Report reveals tech companies that actively protect user information from government scrutiny
Verizon and MySpace scored a zero out of a possible six stars in a test of how far 18 technology service providers will go to protect user data from government data demands.
Twitter and Internet service provider Sonic.net scored a perfect six in the third annual Electronic Frontier Foundation “Who Has Your Back?” report.
The purpose of the report is to inform the public about how well privacy is protected but also to encourage lagging companies to do better and to be more transparent about the requests for data they receive from government agencies, says EFF Senior Staff Attorney Marcia Hofmann.
Apple, AT&T and Yahoo each scored just one star, ranking at the bottom with Verizon and MySpace.
Verizon and MySpace are chronically at the bottom of the heap, the report says. “We remain disappointed by the overall poor showing of ISPs like AT&T and Verizon in our best practice categories,” it says.
Dropbox, Google, LinkedIn and SpiderOak all scored five out of six to tie for second place behind Twitter and Sonic.net.
The remaining seven companies that fell somewhere in between are: Amazon (2); Comcast (2); Facebook (3); Foursquare (4); Microsoft (4); Tumblr (3); and WordPress (4).
The companies are measured in six categories and given a star or not. The categories: Requiring warrants before delivering content; telling users about government requests for their data; publishing reports that list agencies that made requests; publishing guidelines they have for responding to government requests; going to court to fight for users privacy; lobbying Congress to establish privacy rights by joining the Digital Due Process coalition .
The report comes down pretty hard on Amazon, Facebook, Yahoo, Apple and AT&T. “Amazon holds huge quantities of information as part of its cloud computing services and retail operations, yet does not promise to inform users when their data is sought by the government, produce annual transparency reports, or publish a law enforcement guide,” the report says.
“Facebook has yet to publish a transparency report. Yahoo! has a public record of standing up for user privacy in courts, but it hasn’t earned recognition in any of our other categories. Apple and AT&T are members of the Digital Due Process coalition, but don’t observe any of the other best practices we’re measuring.”
In the report Google is singled out as backsliding on whether it notifies users when the government asks to see their data. The company introduced ambiguity into its stance and so lost credit it had been awarded in previous years, the report says.
Google also earned special recognition for challenging a National Security Letter demanding access to user data. A star is awarded “when a company goes above and beyond for its users, as Google did this year,” the EFF report says. Microsoft earned similar praise.
Microsoft and Twitter both started publishing transparency reports this year, joining five others, the report notes.
The most strongly supported criteria is publishing the guidelines they use for determining how to respond to government requests. A dozen companies do so, which is up seven from last year.
Tumblr and WordPress were added this year to the list of companies reported on, “but are already making a strong showing,” the report says.
The list of companies included in the report has changed over the years. Initially in 2011, EFF chose the largest U.S. social networks, ISPs, and email providers and tossed in Apple and Skype because of the sensitive user data they store. A public vote to add one more company resulted in choosing Dropbox.
Foursquare and Loopt were added last year because they hold location data. This year Loopt was dropped because it has been sold. Similarly Skype was dropped because it was bought by Microsoft.
Also in 2012 EFF added SpiderOak to beef up the number of cloud storage providers.
“There’s a lot to celebrate in this report, but also plenty of room for improvement,” said EFF Staff Attorney Nate Cardozo in a printed statement. “Service providers hold huge amounts of our personal data, and the government shouldn’t be able to fish around in this information without good reason and a court making sure there’s no abuse.”
Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com