• by Laurie Sullivan  @lauriesullivan, November 20, 2013

Keeping data private as it traverses the Web remains a huge responsibility for brands, agencies and companies. The Electronic Frontier Foundation, which spearheads best practices to secure data, released a scorecard highlighting Google, Dropbox, SpiderOak and Sonic.net as the only companies with perfect scores.

But as companies tighten access to available data, marketers will need to rethink some of the metrics and data they use today.

The Electronic Frontier Foundation survey suggests that each of the four companies report they use five out of five best practices for encryption, such as HTTPS protocol, forward secrecy and encryption of data as it moves between company data centers.

The Electronic Frontier Foundation surveyed Web companies after the U.S. government surveillance debacle to identifies the ones that use encryption to safeguard user emails, data center transmissions and other online activities. Encrypting data networks makes "backdoor surveillance more challenging, requiring the government to go to courts and use legal process," according to the EFF.

Yahoo said earlier this week that it would encrypt all user data in 2014. Twitter said it's committed to encrypting transmissions between data centers. Facebook and LinkedIn also announced they will add encryption recommended by the EFF. Apple and Microsoft scored lower, while telecom providers such as AT&T, Comcast and Verizon have yet to reveal their plans, according to the EFF.

With that in mind, EFF has asked service providers to implement strong encryption.

The EFF asked companies to encrypt Web sites with Hypertext Transfer Protocol Secure (HTTPS) by default, which automatically uses a channel that encrypts the communications from their computer to the Web site. This has become one of the issues surrounding Google's keyword not provided initiative. The data remains private. Search engine marketers lose the ability to refer keyword data to measure results.

The EFF also asked companies to flag all authentication cookies as secure. This means browser cookie communications are limited to encrypted transmission, which directs Web browsers to use these cookies only through an encrypted connection. That stops network operators from stealing user identities by sniffing authentication cookies going over insecure connections, according to the organization.

"While they encrypt the communications from the end user to the server and back, the MUSCULAR revelations have shown this is not enough," Kurt Opsahl, senior staff attorney, wrote in a blog post. "We have asked service providers to encrypt communications between company cloud servers and data centers."

The EFF also asked for email service providers to implement for mail transfer STARTTLS, an opportunistic encryption system, which encrypts communications between email servers that use the Simple Mail Transfer Protocol (SMTP) standard. When someone emails another person on a different provider, the mail message gets delivered across the Internet. If both email servers understand STARTTLS, then the communications gets encrypted in transit. If not, someone can intercept the data.