2012 EFF Privacy Report: Who Has Your Back?
At the very end of the online version is a link to the report in PDF format.
Executive Summary
When you use the Internet, you entrust your online conversations, thoughts, experiences, locations, photos, and more to companies like Google, AT&T and Facebook. But what happens when the government demands that these companies to hand over your private information? Will the company stand with you? Will it tell you that the government is looking for your data so that you can take steps to protect yourself?
The purpose of this report is to incentivize companies to be transparent about what data flows to the government and encourage them to take a stand for user privacy when it is possible to do so.The Electronic Frontier Foundation examined the policies of 18 major Internet companies — including email providers, ISPs, cloud storage providers, and social networking sites — to assess whether they publicly commit to standing with users when the government seeks access to user data. We looked at their terms of service, privacy policies, and published law enforcement guides, if any. We also examined their track record of fighting for user privacy in the courts and whether they’re members of the Digital Due Process coalition, which works to improve outdated communications law. Finally, we contacted each of the companies with our conclusions and gave them an opportunity to respond and provide us evidence of improved policies and practices. These categories are not the only ways that a company can stand up for users, of course, but they are important and publicly verifiable.
While some Internet companies have stepped up for users in particular situations, it’s time for all companies that hold private user data to make public commitments to defend their users against government overreach. The purpose of this report is to incentivize companies to be transparent about what data flows to the government and encourage them to take a stand for user privacy when it is possible to do so.
We evaluated each company based on the following criteria:
1.) A public commitment to inform users when their data is sought by the government. To earn a star in this category, Internet companies must promise to tell users when their data is being sought by the government unless prohibited by law. This gives users a chance to defend themselves against overreaching government demands for their data.
2.) Transparency about when and how often companies hand data to the government. This category has two parts. Companies earn a half-star in this category if they publish statistics on how often they provide user data to governments worldwide. Companies also earn a half-star if they make public any policies they have about sharing data with the government, such as guides for law enforcement. (If a company doesn’t have law enforcement guidelines at all, though, we don’t hold that against them). Companies that publish both statistics and law enforcement guidelines receive a full star.
3.) Fight for users’ privacy rights in the courts. To earn recognition in this category, companies must have a public record of resisting overbroad government demands for access to user content in court. Not all companies will be put in the position of having to defend their users before a judge, but those who do deserve special recognition.
4.) Fight for users’ privacy in Congress. Internet companies earn a star in this category if they support efforts to modernize electronic privacy laws to defend users in the digital age by joining the Digital Due Process coalition.
[…]