EFF Report of Digital Privacy. Who’s Got Your Back?

When the U.S. Government comes poking around the world’s major Internet companies asking for customer data, Verizon, AT&T, Apple, and Yahoo are not particularly interested in protecting the general public,

When the U.S. Government comes poking around the world’s major Internet companies asking for customer data, Verizon, AT&T, Apple, and Yahoo are not particularly interested in protecting the general public, according to the 2013 edition of the Electronic Frontier Foundations’ “Who Has Your Back?” report. On the other hand, Twitter and the Internet Service Provider Sonic.net received passing grades in all six of the EFF’s criteria.

EFF

The report examines the ways that online service providers respond to government requests for user-information held by a handful of well-known, widely relied upon, and influential Internet companies. The EFF bases this report on six yes or no categories of corporate data protection policy: do the companies in question require a warrant for content of communications? Do they tell users about government data requests? Do they publish transparency reports? Do they publish law enforcement guidelines? Do they fight for users’ privacy rights in courts? And finally, do they fight for users’ privacy in congress?

Only Sonic.net and Twitter received six stars, meaning they could honestly answer yes to all of these questions. Only Verizon received zero stars, meaning that their honest answer to all of these questions would have to be no, according to the EFF’s findings. Google appears to be the only company that regressed this year. In last year’s report, Google received a star for telling users about government requests for data. This year, Google introduced some ambiguous wording into their privacy policy by saying that they would notify users about government data requests “when appropriate,” and, consequently, the EFF did not give them a star in that category and the information in you Gmail inbox could be handled somewhat less transparently than in recent years.

As noted by the EFF, these are not the only ways that companies can stand up for users’ privacy, but they are significant benchmarks nonetheless and they are publically verifiable.

As noted by the EFF, these are not the only ways that companies can stand up for users’ privacy, but they are significant benchmarks nonetheless and they are publically verifiable. The companies included in the EFF’s examination are, the Web-hosting and sales giant, Amazon; the world’s most valuable tech company, Apple; the cellular service providers, AT&T and Verizon; the Internet service providers, Comcast and Sonic.net; the online storage up-and-comers, Dropbox and Spideroak; the world’s most populous social network, Facebook; the check-in-based social network, Foursquare; the search and everything-else-internet-and-computer-related giants, Google and Microsoft; the professional’s social network, LinkedIn; the once-dominant social network, Myspace; the micro-blogging social sites, Twitter and Tumblr; the content management and blog-hosting provider, WordPress; and the recently-famous-for-not-letting-employees-telecommute, Yahoo. You can see how each of these companies fared in the image below:

EFF

It used to be the case that if the U.S. Government wanted access to information about its citizens as part of an investigation, prosecutors or police would need to acquire warrants from Judges granting them permission to conduct searches of the houses or offices of persons of interest. In certain cases, judges would grant warrants giving investigators permission to conduct wiretaps along with help from the telephone companies or monitor mail with the United States Parcel Service.

That was the twentieth century. Now we’re thoroughly engaged in the information age, and as the name of this latest period of human existence suggests, information about our lives is more diffuse than ever. In addition to wiretaps, mail-monitoring, and home and office seizures, investigators also gather evidence from the services used by suspects online. Unlike phone-tapping, physical searching and seizures, and the monitoring of mail, all of which are clearly regulated under U.S. law, there is no clear precedent protecting user communications of information stored online against unreasonable search and seizure.

Strong consumer protections against and transparency in regards to government data requests are trending toward the industry standard, particularly when it comes to companies informing customers when the government comes knocking.

The EFF is fighting to change this, but draconian laws like the patriot act, questionable interpretations of laws written when computers were the size of tennis courts, and other controversial surveillance initiatives like the National Security Administration’s warrantless wiretapping program make it so that consumer data is more susceptible to government interception than ever. The good news, according to the report, is that strong consumer protections against and transparency in regards to government data requests are trending toward the industry standard, particularly when it comes to companies informing customers when the government comes knocking.

There is an old saying that, “It’s bad to be right when the government is wrong.” So, as I have said before, if you are communicating information that runs afoul of your government’s laws or preference, you’ll need to be very careful, and should probably avoid these companies’ altogether.

There is another saying that goes, “If you’ve done nothing wrong then you have nothing to hide.” That’s nonsense. Just because you are not doing anything wrong doesn’t mean you’d be comfortable under the constant scrutiny of federal investigators.

Pragmatically though, most of us don’t have to worry about living under constant scrutiny or communicating information that puts our livelihood at risk. So what does this report mean to us relatively normal people? Well, our friends at the EFF are smart and judicious, and it does the Internet user in all of us well to listen when the EFF speaks. At the very least, we should read this report every year, and be aware of how the services we use protect our data. When possible, we should also give preference to companies that fight for our privacy rights in courts and congress, publishing guidelines for law enforcement and transparency reports. Beyond that, I think we should vote with our feet and be very reluctant to entrust our personal data to companies that don’t require warrants and don’t inform users about data requests.

No matter what we do, we should take to our respective pulpits, whether they are our personal blogs, social media platforms, comment boxes, or good old fashioned letters to our elected officials, urging all companies to follow the leads of Twitter and Sonic.net and do everything in their power to protect consumer data.

Tips