In the wake of the Cambridge Analytica scandal, a group of privacy, civil liberties, and human rights organizations have called on technology companies to take a “security pledge” and concrete steps to protect their users’ data.
The Security Pledge
Organizations such as the ACLU, Demand Progress, Fight for the Future, Free Press, and others built the SecurityPledge.com website in order to draw both tech companies and internet users’ attention to the idea that companies collect too much data about their users — data that can later be exploited against those people. According to the non-profit organizations, the internet should be used to expand democracy, not undermine it.
Specifically, the pledge calls for tech companies to:
- Limit the amount of data they collect in the first place, and give users control over how it is shared.
- Offer end-to-end encryption by default to ensure that users’ communications are protected from corporate and government surveillance
- Provide users with full transparency about what data is collected, how it is used, and what measures are in place to prevent it from being abused.
- Support legislation and policy reforms that limit government access to user data except with a warrant and judicial oversight.
A Noble Goal In Self-Regulation
The organizations hope to achieve a two-part goal in getting companies to self-regulate. The first part of achieving this goal is to convince enough tech companies that they need to implement all of the things mentioned above, such as limiting their collection of users’ data and offering end-to-end encryption by default for as many services as technically possible. The second part is to get users to then cross over from the companies that don’t take the pledge to the companies that do.
Currently, the non-profit organizations are showing a list of 20 companies that they hope will take the pledge. The list includes Google, Facebook, Microsoft, Apple, Amazon, Tumblr, Reddit, several large ISPs, and a few others. None of these companies has taken the pledge so far, but presumably that’s because the civil liberties organizations have just gotten started.
However, as Tim Cook recently said, it may be too late for self-regulation. When it comes to data protection or privacy, tech companies have “apologized” a few times too many in the past few years. That’s because they didn’t have any incentive to implement the kind of measures that the civil liberties groups would like them to implement.
If anything, most of the companies in their list have advertising businesses, so they tend to have the opposite incentive – that of collecting as much data on internet users as possible. That’s why, without strong incentives or government regulation, the tech/advertising companies will probably continue to do what they’ve been doing so far.
We’ve already seen ISPs fight against reasonable privacy rules so they can enter the advertising and user-tracking businesses, too, and we know Facebook and Google are currently lobbying against state privacy laws. These seem to be just about the opposite of what the civil liberties groups would like them to do.
Neema Singh Guliani, ACLU legislative counsel, said:
It’s time that companies take steps to ensure that using their products doesn’t mean that users have to sacrifice their rights. The way companies treat data can affect whether you are wrongly excluded from job or housing ads because of your gender, targeted for dubious financial products, or have your security compromised. Many companies have for too long ignored their obligation to treat data responsibly, prevent information from being used to discriminate, and provide users’ full control over how it is handled.
If the companies fail to comply with such self-regulation requests, or if governments fail to impose them, then it will be up to users to provide a strong incentive for companies to implement such measures, too. We’ve seen that advertisers and tech companies start self-regulating when users implement technology tools such as tracking protection or if the users leave their services for others that have a better privacy record. The companies respond well to this type of “threat,” because they know that if they don’t, their businesses will go into a decline eventually.