Tech companies and privacy practices: Who has your back?

The Electronic Frontier Foundation (EFF) has published its fourth annual “Who Has Your Back” report that aims to show which major technology companies are good at protecting your data from government requests.

The EFF rifles through the companies’ terms of service and privacy policies, and analyzes public statements and courtroom track records, and awards points (i.e. gold stars) for the companies requiring a warrant from law enforcement agencies in order to share user content, for telling users about government data requests, for publishing transparency reports and law enforcement guidelines, and for fighting for users’ privacy rights in courts and in Congress.

This year’s top ranked companies are Apple, Credo Mobile, Dropbox, Facebook, Google, Microsoft, Sonic.net, Twitter and Yahoo – all of which received a positive mark for each of the categories.

When compared with last year’s results and that of the two years prior to that, the most drastic improvements can be seen from Apple and Yahoo, who went from only fighting for users’ privacy rights in Congress and in courts, respectively, to covering all their bases.

It’s heartening to see that this year’s report is full of gold stars, especially as new companies have been added to it. Nevertheless, there are some black sheep in the flock, namely Amazon, AT&T, and Snapchat.

“AT&T took positive steps toward embracing greater transparency this year, but fell far short of standing up for user privacy,” the EFF commented. “It is particularly disappointing to see AT&T silent on the issue of mass surveillance. In 2006, EFF sued AT&T for its cooperation and collaboration with the NSA spying program, which was confirmed by whistleblower documents. In 2008, Congress passed retroactive immunity for AT&T, which ended our case but not the telecom’s participation in mass surveillance.”

Snapchat’s only positive mark is in the “Publishes law enforcement guidelines” category. The company does not require a warrant for content, does not promise to tell users if their data is sought by the government, does not publish a transparency report, and does not fight for users’ privacy rights.

The result is not so surprising if you take into account the company’s recent settlement of FTC charges that it deceived consumers with promises about the disappearing nature of messages sent through the service, and about the amount of personal data it collected and the security measures taken to protect that data from misuse and unauthorized disclosure

This latest report includes eight new companies, most of which got relatively good results (Snapchat excepted).

“The sunlight brought about by a year’s worth of Snowden leaks appears to have prompted dozens of companies to improve their policies when it comes to giving user data to the government,” said EFF Activism Director Rainey Reitman. “Our report charts objectively verifiable categories of how tech companies react when the government seeks user data, so users can make informed decisions about which companies they should trust with their information.”

As part of this year’s report, EFF collaborated with data analysis company Silk to help explore trends in government access requests. Silk’s analysis provides a simple mechanism for reporters and the general public to explore corporate transparency reports, shedding light on which companies receive the most data requests, which companies push back against government data requests, and which countries are most aggressive in demanding user data.