WhatsApp lags behind its consumer tech peers when it comes to protecting user data from government requests, according to a prominent privacy advocacy group.
Out of all the 24 companies ranked by the Electronic Frontier Foundation (EFF) in its fifth annual Who Has Your Back report, WhatsApp earns one star in this year’s. This is WhatsApp’s first year in the report, and although EFF gave the company a full year to prepare for its inclusion in the
report, it has adopted none of the best practices
report, it has adopted none of the best practices
We’ve identified as part of this report. We appreciate the steps that WhatsApp’s parent company Facebook has taken to stand by its users, but there is room for WhatsApp to improve. WhatsApp should publicly require a warrant before turning over user content, publish a law enforcement guide and transparency report, have a stronger policy of informing users of government requests, and disclose its data retention policies. WhatsApp does get credit for Facebook’s public position opposing back doors, and we commend Facebook for that.
Industry-Accepted Best Practices. WhatsApp does not publicly require a warrant before giving content to law enforcement. WhatsApp does not publish a transparency report or a law enforcement guide.
Inform users about government data demands. WhatsApp does not promise to provide advance notice to users about government data demands.
Disclose data retention policies. WhatsApp does not publish information about its data retention policies, including retention of IP addresses and deleted content.
Disclose content removal requests. WhatsApp does not host content nor do we have reason to believe it receives account closure requests domestically, and thus this category is not applicable.
Pro-user public policy: oppose backdoors. In a public, official written format, WhatsApp’ parent
company Facebook opposes the compelled inclusion of deliberate security weaknesses.On behalf of itself as well as WhatsApp, Facebook signed a coalition letter organized by the Open Technology Institute, which stated :
company Facebook opposes the compelled inclusion of deliberate security weaknesses.On behalf of itself as well as WhatsApp, Facebook signed a coalition letter organized by the Open Technology Institute, which stated :
We urge you to reject any proposal that U.S. companies deliberately weaken the security of our products... Whether you call them “front doors” or “back doors,” introducing intentional vulnerabilities into secure products for the government’s use will make those products less
secure against other attackers. Every computer security expert that has spoken publicly on this issue agrees on this point, including the government’s own experts.
Here's how WhatsApp could improve, the EFF says:
- Publicly require a warrant before turning over user content.
- Publish a law enforcement guide and transparency report.
- Have a stronger policy of informing users of government requests.
- Disclose its data retention policies.
It's WhatsApp first time on the report, but that's
no excuse: Reddit and Slack both debuted this year, and they both managed to fulfill several criteria to earn stars.
All three list newcomers were responsive to conversations with the EFF, the organization said, but in spite of being given a full year to prepare for inclusion in the report, WhatsApp pretty much flunked.
no excuse: Reddit and Slack both debuted this year, and they both managed to fulfill several criteria to earn stars.
All three list newcomers were responsive to conversations with the EFF, the organization said, but in spite of being given a full year to prepare for inclusion in the report, WhatsApp pretty much flunked.
Those who take the EFF's ratings to heart will probably want to stick with Apple and Dropbox for communications: both got a top-notch, 5-star rating this year, having adopted every best practice the organization has ranked.
