The EFF's fourth annual “Who has your back” report rates 26 of the biggest technology companies on how they respond to government data requests in a total of six different categories. These are as follows:
- If they require a warrant [from law enforcement] for content
- Tells users about government data requests
- Publishes transparency reports
- Publishes law enforcement guidelines
- Fights for users' privacy rights in court
- Fights for users' privacy rights in US Congress
Apple, Dropbox, Facebook, Gooogle, Microsoft, Twitter and Yahoo all scored on all six categories and it was a remarkable improvement for iPhone maker Apple, which previously scored just one star – for fighting for rights in Congress - over the last three years. EFF said that the company had achieved "remarkable progress in every category".
Social networks LinkedIn, Pinterest, Tumblr, WordPress, Wickr and Tumblr were also highly commended, although the firms were each docked one star for having no record of resisting government data requests in court.
Meanwhile, at the other end of the spectrum, Amazon, AT&T and Snapchat all received low marks. Snapchat scored in just area – it does have guidelines explaining how it respond to requests from law enforcement – but doesn't ask to see a warrant before it turns over data, doesn't disclose government requests or publish transparency rights.
“This is particularly troubling,” reads the EFF report, “because Snapchat collects extremely sensitive user data, including potentially compromising photographs of users.”
This report was published just weeks after the popular instant messaging service settled its complaint with the Federal Trade Commission (FTC) in the US, over poor privacy and security measures. BH Consulting founder and analyst Brian Honan said that Snapchat's score was another sign that security often gets lost in the product development.
"Security and privacy have always struggled to be included as a core element in many products or services. The goal for many companies is to get their product released with as many features as possible that will entice customers to purchase the product," Honan told SCMagazineUK.com.
"Historically, customers, and in particular consumers, have expressed little or no interest in what security or privacy features are included in the product. As a result, security has often been seen as an after-thought and is hastily bolted on once issues are discovered with the product."
Amazon and AT&T fared little better in the study, scoring in just two of the six categories. AT&T was criticised for on-going “participation in mass surveillance” while Amazon has no public policy on surveillance.
EFF lauded the e-commerce giant for protecting the privacy of its users' book purchases, and for requiring a warrant before giving data to governments, but said that further improvements can be made.
“Amazon has not publicly adopted industry best practices in other categories, such as providing notice to users about government data requests,” reads the report.
“While other tech companies reacted to recent disclosures about mass surveillance by publishing transparency reports and publicly advocating reform of surveillance law, Amazon has stayed largely silent. When it comes to transparency about its practices Amazon has fallen behind its peers in the tech industry.”
Bob Tarzey, analyst and director at IT consultancy Quocirca, said that the results were largely encouraging.
“That Google, Microsoft, Dropbox and Facebook all score so well is encouraging,” he told SCMagazineUK.com. “Online privacy will always be a balance between protecting rights of users and the needs of security agencies to keep an eye on a least some of us. That the starting point for the major online services providers is to give the benefit of doubt to their customer is a good thing.”
Honan added that the leaks by Edward Snowden had clearly had an impact. "The revelations and allegations of mass surveillance exposed by Edward Snowden has brought these issues into the fore for many people, both consumers and business."
But Emma Carr, acting director of UK watchdog Big Brother Watch, saw the results in a different light.
“It is a sad state of affairs that the public has to rely on private companies to publish details of how their governments are spying on them,” she told us.
“However, with the recent spying revelations, there is little wonder that companies have reacted by publishing vastly more information than ever before about the way in which they share information with governments and on what basis. These companies are taking sensible steps to protect their reputation and, as a result, their revenue which we know is wholly reliant upon individuals sharing their data with these companies.”