EFF Data Privacy Report Praises Apple, Slams AT&T - InformationWeek
IoT
IoT
IT Leadership // IT Strategy
News
6/18/2015
10:22 AM
0%
100%
RELATED EVENTS
How Upwork Cut Zero-Day File Attacks by 70%
Oct 05, 2017
Upwork has millions of clients and freelancers that have to upload and download many files to and ...Read More>>

EFF Data Privacy Report Praises Apple, Slams AT&T

In the Electronic Frontier Foundation's fifth annual report, Apple gets high marks for protecting privacy, while WhatsApp and AT&T land at the bottom.

6 Causes Of Big Data Discrepancies
6 Causes Of Big Data Discrepancies
(Click image for larger view and slideshow.)

The digital rights non-profit Electronic Freedom Foundation (EFF) released its annual "Who Has Your Back?" data privacy report Wednesday, which singled out companies such as Apple and Adobe for protecting their customers. The two tech giants were among nine companies that received the organization's highest rating.

The report commended Apple for its strong stance regarding user rights, transparency, and privacy, and noted the company promises to provide advance notice to users about government data demands and will delay notice only in limited circumstances.

It's no surprise that Apple ranked high in this year's report. Only a few weeks ago, CEO Tim Cook took several other companies to task, among them Google, for how they use their customers' information for profit.

On the other end of the scale, telecommunications giant AT&T, chat application Whatsapp, which is owned by social media giant Facebook, received the lowest possible rating of one star.

(Image: Wavebreak/iStockphoto)

(Image: Wavebreak/iStockphoto)

While WhatsApp earned credit for its parent company's public policy position opposing backdoors, it lagged behind other companies when it comes to the EFF's industry-accepted best practices rubric.

These standards were developed over the course of the last four years of EFF reports.

This category is based on three main issues: Requiring a warrant before handing over user content, publishing regular transparency reports, and publishing law enforcement guides.

"In 2011, no company received credit in all of these categories (or even in two of those categories, since in 2011 we didn't include a category for requiring warrants for content)," the report, released June 17, noted. "This year, 23 of the 24 companies in our report have adopted these principles. It's clear that these best practices truly are accepted by the technology industry. WhatsApp is notably lagging behind."

One-star-rated AT&T was knocked for refusing to promise to provide advance notice to users about government data demands and for not publishing information about its data retention policies, including retention of IP addresses and deleted content.

"Users should look to companies like Google, Apple, Facebook, and Amazon to be transparent about the types of content that is blocked or censored in response to government requests, as well as what deleted data is kept around in case government agents seek it in the future," the report stated. "We also look to these companies to take a principled stance against government-mandated backdoors."

[Read more about what the EFF had to say about NSA spying.]

Microsoft, Twitter, and Google all scored lower this year than last year, thanks to their more nebulous information request disclosure policies.

Microsoft in particular was singled out for its failure to provide a report detailing government content removal requests, though the software giant said that would be remedied this year.

(Image: EFF)

(Image: EFF)

"We are pleased to see major tech companies competing on privacy and user rights," the report concluded. "Practices that encourage transparency with users about government data requests are becoming the default for companies across the web. While we're only able to judge a small selection of the tech industry, we believe this is emblematic of a broader shift."

Other companies that scored a high ranking in the 2015 report include Dropbox, Wikimedia, Yahoo!, Credo Mobile, Sonic.net, and WordPress.

Nathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
batye
50%
50%
batye,
User Rank: Ninja
7/2/2015 | 1:08:33 AM
Re: Legal requests for data
@SaneIT interesting question...
batye
50%
50%
batye,
User Rank: Ninja
7/2/2015 | 1:07:51 AM
Re: Legal requests for data
@jagibbons interesting to know... for now in Canada we do still have legal mess... how I see it...
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
6/24/2015 | 1:57:39 PM
Re: Legal requests for data
I guess I've never seen anything that lays out the number of request with and without a warrant but I have heard a handful of lower level data requests that resulted in people losing their jobs.  I guess I just assume that the majority of the requests are valid because people don't enjoy being called to the carpet when they break the rules.  Maybe the EFF does a good job of weeding those instances out but it still feels like most of this is done on the honor system and if I'm going to illegally request documents why would I tell the truth to the EFF?
kstaron
50%
50%
kstaron,
User Rank: Ninja
6/24/2015 | 11:32:10 AM
Re: Legal requests for data
Any public figure could go in and ask for data from a company. But not all requests have the authorization of a judge in the form of a warrant. Requiring a warrant makes sure the person who asked is asking as a part of their job and that they have some sore of reasonable expectation of finding something criminal related to their case there. (Without a warrant you don't really know why there are asking. Could be anything from a request that just need to get signed by a judge because it is legal, or it could be an abusive cop looking for his ex or someone pretending to be a fed trying to get locations on someone in witness protection.) I don't want a company giving out my info to just anyone with a badge. Even people with a badge need to have a compelling enough reason to get a judge to sign something.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
6/23/2015 | 9:25:20 AM
Re: Legal requests for data
While the situation appears to have improved over the last couple of years, a lot of information requests in the hayday the Patriot Act age were not tied any existing or even pending warrant. That was the purpose of some of the Patriot Act provisions and interpretations. Find the bad guys before they've acted in a way that provides cause for a warrant. It kind of trends toward the Minority Report concept.

The data is mostly the same. All those companies know as much about each of us as we know ourselves. Maybe, with the advent of Big Data pattern analysis, more than we know ourselves. Can the EFF rankings be trusted? Not sure, but they are the best information we have to date, at least in my opinion.
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
6/23/2015 | 8:02:22 AM
Re: Legal requests for data
From what I've heard those warrantless requests usually have a warrant pending approval so the data would likely be handed over any way.  To me that's just playing with words since these companies know that pattern and the pattern is the same for every company so why do their responses sound so different?  Can they really be that different?
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
6/22/2015 | 4:24:45 PM
Re: Legal requests for data
I think, at least based on some other reading I've done, that these government data requests are not based on a warrant. These are the kind where the feds ask these companies to help out without much in the way of due process. While these rankings probably aren't going to affect the spending decisions for very many consumers, knowing how companies treat their customer data is important to some. Good question on the validation. A company can write anything they want in a policy. Do they actually do it, though?
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
6/19/2015 | 8:02:37 AM
Legal requests for data
It's nice to see that companies are sending something to the EFF but what validation is done on those published policies?  I'm not surprised that AT&T would comply with a government request for data before informing customers that they were doing so and I thought that was the point of the government requests.  I wasn't aware that compliance with legal requests for data was a matter of company policy.   
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll