The Electronic Frontier Foundation released its 2014 Who Has Your Back? report, detailing Internet companies’ efforts to protect their users from government requests, and Facebook was one of a handful of companies to receive stars in all six criteria.
The six criteria studied by the EFF, as well as the privacy group’s findings on Facebook, follow:
Require a warrant for content of communications: In this category, companies earn recognition if they require the government to obtain a warrant from a neutral magistrate and supported by probable cause before they will hand over the content of user communications to the government. This policy ensures that private messages stored by online services like Facebook, Google, and Twitter are treated consistently with the protections of the Fourth Amendment.
Facebook requires a warrant for content, stating: A search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures upon a showing of probable cause is required to compel the disclosure of the stored contents of any account, which may include messages, photos, videos, wall posts, and location information.
Tell users about government data requests: To earn a star in this category, Internet companies must promise to tell users when the government seeks their data unless prohibited by law, in very narrow and defined emergency situations, or unless doing so would be futile or ineffective. Notice gives users a chance to defend themselves against overreaching government demands for their data. The best practice is to give users prior notice of such demands, so that they have an opportunity to challenge them in court, but we also recognize that prior notice is not always possible, for instance in emergency situations.
Facebook’s law-enforcement guidelines make a commitment to notify users of data requests: Our policy is to notify people who use our service of requests for their information prior to disclosure unless we are prohibited by law from doing so or in exceptional circumstances, such as child exploitation cases, emergencies, or when notice would be counterproductive. Law-enforcement officials who believe that notification would jeopardize an investigation should obtain an appropriate court order or other appropriate process establishing that notice is prohibited.
Publish transparency reports: We award companies a star in this category if they publish useful data about how many times government sought user data and how often they provide user data to the government. Until recently, companies were not allowed to include national security requests in transparency reports, and such reporting is still strictly limited by the government, but the government has recently allowed the companies to provide some transparency about those requests.
Publish law enforcement guidelines: Companies get a star in this category if they make public their policies or guidelines explaining how they respond to data demands from the government, such as guides for law enforcement.
Facebook publishes its law enforcement guidelines.
Fight for users’ privacy rights in courts: This star recognizes companies that have publicly confirmed that they have resisted overbroad government demands for access to user content in court.
Facebook confirms that it has fought a government data request in court, and made the following public statement to that effect: Facebook has also gone to court to fight against overbroad law enforcement requests, but at least in the U.S., that litigation has generally been under seal to protect both the integrity of the law-enforcement investigation and the privacy of the people whose data was at risk.
Publicly oppose mass surveillance: Tech companies earn credit in this category by taking a public policy position opposing mass surveillance.
Facebook is a member of the Reform Government Surveillance Coalition, which affirms that “governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.”
The EFF said in introducing its report:
We entrust our most sensitive, private, and important information to technology companies like Google, Facebook, and Verizon. Collectively, these companies are privy to the conversations, photos, social connections, and location data of almost everyone online. The choices these companies make affect the privacy of every one of their users. So which companies stand with their users, embracing transparency around government data requests? Which companies have resisted improper government demands by fighting for user privacy in the courts and on Capitol Hill? In short, which companies have your back?
We are pleased to announce that nine companies earned stars in every category: Apple, Credo Mobile, Dropbox, Facebook, Google, Microsoft, Sonic, Twitter, and Yahoo. In addition, six companies earned stars in all categories except a court battle: LinkedIn, Pinterest, SpiderOak, Tumblr, Wickr, and WordPress. We are extremely pleased to recognize the outstanding commitment each of these companies has made to their users. Credo Mobile, a new addition to this year’s report, demonstrated through its exemplary policies that it is possible for a telecom to adopt best practices when it comes to transparency and resistance to government demands.
Readers: Are you surprised that Facebook performed so well in the EFF’s 2014 Who Has Your Back? Report?