When It Comes to Data Collection, Which Companies Can You Trust?

NSA's domestic spying operation
Can consumers protect themselves from the NSA's domestic spying operations?

As more information emerges, the answer seems to be an emphatic "no." On Monday, whistleblower Edward Snowden explained that the NSA routinely engages in "incidental" collection of e-mails and the storing of millions of private messages indefinitely. He alleged that analysts regularly view this information, even if they do not have warrants to do so.

Snowden's claims seem to jibe with federal law as it is currently written. Because of 2008 amendments to the Foreign Intelligence Surveillance Act, the NSA can quite possibly justify listening into almost any domestic conversation or gaining access to almost any domestic e-mail. As Salon's Roxanne Palmer explained on Tuesday, the actual mechanisms for recording data are remarkably simple and commonplace. Even easier if, as the NSA document obtained by The Washington Post claimed, PRISM entails "collection directly from the servers" of major internet companies. The nine named companies -- including Yahoo, Google, Facebook, YouTube and AOL (the parent company of DailyFinance) -- have denied the claim, but such data collection is also covered by the FISA Amendments Act, which legally requires companies to grant the government access to their servers.

If there are any protections for consumers, they have to come from the companies themselves. Recently, Yahoo, Apple, Facebook and Microsoft all revealed some information about the customer data that they made available to the government. Yahoo has pledged to publish a "Global Law Enforcement Transparency Report" every six months. According to CEO Marissa Mayer, these reports will offer statistics on how many information requests the company has received from law enforcement agencies.

While the sudden honesty pouring forth from these companies is heartwarming, it's not nearly as impressive as the legal protections that some companies offered before the world was watching. To get a feel for those numbers, it's worth looking at the Electronic Frontier Foundation's "Who Has Your Back" rankings. For three years, the group has rated some major internet companies based on the degree to which they protect consumer information from the government.

To determine their scores, the EFF asks six questions: Do companies require the government to secure warrants; do they tell users about government requests; do they publish transparency reports; do they publish law enforcement guidelines; do they fight for their users in court; and do they fight for their users in Congress. For each "yes" answer, the company gets one star.

Based on these standards, only two companies -- Sonic.net and Twitter -- get perfect scores. On the opposite end of the spectrum, Verizon is the worst, with zero stars. It's worth noting that Apple and Yahoo are also pretty disappointing -- each only gets one star. Facebook fares better, with three stars, while Microsoft has a reasonably impressive four stars.

If the PRISM case is any indication, the question isn't whether or not your privacy is sacrosanct; simply speaking, it's not. But it's worth asking if the companies you trust with your book orders (we're looking at you, Amazon) or your personal communications (hello, Facebook) are watching your back.

For now, at least, the answer is, sadly, no.

You Thought You Were Safe? The Myths and Realities of Your Online Security
See Gallery
When It Comes to Data Collection, Which Companies Can You Trust?
For years, security professionals have emphasized the importance of shredding your personal documents before you throw them out. But Holland notes that shredding isn't as much of a priority as it used to be. "There aren't nearly as many documents with personal information out there as there were even just two years ago," he explains. "These days, it's much easier to get your information off your computer."

Passwords are your first line of defense against intruders. But, as Holland points out, even the most careful people sometimes have password breaches. "I've helped chief privacy officers from health care and security firms," he notes. "If they're getting hit, then anyone is vulnerable." While Holland notes the importance of having a good password, he emphasizes that the most important thing is paying attention to password breach notifications. If you hear that one of your passwords may have been breached, he counsels, change it immediately. And, because many of your accounts may be linked, he notes, it's not a bad idea to change the rest of your passwords as well.

One piece of advice that you don't often hear is to keep on top of software updates. But, Holland argues, updating your operating system, your software, and your security programs is one of the easiest and most important ways to ensure your security. Software companies spend a lot of time and money trying to stay ahead of online intruders -- it only makes sense to take advantage of their work.
Even if you are convinced that your security is state-of-the-art and your password is unbreakable, it never hurts to double-check your most sensitive accounts. Holland suggests regularly checking your bank and credit card statements to ensure that there aren't any inappropriate charges on your accounts. As a side benefit, this is also a great way to catch any unexpected fees that your bank may try to spring on you.
When a breach happens, a fast response can mean the difference between a minor annoyance and a major pain in the neck. With that in mind, Holland suggests talking to your bank about having transaction alerts placed on your account. Every time your account is credited with a transaction over a particular amount -- $50, for example -- your bank will send you an e-mail or text notification. If it's an expected transaction, you can discard the message; if not, you'll be able to respond immediately.
Every year, you are entitled to a free credit report from each of the reporting bureaus. Holland suggests taking advantage of this free service, noting that your credit report is a great way to track your outstanding debts and ensure that nobody is trying to open false accounts in your name. He emphasizes, however, that the best way to get your free report is by going to AnnualCreditReport.com, not FreeCreditReport.com. "That site's a scam," he laughs.

Bruce Watson is DailyFinance's Savings editor. You can reach him by e-mail at bruce.watson@teamaol.com, or follow him on Twitter at @bruce1971.
Read Full Story
  • DJI27001.98-22.82-0.08%
  • NIKKEI 22522502.3629.440.13%
    Hang Seng26946.46282.181.06%
  • USD (PER EUR)1.110.00050.04%
    USD (PER CHF)1.010.00120.12%
    JPY (PER USD)108.780.05900.05%
    GBP (PER USD)1.280.00060.05%