Move aside, Snapchat – WhatsApp has seized your billing as the worst privacy protector!
On second thought, maybe “seized” is a bit too active to describe WhatsApp’s lethargy when it comes to fighting back against US snooping on users’ data.
Out of all the 24 companies ranked by the Electronic Frontier Foundation (EFF) in its fifth annual Who Has Your Back report, WhatsApp and AT&T tied for the spot at the bottom, with each receiving only one star.
Actually, even the one star WhatsApp got – for publicly opposing backdoors for government spying – was passed down from parent company Facebook.
Here’s how WhatsApp could improve, the EFF says:
- Publicly require a warrant before turning over user content.
- Publish a law enforcement guide and transparency report.
- Have a stronger policy of informing users of government requests.
- Disclose its data retention policies.
Facebook was rated separately from WhatsApp and actually did quite well, earning four out of five possible stars.
It’s Facebook’s fifth year in the report, and the EFF says it’s adopted most of the practices that the group rates in the report.
Facebook could still do more to disclose when it blocks content or closes accounts in response to government requests, though.
In fact, Facebook inspired the EFF to come up with a new category: tracking how often companies are removing content or shutting down accounts at the behest of the government.
EFF says that for more than a year, lead investigative researcher Dave Maass has been reporting on how Facebook cooperates with prison systems across the US to block prisoner access to the social network, going so far as to set up a dedicated “Inmate Account Takedown Request” form to help prison officials quickly and easily flag prisoner-run accounts for suspension, even when the accounts didn’t violate any of Facebook’s terms of service.
It’s not that the EFF expects Facebook to refuse takedown requests; rather, it’s simply that the EFF would like to see more transparency about how often Facebook is blocking or removing content or accounts.
It’s WhatsApp first time on the report, but that’s no excuse: Reddit and Slack both debuted this year, and they both managed to fulfill several criteria to earn stars.
All three list newcomers were responsive to conversations with the EFF, the organization said, but in spite of being given a full year to prepare for inclusion in the report, WhatsApp pretty much flunked.
Industry-accepted best practices
What used to be ambitious criteria are now simply industry-accepted standards. As such, the EFF has rolled up these three formerly stand-alone categories into one and labelled it best practices.
- Does the company require the government to obtain a warrant from a judge before handing over the content of user communications?
- Does the company publish a transparency report, i.e. regular, useful data about how many times governments sought user data and how often the company provided user data to governments?
- Does the company publish law enforcement guides explaining how they respond to data demands from the government?
There’s no partial credit in this category: companies have to be doing all three of those best practices to get a star on this one, the EFF says.
AT&T, which also got one star, does in fact follow the EFF’s newly formed category of best practices: it requires a warrant before giving content to law enforcement, as well as publishing a transparency report and law enforcement guide.
And what about the mediocre, three-starred Google, with its lack of transparency around its data retention policies?
Or what about Microsoft, similarly ranked, which the EFF says should clarify its data retention policies and disclose what government content removal requests it receives?
Those who take the EFF’s ratings to heart will probably want to stick with Apple and Dropbox for communications: both got a top-notch, 5-star rating this year, having adopted every best practice the organization has ranked.
Composite image of user privacy courtesy of Shutterstock.
One comment on “WhatsApp ranked worst at protecting user data”
What about Bittorent Sync? How did they do?