Who Has Your Back? | |
---|---|
Status | Active |
Genre | Anual Reports |
Date(s) | April 11, 2011 |
Frequency | Annually |
Years active | 13 |
Inaugurated | April 11, 2011 |
Founders | John Gilmore, John Perry Barlow, and Mitch Kapor |
Most recent | July 10, 2017 |
Organised by | Electronic Frontier Foundation |
Website | eff |
www |
The Who Has Your Back annual reports analyzes policies and advocacy positions of major technology companies when it comes to handing data to the government.[1]
The Electronic Frontier Foundation
editThe Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed in July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet civil liberties.
EFF provides funds for legal defense in court, presents amicus curiae briefs, defends individuals and new technologies from what it considers abusive legal threats, works to expose government malfeasance, provides guidance to the government and courts, organizes political action and mass mailings, supports some new technologies which it believes preserve personal freedoms and online civil liberties, maintains a database and web sites of related news and information, monitors and challenges potential legislation that it believes would infringe on personal liberties and fair use and solicits a list of what it considers abusive patents with intentions to defeat those that it considers without merit.
Evaluation Criteria
editGold stars are used as visually aid in the evaluation of a companies stance in each criteria. A gold star indicates that the company is fulfilling the criteria and a half-star indicates that the company is working towards fulfilling the criteria. The evaluation criteria for each report changes in order to keep up with the current media environment.
2011 - 2012
editTell users about data demands, Be transparent about government requests, Fight for user privacy in the courts, and Fight for user privacy in Congress.[2]
2012 - 2013
editIn 2013, the half-star was eliminated from the criteria.
History
edit2011
editOn April 11, 2011, the Electronic Frontier Foundation launched a petition requesting 13 of North Americas largest internet companies to be transparent in their privacy practices. The Electronic Frontier Foundation sought to force companies to inform users when their data was sought by the government and give users a chance to defend themselves, unless prohibited by law.[3]
Details on what was asking for:
edit- A promise to inform users when their data is sought by the government
- To be transparent about when they handed over data to the government
- To fight for users' privacy rights in the courts and in Congress
Internet Companies | Tell users about data demands | Be transparent about government requests | Fight for user privacy in the courts | Fight for user privacy in Congress |
---|---|---|---|---|
2012
editOn May 31, 2012, the Electronic Frontier Foundation published its Second Annual Report on Online Service Providers’ Privacy and Transparency Practices Regarding Government Access to User Data. The report was authored by Marcia Hofmann, Rainey Reitman, and Cindy Cohn. In its' second year, the Electronic Frontier Foundation highlighted issues arising from government access to location data and the companies that collect that information. This prompted the addition of location-based service providers such as Loopt and Foursquare to the report.
Companies added
edit
The 2012 Who Has Your Back Report
editInternet Companies | Tell users about data demands | Be transparent about government requests | Fight for user privacy in the courts | Fight for user privacy in Congress |
---|---|---|---|---|
2013
editOn April 30, 2013 (later updated on May 13, 2013), the Electronic Frontier Foundation published its Third Report[5] (thereby making it an annual report) on Online Service Providers’ Privacy and Transparency Practices Regarding Government Access to User Data. The report was authored by Nate Cardozo, Cindy Cohn, Parker Higgins, Marcia Hofmann, and Rainey Reitman. In it's third year, the Electronic Frontier Foundation examined the policies of major Internet companies to assess whether they publicly commit to standing with users when the government seeks access to user data. Each company’s published terms of service, privacy policy, transparency report, and guidelines for law enforcement requests were examined as well as the company’s public record of fighting for user privacy in the courts and whether it is a member of the Digital Due Process coalition.
Companies added
edit
Companies removed
edit
Changes
edit- A new category: requiring a warrant before disclosing contents of user communications to law enforcement.
- The “Transparency” category from previous reports was divided into two separate categories.
- Elimination of the Half-Star: In the past reports, the Electronic Frontier Foundation gave companies a half-star for publishing a transparency report on how often user data is given to the government and a half-star for publishing law enforcement guidelines on sharing data with the government. This year, the Electronic Frontier Foundation awarded a full star to recognize each of these two best practices.
The 2013 Who Has Your Back Report
editInternet Companies | Requires a warrant for content | Tell users about government data requests | Publishes transparency reports | Publishes law enforcement guidelines | Fights for users' privacy rights in courts | Fights for users’ privacy rights in Congress |
---|---|---|---|---|---|---|
2014
editIn this fourth-annual report, EFF examines the publicly-available policies of major Internet companies—including Internet service providers, email providers, mobile communications tools, telecommunications companies, cloud storage providers, location-based services, blogging platforms, and social networking sites—to assess whether they publicly commit to standing with users when the government seeks access to user data. The purpose of this report is to allow users to make informed decisions about the companies with whom they do business. It is also designed to incentivize companies to adopt best practices, be transparent about how data flows to the government, and to take a stand for their users’ privacy in Congress and in the courts whenever it is possible to do so.
The report was complied by examining each company’s published terms of service, privacy policy, transparency report, and guidelines for law enforcement requests, if any. As part of the evaluation, the EFF contacted each company to explain our findings and to give them an opportunity to provide evidence of improving policies and practices.
Evaluation criteria
edit- Require a warrant for content of communications.
In this category, companies earn recognition if they require the government to obtain a warrant from a neutral magistrate and supported by probable cause before they will hand over the content of user communications to the government. This policy ensures that private messages stored by online services like Facebook, Google, and Twitter are treated consistently with the protections of the Fourth Amendment.
- Tell users about government data requests.
To earn a star in this category, Internet companies must promise to tell users when the government seeks their data unless prohibited by law, in very narrow and defined emergency situations, or unless doing so would be futile or ineffective. A star is awarded if they publish useful data about how many times government sought user data and how often they provide user data to the government.
- Publish law enforcement guidelines.
Companies get a star in this category if they make public their policies or guidelines explaining how they respond to data demands from the government, such as guides for law enforcement.
- Fight for users’ privacy rights in courts.
This star recognizes companies who have publicly confirmed that they have resisted overbroad government demands for access to user content in court.
- Publicly oppose mass surveillance.
Tech companies earn credit in this category by taking a public policy position opposing mass surveillance.
Companies added
edit
The 2014 Who Has Your Back Report
editInternet Companies | Requires a warrant for content | Tell users about government data requests | Publishes transparency reports | Publishes law enforcement guidelines | Fights for users' privacy rights in courts | Fights for users’ privacy rights in Congress |
---|---|---|---|---|---|---|
43 px|centre|Snpachat | ||||||
2015
edit
In this, fifth annual Who Has Your Back report[6], the main principles of the prior reports were rolled into a single category: Industry-Accepted Best Practices. There was also refined expectations around providing users notice and added new categories to highlight other important transparency and user rights issues.
Major Findings in the 2015 Report:
- Nine companies receive all available stars: Adobe, Apple, CREDO, Dropbox, Sonic, Wickr, Wikimedia, Wordpress.com, and Yahoo
- AT&T, Verizon, and WhatsApp lag behind industry in standing by users
- Overwhelming majority of tech companies oppose government-mandated backdoors
Nine companies earned stars in every category that was available to them: Adobe, Apple, CREDO, Dropbox, Sonic, Wickr, Wikimedia, Wordpress.com, and Yahoo.
Evaluation criteria
edit1. Industry-Accepted Best Practices. This is a combined category that measures companies on three criteria (which were each listed separately in prior years’ reports):
- Does the company require the government to obtain a warrant from a judge before handing over the content of user communications?
- Does the company publish a transparency report, i.e. regular, useful data about how many times governments sought user data and how often the company provided user data to governments?
- Does the company publish law enforcement guides explaining how they respond to data demands from the government?
2. Tell users about government data requests. To earn a star in this category, Internet companies must promise to tell users when the U.S. government seeks their data unless prohibited by law, in very narrow and defined emergency situations, or unless doing so would be futile or ineffective. Notice gives users a chance to defend themselves against overreaching government demands for their data. The best practice is to give users prior notice of such demands, so that they have an opportunity to challenge them in court. Thus, the criterion has been adjusted from prior years. It is now required that the company provide advance notice to users except when prohibited by law or in an emergency and that the company also commit to providing delayed notice after the emergency has ended or when the gag has been lifted.
3. Publicly disclose the company’s data retention policies. This category awards companies that disclose how long they maintain data about their users that isn’t accessible to the user—specifically including logs of users’ IP addresses and deleted content—in a form accessible to law enforcement. If the retention period may vary for technical or other reasons, the company must disclose that fact and should publish an approximate average or typical range, along with an upper bound, if any. The EFF awarded this star to any company that discloses its policy to the public—even if that policy is one that EFF strongly disagrees with, for instance, if the company discloses that it retains data about its users forever.
4. Disclose the number of times governments seek the removal of user content or accounts and how often the company complies. Transparency reports are now industry standard practices. The EFF believed that the companies’ responsibility to be transparent includes not only disclosing when governments demand user data, but also how often governments seek the removal of user content or the suspension of user accounts and how often the company complies with such demands. A star is awarded in this category to companies that regularly publish this information, either in their transparency report or in another similarly accessible form. Companies should include formal legal process as well as informal government requests in their reporting, as government censorship takes many forms.\
5. Pro-user public policies: opposing backdoors. Every year, one category is dedicated to a public policy position of a company. For three years, the EFF acknowledged companies working publicly to update and reform the Electronic Communications Privacy Act. Last year, the EFF noted companies who publicly opposed mass surveillance. This year, given the reinvigorated debate over encryption, companies are being asked to take a public position against the compelled inclusion of deliberate security weaknesses or other compelled back doors. This could be in a blog post, in a transparency report, by publicly signing a coalition letter, or though another public, official, written format. It is expected that this category should continue to evolve, so that industry players can be tracked across a range of important privacy issues.
Companies added
editWhatsApp earned credit for its parent company Facebook’s public policy position opposing backdoors and nothing else.
Companies removed
edit- Foursquare
- Internet Archive
- LookOut
- MySpace
- SpiderOak
Changes
edit- The "Follows industry-accepted best practices" category: This is a combined category that measures companies on three criteria (which were each listed separately in prior years’ reports.
Does the company require the government to obtain a warrant from a judge before handing over the content of user communications? Does the company publish a transparency report, i.e. regular, useful data about how many times governments sought user data and how often the company provided user data to governments? Does the company publish law enforcement guides explaining how they respond to data demands from the government? Companies must fulfill all three criteria in order to receive credit.
- Added new categories to highlight other important transparency and user rights issues.
The 2015 Who Has Your Back Report
editInternet Companies | Follows industry-accepted best practices | Tell users about government data demands | Discloses policies on data retention | Discloses removal requests | Pro-user public policy: opposes backdoor |
---|---|---|---|---|---|
N/A | |||||
N/A | |||||
43 px|centre|Snpachat | N/A | ||||
N/A | |||||
N/A | |||||
2016
edit6th report[7]
Companies added
edit- Airbnb
- Flipkey
- Getaround
- Instacart
- Lyft
- Postmates
- Taskrabbit
- Turo
- Uber
- VRBO
Companies removed
edit- Adobe
- Apple
- CREDO Mobile
- Dropbox
- Sonic
- Wickr
- Wikimedia Foundation
- Wordpress
- Yahoo!
- Comcast
- Slack
- Microsoft
- Tumblr.
- Amazon
- AT&T
- Verizon
Changes
edit- Removal of traditional companies and addition of new companies who connect users offering services to other users interested in purchasing those services
The 2016 Who Has Your Back Report
editInternet Companies | Requires a warrant for user content | Requires a warrant for perspective location | Issues a public transparency report | Issues pubic law enforcement guidelines | Tells users about government data demands | Stands up for user privacy in congress |
---|---|---|---|---|---|---|
43 px|centre|Postmates | ||||||
110 px|centre|Taskrabbit | ||||||
2017
editLorem ipsum dolor sit amet, eum ei sonet omnes, eam latine docendi corrumpit cu. Soluta regione iracundia mea cu. Mei lucilius comprehensam ut, ludus tacimates ei has. In discere perfecto sed, dicta laboramus ne mei.
Vix ea fugit delicata, eam nonumy noluisse mnesarchum an, eos te debitis adipisci imperdiet. Pro an vidit tollit incorrupte. Scripserit voluptatibus id sea. Ea quis partiendo pri, ea fugit zril sea. Simul mediocrem te est, at senserit salutandi est.
Nec habeo nonumy euripidis ad, percipit scribentur te est. Hinc vitae quodsi ne eam. Fabulas fuisset honestatis an sit. Ea pro salutatus persecuti. Suscipit intellegam pri ut, mandamus dignissim has te. Quo cu oportere patrioque temporibus.
Sed enim luptatum interesset eu. Nonumy quodsi invenire ex sea, congue disputando ad nec. Ius ea vidisse omnesque persequeris. Ne quem quodsi electram sed. Nihil dicant vix eu, viderer sanctus eos et. Ea pri euismod scaevola evertitur, et eum discere scriptorem, duo omnis homero complectitur ad.
Vim eu dolore expetendis delicatissimi. At pro aliquam imperdiet, eu ceteros reprimique sea, insolens antiopam suavitate sed ne. Falli adipisci complectitur nec ea. Vis affert tantas suscipit no, eos ut nemore referrentur. Qui ea wisi pericula, sit esse legendos sensibus ne, ex quo quod volumus suscipit.
Lorem ipsum dolor sit amet, eum ei sonet omnes, eam latine docendi corrumpit cu. Soluta regione iracundia mea cu. Mei lucilius comprehensam ut, ludus tacimates ei has. In discere perfecto sed, dicta laboramus ne mei.
Vix ea fugit delicata, eam nonumy noluisse mnesarchum an, eos te debitis adipisci imperdiet. Pro an vidit tollit incorrupte. Scripserit voluptatibus id sea. Ea quis partiendo pri, ea fugit zril sea. Simul mediocrem te est, at senserit salutandi est.
Nec habeo nonumy euripidis ad, percipit scribentur te est. Hinc vitae quodsi ne eam. Fabulas fuisset honestatis an sit. Ea pro salutatus persecuti. Suscipit intellegam pri ut, mandamus dignissim has te. Quo cu oportere patrioque temporibus.
Sed enim luptatum interesset eu. Nonumy quodsi invenire ex sea, congue disputando ad nec. Ius ea vidisse omnesque persequeris. Ne quem quodsi electram sed. Nihil dicant vix eu, viderer sanctus eos et. Ea pri euismod scaevola evertitur, et eum discere scriptorem, duo omnis homero complectitur ad.
Vim eu dolore expetendis delicatissimi. At pro aliquam imperdiet, eu ceteros reprimique sea, insolens antiopam suavitate sed ne. Falli adipisci complectitur nec ea. Vis affert tantas suscipit no, eos ut nemore referrentur. Qui ea wisi pericula, sit esse legendos sensibus ne, ex quo quod volumus suscipit.
Companies added
edit
Companies removed
edit- Foursquare
- Internet Archive
- LookOut
- MySpace
- SpiderOak
Changes
edit- The "Follows industry-accepted best practices" category: This is a combined category that measures companies on three criteria (which were each listed separately in prior years’ reports.
Does the company require the government to obtain a warrant from a judge before handing over the content of user communications? Does the company publish a transparency report, i.e. regular, useful data about how many times governments sought user data and how often the company provided user data to governments? Does the company publish law enforcement guides explaining how they respond to data demands from the government? Companies must fulfill all three criteria in order to receive credit.
- Added new categories to highlight other important transparency and user rights issues.
The 2017 Who Has Your Back Report
editInternet Companies | Follows industry-wide best practices | Tell users about government data requests | Promises not to sell out users | Stands up to NSL gag orders | Pro-user public policy: Reform 702 |
---|---|---|---|---|---|
N/A | |||||
N/A | |||||
43 px|centre|Snpachat | N/A | ||||
N/A | |||||
N/A | |||||
See also
edit- Corporate Responsibility
- Privacy
- Internet
- Civil Liberties
References
edit- ^ Reitman, Rainey. "Who Has Your Back? Government Data Requests 2017". Electronic Frontier Foundation. Electronic Frontier Foundation. Retrieved 6 March 2018.
- ^ Electronic Frontier Foundation (11 April 2011). "Who Has Your Back? 2011". Electronic Frontier Foundation. Electronic Frontier Foundation. Retrieved 7 March 2018.
- ^ Reitman, Rainey. "Who Has Your Back? Government Data Requests 2017". Electronic Frontier Foundation. Electronic Frontier Foundation. Retrieved 6 March 2018.
- ^ Reitman, Rainey. "When the Government Comes Knocking, WHO HAS YOUR BACK?". Electronic Frontier Foundation. Electronic Frontier Foundation. Retrieved 8 October 2019.
- ^ Cardozo, Nate; Cohn, Cindy; Higgins, Parker; Hofmann, Marcia; Reitman, Rainey. "The Electronic Frontier Foundation's Third Annual Report on Online Service Providers' Privacy and Transparency Practices Regarding Government Access to User Data" (PDF). Electronic Frontier Foundation. Electronic Frontier Foundation. Retrieved 9 October 2019.
- ^ Cardozo, Nate; Opsahl, Kurt; Reitman, Rainey; Higgins, Parker; Maass, Dave. "THE ELECTRONIC FRONTIER FOUNDATION'S FIFTH ANNUAL REPORT ON Online Service Providers' Privacy and Transparency Practices Regarding Government Access to User Data" (PDF). Electronic Frontier Foundation. Electronic Frontier Foundation. Retrieved 9 October 2019.
- ^ Cardozo, Nate; Opsahl, Kurt; Reitman, Rainey; Higgins, Parker; Maass, Dave. "THE ELECTRONIC FRONTIER FOUNDATION'S SIXTH ANNUAL REPORT ON Online Service Providers' Privacy and Transparency Practices Regarding Government Access to User Data" (PDF). Electronic Frontier Foundation. Electronic Frontier Foundation, 2016. Retrieved 11 October 2019.