EFF: Trust Twitter -- but not Apple or Verizon -- to protect your privacy

Verizon and MySpace scored a zero out of a possible six stars in a test of how far 18 technology service providers will go to protect user data from government data demands.

Twitter and Internet service provider Sonic.net scored a perfect six in the third annual Electronic Frontier Foundation "Who Has Your Back?" report.

[ RELATED: EFF urges court to protect privacy of text messages

ONGOING: Facebook weighs in on privacy of its Home Android app ]

The purpose of the report is to inform the public about how well privacy is protected but also to encourage lagging companies to do better and to be more transparent about the requests for data they receive from government agencies, says EFF Senior Staff Attorney Marcia Hofmann.

Apple, AT&T and Yahoo each scored just one star, ranking at the bottom with Verizon and MySpace.

Verizon and MySpace are chronically at the bottom of the heap, the report says. "We remain disappointed by the overall poor showing of ISPs like AT&T and Verizon in our best practice categories," it says.

Dropbox, Google, LinkedIn and SpiderOak all scored five out of six to tie for second place behind Twitter and Sonic.net.

The remaining seven companies that fell somewhere in between are: Amazon (2); Comcast (2); Facebook (3); Foursquare (4); Microsoft (4); Tumblr (3); and WordPress (4).

The companies are measured in six categories and given a star or not. The categories: Requiring warrants before delivering content; telling users about government requests for their data; publishing reports that list agencies that made requests; publishing guidelines they have for responding to government requests; going to court to fight for users privacy; lobbying Congress to establish privacy rights by joining the Digital Due Process coalition .

The report comes down pretty hard on Amazon, Facebook, Yahoo, Apple and AT&T. "Amazon holds huge quantities of information as part of its cloud computing services and retail operations, yet does not promise to inform users when their data is sought by the government, produce annual transparency reports, or publish a law enforcement guide," the report says.

"Facebook has yet to publish a transparency report. Yahoo! has a public record of standing up for user privacy in courts, but it hasn't earned recognition in any of our other categories. Apple and AT&T are members of the Digital Due Process coalition, but don't observe any of the other best practices we're measuring."

In the report Google is singled out as backsliding on whether it notifies users when the government asks to see their data. The company introduced ambiguity into its stance and so lost credit it had been awarded in previous years, the report says.

Google also earned special recognition for challenging a National Security Letter demanding access to user data. A star is awarded "when a company goes above and beyond for its users, as Google did this year," the EFF report says. Microsoft earned similar praise.

Microsoft and Twitter both started publishing transparency reports this year, joining five others, the report notes.

The most strongly supported criteria is publishing the guidelines they use for determining how to respond to government requests. A dozen companies do so, which is up seven from last year.

Tumblr and WordPress were added this year to the list of companies reported on, "but are already making a strong showing," the report says.

The list of companies included in the report has changed over the years. Initially in 2011, EFF chose the largest U.S. social networks, ISPs, and email providers and tossed in Apple and Skype because of the sensitive user data they store. A public vote to add one more company resulted in choosing Dropbox.

Foursquare and Loopt were added last year because they hold location data. This year Loopt was dropped because it has been sold. Similarly Skype was dropped because it was bought by Microsoft.

Also in 2012 EFF added SpiderOak to beef up the number of cloud storage providers.

"There's a lot to celebrate in this report, but also plenty of room for improvement," said EFF Staff Attorney Nate Cardozo in a printed statement. "Service providers hold huge amounts of our personal data, and the government shouldn't be able to fish around in this information without good reason and a court making sure there's no abuse."

Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter@Tim_Greene.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags unified communicationsApple privacyElectronic privacy Electronic Frontier FoundationdropboxNetworkingVerizon privacySpiderOakLinkedInElectronic Frontier FoundationFacebookAppleYahooEFFGoogleat&tsecurityTwitter privacytwitter

More about Amazon Web ServicesAppleComcast CableDropboxEFFElectronic Frontier FoundationFacebookGoogleMicrosoftSkypeSonicVerizonVerizonYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts