A time once existed where the things we wanted to keep discrete simply had to be stowed away from prying eyes. Now, so much of our lives exist online that this task has become much more arduous.
Our messages, photos, videos, financial information, search history, and even the things we buy over the internet are imprinted onto servers and databases. The companies that host this information have access to it, but (most of the time) are contractually obligated to keep it private. So what happens when the government or local law enforcement requests private data for the sake of an investigation? The Electronic Frontier Foundation released their Who has your back? 2015 report, rating a number of companies based on their data protection policies. If you do business with any of the following companies, you’re in pretty good hands…
Adobe isn’t just going to hand over your information immediately if they’re asked for it. The company states in their law enforcement guidelines that they require a search warrant with probable cause before they’ll turn over emails, photos, or anything else.
Adobe also goes on to say that they will notify a customer if their data has been requested unless they have been legally prohibited from doing so. In addition to this, the company has a disclosure that explains deleted data is not recoverable after 72 hours unless a preservation order was given in advance, in which case Adobe can keep customer data from being deleted for 90 days. Adobe also explicitly states that it will only work within the confines of the legal process and not build any back doors for investigators to use.
The tech world learned just how steadfast Apple is in the debate of personal privacy when they refused to unlock an iPhone that belonged to one of the San Bernardino shooters. Apple currently doesn’t have any method of unlocking encrypted iPhones and they will not turn over any content without a warrant showing probable cause. Similar to Adobe, Apple will provide a notification if a user’s information is being requested.
Apple also discloses the number of times the government has requested user content and how many times the company has complied. In their pro-user public policy, they explain their belief in keeping the information on their devices private, stating that they’ve never allowed any government access to their servers and that they never will.
Used by individuals and companies around the world for file sharing and storage, Dropbox has several policies in place to best protect their customers. No data will be handed over without a warrant, advance notice will be given to users if their information is being requested, and the company has been very transparent with their data deletion and preservation policies. Like the two previous companies, Dropbox has also stated that governments should never instill policies or practices that would compromise personal data and infrastructure.
The popular blogging and website building platform has entrusted itself to keep the data of its users safe. Data retention policies are openly published, as are the number of information queries from law enforcement agencies. Like the previous entries on this list, WordPress requires a search warrant with probable cause before they will release any information regarding a user’s account. The company does state, however, that a request for information may be fulfilled without a warrant if an emergency situation exists. If this occurrence arises, WordPress will review the situation and make the decision if it is appropriate to disclose the information or not.
Yahoo has a long history of standing up for privacy, user rights, and transparency. They will explicitly notify users when a third party request for their data has come in, and give them an appropriate amount of time to challenge that request. They have also stated that the user ultimately has control over the content stored on their servers. For this reason, permanently deleted emails are not available in response to legal inquiries.
Who made the bottom of the list?
Companies like AT&T and Verizon scored the lowest. AT&T does not provide advance notice of government data demands and it has not publically renounced the use of back doors by law enforcement to gather information. Verizon has not published any information about their data retention policies, and has also been required by a court order to turn over millions of private phone records to the National Security Agency.
For the full breakdown of how these and other companies did in regards to protecting their user’s privacy, you can check out the Electronic Frontier Foundation report here.