The American Civil Liberties Union (ACLU) and six other campaign groups have responded to the Facebook privacy controversy by calling on tech companies to sign a ‘security pledge.’ The pledge asks companies to make four promises to their customers and users …
- Limit the amount of data they collect in the first place, and give users control over how it is shared.
- Offer end-to-end encryption by default to ensure that users’ communications are protected from corporate and government surveillance
- Provide users with full transparency about what data is collected, how it is used, and what measures are in place to prevent it from being abused.
- Support legislation and policy reforms that limit government access to user data except with a warrant and judicial oversight.
A website created for the campaign is headed ‘tech companies need to change.’
Every day we learn more about how our data is being harvested and used against us. A group of technologists and human rights experts have developed this Security Pledge, a set of principles that — if enough companies adopted them — would ensure the Internet is used to expand democracy, not undermine it.
The website expands on the four bullet-points. For example, on point two:
We use the Internet to communicate about nearly everything, from banking to politics. Commit to following best practices to secure this information, including offering end-to-end encryption by default. Permit public and independent auditing of systems. Prohibit the use of your products and services, including your APIs, to collect information about your customers and users for commercial tracking or governmental surveillance purposes. If you are the victim of a data breach or contract violation, notify your users promptly if their information has been compromised or shared without their consent. Commit to providing updates to your products when necessary, and notifying customers in the case of breach or identified vulnerabilities. When other companies you work with fail to keep products updated, proactively warn users and potential buyers about them.
The group shared a list of target companies, which includes Apple, noting that none have yet signed. Although Apple arguably has the strictest standards for user data security, it’s unlikely it would sign. The company would point to its own commitments rather than want to be seen to be responding to ones created by someone else. It also wouldn’t necessarily want to be seen to endorse all the organizations behind the campaign.
The ACLU has a mixed history with Apple. The organization supported the company in its stand against the FBI, but has also expressed concerned about Apple giving developers access to (limited) facial data.