WhatsApp and AT&T Receive Low Marks on EFF Privacy Scorecard

While AT&T at least follows industry best practices, WhatsApp only received one star based on its parent company policy opposing government backdoors.

For four years, the online privacy advocacy group Electronic Frontier Foundation has released scorecards in an effort to quantify the security of consumer data, on messaging apps and held by larger companies like Google and AT&T. This year despite some recent breaches, the “Who has your back?” scorecard reflects changing attitudes among users and big data companies.

The report reads:

Overwhelmingly, tech giants began publishing annual reports about government data requests, promising to provide users notice when the government sought access to their data, and requiring a search warrant before handing over user content. Those best practices we identified in early reports became industry standards in a few short years.

However, while the report notes a promising baseline, users now expect companies to exceed that baseline. The new, tougher scorecard was tuned to meet these higher standards.

Some of the criteria from previous years have been combined for a simpler scorecard judged based on five categories:

  1. Following industry standard best practices
  2. Informing users about government data demands
  3. Disclosing policies on data retention
  4. Disclosing government content removal requests
  5. Pro-user policies, like opposing backdoors.

Some bigger technology companies like Apple, Adobe, Yahoo and WordPress all received full marks across the board, in some cases showing improvement. However social media companies largely fared worse.

Twitter received four stars, Facebook lost one star for not disclosing content removal requests, and Reddit lost a star because the company hasn’t released an official statement opposing backdoors that would allow governments to access user data.

Overall, WhatsApp was rated the worst, for its opposition to backdoors, and only receive that credit because of the policy of its parent company, Facebook. AT&T also only received one star and at least follows industry standard best practices. But WhatsApp provides no information to users about data requests, and doesn’t even publish a transparency report.

These scorecards, among other pressures, have clearly influenced the practices of the companies with access to our data. However, some companies still lag behind. As standards continue to improve, social companies need to bring themselves in line with technology companies, to appease users base becoming increasingly security conscious.