When It Comes to Data Collection, Which Companies Can You Trust?
As more information emerges, the answer seems to be an emphatic "no." On Monday, whistleblower Edward Snowden explained that the NSA routinely engages in "incidental" collection of e-mails and the storing of millions of private messages indefinitely. He alleged that analysts regularly view this information, even if they do not have warrants to do so.
Snowden's claims seem to jibe with federal law as it is currently written. Because of 2008 amendments to the Foreign Intelligence Surveillance Act, the NSA can quite possibly justify listening into almost any domestic conversation or gaining access to almost any domestic e-mail. As Salon's Roxanne Palmer explained on Tuesday, the actual mechanisms for recording data are remarkably simple and commonplace. Even easier if, as the NSA document obtained by The Washington Post claimed, PRISM entails "collection directly from the servers" of major internet companies. The nine named companies -- including Yahoo, Google, Facebook, YouTube and AOL (the parent company of DailyFinance) -- have denied the claim, but such data collection is also covered by the FISA Amendments Act, which legally requires companies to grant the government access to their servers.
If there are any protections for consumers, they have to come from the companies themselves. Recently, Yahoo, Apple, Facebook and Microsoft all revealed some information about the customer data that they made available to the government. Yahoo has pledged to publish a "Global Law Enforcement Transparency Report" every six months. According to CEO Marissa Mayer, these reports will offer statistics on how many information requests the company has received from law enforcement agencies.
While the sudden honesty pouring forth from these companies is heartwarming, it's not nearly as impressive as the legal protections that some companies offered before the world was watching. To get a feel for those numbers, it's worth looking at the Electronic Frontier Foundation's "Who Has Your Back" rankings. For three years, the group has rated some major internet companies based on the degree to which they protect consumer information from the government.
To determine their scores, the EFF asks six questions: Do companies require the government to secure warrants; do they tell users about government requests; do they publish transparency reports; do they publish law enforcement guidelines; do they fight for their users in court; and do they fight for their users in Congress. For each "yes" answer, the company gets one star.
Based on these standards, only two companies -- Sonic.net and Twitter -- get perfect scores. On the opposite end of the spectrum, Verizon is the worst, with zero stars. It's worth noting that Apple and Yahoo are also pretty disappointing -- each only gets one star. Facebook fares better, with three stars, while Microsoft has a reasonably impressive four stars.
If the PRISM case is any indication, the question isn't whether or not your privacy is sacrosanct; simply speaking, it's not. But it's worth asking if the companies you trust with your book orders (we're looking at you, Amazon) or your personal communications (hello, Facebook) are watching your back.
For now, at least, the answer is, sadly, no.
Bruce Watson is DailyFinance's Savings editor. You can reach him by e-mail at email@example.com, or follow him on Twitter at @bruce1971.