Telcos Singled Out for Prioritizing Government Requests for Data Over Privacy

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Telecommunications giants don’t seem to have any interest in shaking their legacy of complicity with government requests for user data.

The Electronic Frontier Foundation’s latest Who Has Your Back report singles out AT&T, Verizon, T-Mobile and Comcast as its lowest performers, saying that the providers’ policies prioritize government requests for user data over privacy.

The report evaluated 26 technology and telecommunications providers in five areas, including three new categories this year: public-facing policies that stand up to National Security Letter gag orders, promises not to exchange data with the government that extend outside its law enforcement guidelines, and support for reforms to Section 702 of the FISA Amendments Act of 2008.

The telecommunications giants each received only one star, designating credit in a particular category. All four were recognized for following best practices such as publishing a transparency report, having established a public policy that requires the government to obtain a warrant before the content of communication is disclosed, and having published law enforcement guides explaining how they respond to government requests for data.
Requests for comment from Verizon, AT&T, Comcast and T-Mobile were not returned in time for publication.

Smaller mobile providers such as Credo and Sonic were at the opposite end of the spectrum, earning stars in all five categories; nine companies earned five stars, including Adobe, Dropbox, Lyft, Pinterest, Uber, Wickr and WordPress.

None of the telcos, for example, have public-facing policies that expressly say they won’t share data that could be used for surveillance, while others continue to refuse to inform users about government data requests.

“The telcos grew up in an era of government monopolies; many descend from AT&T or other sanctioned monopolies. They make their business selling data to the government,” said EFF staff attorney Nate Cardozo. “Silicon Valley has libertarian tendencies; it always has. Those companies were founded by folks from academia or even high-school dropouts in some cases. The people who founded Google and Facebook don’t trust the government in the way AT&T does.”

The report’s criteria change annually to reflect trends and incremental changes to the law; the 702 category, for example, comes as Congress prepares to debate whether to reform and/or re-authorize the NSA’s surveillance capabilities.

Cardozo said one area where Silicon Valley giants such as Google, Facebook, Microsoft and Twitter need to step up is in standing up to NSL gag orders. This would require companies to invoke the reciprocal notice procedure, kicking off a process by which the course would review non-disclosure orders accompanying NSLs. This has been a bone of contention since the Snowden disclosures when companies began publishing transparency reports in order to demonstrate their compliance with the government requests. Some companies have won the right in court to disclose the contents of older NSLs, but most still are limited by law in how much information they can disclose on the number of NSLs received.

Cardozo said that once the categories for this year’s report were finalized in February and the EFF began its outreach to participants, it began to see real movement in some of these categories.

“That’s the entire point of the report,” Cardozo said. “We reached out to companies in February starting negotiations to get them to change. No one, for example, had invoked the reciprocal notice provision. That column would have been empty in January. The NSL column would have been empty in January.”

While the EFF said it does hold its report to give more companies the opportunity to move on some of these initiatives, they don’t hold their breath with respect to the telcos.

“They say, ‘OK, thanks. We look forward to the report where we get one star,'” Cardozo said.

Technology companies such as Amazon and WhatsApp are not exempt from scrutiny. Amazon, for example, earned two stars (following industry best practices and 702 reform), but it could be compliant in other areas but has not published public-facing policies indicating so. The same goes for WhatsApp, which earned two stars in the same category as Amazon.

“Amazon is a very secretive company. They may be doing all these things, we just don’t know it,” Cardozo said. “We can only give credit when there’s a public-facing policy and Amazon does not have many. Same with WhatsApp. They’ve done many good things like bringing end-to-end encryption to one billion users. If I had to guess, I would say they’re doing well. But I can’t guess. I have to evaluate something.”
 
  • Like
Reactions: SumG and frogboy

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Sure Dropbox got 5 stars?

What about Snowden calling Dropbox a "wannabe PRISM partner."?

Snowden: 'Wannabe PRISM partner' Dropbox is 'hostile to privacy' | ZDNet

and

PRISM (surveillance program) - Wikipedia
We’ve seen reports that governments have been tapping into data center traffic of certain service providers. We’ve also seen reports that service providers have tools designed to give law enforcement access to user data directly or via third parties. Dropbox opposes these activities and would fight any attempt to require us to participate in them. Governments should always request user data by contacting online services directly and presenting legal process. This allows services like Dropbox to scrutinize the data requests and resist where appropriate.
Edit: It's not about them participating in it or not (Yahoo showed they've got no choice in the matter), it's about them not wanting to participate in it and publicly voicing their opposition to it.
 
Last edited:

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,140
@Arequire

Your Quote

We’ve seen reports that governments have been tapping into data center traffic of certain service providers. We’ve also seen reports that service providers have tools designed to give law enforcement access to user data directly or via third parties. Dropbox opposes these activities and would fight any attempt to require us to participate in them. Governments should always request user data by contacting online services directly and presenting legal process. This allows services like Dropbox to scrutinize the data requests and resist where appropriate.


Didn't the CEOs of MS, Google, FB etc said similar thing?
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
@Arequire

Your Quote

We’ve seen reports that governments have been tapping into data center traffic of certain service providers. We’ve also seen reports that service providers have tools designed to give law enforcement access to user data directly or via third parties. Dropbox opposes these activities and would fight any attempt to require us to participate in them. Governments should always request user data by contacting online services directly and presenting legal process. This allows services like Dropbox to scrutinize the data requests and resist where appropriate.


Didn't the CEOs of MS, Google, FB etc said similar thing?
After the Snowden leaks, yes.
I edited my last post. Check that and the link.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top