Facebook has often stood accused of violating users’ privacy. But it seems the social network is doing better than a lot of other tech companies. The Electronic Frontier Foundation, a nonprofit digital rights group, released a 74-page report Wednesday that analyzed the data disclosure policies of 24 major tech companies and rated them based on how well they defended user data from government access. It’s the fifth year that the EFF has released the annual report, titled “Who Has Your Back? Protecting Your Data From Government Requests.”
This year, the organization kicked its expectations up a notch, tightening criteria and adding new categories to reflect new transparency and user rights issues that have cropped up in recent years. “We think it’s time to expect more from Silicon Valley,” the authors wrote.
Facebook and Amazon, two of the world’s biggest and most data-steeped tech companies, performed reasonably well in the EFF’s ratings. (Take a breath: Your online crush-stalking and middle-of-the-night guilty-pleasure Prime orders are safe.) Out of a maximum five stars, Facebook received four and Amazon received three. Other popular online service providers such as LinkedIn, Pinterest, Reddit, Twitter, Tumblr, Slack, and Snapchat also came in with either three or four stars. Apple, Adobe, Dropbox, and Yahoo were among the companies decorated with shining five-star acclaim, meaning that they satisfied every one of the EFF’s standards.
But three big companies were given astonishingly poor marks: Verizon got a measly two-star rating, and AT&T and the popular messaging app WhatsApp both clocked in with a single star.
The EFF’s five stars correspond to a company’s aptitude in the following areas: keeping in line with industry-accepted best practices, such as publishing a transparency report; telling users about government data requests; disclosing data retention and release policies; disclosing how often the company complies with government requests to remove content; and taking a public stance against deliberate security weaknesses or other government-compelled back doors. Verizon, AT&T, and WhatsApp each managed to fulfill only one or two of these measures.
Given the size of these three online companies—Verizon and AT&T are the largest mobile wireless providers in the country, and the CEO of WhatsApp bragged earlier this year about his app’s 700 million monthly active users—these ratings are pretty alarming. The EFF politely told Verizon in its report that it has “room for improvement” in its data privacy practices. It was much less polite to WhatsApp, noting that it gave the company a “full year to prepare for its inclusion in the report,” in which it “has adopted none of the best practices we’ve identified as part of this report.” WhatsApp received its lone star only because of the public position of its parent company Facebook, which opposes the government use of back doors. The company is also “notably lagging behind” in the adoption of industry-accepted best practices: It was the only one out of the 24 companies not to receive that star.
It’s not all bad, though. According to the report, the overwhelming majority of tech companies stand strong against having government-mandated backdoor security weaknesses. Also, tech companies as a whole have steadily stepped up their game since the EFF first began issuing its report in 2011, improving their data policies to benefit users more and more each year.
There may be a long way to go before we can be completely assured that none of our embarrassing online activity is being logged by the government, but perhaps it’s still comforting to know that we’re (mostly) on the right path.