While company policies are important, we shouldn’t be dependent on them to protect our privacy. The law should clearly protect the privacy of users even as technologies change. This is particularly important in the wake of the recent disclosures about mass surveillance, which show how far the government’s interpretation of the law has wandered from the statutory language and Congressional intent and how extensively the government has manipulated the legal language to try to provide leeway for surveillance abuses.

The metric evaluates whether companies are working for lasting, permanent improvements in the law to safeguard their users’ privacy.