Snowden Forced Silicon Valley to Value Privacy and Transparency

A curious thing happened after Edward Snowden leaked NSA surveillance documents, then got branded a "traitor": both government and tech companies began talking about transparency and user privacy. At first, there was a lot of finger-pointing between the two worlds. But now it looks like tech companies are really getting down to the business of privacy.

Today, the Electronic Frontier Foundation published its fourth annual "Who Has Your Back" report, which features "comprehensive information on 26 companies' commitments to fighting unfair demands for customer data." Detailed in the report is everything from privacy policies to the courtroom track records of internet service providers, social media sites, mobile services, and more.

"This year's 'Who Has Your Back' report shows a massive increase in the number of transparency reports and commitments to provide notice to users, reflecting the heightened public awareness of government surveillance," Kurt Opsahl, one of EFF's attorneys who worked on this year's report, told me. "With users so deeply concerned about surveillance, the companies have responded with strong improvements, and it shows in the stars. We've been calling for more transparency reports for a long time, and are gratified that it has become an industry norm."

Not too surprisingly, Snapchat pulled up the rear in EFF's report. Widely scorned by privacy advocates for being lax on user privacy, Snapchat pretty much did nothing aside from publish law enforcement guidelines.

"Snapchat joins AT&T and Comcast in failing to require a warrant for government access to the content of communications," said EFF staff attorney Nate Cardozo. "That means the government can obtain extraordinarily sensitive information about your activities and communications without convincing a judge that there is probable cause to collect it."

Amazon and AT&T also received low marks. Amazon requires a warrant for content and fights for users' privacy rights in courts, but the tech giant doesn't tell users about government data requests, publish law enforcement guidelines, or—and perhaps most critically given its power—fight for users' rights in Congress. AT&T, as many already know from the Hepting v. AT&T case, doesn't require a warrant or inform users about data requests. However, they do publish transparency reports and law enforcement guidelines. With AT&T, it really seems to be a matter of baby steps.

Last year, only one company received a full six star rating—Sonic, a California-based ISP. This year, Sonic again topped the list, alongside Dropbox, Apple, Google, Facebook, Twitter, Yahoo, and CREDO Mobile, a mobile service provider noted for its progressive activism. Wickr, the self-destructing messaging app, as well as WordPress, LinkedIn, Tumblr (owned by Yahoo), and SpiderOak, an encrypted data backup tool, all received five stars.

On another note, it would be interesting to know how newer apps like the Uber and Lyft perform on privacy and transparency. Both private transportation network startups accumulate a lot of data about their users—name, email, phone number, residence, movements around cities, favorite spots, and credit and debit card information. Also curiously absent from EFF's report is Instagram, given its huge user base, as are WhatsApp and its competitor Blink, which Yahoo just acquired this week.

Despite these and other absences in the report, Silicon Valley's commitment to privacy and transparency almost a year after Edward Snowden's NSA leaks is encouraging. But, the real problem here is that, for many of these companies, user data is a central source of revenue. As long as that continues, users can't expect complete privacy online.