The Electronic Frontier Foundation (EFF) today published its annual “Who Has Your Back?” report that rates and compares how major corporations deal with government data requests. The EFF’s ranking of technology company data request transparency is notable because the organization is the “leading nonprofit organization defending civil liberties in the digital world.” The report ranks companies based on six categories: requires a warrant for content, tells users about data requests, publishes transparency reports, publishes law enforcement guidelines, fights for users’ privacy in courts, fights for users’ privacy for rights in Congress. This year, Apple received a star for each of the six categories.
This compares to many other technology companies, including Google, Yahoo, and Facebook, that received stars across the board:
The EFF notes that this is a significant improvement over the few years of reporting where Apple received just one star:
Apple earned credit in all 6 categories in this year’s Who Has Your Back report. Apple’s rating is particularly striking because it had lagged behind industry competitors in prior years, earning just one star in 2011, 2012, and 2013. Apple shows remarkable improvement in its commitments to transparency and privacy.
The EFF also provides explanations for why each company received a star for each category. Here are the details for Apple:
Warrant for content. Apple requires a warrant before providing content to law enforcement. Specifically, in its November transparency report it stated: “As we have explained, any government agency demanding customer content from Apple must get a court order.”
Inform users about government data demands. Apple promises to tell users if the government seeks their data. According to its soon-to-be-published policy:
Apple will notify its customers when their personal information is being sought in response to legal process except where providing notice is prohibited by the legal process itself, by a court order Apple receives (e.g., an order under 18 U.S.C. §2705(b)), or by applicable law or where Apple, in its sole discretion, believes that providing notice could create a risk of injury or death to an identifiable individual or group of individuals or in situations where the case relates to child endangerment.
Publish transparency report. Apple published its first transparency report in November 2013, indicating by country how many legal requests it had received, complied with, and how many accounts are affected. Apple includes information about FISA court orders under Section 215 in its transparency report.
Publish law enforcement guides. Apple publishes its law enforcement guidelines.
Fight for users privacy in courts. Apple is adding the following statement to its transparency report update, scheduled for May 2014.
If there is any question about the legitimacy or scope of the court order, we challenge it and have done so in the past year.
Oppose mass surveillance. Apple is a member of the Reform Government Surveillance Coalition, which affirms that “governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.”
Of course, Apple’s focus on dramatically improving its data request policies comes in light of allegations and disclosures regarding NSA surveillance and leaks from former NSA contractor Edward Snowden. Just earlier this month, Apple published new information about how it handles government data requests. Apple has also begun notifying customers that have had data requested from government agencies.