Network neutrality and privacy groups have called on edge providers to pledge their protections of online information, and Web surfers to join the call for those promises in the wake of the Cambridge Analytica data sharing issue, though they suggested that is just the tip of an iceberg.
Groups including Fight for the Future, Color of Change and the ACLU have launched SecurityPledge.com as part of the campaign to get tech companies to voluntarily protect the Web public in the wake of "widely reported abuses like the harvesting and manipulation of Facebook data."
Many of the same groups have argued that ISP pledges to protect privacy and neutrality are insufficient.
The campaign emphasizes that "demanding" that companies take the pledge is a way to make sure "everyone can choose the services that protect their privacy and security. "Choice" is an important point since the same groups have said that ISP pledges to protect privacy are not sufficient, based on what they say is lack of choice in providers.
"Over the course of 2018, we will acknowledge those companies that have taken these steps and draw public awareness to those that have left us vulnerable," the groups say.
Net Neutrality fan Demand Progress signaled it was a flash point for edge providers.
“The major online platforms are facing a reckoning," said David Segal, executive director. "How they respond in this moment will help determine whether the utopian vision that inspired so many internet pioneers and users stands a chance of becoming a reality, or whether companies will ignore the public interest turn the internet against its users towards the end of private benefit.”
Fight for the Future's Even Greer was accentuating the positive. "[T]his problem doesn’t begin and end with Facebook. If the largest tech companies take the steps outlined in the security pledge, it will change the course of human history for the better, and protect billions of people’s basic rights.”
The pledge would be:
“Ensure Users Have Access to and Control Over Their Data
“We need to know that we are in control of our personal information. Commit to meaningful transparency, including providing users full access to all data you have collected and a list of all third parties given access to that data. In addition, provide users full control, which includes requiring explicit opt-in consent, over the retention, sharing, or use of their information, including all data sharing with third parties. Adopt auditing procedures to ensure that shared data is used consistently with the users’ preferences. Guarantee that users have an easy and free way to download all the data you have about them in a usable format. Allow users to delete their entire account and permanently eliminate their data from your servers if they choose to.
“Protect Our Data
“We use the Internet to communicate about nearly everything, from banking to politics. Commit to following best practices to secure this information, including offering end-to-end encryption by default. Permit public and independent auditing of systems. Prohibit the use of your products and services, including your APIs, to collect information about your customers and users for commercial tracking or governmental surveillance purposes. If you are the victim of a data breach or contract violation, notify your users promptly if their information has been compromised or shared without their consent. Commit to providing updates to your products when necessary, and notifying customers in the case of breach or identified vulnerabilities. When other companies you work with fail to keep products updated, proactively warn users and potential buyers about them.
“Limit the Data You Collect
“Data can last forever and harm people in unpredictable ways. The best way to guard against that harm is to not collect or store it. Review your data collection practices, and stop collecting and storing information that isn't necessary for your product or business.
“Ensure All Communities Receive Equal Protections
“Algorithms are not neutral by default, and can easily reflect or exacerbate historical biases. Commit to policies that do not further or exploit discrimination and unequal treatment. From the development stage onward, test and evaluate the impact of products on various communities, including those that have historically been discriminated against. Do not collect information that is vulnerable to misuse, including information about your customers’ and employees’ immigration status, political views, national origin, nationality, or religion, unless required by law or strictly necessary for the service your provide.
“Resist Improper Government Access and Support Pro-Privacy Laws
“Supporting strong legal privacy protections can both protect your users and earn their respect. Pledge to refuse voluntary requests for data in non-emergency situations, and fight overly broad, questionable, and illegal efforts to surveil your users, in the courts and in the public sphere. Contribute to the broader conversation about government access to private data by publishing transparency reports detailing requests from governments to the greatest extent allowed by law and by providing notice to individual customers or users whose records are sought or obtained by the government unless barred from doing so.
“Support laws that enhance user privacy, including laws that require a warrant before the government can demand information about your users. Support reforms that curtail mass surveillance. Support immigration policies that ensure immigrants (including your own employees) are treated humanely, receive due process, and are not discriminated against."