The EFF spent five years analyzing some of the most popular tech companies in several categories to determine how they protect user privacy. The companies range from social media powerhouses, popular phone apps, and search engines. These are the categories the EFF used to create these rankings.
•Industry-accepted best practices – Does the company hand over private information without a warrant or publish a transparency report on how often they deal with the government about private user info?
•Tells user about government information requests – Do they inform users of government requests for their information in a timely and legal manner?
•Publicly disclose the company’s data retention policies – How long do they retain users’ private data in a form accessible to law enforcement, but not the user?
•Disclose the number of times governments seek the removal of user content or accounts and how often the company complies – How often does the company comply with government demands to suspend or remove user accounts?
•Pro-user public policies: opposing backdoors – How well do they communicate their position on privacy policies to the public?
Companies You Can Trust
Yahoo! scored top nods with a five-star rating across the board, thanks to what EFF describes as a strong stance in favor of user rights, privacy, and transparency. This is the second year in a row the search engine received a perfect rating.
Computing programs designed to help aid in website building and creative design also fared well in the tests, with Adobe and WordPress both receiving perfect scores. Both companies freely share information regarding their data retention policies, while also requiring a warrant before giving up users’ information.
Apple also performed well in EFF’s report, with another stellar showing across each category, while Facebook excelled in every area but one. The social media giant failed to provide adequate and timely disclosures on government content removal of users’ profiles. Twitter, Dropbox, and LinkedIn were also near the top of the pack in terms of safeguarding users’ data and privacy.
Companies That Didn’t Perform as Well
Microsoft and Google fell in the middle. Google lost two stars for failing to inform users of government data requests and not disclosing data retention policies. Microsoft lost points for failing to disclose both data retention policies and government content removal requests to users.
Meanwhile, WhatsApp scored the worst among its peers, failing in all categories except one. The company opposes back doors, but lacks in its decision to allow government to intrude on privacy and forego informing users about its policies and requests. It’s somewhat surprising considering Facebook, which received mostly good scores across the board, now owns the company.
While there is certainly room to improve, it seems many of the top companies are fighting to protect user privacy. Before signing up for a new tech service online or buying a product from one of these companies, consider reading their privacy report so you know what will happen to your data.
Photo Credit: Perspecsys Photos/Flikr In February, we wrote about President Obama’s desire to strengthen online privacy laws by giving the Federal Trade Commission (FTC) the power to fine violators up to $16,500 per day. Now the FTC isn’t the only federal commission looking into online privacy. On April 28, the Federal Communications Commission (FCC) held a workshop to determine the extent to which it can or should regulate broadband privacy.
That workshop was no more than just a very small first step into examining a very large issue. It only lasted three hours; although the FCC has been exceptionally aggressive in making policy changes this year, even it can’t get anything done in such a short amount of time. The details of the meeting are available, but are technical and honestly pretty boring to anyone not engaged in the online security field. However, the workshop may have set the tone for what to expect when FCC Chairman Tom Wheeler described online privacy as “unassailable.”
Online privacy is going to become a much bigger deal than it already is as millions or billions of smart devices come online to form the Internet of Things. More devices mean more potential vulnerabilities, and more information that could be of value to data thieves.
No Paper or Digital Tiger
On April 8, the FCC announced that AT&T agreed to pay $25 million to settle the commission’s investigation into whether AT&T did enough to protect customers against data breaches in overseas call centers. There’s no reason to expect the FCC wouldn’t show the same kind of teeth in regulation of online privacy, or that FCC regulations would be weaker than those proposed for the FTC.
The FCC has been aggressive in making policy changes this year, so action on broadband privacy could come sooner, not later. It implemented net neutrality, increased funding for rural broadband and public broadband in schools and libraries, and is considering letting online video providers play by the same rules as satellite and cable companies.
Industry Still Seeks Halt to Net Neutrality
On May 1, a number of telecommunications companies and industry trade groups petitioned the FCC to halt implementation of the portion of its net neutrality ruling that reclassified Internet Service Providers (ISPs) as common carriers, meaning they had to carry all content and traffic at the same price. The petitioners included CTIA – The Wireless Association, the National Cable and Telecommunications Association (NCTA), and the American Cable Association (ACA). The last two filed their petition jointly.
However, while it was the common carrier reclassification that makes net neutrality possible, that wasn’t exactly what the petitions sought to prohibit: Among other arguments, the NCTA-ACA petition argued that common carrier status will subject ISPs and consumers to increased costs and state and federal taxes that are currently prohibited.
One week later, the FCC rejected those petitions, and the groups that filed them likely expected as much. However, the same groups were legally unable to request a stay in court without filing petitions with the FCC first. With that step out of the way, expect lawsuits to follow, and while the FCC is confident it will win any such challenges, it’s not a sure thing. The FCC fought and lost a court battle over net neutrality in 2010.
A More Personal Challenge
If you’re not satisfied with the current state of your Internet connection, there’s no need to file a petition or ask the courts for help. All you need to do to start improving your situation is enter your zip code below.
[zipfinder] President Obama seems to be making the Internet one of his priorities for 2015, as he’s already announced plans to make it easier for communities to build faster networks. Now it appears he doesn’t just want our Internet to be faster, but also more private. Currently, the U.S. is behind other nations in this regard: Japan has a “right to be forgotten law,” as does the European Union.
Obama expressed desire for a new bill that will restrict the way online companies manage your data, and make it easier for the Federal Trade Commission (FTC) to punish companies that don’t comply. And if we’re to believe groundhog meteorologists, we might see this bill before the end of winter.
Creating a Federal Standard for Privacy
Analysts expect the bill will require companies to provide more disclosure about how user data is handled, also requiring users to agree to these parameters via opt-in. It will also require companies to notify users of any changes in what they do with that data, and users must again authorize this change. No longer will online companies be able to collect your user data for one purpose before selling it to advertisers without your consent.
The president wants to grant the FTC the authority to fine violators of that policy as much as $16,500 per violation, per day. To a large company, that single fine isn’t much money at all. But rarely do companies collecting user data deal with a single user’s data at a time. Instead, they treat huge amounts of user data the same way, and so per-user fines that span weeks or months could definitely cripple offenders.
Who Are We Talking About?
Your data isn’t alone: it’s stored along with thousands or even millions of users’ data. It’s the volume of that data that makes it valuable to advertisers, hackers, and others. Threats to the privacy of your information can come from companies knowingly selling that information to third parties, and from lax data security practices. Even if the people you give your information to have great security practices, the people they sell it to may not. You can’t know.
Right now, it’s probable that there are a lot of online entities with access to your user data. Social media sites, search engines, retailers, banks, insurance providers, software designers, charities, advertisers and more, all probably have some level of access to your data. There’s currently no federal law to govern what these companies do with that data. Your only clue is usually in those user agreements you never read when signing up for a new service.
The reason so many online services are free is because you’re essentially trading your personal information for that unpaid access. And for the most part, if the service is free, that service isn’t the actual product. It’s only the lure—you’re the product and the consumers are advertisers. They’re buying your preferences to create more effective advertising.
People Can Actually Agree on This Issue
Online privacy is one issue both parties might actually support. Republican Congressman Luke Messer and Democratic Congressman Jared Polis are currently working together to draft a student-specific online privacy bill. Bipartisan support for a new bill is important because, while the president and his administration can write a draft for a new bill, members of the Republican-controlled House of Representatives must sponsor and introduce that draft into the legislative process. So, without friends in the house to introduce and then pass that draft, no White House bill is going anywhere.
Watch Out for Yourself
None of us want to see our information spread without our consent. That means that until any federal online privacy bill becomes law, we all need to read those long, legalese user-agreements before clicking “I agree.” And if you don’t like what you read, don’t make that click.
Photo Credit: Barak Obama/Flikr There’s nothing society loves more than some good old righteous indignation, especially when it comes to our personal privacy. We react with outrage when the government collects data from our phones. We all signed up for the Do Not Call Registry, and we get angry when we still get telemarketer calls. We pretend we don’t want our data collected online—pretend because, as long as the service is free, we’ve shown we’ll willingly trade privacy for reduced-price or free digital services.
The Numbers Don’t Add Up
According to a recent study from the Pew Research Center, 80 percent of American adults surveyed worry about businesses accessing the data they share on the site, and 70 percent are concerned about the government accessing that same data. Yet despite these concerns, Facebook still has 864 million active users per day, and 1.3 billion active users per month, so people are still doing a lot of sharing. And that’s despite documented instances of legitimate privacy concerns, not tin foil hat paranoia.
The study also found 61 percent of Americans disagree with the notion that increased access to personal information makes online services more efficient. Even so, 55 percent agree they’re willing to share personal information in exchange for free access to online services, like social media. As many Internet and media experts have noted, when we use free online services in exchange for advertising, we are the product being sold.
Putting Our Mouth Where Our Money Isn’t
What a Tangled World Wide Web We Weave
If online services aren’t likely to change the way they handle our personal information, then we’ll have to change our online behavior. Over 60 percent of survey respondents say they’d like to do more to protect their information online, but only 24 percent say it’s easy to be anonymous online. An editorial in “The Guardian” speculates that some of us want to blame it on “our old friend Tina (There Is No Alternative),” that we’ve simply accepted that a lack of privacy is a price we have to pay for online services.
It’s easy to see why actually changing behavior is difficult when our Gmail password now logs us into our YouTube and Google+, accounts, and many third-party sites now use and sometimes even require a Facebook profile for account signup or commenting. The more the online services we use become intertwined, the less likely it is that we’ll abandon one because of how it will affect our use of the others. Pew indicates that 91 percent of people surveyed believe consumers aren’t in control of how their online personal data is collected and used, but 88 percent believe it would be “very difficult” to remove information about them online. Unlike Japan and Europe, America doesn’t have “right to be forgotten” laws. Should we?
What We Can Do About It
If we want to change how online services handle our personal information, we have to change our online behavior. If Google really bothers us, try an alternative like DuckDuckGo that doesn’t track our browsing history. If we don’t like how Facebook handles our information, we need to be selective in the information we provide. If we show, not tell, these online services that we value our privacy, they’ll begin to value it as well.
Perhaps the only thing worse about worrying about our online information is worrying about it over a slow connection. Enter your zip code below to find other Internet plans available in your area.
Image by lsengardt/Flickr