EFF: Online data protection is a mixed bag

The EFF saw a dramatic increase in the number of companies publishing law enforcement guidelines
The EFF saw a dramatic increase in the number of companies publishing law enforcement guidelines

The Electronic Frontier Foundation (EFF), a non-profit advocacy group, has found that while most companies have published guidelines for which information and under which circumstances they will share that information with law enforcement, some just still aren't making the cut in its opinion.

At various junctures the government may want access to digital information: thoughts, photos, videos and relationship information, not to mention financials and other records. EFF's report examined 18 companies' terms of service, privacy policies, advocacy and courtroom track records, awarding up to six gold stars for best practices in categories like "require a warrant for content," "tell users about government data demands" and "publish transparency reports."

This year, two companies – Twitter and Sonic.net – even received a full six stars. However, there appears to be work to do for some: Verizon and MySpace earned no stars.

"Transparency reports have become an industry standard practice among major technology companies since we started issuing this report in 2011," said EFF senior staff attorney Marcia Hofmann. "Through those reports, we've learned more about law enforcement requests for user data. We publish this annual report to encourage companies to let users know how data flows to the government, and to encourage companies to stand up for their users."

EFF's report shows that, more and more, internet companies are formally promising to give users notice about law enforcement requests for information unless prohibited by law or court order. This year, the companies earning a star in this category included Dropbox, Foursquare, LinkedIn, Sonic.net, SpiderOak, Twitter, and WordPress. Google, however, was a backslider in this category, introducing ambiguity into its policy and in the process losing the half-star it had earned in previous years.

"There's a lot to celebrate in this report, but also plenty of room for improvement," said EFF staff attorney Nate Cardozo, in a statement. "Service providers hold huge amounts of our personal data, and the government shouldn't be able to fish around in this information without good reason and a court making sure there's no abuse. This report should be a wake-up call to Internet users that they need more protection from the companies they trust with their digital communications."

Microsoft and Twitter both received special commendation for publishing their first transparency reports this year. “We are also seeing a shift that we hope will be adopted across internet companies more broadly: two internet companies – Google and Microsoft – have published figures regarding National Security Letters, secretive government demands for user information that are typically accompanied by gag orders,” the EFF said.

In the category of protecting user privacy in the courts, the EFF said that Google deserves special recognition this year for challenging a National Security Letter. “Not every company has had the opportunity to defend user privacy in the courts, and sometimes companies will fight for users in court but be prevented from publicly disclosing this fact,” the report found. “However, we award a star in this category when a company goes above and beyond for its users, as Google did this year.”

Also, more companies are fighting for user privacy on Capitol Hill as part of the Digital Due Process Coalition. Foursquare, Tumblr, and WordPress earned stars in this category for the first time in 2013.

The EFF saw a dramatic increase in the number of companies publishing law enforcement guidelines. Seven companies – Comcast, Foursquare, Google, Microsoft, SpiderOak, Tumblr, and WordPress – earned stars in this category for the first time this year.

“We’re happy to report that several of the companies included in last year’s report have significantly improved their practices and policies concerning government access to user data,” the report said. “Comcast, Google, SpiderOak, and Twitter earned two new stars this year while Microsoft earned three new stars. Foursquare went from zero stars in 2012 to four in 2013.”

Finally, blogging platforms Tumblr and WordPress are new to the report this year, but are already making a strong showing. Tumblr earned recognition in three categories: publishing details about how it responds to law enforcement demands, requiring a warrant for content and standing up for user privacy in Congress. WordPress was awarded stars in each of these categories, too, as well as a fourth star for promising to inform users about government access requests.


What’s Hot on Infosecurity Magazine?