ISPs Fail on Privacy Scorecard

Digital rights group Fight for the Future has launched a “Corporate Scorecard” that grades more than 30 of the world’s largest technology companies based on their public positions on key US policy questions affecting Internet users’ privacy and security.

For instance, according to its tally so far, 23 major tech companies oppose Cybersecurity Information Sharing Act (CISA), while 12 support it or are silent. Those that oppose CISA include Google, Microsoft, Apple, Twitter, Yahoo, Yelp, Netflix, Amazon, Ebay, Wikipedia and Dropbox.

The scorecard divides companies into two groups reflective of the group’s pro-privacy stance: “Team Internet” and “Team NSA,” based on their stated positions. It grades companies on three current policy questions: Electronic Communications Privacy Act (ECPA) reform, support or opposition for government backdoors in encryption, and CISA, which just hit the Senate floor this week.

ISPs including Comcast, Verizon and AT&T received among the worst scores, along with companies like Xerox, Priceline, and Expedia. IBM, LinkedIn, HP and Intel also fared badly, primarily due to their support for or silence on CISA.

CISA would open up an information exchange between the public and the private sectors: government would give companies classified information about potential threats, but the bill also incentivizes companies to funnel information to local law enforcement and the Department of Homeland Security, which must share the information with the National Security Agency "in real time." Privacy-focused organizations have accordingly been concerned.

 “People trust these companies with a staggering amount of personal information, and we need ways to hold them accountable to ensure they keep our data safe from both attackers and the government,” said Evan Greer, campaign director of Fight for the Future. “It’s not enough for companies to employ basic security practices, they need to be actively fighting for their users’ basic rights when key policy questions come up. Politicians constantly claim the support of the tech industry when attempting to undermine our privacy, so these companies have a responsibility to fight back.”

To be included on “Team Internet” a company must receive a “star” on all three issues. The scorecard only considered public statements made by companies in official blog posts, tweets, to the media or via their industry associations. Remaining silent on essential policy questions that affect a company’s users was also counted against that company’s score. Companies that took a particularly strong stand (issuing their own statement rather than through an industry association) received a special seal denoting that they went above and beyond.

What’s Hot on Infosecurity Magazine?