Facebook/WhatsApp, Apple top privacy ranking of messaging apps
Only 3 of 11 tech firms examined provide end-to-end encryption by default on all their messaging apps.
Tech companies like Snapchat and Skype’s owner Microsoft are failing to adopt basic privacy protections on their instant messaging services, putting users’ human rights at risk, Amnesty International said today.
The organization’s new ‘Message Privacy Ranking’ assesses the 11 companies with the most popular messaging apps on the way they use encryption to protect users’ privacy and freedom of expression across their messaging apps.
“If you think instant messaging services are private, you are in for a big surprise.
The reality is that our communications are under constant threat from cybercriminals and spying by state authorities. Young people, the most prolific sharers of personal details and photos over apps like Snapchat, are especially at risk,” said Sherif Elsayed-Ali, Head of Amnesty International’s Technology and Human Rights Team.
Amnesty International has highlighted end-to end encryption, a way of scrambling data so that only the sender and recipient can see it, as a minimum requirement for technology companies to ensure that private information in messaging apps stays private. The companies that ranked lowest on the scorecard do not have adequate levels of encryption in place on their messaging apps.
“It is up to tech firms to respond to well-known threats to their users’ privacy and freedom of expression, yet many companies are falling at the first hurdle by failing to provide an adequate level of encryption. Millions of people are using messaging apps that deny them even the most basic privacy protection,” said Sherif Elsayed-Ali.
Amnesty International’s ‘Message Privacy Ranking’ ranks technology companies on a scale of one to 100 based on how well they do five things:
· Recognize
online threats to their users’ privacy and freedom of expression
· Apply
end-to-end encryption as a default
· Make
users aware of threats to their rights, and the level of encryption in place
· Disclose
details of government requests to the company for user data, and how they respond
· Publish
technical details of their encryption systems
Tencent, Blackberry and Snapchat score less than 30/100
Chinese firm
Tencent came bottom, scoring
zero out of 100, ranked as the company taking least action on messaging privacy, and the least transparent. It was followed by
Blackberry and
Snapchat scoring 20 and 26
respectively. Despite Microsoft’s
strong policy commitment to human rights, it is still using a weak form of encryption on Skype, scoring 40 and leaving it four places from the bottom. None of these companies provide end-to-end encryption of their users’ communications.
Snapchat,
a US-based company used by more than 100 million people every day, also scored badly. Although it has a strong policy commitment towards privacy, in practice it does not do enough to protect its users’ privacy. It does not deploy end-to-end encryption, for
example, and is not transparent in informing users about the threats to their human rights or its use of encryption.
Facebook, Apple lead the way
No company provides watertight privacy, but
Facebook, whose apps Facebook
Messenger and WhatsApp together have 2 billion users, has the highest score with 73 out of 100. Facebook is doing the most out of the 11 companies assessed to use encryption to respond to human rights threats, and is most transparent about the action it’s
taking.
However, despite including end-to-end encryption as an option with its new “secret
conversation” feature, Facebook Messenger’s default mode uses a weaker form of encryption, which means Facebook has access to all the data. WhatsApp uses end-to-end encryption by default and notably provides clear information to users about encryption within
the app.
Apple
scored 67 out of 100, providing full end-to-end encryption in all communications on its iMessage and Facetime apps. But Apple needs to do more to make users aware that SMS messages are less secure than iMessages. The company should also adopt a more open encryption
protocol that allows for full independent verification.
End-to-end encryption: a basic protection few firms provide
Instant messaging services like WhatsApp, Skype and Viber are used by hundreds of millions
of people every day. This includes human rights activists, opposition politicians and journalists living in countries where their work could put them in grave danger.
With large data breaches occurring all too frequently and governments’ mass surveillance
operations unabated, the strongest encryption as well as transparency about who has access to message data, is key to protecting them. Yet only three firms, Apple, Line and Viber scored full marks for providing end-to-end encryption by default on all their
messaging apps.
“Most technology companies are simply not up to standard when it comes to protecting
their users’ privacy. Activists around the world rely on encryption to protect themselves from spying by authorities, and it is unacceptable for technology companies to expose them to danger by failing to adequately respond to the human rights risks,” said
Sherif Elsayed-Ali.
“The future of privacy and free speech online depends to a very large extent on whether
tech companies provide services that protect our communications, or serve them up on a plate for prying eyes.”
Amnesty International is calling on companies to apply end-to-end encryption to messaging apps as a default. This would help protect the rights of everyday people, as well as peaceful activists and persecuted minorities all over the world by enabling them to exercise their freedom of speech. It is also calling on technology companies to publish full details of the policies and practices they have in place to meet their responsibility to respect the rights to privacy and freedom of expression.
