The Electronic Frontier Foundation (EFF) has pushed out its fifth annual "Who Has Your Back" report, claiming to chart tech companies' commitment to "the next frontier of user privacy".
The EFF's categorisation of what constitutes effective privacy standards for data controllers has seen it award full marks to Apple, Yahoo! and Dropbox, among others, in its 2015 report, telling netizens who has or does not have their back, or backs.
The "digital rights" lobbying group evaluated 24 companies — not on whether they shared data with commercial partners, or whether they snooped on users' devices and trafficked that data back to their own labs — but instead on the five categories we have included below.
- Follows industry-accepted best practices
- Tells users about government data demands
- Discloses policies on data retention
- Discloses government content removal requests
- Pro-user public policy opposes backdoors
Responding to The Register's questions regarding the widespread criticism of many of these companies true commitment to customers' privacy, Nate Cardozo, an EFF Staff Attorney, told us that "with this report, we ask specifically how well companies stand up to the government, not what kind of business they run. In fact, there's likely room for an entirely different report that looks at how much data companies collect, retain, and share. We may produce such a report in the future, but it wouldn't be a part of Who Has Your Back."
"There are lots of things we could rank companies on: for instance, how well they encrypt user data," added Cardozo, "but those ratings would dull the focus of Who Has Your Back."
Nine of the 24 companies in the report earned a star in every category: Adobe, Apple, CREDO, Dropbox, Sonic, Wickr, Wikimedia, Wordpress.com, and Yahoo!
Particularly interesting are the full marks for Dropbox, a PRISM target "partner" according to Snowden documents released earlier this month.
When asked of its choice of companies to include, Cardozo admitted the EFF "doesn't have a fixed set of criteria" for the Who Has Your Back report.
In 2011, we began with a selection of the Alexa top US social media providers. We've since added the largest US ISPs and a selection of other high profile services.
Some of the providers we rate (such as Sonic and CREDO) we include, even though they're quite small, to show that profitable businesses can still take their users' privacy seriously.
Some companies have asked to be included and some have asked to be left off the report. We do include some (but not all) companies that ask, but we do not honor requests to be left off the report.
Among the most surprising companies to be lauded was Apple. CEO Tim Cook has notably been on the campaign trail recently, decrying government interference with data Apple believes only it should be able to interfere with.
While acknowledging that the authenticity of Apple's privacy claims were questionable, Snowden said that if Cook "directs Apple's business model to be different, to say: 'We're not in the business of collecting and selling information. We're in the business of creating and selling devices that are superior,' then that's a good thing for privacy. That's a good thing for customers."
Later, the whistleblower added: "And if that position comes to be reversed in the future, I think that should be a much bigger hammer that comes against Apple because then that's a betrayal of trust, that's a betrayal of a promise to its customers."
Cardozo told The Register that the group does disclose its financials — although because of the way a non-profit body works, the most recent report covers July 2012 to July 2013, a period before most of the global surveillance revelations came to light. ®