Want to know which companies stand up for user privacy and which ones will hand out your data when the government asks for it? The Electronic Frontier Foundation's seventh annual "Who Has Your Back" report is out today, ranking tech companies on their privacy practices.
When scoring companies, EFF looks at their published policies about privacy and transparency to determine which are willing to go to bat for users and which will easily surrender user data.
The lowest scorers this year are US telecoms such as AT&T and Verizon, with Amazon coming in at a close second. Out of the 26 companies EFF evaluated, only nine received five stars: Adobe, Credo, Dropbox, Lyft, Pinterest, Sonic, Uber, Wickr and Wordpress.
The user data held by telcos and tech companies is "a magnet for governments seeking to surveil citizens, journalists, and activists," EFF activism director Rainey Reitman said. "When governments do so, they need to follow the law, and users are increasingly demanding that companies holding their data enact the toughest policies to protect customer information."
The companies get scored in five categories: "[F]ollows industry-wide best practices", "tells users about government data requests", "promises not to sell out users", "stands up to NSL gag orders", and takes the pro-user policy stance of asking US Congress to "reform 702".
Section 702 of the US Foreign Intelligence Surveillance Act (FISA), which authorises dragnet surveillance of digital communications, is set to expire at the end of this year. Congress is currently debating its re-authorisation and EFF wants to see more tech companies speaking up about reforming Section 702.
The categories for refusing to sell out users and standing up to National Security Letter gag orders are new in this year's report. Although "selling out users" sounds a little vague, EFF created it in response to concerns that tech companies would sell information about users' immigration status or religion. Companies that have taken a public stance against doing so earn a star in that category — like Twitter, which in May banned intelligence agencies from its social media monitoring service Dataminr.
Although companies such as Facebook and Google are known to have fought for transparency around National Security Letters, they didn't earn stars in that category because they haven't yet made public commitments to requesting judicial review of the gag orders that often accompany NSLs.
Telecoms ranked low despite the fact that most of them follow industry practices of publishing transparency reports. EFF says that Verizon, Comcast and others like them need to publicly commit to notifying users when their data is requested.
Amazon and WhatsApp scored lowest out of the tech companies, earning only two stars. EFF says that both companies have done "significant work to defend user privacy" but they need to improve their public commitments.
"The tech industry as a whole has moved toward providing its users with more transparency, but telecommunications companies — which serve as the pipeline for communications and Internet service for millions of Americans — are failing to publicly push back against government overreach," said EFF senior staff attorney Nate Cardozo.