Amazon and WhatsApp almost as bad as US telcos at protecting privacy: EFF

Amazon and WhatsApp scored in only two of the EFF's five categories on protecting customer data and privacy, while telecommunication carriers Verizon, AT&T, T-Mobile, and Comcast scored just one star.
Written by Corinne Reichert, Contributor

The Electronic Frontiers Foundation (EFF) has published its privacy-scoring report for 2017, ranking Amazon and WhatsApp just ahead of telecommunications carriers on how well they protect user data against United States government intervention.

(Image: Screenshot by Corinne Reichert/ZDNet)

Amazon and WhatsApp were given stars in the "Pro-user public policy: Reform 702" and "Follows industry-wide best practices" categories, but missed scoring in the "Tells users about government data requests", "Promises not to sell out users", and "Stands up to National Security Letter (NSL) gag orders" categories.

"We were disappointed that two technology companies fell short of other online services: Amazon and WhatsApp," the Who has your back 2017 [PDF] report says.

"While both companies have adopted industry-accepted best practices of requiring a warrant for content, publishing law-enforcement guidelines, and publishing a transparency report, and while we applaud both companies for advocating for reforms to over-broad NSA surveillance, these two companies are not acting as leaders in other criteria that we examine.

"They don't have the strong public policies related to notifying users of government data requests that we have come to expect from tech companies; they don't publicly promise to request judicial review of NSLs; and they aren't meeting our criterion about not selling out users. We urge both Amazon and WhatsApp to improve their policies in the coming year so they match the standards of other major online services."

Carriers AT&T, T-Mobile, Verizon, and Comcast scored only one star, meanwhile, which was in the loose "Follows industry-wide best practices" category.

"Telecommunications companies like AT&T, Comcast, T-Mobile, and Verizon are failing to live up to larger tech industry practices," the EFF report says.

"When it comes to adopting policies that prioritise user privacy over facilitating government data demands, the telecom industry for the most part has erred on the side of prioritising government requests."

As a result, the EFF has "urged" Verizon, AT&T, and Comcast to inform their users before disclosing data to the US government; create public policies for NSL judicial review; publicly support reforms for limiting NSA surveillance; and clarify their third-party access to data policies.

Verizon had previously refused to comment on whether it would challenge NSLs or other similar government requests for data, after the US government was revealed in 2013 to have been obtaining customer records on a daily basis from Verizon.

The EFF said T-Mobile should similarly publicly support reforms for limiting NSA surveillance and clarify its third-party access to data policy.

"The tech industry as a whole has moved toward providing its users with more transparency, but telecommunications companies -- which serve as the pipeline for communications and internet service for millions of Americans -- are failing to publicly push back against government overreach," EFF senior staff attorney Nate Cardozo said.

"Both legacy telcos and the giants of Silicon Valley can and must do better. We expect companies to protect, not exploit, the data we have entrusted them with."

Scoring stars in all five categories were Adobe, Dropbox, Uber, Lyft, Pinterest, WordPress, Credo Mobile, Sonic, and Wickr; while tech giants Apple, Google, Facebook, Microsoft, and Yahoo alongside Slack and LinkedIn scored four out of five stars.

Twitter, Snap Inc, Airbnb, and Tumblr were each awarded three stars.

Of these companies, Apple, Facebook, Microsoft, and Yahoo have all received NSLs. While gag orders prevent companies from disclosing the details of the NSLs they receive, and how many, Twitter has been fighting for more transparency, and Microsoft also challenged its NSL and won.

Amazon has received US government subpoenas for customer data, but has refused to disclose whether it has received any NSLs, while Uber has denied receiving an NSL.

Editorial standards