The Electronic Frontier Foundation released its annual “Who Has Your Back?” report today, which grades various web services and companies on their willingness to stand up to the US government on behalf of user privacy.
The EFF is known as one of the leading independent interest groups advocating for civil liberties in all things digital. According to their own description, EFF “champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows.”
As part of that activism, they have released an annual report grading a bevy of popular digital entities on their actions to protect user data from government attempts to access it. Their report is based on publicly available information, rather than unverifiable suspicions or independent investigations. The purpose of the report is “to allow users to make informed decisions about the companies with whom they do business” as well as “to incentivize companies to adopt best practices, be transparent about how data flows to the government, and to take a stand for their users’ privacy in Congress and in the courts whenever it is possible to do so.”
The criteria for these grades are can be summarized briefly as follows:
- Does the company require a warrant for the content of user communications?
- Does the company “promise to tell users when the government seeks their data unless prohibited by law, in very narrow and defined emergency situations?”
- Does the company publish transparency reports regarding government data requests?
- Has the company published guidelines for law enforcement to follow if they want user data?
- Has the company fought for user privacy in court?
- Has the company taken a clear and public policy position against mass surveillance?
If the answer to one of those questions is yes, it gets a star. 6 stars means you scored perfectly.
These companies received perfect, 6-star ratings:
- CREDO Mobile
They recognized Apple and Yahoo in particular for making large improvements in their user data policies in the past calendar year. Apple had only 1 star last year. Yahoo, it turns out, had been fighting against releasing user data in FISA courts that they were not legally allowed to even talk about until last July. Likewise, the EFF seems very pleased with industry-wide shifts in data protection policies that benefit users. For the first time, they didn’t review a single company that missed out on every single category – that even includes ISPs like Comcast and AT&T.
Further, a few companies received stars for everything except the court criterion, which is somewhat dependent on matters outside their own control. These companies were:
Not bad! EFF was emphatic that not having fought in court “should not be seen as a demerit.” It takes special circumstances to have a legitimate interest in defending user privacy in court. We should see it as a good thing that there have not been meritless attempts at their users’ data that would have induced those companies into a court battle.
What this report doesn’t cover is treatment of user data in regard to other third parties nor does it grade the security with which user data is stored. For instance, when Google failed to encrypt user data on their servers, leading to the NSA intercepting all of it, this does not affect these grades.
Likewise, the widespread sale of user data for advertising profit does not factor in, here. We certainly wouldn’t want you having too much faith in humanity.