Snowden leaks prompt tech firms to tout privacy, transparency policies

Annual EFF survey finds more companies are now taking steps to inform users about government requests for data

Several tech companies have revamped privacy and transparency policies since revelations in leaked National Security Agency (NSA) documents showed that the U.S. was secretly collecting customer data from Internet Service Providers, telecommunications companies and others.

The Electronic Frontier Foundation (EFF) Friday released a report identifying nine companies with perfect scores for their efforts in protecting customer data. Last year's report listed just two companies with perfect scores.

Among the companies receiving maximum scores from advocacy group were Google, Microsoft, Facebook, Apple and Dropbox. California ISP Sonic and Twitter made the list two years in a row.

The annual " EFF Who Has Your Back" report evaluates companies' privacy policies, terms of service agreements, public statements, and courtroom track records of major online companies, social networking sites and mobile service providers.

The EFF awards a gold star for best practices in six areas, including requiring warrants to release customer content to government agencies, informing users about a government request for data, and willingness to fight for customer privacy rights in courts.

Google, Facebook, Microsoft and five others received a maximum possible six gold stars. A handful of others including LinkedIn, Pinterest, Tumblr and Wordpress just missed the cut, but only because they have not yet brought any cases on behalf of customers to court, according to EFF.

About 20 of the 26 companies surveyed by EFF released a transparency report over the last year providing details about government requests for customer data along with a description of how these requests were handled.

In contrast, just seven of the companies surveyed by the EFF in 2013 had released a transparency report. Of the companies surveyed this year, only AT&T, Comcast and Snapchat did not require a warrant for handing over customer data.

"This year, the majority of the companies surveyed have made a formal commitment to inform users when their data was sought, a welcome safeguard that gives users the information they need to fight on their own," the advocacy group noted in a blog post.

Edward Snowden's leaks of NSA classified data appears to have fostered a new determination within industry to shed light on government attempts to access customer data, the reported noted.

"The sunlight brought about by a year's worth of Snowden leaks appears to have prompted dozens of companies to improve their policies when it comes to giving user data to the government," EFF activism director Rainey Reitman wrote.

While the trend is sure to be encouraging for users spooked over fears of government surveillance, not all of it is likely driven by altruistic motives on the part of the companies.

Snowden's revelations about private industry's role in the NSA's data collection has raised considerable concern in the U.S. and around the world. The long-term concern for many of these companies is that customers of their cloud services will move on from any firm seen willing to hand over customer data to government entities.

In public comments, officials at Google, Microsoft, Yahoo and other vendors have insisted that any information sharing that might have occurred with the government was unwilling and legally obligated. They have noted that the only circumstances under which they provided customer data to the government is when they have been served with a court order or a legally enforceable request.

Many of these companies have also demanded that the U.S. government allow them to provide even more details about requests they get from the NSA and other agencies for access to customer data.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags National Security AgencydropboxnsaLinkedInTumblrWordpressprivacyElectronic Frontier FoundationFacebookPinterestAppleGoogleMicrosoftsecuritytwittergovernmentGovernment/Industries

More about AppleComcast CableDropboxEFFElectronic Frontier FoundationFacebookGoogleMicrosoftNational Security AgencyNSASonicTopicYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts