[Swordmaker]

Apple

Apple earns five stars in this year’s Who Has Your Back report. This is Apple’s fifth year in the report, and it has adopted every best practice we’ve identified as part of this report. We commend Apple for its strong stance regarding user rights, transparency, and privacy.

Industry-Accepted Best Practices. Apple requires a warrant before giving content to law enforcement, stating in its law enforcement guidelines:

Law enforcement is required to obtain a search warrant that is issued upon a probable cause showing for search warrants requesting user content.

In addition to a law enforcement guide, Apple publishes a transparency report.

Inform users about government data demands. Apple promises to provide advance notice to users about government data demands and will delay notice only in limited circumstances:

Apple will notify its customers when their personal information is being sought in response to legal process except where providing notice is prohibited by the legal process itself, by a court order Apple receives (e.g., an order under 18 U.S.C. §2705(b)), or by applicable law or where Apple, in its sole discretion, believes that providing notice could create a risk of injury or death to an identifiable individual or group of individuals, in situations where the case relates to child endangerment, or where notice is not applicable to the underlying facts of the case.

Disclose data retention policies. Apple publishes information about its data retention policies, including retention of IP addresses and deleted content. It includes a range of details in its legal process guidelines, for example:

Connection logs are retained up to 30 days.

See Apple’s legal process guidelines for more detailed information.

Disclose content removal requests. Apple discloses the number of times governments seek the removal of user content or accounts and how often the company complies, including formal legal process as well as informal government requests.

Pro-user public policy: oppose backdoors. In a public, official written format, Apple opposes the compelled inclusion of deliberate security weaknesses. In its statement on government information requests, Apple states:

In addition, Apple has never worked with any government agency from any country to create a “back door” in any of our products or services. We have also never allowed any government access to our servers. And we never will.

[Swordmaker]

The Electronic Frontiers Foundation gives Apple FIVE STARS in protecting the public and customers' privacy from Government intrusion and demands for information. — PING!

Apple and Customer Privacy Ping!

If you want on or off the Mac Ping List, Freepmail me.

[mrs ippi]

Those that supported continuing the NSA in spying on you without a proper warrant and probable cause sure as hell don't have your back.It is patently unconstitutional.

[Swordmaker]

Google

Google earns three stars in this year’s Who Has Your Back report. This is Google’s fifth year in the report, and it has adopted some of the policies we are highlighting, including the best practices from prior reports. Nonetheless, there is room for improvement. Google should take a stronger position in providing notice to users about government data requests after an emergency has ended or a gag has been lifted. Furthermore, Google should provide transparency into its data retention policies.

Industry-Accepted Best Practices. Google requires a warrant before giving content to law enforcement, stating in its law enforcement guidelines:

But Google requires an ECPA search warrant for contents of Gmail and other services based on the Fourth Amendment to the U.S. Constitution, which prohibits unreasonable search and seizure.

In addition to a law enforcement guide, Google publishes a transparency report.

Inform users about government data demands. Google promises to provide notice to users about government data requests and, in most cases, promises to make sure the notification happens before the data is turned over. However, Google does not commit to providing notice after an emergency has ended or a gag has been lifted:

If Google receives ECPA legal process for a user's account, it's our policy to notify the user via email before any information is disclosed. (If the account is an Enterprise Apps hosted end user account, notice may go to the domain administrator, or the end user, or both.) This gives the user an opportunity to file an objection with a court or the requesting party. If the request appears to be legally valid, we will endeavor to make a copy of the requested information before we notify the user.

There are a few exceptions to this policy:

A statute, court order or other legal limitation may prohibit Google from telling the user about the request;
We might not give notice in exceptional circumstances involving danger of death or serious physical injury to any person;

We might not give notice when we have reason to believe that the notice wouldn’t go to the actual account holder, for instance, if an account has been hijacked.

We review each request we receive before responding to make sure it satisfies applicable legal requirements and Google's policies. In certain cases we'll push back regardless of whether the user decides to challenge it legally.

Disclose data retention policies. Google publishes some information about log data and deleted data, but it is not complete and representative of all its services and thus does not qualify for a star.

Disclose content removal requests. Google does an exemplary job disclosing the number of times governments seek the removal of user content or accounts and how often the company complies, including formal legal process as well as informal government requests.

Pro-user public policy: oppose backdoors. In a public, official written format, Google opposes the compelled inclusion of deliberate security weaknesses. Google signed a coalition letter organized by the Open Technology Institute, which stated:

We urge you to reject any proposal that U.S. companies deliberately weaken the security of our products… Whether you call them “front doors” or “back doors,” introducing intentional vulnerabilities into secure products for the government’s use will make those products less secure against other attackers. Every computer security expert that has spoken publicly on this issue agrees on this point, including the government’s own experts.

[setha]

Their platforms are walled gardens, negating the alleged positive qualities.

[ShadowAce]

[Bloody Sam Roberts]

A lack of a star in columns 2 and 4 are, to me, the most disturbing.

[Terry L Smith]

I could not discern the titles on the columns of the charts, for they were both fuzzy and of colors hard to read.

What government requests? The Communist Chinese, through the inactions of the U.S. government, have every bit of information about me, as the hack that was recorded, extends back to 1985.