Monday's privacy panic over cloud storage service Dropbox's Terms of Service changes came hot on the heels of the EFF updating the Internet Privacy Report Card - as Congress proposed online privacy legislation backed by the companies that scored the worst.
Even if you're not a Senator stashing pictures in your Dropbox account of your mistresses playing naked Homeland Security hopscotch on printouts of Facebook's ToS, you had every right this week to cast a side-eye of WTF at the service's recent changes.
As news hit that Dropbox had racked up 25 million users, a fairly ordinary news item simultaneously let us know that Dropbox had also updated their Security Terms of Service. They are now going to decrypt users' files if the U.S. government asks them to.
The article was pretty clear that this is standard practice for cloud storage services. Still, us privacy geeks clutched our version of Rosary beads (strings of external hard drives) and did a quick Hail Mary (reciting the EFF's phone number).
Blogs and threads debated wording like "valid legal process" and things like subpoenas. But more controversy rightfully raged after blogger Miguel de Icaza's post Dropbox Lack of Security about whether Dropbox's statement that employees don't have access to encrypted files stood in contradiction to the new statement that they would turn over unencrypted files to the government if asked.
It seemed that Dropbox's privacy report card was getting its first tough grades.
The whole hot mess blew up just a week after the EFF had updated their actual Privacy and Protection Report Card - a petition and ratings system on today's top tech companies that asked, "When the government comes knocking, who's got your back?"
The petition calls on the biggest Internet companies to be transparent about their policies and urges them to take stands to protect user privacy. Considering that the Dropbox drama was over a ToS change shared by heavy-hitters on the report card (such as Amazon) and how often each of the corporate darlings swan across the stage of the EFF's TOS Tracking Timeline, they're going to have their hands full with this one.
On the line are Amazon, Apple, AT&T, Comcast, Facebook, Google, Microsoft, MySpace, Skype, Twitter, Verizon and Yahoo!.
The scorecard is a work in progress. Companies rated are held over the coals of privacy and transparency until they show their true colors: they've either got your back in a pinch, or they'll sing like yellow canaries when the chips are down and sacrifice you without a second glance.
Companies gain trust points by informing users when the government asks for your data, tell the public when and how often they hand over user info the the government, and when their back is to the wall, they will fight in court and Congress to protect your privacy.
Top dogs right now include Google for recently citing user privacy for refusing to turn over users' search records to the Justice Department (among other things); and Twitter for recently informing users that their data was being requested by the government and giving them a chance to protect themselves (also among other things). Amazon is also in the high rated ranks.
We, The Losers
That the rest of them are a bunch of chumps you wouldn't even want to give your nightmare ex's phone number to isn't a huge shocker. It's basically everyone else on the list.
Yahoo! managed to get one star - and I don't know about you, but after my own user experiences with their ever-shifting Terms, I'm not holding my breath on that score. Facebook did too, which I'm sure will be revoked any day now.
The no-star stoolies include Apple (today's news that the Apple iPhone 4 tracks you everywhere you go notwithstanding), Comcast, MySpace, Skype and Verizon. Word on the street is that they'll rat you out to the Feds faster than you can download porn on your iPad.
It's no surprise, then, to see Facebook and Microsoft's names come up as supporters of a toothless "online privacy bill" recently proposed as legislation. In Privacy Legislation's Proposed Impact on Online Media columnist David Card writes,
Last week, the bipartisan Kerry-McCain bill proposed legislation on a Commercial Privacy Bill of Rights that would put the Federal Trade Commission in charge of policing the online collection, sharing and use of personal information. Because the legislation is watered down relative to prior proposals, the Kerry-McCain bill will face the least industry resistance and is more likely to be passed this year.
The proposed bill is relatively business-friendly, so much so that it’s drawing criticism from privacy rights activists. (...) Big tech companies like Facebook, Microsoft, eBay, Hewlett-Packard and Intel, for example, have already expressed support for the bill.
Strange bedfellows, don't you think?