Every day, users entrust companies to store and protect their data, but not all of those companies have the same policies on government requests for that data. The Electronic Frontier Foundation has just released the latest edition of its annual Who Has Your Back? report, which informs consumers of how 24 companies handle data demands from government agencies. AT&T and WhatsApp were the only companies to only earn one star, with WhatsApp opposing backdoors for government access.
The companies that scored perfect five-star results were Adobe, Apple, Credo Mobile, Dropbox, Sonic.net, Wikimedia, Wordpress.com and Yahoo. AT&T and WhatsApp scored just one star.
In this year's report, the EFF states that "it’s time to expect more from Silicon Valley," and accordingly, it has added new tests of company policies. The report now rewards companies for publicly stating what data is retained on its servers, as well as any government requests to take content off of its sites. Another star is awarded for having a policy that opposes the backdoor entry-points that give governments easy access to data traffic.
Compared to last year’s report, Adobe, Wikimedia, Wordpress.com rose to meet all five of the report's standards, while Facebook, Google, Microsoft and Twitter fell from the grace of their perfect scores in 2014.
Google was two stars shy of a perfect score because it does not tell users about government data requests, nor does Facebook have publicly visible data retention policies. Microsoft was also two stars off; it got docked for not disclosing its data retention policy or government content removal requests.
Twitter and Facebook were both a star shy of perfection - Twitter for not informing users about government data demands, and Facebook for not disclosing government content removal requests.
The EFF believes that this year's report has already made a difference in how companies deal with government requests, stating in the report, "In the months since we first told the companies what this year’s criteria would be, we’ve seen significant improvement in company practices. And we hope—and expect—that over the next year, we’ll see even more."
Four of the report’s previous standards have now been rolled into what the EFF calls Industry-Accepted Best Practices. In order to pass that test, companies must require that governments obtain a warrant from a judge in order to hand over records of user communications. Companies must also publish transparency reports on the frequency of both government requests for data and how often the companies complied. Finally, firms must publish guides that explain how they respond to government data demands.