Twitter Adds Email Privacy Data to Transparency Report

2015-08-12T09:23:00
ID TWITTER-ADDS-EMAIL-PRIVACY-DATA-TO-TRANSPARENCY-REPORT/114235
Type threatpost
Reporter Dennis Fisher
Modified 2015-08-14T12:50:46

Description

The number of information requests Twitter is receiving from the United States government is increasing steadily, having risen roughly 50 percent in the first six months of this year compared to the last six months of 2014.

In its latest transparency report, Twitter said that it received 2,436 information requests from the U.S. government from January through June of 2015, up from 1,622 in the second half of 2014. The number of accounts specified in those requests nearly doubled, but the percentage of the requests that Twitter complied with stayed steady at 80 percent. The bit of information that’s not included in the report, though, is data on National Security Letters received by Twitter in the last six months.

Related Posts

Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs

September 1, 2016 , 11:52 am

OneLogin SecureNotes Breach Exposed Data in Cleartext

August 31, 2016 , 3:04 pm

Fairware Attacks Targeting Linux Servers

August 31, 2016 , 10:21 am

The U.S. government strictly controls how much data companies can disclose about NSLs, limiting them to reporting those requests in large bands, not specific numbers. Twitter did not include any NSL data in its transparency report.

“These numbers do not include national security requests received, if any. As previously mentioned, Twitter filed a lawsuit against the United States government in federal court, seeking greater transparency in national security reporting. The case is ongoing and we continue to fight for the ability to provide more granular reporting to the public on use of national security requests than is currently allowed by law,” the company said in its report.

An interesting addition to the most recent report is a section on email privacy. Twitter included a table with data showing how much of the email it sends to other email providers is encrypted, verified, and what the state of the TLS connection is.

“As part of our commitment to continuous improvement in privacy protection, Twitter has enabled a number of email security protocols over the years. Since early 2013, Twitter has supported the security controls Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) with a reject policy to combat phishing and fraudulent email,” the report says.

“Last year we began using StartTLS, which encrypts both outbound and inbound emails in transit. Assuming your email provider supports TLS, it also ensures that emails you receive from Twitter have not been read by other parties on the way to your inbox.”

The table has detailed data on the security and privacy level of each of the large domains that Twitter sends mail to, and at the top of the list are Gmail, Hotmail, Yahoo, and Mail.ru. Those domains, along with iCloud.com, Outlook.com, Live.com, and Yandex.ru, all have full marks for security and verification and 100 percent of the mail Twitter sends to those domains is encrypted.

Google began including email encryption data in its own reports last year.