Today, there’s countless numbers of companies that we entrust with our data on the web. But not all of these companies actually deserve that trust.
The Electronic Frontier Foundation’s yearly “Who’s Got Your Back?” report tracks which tech companies protect users from government data requests. Now in its fifth year, the report has been effective at publicly shaming the worst offenders in data privacy and has produced significant changes in how the tech sector treats user data. Overall, major strides have been made in the tech sector, with every item in previous year’s reports being rolled into one star called “industry-accepted best practices.”
Still, some companies, in particular telecoms, lag behind the rest of the tech sector. Verizon and AT&T, the first and second most popular mobile providers, were among the three worst-rated companies in this year’s report, a continuation of their poor track records since 2011. Verizon and AT&T both don’t inform users about government requests for data, publish any information about policies on storing user data, nor oppose government backdoors. This is especially important as Verizon becomes a bigger provider in broadband with its FiOS service.
WhatsApp, the incredibly popular messaging service owned by Facebook, also scored poorly. Especially concerning for users of WhatsApp is that its policies do not require a warrant to hand over users’ messages to law enforcement. The company also does not state how long it stores user data, including deleted messages. In other words, it’s possible that WhatsApp could hand over messages that a user deleted to a government agency without a warrant. That should be troubling for WhatsApp’s 800 million active users. WhatsApp is also the only company in the scorecard to not follow EFF’s industry-accepted best practices. On the positive side, WhatsApp did recently integrate the encryption protocol from TextSecure/Signal, the open-source encrypted messaging app recommend by Edward Snowden. However, WhatsApp is not fully encrypted on iOS and group messages on Android may not be properly encrypted as well.
In contrast to the three corporate sinners above, the EFF gave full stars to nine companies: Adobe, Apple, CREDO Mobile, Dropbox, Sonic, Wickr, Wikimedia (the foundation behind Wikipedia), WordPress.com, and Yahoo. CREDO was also the first cell phone company to release a transparency report in the wake of the NSA mass surveillance revelations, beating out the major providers.
Also of note is that of major social networks, Twitter, Reddit, and Pinterest are the only ones that disclose when a government requests content is removed from its site. Facebook. LinkedIn, and Tumblr all do not.
That lack of transparency from social networks is troubling given how synonymous they have become with free speech online. Interestingly, Reddit is one of only a handful of companies in the report that does not publicly oppose government backdoors to user data, which is surprising given both the Reddit community’s and Reddit’s official advocacy for an open Internet.