There has been a lot of talk recently about the government wanting to obtain private communications and other information from Internet companies for everything from cybersecurity reasons to criminal investigations. But where do companies stand on the matter?
The Electronic Frontier Foundation has released its "Who Has Your Back?" report detailing the extent to which various companies currently go to protect your information.
The report reveals if companies require warrants for requests for content; if they notify users that their information has been requested; if they publish how often requests from the government are made and what their policies are regarding giving up information to the government; if they will fight for your privacy rights in court or Congress; and more.
Compared to when EFF first began issuing this report in 2011, it has found that more Internet companies are "formally promising to give users notice of law enforcement requests for their information unless prohibited from doing so by law or court order." Companies like Foursquare, LinkedIn, Twitter and Wordpress joined in this practice most recently. On the other hand, EFF said Google lost a star in this category for its new policy being ambiguous regarding notification of users.
Although Google did lose a star, giving it a less than perfect score, it did for the first time earlier this year reveal how many times the government asks for personal information in the name of national security through National Security Letters. And it continues to publish its biannual transparency reports. The latest published in January found that in the six months prior, requests for information from the government were up 33 percent.
More companies that before published guidelines for what happens when requests from the government are made and also issued transparency reports like Google.
"Transparency reports have become an industry standard practice among major technology companies since we started issuing this report in 2011," EFF Senior Staff Attorney Marcia Hofmann said in a statement. "Through those reports, we've learned more about law enforcement requests for user data. We publish this annual report to encourage companies to let users know how data flows to the government, and to encourage companies to stand up for their users."
The only companies to get stars in all possible categories for protecting user privacy were Sonic.net and Twitter.
Earlier this year, a French court ordered Twitter to hand over data on users deemed racist, but given Twitter's usual stance on such requests, it was unclear if they would comply. Last year, Twitter said it would block tweets that were against the law in a country but the content would remain visible in countries where it wasn't against the law.
"We are extremely pleased to recognize the outstanding commitment each of these companies has made to public transparency around government access to user data," EFF stated in the report.
Still, it says there is clearly room for improvement:
Amazon holds huge quantities of information as part of its cloud computing services and retail operations, yet does not promise to inform users when their data is sought by the government, produce annual transparency reports, or publish a law enforcement guide. Facebook has yet to publish a transparency report. Yahoo! has a public record of standing up for user privacy in courts, but it hasn’t earned recognition in any of our other categories. Apple and AT&T are members of the Digital Due Process coalition, but don’t observe any of the other best practices we’re measuring. And this year — as in past years — MySpace and Verizon earned no stars in our report. We remain disappointed by the overall poor showing of ISPs like AT&T and Verizon in our best practice categories.
Currently, ISP's are being pressured to create a method for the government to intercept communications online for investigations by law enforcement. It was even revealed last month that the Department of Justice has granted some companies willing to give up communications to the feds, in the name of protecting critical infrastructure, would be granted immunity from potential violations of wiretapping laws.
"There's a lot to celebrate in this report, but also plenty of room for improvement," EFF Staff Attorney Nate Cardozo said in a statement. "Service providers hold huge amounts of our personal data, and the government shouldn't be able to fish around in this information without good reason and a court making sure there's no abuse. This report should be a wake-up call to Internet users that they need more protection from the companies they trust with their digital communications."
Read the full report here.
(H/T: Network World)