Amazon Fails To Follow, Much Less Lead in Privacy Best Practices, Facebook, Google, and Microsoft Fail to Promise They Will Stand Up to FBI Gag Orders
San Francisco, California—While many technology companies continue to step up their privacy game by adopting best practices to protect sensitive customer information when the government demands user data, telecommunications companies are failing to prioritize user privacy when the government comes knocking, an EFF annual survey shows. Even tech giants such as Apple, Facebook, and Google can do more to fully stand behind their users.
EFF’s seventh annual “Who Has Your Back” report, released today, digs into the ways many technology companies are getting the message about user privacy in this era of unprecedented digital surveillance. The data stored on our mobile phones, laptops, and especially our online services can, when aggregated, paint a detailed picture of our lives—where we go, who we see, what we say, our political affiliations, our religion, and more.
“This information is a magnet for governments seeking to surveil citizens, journalists, and activists. When governments do so, they need to follow the law, and users are increasingly demanding that companies holding their data enact the toughest policies to protect customer information,” said EFF Activism Director Rainey Reitman.
EFF evaluated the public policies at 26 companies and awarded stars in five categories. This year EFF included two new categories: “promises not to sell out users,” and “stands up to NSL gag orders.” The first reflects our concern about the stated goal of several members of government to co-opttech companies to track people by their immigration status or religion. We awarded stars to companies that prohibit developers and third parties from capturing user data to assist governments in conducting surveillance.
We also awarded stars to companies that exercise their right to make the government initiate judicial review of gag orders that prohibit them from publicly disclosing they have received a National Security Letter (NSL). NSLs—secret FBI demands for user information issued with no oversight from any court—permit the FBI to unilaterally gag recipients, a power EFF believes is unconstitutional. Facebook, Google, and Microsoft have failed to promise to step up and exercise the right to have the government put NSL gag orders before a court.
Nine companies earned stars in every category this year: Adobe, Credo, Dropbox, Lyft, Pinterest, Sonic, Uber, Wickr, and WordPress. Each has a track record of defending user privacy against government overreach and improved on their practices to meet the more stringent standards in this year’s Who Has Your Back.
Two tech companies lagged behind in the industry: Amazon and WhatsApp, both of which earned just two stars. EFF’s survey showed that while both companies have done significant work to defend user privacy—EFF especially lauds WhatsApp’s move to adopt end-to-end encryption by default for its billion users around the world—their policies still lag behind. Online retail giant Amazon has been rated number one in customer service, yet it hasn’t made the public commitments to stand behind its users’ digital privacy that the rest of the industry has.
AT&T, Comcast, T-Mobile, and Verizon scored the lowest, each earning just one star. While they have adopted a number of industry best practices, like publishing transparency reports and requiring a warrant for content, they still need to commit to informing users before disclosing their data to the government and creating a public policy of requesting judicial review of all NSLs.
“The tech industry as a whole has moved toward providing its users with more transparency, but telecommunications companies—which serve as the pipeline for communications and Internet service for millions of Americans—are failing to publicly push back against government overreach,” said EFF Senior Staff Attorney Nate Cardozo. “Both legacy telcos and the giants of Silicon Valley can and must do better. We expect companies to protect, not exploit, the data we have entrusted them with.”