Steven Finkler + Vice President + AT&T on User Privacy

As the Internet, smartphones, and social networks have become increasingly important to everyday life, the amount of private information available to technology companies has also grown. A wide variety of personal details about a user can now be deduced by a technology company looking through its data. This has created opportunities for the sale of user information from these companies to advertisers, and it has allowed governments to acquire additional data about the personal lives of individual people. The Electronic Frontier Foundation, a nonprofit group focused on protecting the rights of Internet users, released an edition of their “Who Has Your Back” report emphasizing the different extents to which companies were protecting the privacy of their users from government data requests in 2017.

In its report, the EFF focused on five different measures of evaluating technology companies. Each of these was considered separately for the 26 companies discussed in the report. In each case, the EFF looked to see whether the company had met the particular standard laid out. All in all, each company was given a star rating based on how many of the five criteria that business had satisfied.
There was a significant range of scores between the various businesses examined. One standard, involving the use of “industry-wide best practices,” was met by all 26 companies. Another standard involved letting users know about any government requests for their data. This one was met by companies such as Adobe and Apple, but not by others such as Twitter and Amazon. A third criterion related to the willingness of companies to prevent third-party developers from taking actions to help governments spy on users. This standard was met by firms such as Facebook and Uber, but not by Tumblr or Airbnb.

Another standard required businesses to take a specific set of actions in response to National Security Letters from the United States government. A 2015 law allows for all companies that receive a National Security Letter preventing them from informing a user that law enforcement has requested their personal data to request a judicial review of that gag order. The fourth criterion was that a company have an openly stated policy of requesting this judicial review for all gag orders they receive. According to the EFF, Dropbox and Wordpress were among the companies that had such a policy, while Facebook and Verizon were among those that did not. The final standard, describing whether a particular business supported a reform of the Section 702 law regarding government surveillance, was met by all but five of the 26 companies.

The EFF reserved special criticism for large telecommunications companies. This category included the four businesses with the lowest star ratings out of all 26. These four one-star companies were Comcast, Verizon, AT&T, and T-Mobile. Nate Cardozo, Senior Staff Attorney of the EFF, stated that both those four and all other companies failing to meet all five criteria “can and must do better.”