our digital lives require us to trust the digital services we use more and more, and consumers deserve clear and reliable information about policies and procedures that protect them,” EFF Staff Attorney Nate Cardozo said in a news release. “It’s time for all companies to take their users’ privacy seriously and reach the new standards we’ve laid out in ‘Who Has Your Back.’"
What was once the majority of the EFF's ranking criteria is now summed up in a single category: "Follows industry-accepted best practices." Almost every company made the cut in this category, except for messaging app Whatsapp, which got dinged for not requiring a warrant before giving data to the government and for not publishing a transparency report.
Washington and Silicon Valley often butt heads over privacy issues, most notably on the issue of encryption backdoors. The four new categories in the EFF's report reflect this, focusing on how transparent the tech industry is about its interactions with the government and what stance the companies take on encryption backdoors.
Here's a breakdown of how major tech companies fared in these four new categories:
Informs Users About Government Data Demands
To earn a star in this category, companies had to promise to give users advance notice before turning data over to law enforcement. The EFF warned companies a year ago that this category was coming, and more than half of the companies on the list now say they will inform customers before giving data to law enforcement, or after a required period of silence is over.
Tech companies that didn't make the cut include Google, Twitter, Snapchat, Slack, Amazon and Verizon. Google, Twitter and Slack do promise to notify users before data is turned over in most cases, according to the report, but not following an emergency or a lifted embargo. In contrast, Amazon, Snapchat and Verizon make no promises at all to inform users before giving their data to the government.
Disclosing Data Retention Policies
This category ranks companies on how transparent they are about what deleted customer data they store, as consumers sometimes assume their data is gone forever as soon as they delete an account or email. The EFF didn't require the companies to actually delete the data in any specific time frame to get credit, as long as they were transparent about what happens to deleted data. Comcast was highlighted as having an especially good explanation for customers, while Amazon, AT&T, Google, Microsoft, Pinterest, Tumblr, Verizon and WhatsApp didn't earn a star in this category.
Disclosing Government Content Removal Requests
This category was inspired by Facebook's "Inmate Account Takedown Request" form for prison officials, which helps prisons prevent inmates from accessing social media. Through public information requests, the EFF discovered that in California alone Facebook had processed 74 requests from prisons to close down inmates' accounts.
Facebook was one of just four companies to not receive a star for this category, which examines how transparent companies are about how often they take down content or shut down accounts at the government's request. Twitter was one of the 15 companies that are already doing this well, thanks to an interactive map that shows you six months worth of content removal requests.
Pro-User Public Policy: Opposes Backdoors
All but three of the companies oppose government-mandated encryption back doors, according to the report. This issue has created a rift between the government and major tech companies in the past years. The government claims encryption prevents law enforcement from finding criminals online, while tech companies argue that introducing security vulnerabilities is a bad idea, especially in light of cyber attacks from foreign nations. The only three companies who have not yet publicly announced their opposition to backdoors are Reddit,Verizon and AT&T.
A full breakdown of the report can be found here.
