Jump to content

User:Madisynkeri/sandbox

From Wikipedia, the free encyclopedia

Who Has Your Back?


Who Has Your Back?
Mission statementProtecting your data from government requests
FounderElectronic Frontier Foundation
CountryUnited States

Who Has Your Back? is a series of annual reports conducted by the digital rights organization Electronic Frontier Foundation (EFF) which assesses how top American corporations manage the privacy of their consumers data. It is a matter of consumer rights to data privacy and transparency of the data being collected from them online. EFF examines policies for companies including ISPs, email services, cloud storage providers, location-based services, blogging platforms, and social networking websites. While technology has evolved at a rapid pace, EFF acknowledges that policies and laws have not kept up pace. The Who Has Your Back? reports strive to expose the gaps in consumer privacy rights. A key motive for these analyses is the impact of the ease and discretion of government to obtain personal information from software and websites. [1] The companies in question are given star ratings, which is used as an incentive for them to be transparent with users about the uses of their data, and encourage the defense of user rights in the face of government requests and data collection.

History

[edit]

During the WikiLeaks controversy in 2010, Twitter was one of the companies from which information was being sought for the investigation, and they made it a priority to inform their users. This event is partially what inspired the Who's Got Your Back? reports, in order to be transparent with government collection of their personal information and online data. Many outlets followed suit, such as Facebook, Microsoft, Tumblr, and Yahoo.[1] In April of 2011, [EFF|Electronic Frontier Foundation] release a petition among leading Internet companies that reflected their values as an organization and argued for the transparency of user data. In order to analyze the response and action of these companies, EFF created the star-rating report which was released to the public.

On April 11th, the chart was officially launched and no company received a perfect score. On April 20th 2011, The American Civil Liberties Union supported EFF's movement by releasing a similar campaign. Their campaign asked that corporations defend and support their users when faced with government demands and requests for data and user information.[1] The slogan in 2011 and 2012 was "When the government comes knocking, who has your back?" In 2013 the slogan changed to "Who has your back? Which companies help protect your data from the government?" It then evolved to its current form, "Protecting Your Data from Government Requests". [2]

At the beginning of this study, not a single company had a full star rating. However, in 2015, 23 of the 24 companies assessed met the requirement for following industry best practices. Releasing this annual report has encouraged companies in the spotlight, as well as others, to increase their transparency and privacy policies in order to earn credit and reputation by EFF. [3]

Rating System

[edit]

In 2011, the first report was made up of 4 requirements: Tell users about data demands, Be transparent about government requests, Fight for user privacy in the courts, and Fight for user privacy in Congress. Between 2012 and 2013, the rating system comprised of 6 criteria for which companies were awarded one star each for meeting the standards. For those four years, the criteria comprised Requires a warrant for content, Tells users about government data requests, Publishes transparency reports, Publishes law enforcement guidelines, Fights for users’ privacy rights in courts, and Fights for users’ privacy rights in Congress. In 2015, the qualifiers changed to Follows industry-accepted best practices, Tells users about government data demands, Discloses policies on data retention, Discloses government content removal requests, and Pro-user public policy: opposes backdoors.[1]

Electronic Frontier Foundation

[edit]
EFF Logo

The Electronic Frontier Foundation is a non-profit organization that advocates digital rights. They offer financial support to legal battles against government and organizations who have disregard for personal liberties online. They goal is to defend free speech online, fight illegal surveillance, advocate for users and innovators, and support the development and integration of technologies that enhance freedoms online. They are advocates for open source software, encryption, security research, and file sharing tools.[1] They began Who Has Your Back? in 2011 and have released an annual report every year since.

Criteria

[edit]

Industry-Accepted Best Practices

[edit]

These practices are 3 of the primary concerns behind the "who has your back" campaign. These best practices include requiring governments to provide a warrant before companies will hand over any data to them, as well as publishing transparency reports and law enforcement guides. By publishing this information, companies are able to show users how frequently and for what reasons that their information may be shared with the government. The vast majority of the companies that EFF has LISTED follow these practices as of 2015.

Notifying Users of Government Requests

[edit]

Companies were also asked to inform users of any government data requests prior to any data being made available to the government. The only time it is acceptable not to provide advance notice to users is when there is a gag order on any information being requested, in which case companies are required to disclose the data sharing after the gag order has been lifted. More than half of the companies evaluated met this requirement. This element becomes more prominent with each annual report. In the latest report, government requests for backdoors has been a critical point of comparison.

Disclosing Data Retention Policies

[edit]

New in 2015, companies were assessed based on how transparent their policies were regarding data retention. This means that any data that a user deletes from their account with these companies may still be stored on a server that is accessible to government officials if they were to make a request for such information. This category regarding data retention also includes the duration which this collected information is saved for, in some cases it may be indefinitely. Companies are only asked to give details about the duration of time that the information is saved to receive credit in this category.

Pro-User Public Policy: Opposing Backdoors

[edit]

There are government Policies that require companies to deliberately weaken their security in order for governments to have easy access to the information that they are storing. Many companies on this list oppose these policies and many experts agree that in creating backdoors it will also allow easier access to this information from malicious attackers, not just government.

Disclosing Government Content Removal Requests

[edit]

This category requires companies to only inform users how often they are removing data from their servers at the requests of the government in order to receive credit.

Company Reports

[edit]

The 2011 and 2012 reports are based on 4 criteria:

  • Tell users about data demands
  • Be transparent about government requests
  • Fight for user privacy in the courts
  • Fight for user privacy in Congress

The 2013 and 2014 reports are based on 6 criteria:

  • Requires a warrant for content
  • Tells users about government data requests
  • Publishes transparency reports
  • Publishes law enforcement guidelines
  • Fights for users’ privacy rights in courts
  • Fights for users’ privacy rights in Congress

The 2015 reports are based on 5 criteria:

  • Follows industry-accepted best practices
  • Tells users about government data demands
  • Discloses policies on data retention
  • Discloses government content removal requests
  • Pro-user public policy; opposes backdoors[1]

The 2015 reports eliminated a number of companies in the study in order to offer a simple representation of the leading companies in the industry. The following were excluded from the most recent report: Foursquare, Internet Archive, LookOut, MySpace, and SpiderOak. [4] (see eff.org/ for full company reports)

  • 2015: 5/5 stars
  • 2014: 3/6 stars
  • 2015: 3/5 stars
  • 2014: 2/6 stars
  • 2013: 2/6 stars
  • 2012: 2/4 stars
  • 2015: 5/5 stars
  • 2014: 6/6 stars
  • 2013: 1/6 stars
  • 2012: 1/4 stars
  • 2015: 1/5 star

In 2015, AT&T was rated among the worst as they have failed to adhere to the evolving and more demanding criteria for the annual report.[5]

  • 2014: 2/6 stars
  • 2013: 1/6 stars
  • 2012: 1/4 stars
  • 2015: 3/5 stars
  • 2014: 3/6 stars
  • 2013: 2/6 stars
  • 2012: 1/4 stars
  • 2015: 5/5 stars
  • 2014: 6/6 stars
  • 2015: 5/5 stars
  • 2014: 6/6 stars
  • 2013: 5/6 stars
  • 2012: 3/4 stars
  • 2015: 4/5 stars
  • 2014: 6/6 stars
  • 2013: 3/6 stars
  • 2012: 1.5/4 stars
  • 2014: 3/6 stars
  • 2013: 4/6 stars
  • 2012: 0/4 stars
  • 2015: 3/5 stars
  • 2014: 6/6 stars
  • 2013: 5/6 stars
  • 2012: 3.5/4 stars
  • 2014: 5/6 stars
  • 2015: 4 stars
  • 2014: 5/6 stars
  • 2013: 5/6 stars
  • 2012: 3/4 stars
  • 2014: 4/6 stars
  • 2012: 1/4 stars
  • 2015: 3/5 stars
  • 2014: 6/6 stars
  • 2013: 4/6 stars
  • 2012: 1/4 stars
  • 2014: 3/6 stars
  • 2013: 4/6 stars
  • 2012: 0/4 stars
  • 2015: 4/5 stars
  • 2014: 5/6 stars
  • 2015: 4/5 stars
  • 2012: 0/4 stars
  • 2015: 4/5 stars
  • 2015: 3/5 stars
  • 2014: 1/6 stars
  • 2015: 5/5 stars
  • 2014: 6/6 stars
  • 2013: 6/6 stars
  • 2012: 4/4 stars
  • 2014: 5/6 stars
  • 2013: 5/6 stars
  • 2012: 2.5/4 stars
  • 2015: 3/5 stars
  • 2014: 5/6 stars
  • 2013: 3/6 stars
  • 2015: 4/5 stars
  • 2014: 6/6 stars
  • 2013: 6/6 stars
  • 2012: 3.5/4 stars
  • 2015: 2/5 stars
  • 2014: 4/6 stars
  • 2013: 0/6 stars
  • 2012: 0/4 stars
  • 2015: 1/5 stars
  • 2015: 4/5 stars
  • 2014: 5/6 stars
  • 2013: 4/6 stars
  • 2013: 1/6 stars
  • 2012: 1/4 stars
[edit]

This report differs from the original Who Has Your Back? studies because it critiques copyright and trademark policies, and encourages the freedom of speech for users online. The Electronic Frontier Foundation seeks to enforce transparent privacy and security policies that reflect the well-being of users. EFF suggests that users should be aware of the policies they are engaging with online, and what they can do to protect themselves. Aligned with their traditional report, the criteria for this edition must be objectively verifiable public policy statements. In order for a criteria to be met, it must be explicitly written in the company's public policy agreement.

Criteria

[edit]
  • DMCA takedown notices - Companies must obtain a formal, complete, and valid Digital Millennium Copyright Act (DMCA) notice for removing any content that infringes upon copyright laws.
  • DMCA counter-notices - Companies must have a published public process for objecting notice of content takedowns. They must also commit to restoring any content removed after the 10-14 day required period.
  • Trademark complaints - A star may be earned if a formal, complete, and valid document is provided for any trademark related takedowns.
  • Trademark disputes - There must be a publicly available policy and process for refuting a trademark request to remove content.
  • Publishing a transparency report on copyright and trademark complaints - This category assesses the transparency with companies publishing the requests for takedowns for public knowledge.

Company Reports

[edit]
  • 2014: 4/5 stars
  • 2014: 4/5 stars
  • 2014: 4/5 stars
  • 2014: 3/4 stars
  • 2014: 2/5 stars
  • 2014: 4/5 stars
  • 2014: 3/5 stars

Namechea

[edit]
  • 2014: 5/5 stars
  • 2014: 0/5 stars
  • 2014: 4/5 stars
  • 2014: 4/5 stars
  • 2014: 5/5 stars
  • 2014: 3/5 stars

Sharing Economy Edition, 2016

[edit]

On May 5th 2016, the first Who Has Your Back? Sharing Economy Edition was released. It was compiled by Nate Cardozo, Kurt Opsahl, and Rainey Reitnman of the Electronic Frontier Foundation. It takes a different approach and analyzes the "gig" or sharing economy (job market for temporary positions and short contracts between organizations and independent workers) and the commitment of companies within it to protect user data from government requests. The companies assessed include Airbnb, FlipKey, Getaround, Instacart, Lyft, Postmates, TaskRabbit, Turo, Uber, and VRBO. These applications and sites allow for consumers looking for a service and service providers to seek one another out. Since the services vary from food delivery, to taxi-like services, or connecting lonely strangers, personal data is shared online through the platforms used. EFF exposes through this report how protected users' data collected by these apps are from government and law enforcement. It is argued that the sharing economy is still too new for it to have adopted competitive and updated privacy policies. This report identifies the outdated issues with email privacy, cloud data storage, and geo-location data.[3]

Criteria

[edit]

This edition evaluates based on 6 criteria:

  • Require a warrant for content of communications - This requires law enforcement to obtain a warrant before having access to any user content. THis criteria is aligned with the principle of the Fourth Amendment to the U.S. Constitution
  • Require a warrant for prospective location data - Requires law enforcement to obtain a warrant before any location metadata is provided to the government. This includes past geographical data on a user, as well as data that is to be collected moving forward.
  • Publish transparency reports - These reports include how many times requests have been made by the government to obtain user data, and national security requests for information.
  • Publish law enforcement guidelines - Companies must publish how they respond to requests made by government, and what types of data they will relinquish.
  • Notify users about government data requests - To obtain a credit in this category, companies must tell users exactly when government requests their data so that they have enough time to respond appropriately. They may take their case to a court setting.
  • Fight for user privacy in Congress as a member of the Digital Due Process Coalition - This criteria changes year to year, but 2016 recognized those advocating for stronger privacy regulations specifically by being members of the Digital Due Process Coalition.[1]

Company Reports

[edit]
  • 2016: 3/6 stars
  • 2016: 4/6 stars
  • 2016: 0/6 stars
  • 2016: 3/6 stars
  • 2016: 6/6 stars
  • 2016: 0/6 stars
  • 2016: 0/6 stars
  • 2016: 0/6 stars
  • 2016: 6/6 stars
  • 2016: 0/6 stars

Keeping Internet Users in the Know or in the Dark

[edit]

This is a Canadian version of the project, which analyzes 43 Internet carriers that provide service within Canada. The top 10 Internet service providers (ISPs) are highlighted by the star-rating chart provided. The report compares them against each against 10 evaluation criteria. The study looks at the current practices of ISPs in Canada and their efforts to the accessibility and transparency of their privacy policies. The dominant ISPs in question are: Bell, BellAliant, Cogeco, EastLink, MTSallstream, Rogers, Shaw, TekSavvy, Telus, and Videotron.[6]

The 10 categories of analysis are:

  • Public commitment to PIPEDA compliance
  • Inform users of all 3rd party data requests
  • Transparency about frequency of data requests & disclosures
  • Transparency about conditions for 3rd party data disclosures
  • An explicitly inclusive definition of 'personal information'
  • Transparency about where personal info is stored/processed
  • Transparency about where personal information is routed
  • Domestic Canadian routing when possible
  • Open advocacy for user privacy rights

Each company can receive up to a 10-star rating for their overall compliance of the privacy and transparency points of comparison.

Activism

[edit]

Consumers pressured government and corporate entities in 2013-2014 demanding transparency reports.[7]

Additional Information

[edit]

Who Has Your Back? reports are released under a Creative Commons Attribution License. Their original content may be freely distributed. [8]

References

[edit]
  1. ^ a b c d e f g "Who Has Your Back?". Electronic Frontier Foundation. Retrieved 28 October 2016.
  2. ^ Burlacu, Alexander (19 June 2015). "Who Has Your Back? EFF Gives Apple, Adobe, Yahoo, And Dropbox Perfect Scores On Protecting Your Data". Tech Times. Retrieved 30 October 2016.
  3. ^ a b Cardozo, Nate; Opsahl, Kurt; Reitman, Rainey. "Who Has Your Back? Protecting your data from government requests: Sharing economy edition" (PDF). Electronic Frontier Foundation. Electronic Frontier Foundation, 2016. Retrieved 6 December 2016.
  4. ^ Cite error: The named reference ”EFF” was invoked but never defined (see the help page).
  5. ^ Lomas, Natasha (18 June 2015). "EFF's 2015 Data Privacy Report Lauds Apple, Dropbox, Slams Verizon". Tech Crunch. Retrieved 30 October 2016.
  6. ^ Obar, Jonathan A.; Clement, Andrew (2016). "Keeping Internet Users in the Know or in the Dark: An Analysis of the Data Privacy Transparency of Canadian Internet Carriers". Journal of Information Policy. 6: 294–331. doi:10.5325/jinfopoli.6.2016.0294. Retrieved 30 October 2016.
  7. ^ Parsons, Christopher (2015). "The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians" (PDF). Retrieved 30 October 2016. {{cite journal}}: Cite journal requires |journal= (help)