In May of 2013, the Electronic Frontier Foundation published their third-ever “Who Has Your Back” report, which looks at major tech companies and how they stack up when it comes to protecting user data and privacy. In the six criteria the EFF uses to judge each company, only two received perfect six-star ratings. Many top companies, like Apple and Yahoo, only received one measly star out of six. It was clear that many of the companies people trust with their most personal information were dropping the ball when it came to protecting it from prying eyes, as well as letting users know when the government came a-pryin’.
Then something big happened. About a month after that report hit the internet, a journalist named Glenn Greenwald published documents given to him by one Edward Snowden, a former contractor for the NSA. The documents detailed a massive surveillance initiative that saw the U.S. government collecting troves of data on American citizens (and some abroad), and even suggested that some of the same tech companies in the EFF’s report had been a party to the spying.
These revelations, along with the many that came after, caused quite the stir and ignited a heated debate over privacy, data security, government overreach, and national safety interests. People became more aware of the potential for companies to play fast and loose with their personal data, and companies were forced to shift policies in order to regain users’ trust.
Or at least that’s the picture that the EFF’s new Who Has Your Back report is painting.
In the 2014 report, nine companies received perfect six-star ratings when it comes to protecting user privacy: Apple, Credo Mobile, Dropbox, Facebook, Google, Microsoft, Sonic.net, Twitter, and Yahoo. Last year, both Apple and Yahoo only received one star, Facebook had received three, and Google had five. The only two companies that had perfect ratings in 2013 both kept their perfect scores this year: Sonic.net and Twitter.
So, what are the stars for? The EFF’s criteria consists of six things: Does the company require a warrant for content; Does the company tell users about government data requests; Does the company publish a transparency report? Does the company publish law enforcement guidelines; Does the company fight for users’ rights in the courts; and Does the company fight for users’ privacy rights in Congress.
For the more visually inclined, here’s a comparison of 2013 and 2014’s star charts. It’s clear to see that there is significantly more gold in 2014.
For the first time in the history of the report, all companies are at least doing one thing to protect user privacy. The big blemishes on 2014’s list are major telecoms AT&T and Comcast (no surprises there), Amazon.com, and newcomer Snapchat–who the EFF urges to step it up.
“Snapchat stands out in this report: added for the first time this year, it earns recognition in only one category, publishing law enforcement guidelines. This is particularly troubling because Snapchat collects extremely sensitive user data, including potentially compromising photographs of users. Given the large number of users and nonusers whose photos end up on Snapchat, Snapchat should publicly commit to requiring a warrant before turning over the content of its users’ communications to law enforcement. We urge them to change course,” they say.
To answer the question of why the big change (for most major companies at least), the EFF gives credit to the Edward Snowden leaks, which they say prompted “significant policy reform” from major tech companies.
“These changes in policy were likely a reaction to the releases of the last year, which repeatedly pointed to a close relationship between tech companies and the National Security Agency. Tech companies have had to work to regain the trust of users concerned that the US government was accessing data they stored in the cloud. This seems to be one of the legacies of the Snowden disclosures: the new transparency around mass surveillance has prompted significant policy reforms by major tech companies.”
And it’s really been transparency that’s had the most focus in the post-Snowden era. Many companies saw the publishing of a data request transparency report as a way to say “look, we’re not trying to hide anything from you.” As the EFF notes, even major ISPs like AT&T, Comcast, and Verizon now publish transparency reports.
You can check out the EFF’s incredibly detailed report of each company featured on the list here.
Images via EFF