Facebook, Twitter and Microsoft have joined the list of Web companies that meet five out of five best practices for encryption as recommended by the Electronic Frontier Foundation.
In the fall, the EFF gave perfect scores to Google, Dropbox, SpiderOak and Sonic.net for their encryption practices, Brandon Bailey wrote. In the wake of the revelations of massive NSA spying, there has been a stronger interest in what companies that collect and store online users’ information are doing to protect that information.
Tech companies have been on the defensive since last year’s revelations based on leaks by former government tech contractor Edward Snowden. That’s because some reports say the government regularly gained access to information held by companies that users have entrusted with their emails, photos, messages, phone records and more.
For example, the government was reported to have secretly siphoned off Google and Yahoo traffic. And just this week, the Intercept reported that the NSA’s hacking tactics included pretending to be Facebook in order to install malware on computers. The report (which came out Wednesday morning, and which the NSA disputes) seems to have prompted Facebook CEO Mark Zuckerberg to call President Obama (Wednesday night).
Brandon Bailey reported that Zuckerberg expressed his confusion and frustration to the president, saying in a Facebook post: “The U.S. government should be the champion for the Internet, not a threat. They need to be much more transparent about what they’re doing, or otherwise people will believe the worst.”
Tech companies’ response to the NSA spying revelations include pushing the government to let them disclose more information about when they give up user data. Some have also announced that they’re stepping up their encryption efforts.
The EFF’s five encryption best practices for companies: encrypts data center links; supports HTTPS; HTTPS Strict (HSTS); forward secrecy; and STARTTLS. For more specific information about why implementing these processes — which affect secure browsing, email, encryption keys and transmissions between servers and data centers — is important, see the EFF’s explanation. The EFF says its updated report takes into account that some of these processes take time to implement, and gives credit to companies that have concrete plans to adopt them. Its new chart also indicates that some companies are “contemplating” a process.
Photo illustration at top from MCT archives