Every day we learn more about how our data is being harvested and used against us. A group of technologists and human rights experts have developed this Security Pledge, a set of principles that — if enough companies adopted them — would ensure the Internet is used to expand democracy, not undermine it. Add your name to tell the companies you use to take the pledge.
Corporate and government attacks on human rights to privacy, security, and liberty are increasing across the globe, and technology plays a central role in extending their reach. Technology can empower and grant freedoms to us all, but now our online data is empowering data brokers, ISP’s, surveillance companies, and runaway government agencies to discriminate, exploit, and limit our freedoms. If a company wanted to exploit, or an authoritarian government wanted to surveil everyone affiliated with a certain racial, religious, or political group, they could do so with the information collected on innocent people by technology and social media companies. Companies and governments can exploit the massive troves of data companies have on people and weak links in Internet security. They can twist the Internet into something it was never meant to be: a weapon against the public.
We can stop abuses of our data and authoritarian tools by demanding companies protect our privacy and by building a surveillance-resistant web. We're calling on companies to reaffirm the power of their users and to build proven security into every service, site, and technology. To achieve this, we are arming users with the information they need to make informed choices about what services to use. We're already part-way there, and what is left to do is within reach.
The goal is to get thousands of the sites & apps we use every day to pledge to secure our data and get millions of people using secure services. As users, we are demanding companies on the web take this pledge and take these steps so that everyone can choose the services that protect their privacy and security. Those of us who are tech employees are pledging to work inside our companies to push them to do the right thing. Together we'll take online and offline action to shut off channels that allow for our exploitation and surveillance, whether it’s Cambridge Analytica or the NSA. Over the course of 2018, we will acknowledge those companies that have taken these steps and draw public awareness to those that have left us vulnerable.
As technology companies, you recognize that you have a key role to play. You decide how the services you build collect, capture, and share our data. In 2018, companies that sign this pledge are committing to protecting their users’ data from exploitation and securing their users’ human rights, ensuring their products and services do not put human rights at risk by agreeing to:
We need to know that we are in control of our personal information. Commit to meaningful transparency, including providing users full access to all data you have collected and a list of all parties given access to that data. In addition, provide users full control, which includes requiring explicit opt-in consent, over the retention, sharing, or use of their information, including all data sharing with third parties. Adopt auditing procedures to ensure that shared data is used consistently with the users’ preferences. Guarantee that users have an easy and free way to download all the data you have about them in a standardized, open, and usable format. Allow users to delete their entire account and permanently eliminate their data from your servers if they choose to, except when prohibited by law.
We use the Internet to communicate about nearly everything, from banking to politics. Commit to following best practices to secure this information, including offering independently audited end-to-end encryption by default. Prohibit the use of your products and services, including your APIs, by developers to collect information about your customers and users without appropriate consent for third-party commercial tracking or governmental surveillance purposes. If you are the victim of a data breach or contract violation, notify your users promptly if their information has been compromised or shared without their consent. Commit to providing updates to your products when necessary and notify users with an end-of-life announcement when you no longer plan to provide services. Notify customers in the case of a breach or identified vulnerabilities related to user data being exposed. When other companies you work with fail to keep products updated, proactively warn users and potential buyers about them.
Data can last forever and harm people in unpredictable ways. The best way to guard against that harm is to not collect or store it. Review your data collection practices, and stop collecting and storing information that isn't necessary for your product or business.
Algorithms are not neutral by default, and can easily reflect or exacerbate historical biases. Commit to policies that do not further or exploit discrimination and unequal treatment. From the development stage onward, evaluate the impact of products on various communities, including those that have been historically discriminated against, and test the impact of those products when possible or when concerns about such effects have been brought to your attention. Ensure that there are avenues for outside researchers to evaluate bias or discriminatory impact of your product. Do not collect information that is vulnerable to misuse, including information about your customers’ and employees’ immigration status, political views, national origin, nationality, or religion, unless required by law or strictly necessary for the service your provide.
Supporting strong legal privacy protections can both protect your users and earn their respect. Pledge to refuse voluntary requests for data in non-emergency situations, and fight overly broad, questionable, and illegal efforts to surveil your users, in the courts and in the public sphere. Contribute to the broader conversation about government access to private data by publishing transparency reports detailing requests from governments to the greatest extent allowed by law and by providing notice to individual customers or users whose records are sought or obtained by the government unless barred from doing so. If you engage in policy debates, support laws that enhance user privacy, including laws that require a warrant before the government can demand information about your users, and support reforms that curtail mass surveillance. If you engage in lobbying or public policy debates, then support immigration policies that ensure immigrants (including your own employees) are treated humanely, receive due process, and are not discriminated against.
In 2018, we will be working with Internet users and employees across the tech industry to urge your companies to take this pledge. Over the course of 2018, we will celebrate those companies that have taken these steps and draw public awareness to those that have left us vulnerable.
Tech companies allow us to connect with our friends, share our experiences and learn more about the world from an endless supply of news sources in exciting, disruptive ways. But in doing so, tech companies gain control over our actions, our thoughts and our communications with our families and friends. It is imperative that these companies pledge to keep our data secure and use it for our benefit.