EFF report identifies which internet firms 'have your back' on data
Twitter is tops, but big-name fails from Verizon, Apple, and others
The annual Electronic Frontier Foundation (EFF) report on data protection among online firms has shown lax privacy standards among some of the biggest names in the business when the government comes knocking at the door.
A total of 18 companies were assessed on their privacy policies and T&Cs, stated procedures for handling government data-mining expedition requests, and their overall level of transparency. These factors were then ranked alongside what they'd actually done in the real world when asked by the authorities, plus any lobbying efforts undertaken on the issues in Congress.
The report's dunces were Verizon and MySpace, with both companies getting zero out of a possible six gold stars (a curiously child-like scoring system, in this hack's opinion), with Apple, AT&T, Comcast and Yahoo! only scraping a single star apiece. Amazon and Comcast managed two stars each.
"Apple and AT&T are members of the Digital Due Process coalition, but don't observe any of the other best practices we're measuring. And this year, as in past years, MySpace and Verizon earned no stars in our report. We remain disappointed by the overall poor showing of ISPs like AT&T and Verizon in our best practice categories," the EFF states.
The star pupils, with the full six gold stars (and presumably a pat on the head from teacher) were Twitter and West Coast ISP Sonic.net. Twitter has defended the rights of users ranging from Occupy protestors to French racists, and Sonic.net makes a point of minimizing data retention times to a legally-required bare minimum and not cooperating with IP-hunting legal shysters.
Google and Microsoft got praise for raising awareness of National Security Letters (NSLs) – government-issued investigatory orders with a tight gagging clause that can be enforced without judicial oversight. The NSL orders have now been ruled unconstitutional by a US court, though that decision is pending appeal.
But Google also got a demotion for a change in its official policy on informing users if they are under investigation. This year, the Chocolate Factory changed its T&Cs on user notification to promising to tell them "when appropriate," which the EFF considers so nebulous as to allow a whole host of shenanigans.
But Google gets praise for pioneering the practice of transparency reports, a practice adopted last year by Dropbox, LinkedIn, Sonic.net, SpiderOak, and Twitter, and more recently Microsoft. Such reports are fast becoming key to informing users on privacy practices, but there are still plenty of companies managing petabytes of data that shun them, including Amazon, Apple, AT&T, and Verizon.
"Readers of this year’s annual privacy and transparency report should be heartened, as we are, by the improvements major online service providers made over the last year," the report concludes.
"While there remains room for improvement in areas such as the policies of location service providers and cellphone providers like AT&T and Verizon, certain practices – like publishing law enforcement guidelines and regular transparency reports – are becoming standard industry practice for internet companies." ®
Sponsored: Hyper-scale data management