The Electronic Frontier Foundation (EFF) has released its latest Who Has Your Back? report, which scores tech companies based on their security practices, their response to government data requests, and more. This year the digital rights group added two categories--"promises not to sell out users" and "stands up to [national security letter] gag orders"--to the scorecard to offer a more thorough look into each company.
The Who Has Your Back? report's broad strokes aren't particularly surprising. With just one star each, telecoms like AT&T and Verizon score far lower than the tech companies on the list, several of which received all five possible stars. We already knew that telecoms often hand over user data, so the report's note that they don't "have your back" is less of a revelation and more of a reminder about their numerous public failings.
But the report does have a few surprises. Uber receiving a five-star rating, for example, will surprise anyone who's followed the company's issues. Uber followed users' locations without consent, repeatedly looked up user data without reason, and mistakenly revealed private information about its "driver-partners."
Other surprises include the low rating for Twitter, which is vocal about protecting its users and their personal information, and Snap, whose service is predicated on the idea that the company can be trusted. WhatsApp and Amazon, which both have two stars each, are two other notable failings. Thus, even though consumer tech companies are more trustworthy than telecoms, it seems not all of them are cut from the same cloth.
Here's what the EFF said about these problems in a blog post:
“The tech industry as a whole has moved toward providing its users with more transparency, but telecommunications companies—which serve as the pipeline for communications and Internet service for millions of Americans—are failing to publicly push back against government overreach,” said EFF Senior Staff Attorney Nate Cardozo. “Both legacy telcos and the giants of Silicon Valley can and must do better. We expect companies to protect, not exploit, the data we have entrusted them with.”
Tech companies have turned privacy and security into marketing terms. The revelations from Edward Snowden in 2013 helped spur more public awareness of the very real issues people face in our increasingly connected time. Companies responded by improving their privacy and security, most often with end-to-end encryption or support for two-factor authentication, but it can be hard to tell who actually supports these ideals and who's paying lip service to them. Independent reports like Who Has Your Back? can help people distinguish between the two camps.
Just know that none of these companies are perfect. The EFF is basing its scorecard on public information and policies--you can find out more about the methodology in the full report--but it doesn't seem to take outside factors into account. Uber is the most notable example, but there's bound to be other companies that seem like they're on the up-and-up even as they secretly abuse the trust many people have for them.
At the very least, remember that a company "having your back" in this instance refers to how it handles government data requests, not how information is internally handled. Some people will be fine with companies using their data so long as they don't hand it over willy-nilly to law enforcement agencies. Others will be more accepting of government data sharing than internal abuse. It's your back; you have to decide who has it.