EFF publishes report about companies practices regarding handing over data to governments

1192 views
Skip to first unread message

Hugo Roy

unread,
Jun 7, 2012, 6:04:52 AM6/7/12
to to...@googlegroups.com
https://www.eff.org/press/releases/when-government-comes-knocking-who-has-your-back
You can find the report at https://www.eff.org/pages/who-has-your-back

Lots of useful information in there. We'd have to integrate it somehow
in our approach. There is a due process coalition that sets legal
standards regarding this issue. Companies can join the coalition and set
their ToS according to these standards. That might be one way to
integrate it in our rating.
--
Hugo Roy
French Coordinator, FSFE chat: hu...@jabber.fsfe.org
www.fsfe.org/about/roy mobile: +336 08 74 13 41
mobile DE: +49 151 143 56 563

Michiel de Jong

unread,
Jun 7, 2012, 6:17:57 AM6/7/12
to to...@googlegroups.com
definitely! great stuff, saves us a whole chunk of work (the 'law
enforcement' category i would say).
> --
> You received this message because you are subscribed to the Google Groups "Terms of Service; Didn't Read" group.
> To post to this group, send email to to...@googlegroups.com.
> To unsubscribe from this group, send email to tosdr+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/tosdr?hl=en.
>

Hugo Roy

unread,
Jun 19, 2012, 10:05:13 AM6/19/12
to to...@googlegroups.com
Hello,

I've added the data points for the EFF Has Your Back report.
https://github.com/unhosted/ToS-DR/commit/96bbb4f157ce18b849661209adcf04e91849cf11

Please reply if you have comments about the scores (from 0 to 100, the
higher the rate, the more it weighs when we compute the points to obtain
a rating)

In case the json files are not self-explanatory, please ask for
precision :-) I should probably write a small doc explaining everything
on the techincal side.

Hugo Roy

unread,
Aug 8, 2012, 9:22:21 AM8/8/12
to to...@googlegroups.com
As pointed out on https://news.ycombinator.com/item?id=4352594 I think
the "US Congress lobbying" is out of scope and should be removed from
ToS;DR. I believe that concerns over this specific point was already
raised. But maybe that wasn't on the mailing list, just IRC.

I decided to remove them for now. If you disagree, speak up! :)

Hugo Roy

unread,
Aug 8, 2012, 12:59:56 PM8/8/12
to to...@googlegroups.com
Le mercredi 08 août 2012 à 15:22 +0200, Hugo Roy a écrit :
> As pointed out on https://news.ycombinator.com/item?id=4352594 I think
> the "US Congress lobbying" is out of scope and should be removed from
> ToS;DR. I believe that concerns over this specific point was already
> raised. But maybe that wasn't on the mailing list, just IRC.

Some other points raised at
http://kendraserra.tumblr.com/post/28986523388/how-to-not-read-terms-of-service

Except from the fact that she assumes I don't understand what a binding
legal document is, it is true that if users are going to believe that
there is a legal requirement by Google to defend them in court (because
they'd assume it's in the ToS, since that's how we present ourselves) --
then we're doing it wrong.

But that poses a valid question that I raised the first day we worked on
this with Michiel and Jan: what's the scope? How far do we get from just
rating terms of service to rating services as a whole?

One of the problem as highlighted above tends to prove that we should
stay more focused on terms.

One other argument in this direction is that the problematic points are
coming from the EFF's report. So the data is already out there. So
there's no need to get it in.

So I will continue on my way from this morning and remove the remaining
irrelevant points.

Hugo Roy

unread,
Aug 8, 2012, 1:04:42 PM8/8/12
to to...@googlegroups.com, kal...@cyber.law.harvard.edu
[Adding Kendra in the discussion, that's much better if people
communicate and work together ;) ]

Le mercredi 08 août 2012 à 15:22 +0200, Hugo Roy a écrit :
> As pointed out on https://news.ycombinator.com/item?id=4352594 I think
> the "US Congress lobbying" is out of scope and should be removed from
> ToS;DR. I believe that concerns over this specific point was already
> raised. But maybe that wasn't on the mailing list, just IRC.

Some other points raised at
http://kendraserra.tumblr.com/post/28986523388/how-to-not-read-terms-of-service

Except from the fact that she assumes I don't understand what a binding
legal document is, it is true that if users are going to believe that
there is a legal requirement by Google to defend them in court (because
they'd assume it's in the ToS, since that's how we present ourselves) --
then we're doing it wrong.

But that poses a valid question that I raised the first day we worked on
this with Michiel and Jan: what's the scope? How far do we get from just
rating terms of service to rating services as a whole?

One of the problem as highlighted above tends to prove that we should
stay more focused on terms.

One other argument in this direction is that the problematic points are
coming from the EFF's report. So the data is already out there. So
there's no need to get it in.

So I will continue on my way from this morning and remove the remaining
irrelevant points.
--
Hugo Roy
French Coordinator, FSFE chat: hu...@jabber.fsfe.org
www.fsfe.org/about/roy mobile: +336 08 74 13 41
mobile DE: +49 151 143 56 563

--
www.tos-dr.info // www.twitter.com/tosdr // www.github.com/Unhosted/ToS-DR
---
You received this message because you are subscribed to the Google Groups "Terms of Service; Didn't Read" group.
To post to this group, send email to to...@googlegroups.com.
To unsubscribe from this group, send email to tosdr+un...@googlegroups.com.
Visit this group at http://groups.google.com/group/tosdr?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.




Kendra Albert

unread,
Aug 8, 2012, 1:18:37 PM8/8/12
to Hugo Roy, to...@googlegroups.com
Hey Hugo and ToS;DR folks,
Sorry, didn't mean to start a Twitter firestorm. I was actually planning to email you guys about something separate in the GitHub terms, so I'm glad the conversation got started, even if it wasn't on the note I intended.

And Hugo - my apologies that the post came off as directly addressed to you and thus implied that I think you don't know that Terms are legally binding. (I saw that you were a law student, and definitely don't think that!) 

I was actually trying to articulate what I see as a larger problem - that laypeople reading Terms don't understand the context in which they written, and thus read them as policy and not legal. I thought that the ToS;DR discussion was a good way to frame the difference.

I guess my problem can be summed up as a labeling one - it scares me that a visitor to your site who go there to be informed (and thus doesn't click through) could reasonably come to the conclusion that Google's court defense is part of its Terms. I think sticking to a narrower scope could help with that.

Kendra
---
Kendra Albert

Michiel de Jong

unread,
Aug 8, 2012, 1:45:57 PM8/8/12
to to...@googlegroups.com, Hugo Roy
On Wed, Aug 8, 2012 at 7:18 PM, Kendra Albert
<kal...@cyber.law.harvard.edu> wrote:
> I guess my problem can be summed up as a labeling one - it scares me that a
> visitor to your site who go there to be informed (and thus doesn't click
> through) could reasonably come to the conclusion that Google's court defense
> is part of its Terms. I think sticking to a narrower scope could help with
> that.

you are right that we should be careful about that. let's see how we
can present data points in a listing that makes this clearer.

Some points are about ToS, some are about Privacy Policy, and some are
about other manifestations of good or bad treatment of "user rights".
So let's label them accordingly and it should be fine?

But i think it can be fixed by making the data presentation clear and
transparent.

One important point i think is that this is not a summary service, our
product is a rating. if we say a certain website gets for instance a
"class B" rating for how they treat their users, then i think we
should include all reliable information we have about the things they
will do to you, whether that information comes from the ToS or the PP
or their blog or their help pages or other reliable information
services. ignoring information just because it is not legally binding
would paint an incomplete picture imho.

we do restrict ourselves to only user rights (or "consumer rights" as
i sometimes also call them) though. so for instance if the product
quality is low, or the site goes down all the time, or the data center
happens to use nuclear power instead of green power, that would all be
outside of the 'user rights' scope and doesn't affect the rating.

but a company defending your rights in court is definitely positive
and significant and also related to user rights, i would say, so i
would want it to affect the rating we give to that service.


my 2ct,
Michiel

Hugo Roy

unread,
Aug 8, 2012, 2:48:24 PM8/8/12
to to...@googlegroups.com, kal...@cyber.law.harvard.edu
We actually have since the beginning a "source" element which typically
goes like "source": "terms" or "source": "privacy".

I propose we add something like "source": "not-binding" and when that
string is present, we display these points in a separate section making
sure that people understand it's not binding, just practice. These
not-binding points shuold not be shown on the front page either.

So I guess that makes our need to be able to have a triage in points is
becoming even more important than before :)

https://github.com/unhosted/ToS-DR/issues/8

Michiel de Jong

unread,
Sep 24, 2012, 4:37:22 AM9/24/12
to to...@googlegroups.com
Promise to inform about data requests Discussion

A public commitment to inform users when their data is sought by the government, unless prohibited by law. This gives you a chance to defend yourself against overreaching government demands for their data. (cc-by eff)'


although maybe it goes beyond that in not only notifying but actually promising in a way to fight your corner wherever possible?

 

Hugo Roy

unread,
Sep 24, 2012, 5:57:37 AM9/24/12
to to...@googlegroups.com
Le lundi 24 septembre 2012 à 01:37 -0700, Michiel de Jong a écrit :
> although maybe it goes beyond that in not only notifying but actually
> promising in a way to fight your corner wherever possible?

Unless there's an agreement to do so, it's not binding so I would leave
that specific part out.

Michiel de Jong

unread,
Sep 24, 2012, 6:47:13 AM9/24/12
to to...@googlegroups.com
ok, then we'll leave this point as it is.

Hugo Roy

unread,
May 22, 2013, 4:35:11 PM5/22/13
to to...@googlegroups.com
The new EFF "who has your back" report is out at https://www.eff.org/who-has-your-back-2013?support_whyb=1

We'll update with the current info.

Hugo Roy

unread,
Jun 14, 2013, 7:14:15 AM6/14/13
to to...@googlegroups.com
As posted by Ian,

> You acknowledge, consent and agree that Yahoo! may access, preserve and
> disclose your account information and Content if required to do so by law
> or in a good faith belief that such access preservation or disclosure is
> reasonably necessary to: (i) comply with legal process; (ii) enforce the
> TOS; (iii) respond to claims that any Content violates the rights of third
> parties; (iv) respond to your requests for customer service; or (v) protect
> the rights, property or personal safety of Yahoo!, its users and the public.


http://info.yahoo.com/legal/us/yahoo/utos/terms/

nathalie...@gmail.com

unread,
Dec 5, 2013, 11:27:13 AM12/5/13
to to...@googlegroups.com
Hello,
I found this : http://info.yahoo.com/transparency-report/
It seems to be one of the missing point in your ranking for Yahoo!
Did you update the differents other ranking?
Nathalie

claw...@gmail.com

unread,
Mar 30, 2014, 12:00:39 PM3/30/14
to to...@googlegroups.com
Google just publish a video explaining how they handle gouvernment request for personnal user data https://www.youtube.com/watch?v=MeKKHxcJfh0 . I think we need to update the ranking

Le jeudi 7 juin 2012 12:04:52 UTC+2, Hugo Roy a écrit :
> https://www.eff.org/press/releases/when-government-comes-knocking-who-has-your-back
>
> You can find the report at https://www.eff.org/pages/who-has-your-back
>
>
>
> Lots of useful information in there. We'd have to integrate it somehow
>
> in our approach. There is a due process coalition that sets legal
>
> standards regarding this issue. Companies can join the coalition and set
>
> their ToS according to these standards. That might be one way to
>
> integrate it in our rating.
>
> --
>
> Hugo Roy
>
> French Coordinator, FSFE chat: ****REMOVED FOR PRIVACY****
>
> www.fsfe.org/about/roy mobile: ****REMOVED FOR PRIVACY****
>
> mobile DE: ****REMOVED FOR PRIVACY****

Someone

unread,
May 20, 2014, 3:35:19 PM5/20/14
to to...@googlegroups.com
The new EFF report of 2014 shows that Google now also notifies users about data requests.

Hugo Roy

unread,
May 22, 2014, 12:31:43 PM5/22/14
to to...@googlegroups.com
↪ 2014-05-20 mar. 21:35, Someone <aanmeld...@gmail.com>:
> The new EFF report of 2014 shows that Google now also notifies users about data requests.

Thanks, updating this is on my list!

Not our top priority at the moment though :-)

--
Hugo Roy
+33.608741341

Hugo Roy

unread,
Sep 2, 2014, 7:27:04 AM9/2/14
to claw...@gmail.com, to...@googlegroups.com
↪ 2014-03-30 Sun 18:00, claw...@gmail.com <claw...@gmail.com>:
> Google just publish a video explaining how they handle gouvernment request for personnal user data https://www.youtube.com/watch?v=MeKKHxcJfh0 . I think we need to update the ranking

Why? Is there anything changed in their terms that’s not reflected
in https://tosdr.org/#google ?

A promotional video is not binding like terms.

--
Hugo Roy
Project Lead, Terms of Service; Didn't Read <www.tosdr.org>

Please use cryptography for email: see https://emailselfdefense.fsf.org/en/
Merci d’utiliser la cryptographie pour l’email : voir https://emailselfdefense.fsf.org/fr/
Reply all
Reply to author
Forward
0 new messages