Many of these pledges require potentially expensive legal defense against the U.S. government. Will YCombinator commit to providing funding for the legal work committed to here? For their own portfolio companies only, or for any early-stage startup that finds themselves in the position of "sell out our users, or go bankrupt"?
A tech pledge to support user privacy which ignores the risk and market dynamics of security breaches? The mind boggles...
How about dedicating resources to making sure everyone upgrades their devices, patches security vulns on internet-facing servers, uses password managers, etc?
How about at the very least asking "if we suffered a breach, how would we know?". Because ethics aside, there seems little incentive for startups to worry about it.
While I like the idea of a tech pledge to identify what Right is, and then do the Right Thing, I can't help but feel that this particular implementation is extremely narrow in how it was designed and how it ended up scoped out.
It seems very specifically about managing how the US govt. has interacted with specific companies holding user data, and also the current trends expressed by Trump regarding immigration.
These are both important issues, but it's hardly what I'd consider The Tech Pledge, being so narrow. I'd love to see a version that talks about, say, security practices, and endeavoring to put consumer privacy above business needs.
Yeah, this has been specifically tailored so that people at companies like Facebook and Google can sign it. Things like... not being able to ad-target depressed youth (ex. Facebook in Australia), not paying to fabricate "independent" academic studies that claim you aren't violating antitrust law (Google's Joshua Wright), or operating software explicitly designed to help your service avoid government regulators from being able to find it (ex. Uber's Greyball), or other similarly immoral actions of Silicon Valley today clearly aren't covered here.
This appears solely based on how tech companies should deal with the government, not themselves.
Employees at Google outnumber those of any other company on the NeverAgain.tech pledge. I don't know what Google's management can sign, but Google's rank and file broadly opposes turning over big data to the DOJ, or assisting in mass deportation. Obviously, the YC pledge is weak sauce compared to what NeverAgain says: no matter what legal process is involved, NeverAgain signatories pledge to leave a job that involves helping mass deportation.
I think we shouldn't care about what Google's management thinks, but rather focus our attention on getting some pledges written that the rank and file can sign on to. If even 1/5th of the engineers at a company publicly pledge to something, their employers can't ignore it.
I'm not seeing how your comment addresses my point. The neveragain.tech pledge does have a very vague term about "misuse of data that's illegal or unethical", but the majority of that pledge also refers very specifically to government overreach. It was in response to questions about if any of the companies would help Trump create a database of Muslims, and cites a variety of examples that all are about government abuses and overreaches that involved technology to implement.
While agree with the statement others have made that neveragain.tech has a stronger pledge, I still don't feel it has much to do with extremely unethical practices in the companies themselves so much as insisting those companies don't help the government with it's unethical practices. If an employer is reading these pledges and taking note, they're going to see that they should resist government actions to use their data, not that they should make any consideration how they use that data themselves.
I may have misread your comment; the subtext I got from yours was that the YC Pledge had been watered down to make it possible for Google to sign on to it, and I just wanted to say that the (much stronger) NeverAgain.tech pledge got a surprising amount of Google support, including from pretty senior people at Google.
If you weren't implying that NeverAgain.tech needed to be watered down to make it palatable to Google, my comment indeed wasn't responsive to yours. Sorry!
The principle of least privilege seems very applicable to keeping user data secure from the government. You cannot hand over data that you do not have. If your business model requires collecting data that would not be conscionable to hand over to the government upon demand, you should seriously reconsider your business model.
I'd strongly prefer something based off that rather than the actual pledge. It's fairly easy to lose a legal defense, go back on your pledge to produce a legal defense, or change owners to one not bound by the pledge. It's much more difficult to retroactively collect data.
> If your business model requires collecting data that would not be conscionable to hand over to the government upon demand, you should seriously reconsider your business model.
This is not reasonable in many cases, though. It is surprisingly hard to build many useful services on top of strong zero-knowledge crypto and have them operate in the real world where things like users forgetting their credentials are common occurrences that consumers expect you to be able to recover from. It is also actually impossible to do so when part of the service happens in the physical world (e-commerce, car dispatching apps, etc). In practice, until we solve a few long standing security and HCI problems, I can't envision a world where a large set of private parties doesn't know more about me, collectively, than what I would be comfortable with a hostile enforcement agency knowing and correlating in a single place.
Don't get me wrong, I think there is a lot of value in being mindful of which data we are collecting, why and if we can get away with building our software so that we do not need that data. I also think keeping infinite records just because "big data will make them useful in time" ignores the 'toxicity' of huge troves of private data laying around. But even in a world where every company takes extraordinary data handling measures, even against market incentives, I still would want the companies to be very careful about sharing the data they did absolutely need to collect...
It's a nice idea, and if people actually agreed to it, things could actually change for the better in the tech industry. However here's the issue:
Only a small percentage of people in the tech world care about this stuff.
It sucks I know. But it's true. The vast majority of people out there simply want a paycheck and don't really care how they get it. As a result this means that anyone who does agree to the pledge will most likely be sacked in favour of the person who doesn't. And there are millions of people in tech who will throw everything and everyone under the bus as long as management says so and the money ends up on the table.
So how do you solve this? Well, good question. In a lot of fields, they solve it by either requiring accreditation or a union membership or god knows what else, which causes those who go against what's seen as 'ethical' in their field to have a very hard time finding new jobs afterwards.
That's not really a likely thing for the tech world, and I don't think most people would want it to be. But as a result, it means pledges like this are pretty much useless at the moment.
Given neveragain exists and has thousands of signatures (many from employees at YC companies) and prominent media coverage, it's impossible not to conclude that the the glib vagueness of "The" tech pledge is deliberate.
It's really weird, isn't it? NeverAgain is a pledge based on data collection and mass deportation. "The Tech Pledge" is essentially a pledge to provide large-scale data to the government, so long as the "correct" process is followed, and to defend the rights of immigrants who happen to work for tech companies.
The connection between the two pledges is pretty unmistakable, so much so that you can read comments on this thread about how random the two issues in The Tech Pledge sound.
It's nice if your company commits to something. But what's vital is that you commit to things, and that you organize around those commitments. As a profession, we have to stop looking to management and owners to own the ethics and conditions of our work.
Things like this are fine, but don't lose sight of where the real power is. It's the strongest market for tech talent I've seen in my entire career. Your company cannot survive without people like you. Don't ask them to do things. Organize with your peers and demand. You'll win, a lot of the time, and your wins will be durable.
This pledge is pretty clearly a response to NeverAgain.tech (look at the issues it cares about). NeverAgain.tech is about what members of our profession commit to doing; that pledge doesn't give a damn what companies say, because if employers contravene the pledge, the signatories have pledged to leave as soon as possible. That's meaningful. This is window dressing.
Note in particular the utter lack of anything that actually benefits us, the developers:
* No protections on moonlighting
* No mention of fair equity for work by early engineers
* No condemnation of clawbacks of equity
* No whistleblower protection
* No comments on diversity or discrimination
* No comments on harassment
* No comments on reasonable workloads/workweeks
* No comments on allowing remote work or helping remote workers
Make no mistake folks: this "pledge" does basically nothing to help you. Look out for your own interests.
Further, it doesn't even have the balls to stand up and say "We won't do evil things like give away user data to government agencies" and instead goes for the much easier "well if the paperwork is okay we'll sell out the users i guess".
This isn't worth the bytes it spent getting to you.
Do you really think any company could or should publicly commit to refuse to comply with valid court orders?
I'm all for strengthening the language and adding teeth to these demands, but we've got to be realistic here. A US corporation declaring blanket refusal to cooperate with the US government is not realistic.
> Do you really think any company could or should publicly commit to refuse to comply with valid court orders?
The could create a situation where they can't comply, at least meaningfully. "Here's the data judge, too bad it's encrypted and we don't have the key".
I think it's not the kind of question that's best asked of companies. Companies should commit not to collect abusable data in the first place.
Employees, on the other hand, can in fact pledge not to assist the DOJ, even if "correct process" is used. If enough of them pledge that, companies will have to adjust their retention practices, lest their data function as a time bomb waiting to blow their teams up.
I think if you're going to mirror NeverAgain.tech, don't water it down. But the bigger issue is: stop looking to companies to make promises. People promise. Companies can only posture.
Ok, but given the starting premise, "what's a pledge that we can coerce companies into signing?", what would you shoot for, instead?
To me, the bit where companies would need to agree to not implement backdoors into encryption protocols is actually pretty meaningful. You know that the evil shitfuck companies like Palantir are not going to sign on with that clause in place, but they weren't going to listen, anyways.
If Facebook signs on, though, it could actually be a toothy, verifiable commitment.
Pledge 1 and 2 seem strangely distinct. It's odd to request someone to commit to both. Pledge #1 seems like basic ethics of technical practice, but pledge #2 is a specific position on a specific current political issue.
My software engineering professor had us read the ACM [0] and IEEE [1] ethics codes. I vastly prefer the IEEE code (they both read like they were written by committees, but IEEE seems like it was addressed to a professional engineer, and ACM seems like it was written to a corporate drone.) Either one of the codes is significantly more thorough than the pledge, which seems focused on a few current issues, making it eventually irrelevant independent of whether its goals are achieved.
"The Tech Pledge" is way too generic of a name for what this is. Be specific enough that it piques people's interest. Otherwise it is just poor branding. (And branding does matter on grass roots efforts, not just corporate efforts.)
Placing 'We will provide support to efforts to keep the United States DACA policy in place' under the heading 'Supporting Legal Immigration' is misleading: DACA is Deferred Action for Childhood Arrivals, i.e. it is a policy of tolerance for illegal aliens, not legal immigrants.
Otherwise it seems a reasonably unobjectionable document.
I think this is amazing, and the premise of it, which is to recognize the unprecedented power that is pooling in the tech sector and the responsibilities that come with it, is highly laudable.
With that said, the fact that there's no reference to the greatest problem facing our society, income inequality, is highly noticeable.
A pledge by tech companies to respect the rights of workers would actually be something notable and daring.
I don't know why this pledge has to take a position on immigration policy.
A flood of low-skilled, poorly educated immigrants definitely helps the rich who don't mow their own lawns or make their own beds, and corporations who benefit from the wage-suppressing effects of a huge surplus low-skilled and poorly educated workers. But it hurts American citizens who are themselves low-skilled and poorly educated.
I know it's not a popular opinion here, but I happen to think that US immigration policy should be crafted solely on what is in the US's best interests. Allowing highly-skilled and highly educated people in helps the country, but I don't really see how allowing a flood of low-skilled immigrants in helps the country in the larger picture. I understand how it does from the Adam Smith/Milton Friedman perspective, but I don't think that benefit justifies the harm done to the most vulnerable workers (or would-be workers) who are citizens and taxpayers and in many cases veterans of our military.
While I am pro immigration and pro freedom of movement in general (so I mostly disagree with your stance in general), I can't deny that the current immigration rules have been mostly to the benefit of making tech company owners richer by hiring highly skilled people at indentured servitude wages. Truly free markets would allow immigrants to change employer at will. Suffice it to say that this issue is controversial enough that it doesn't belong in a simple code of ethics. We agree on that.
How about a pledge to keep politics out of the work place? I am very tired of people dropping subtle and not so subtle hints about the strong political views they have in professional environments.
It's a social skill to learn when it's appropriate to talk about politics, and when it isn't. Many people lack this skill.
Of course, we all know that it's safe for some political persuasions to speak out, but not others. I suppose the people advocating for this are - literally - Politically Correct.
What's ironic is that the "safe" politics of the Bay Area are deeply offensive in workplaces only 50 miles inland (and vice versa).
I agree, politics at the workplace is inappropriate, except concerning issues of importance to that company or industry, e.g. Exxon being critical of drilling restrictions or Google evincing opinions about the continued legality of enumerating people's home wifi access points.
And all the self-righteous, virtue-signalling talk about "diversity" does not extend to diversity of opinion. The same people who talk about the intrinsic value of every individual want to read out of polite society anyone who does not occupy the same spot on the political spectrum they do.
I agree with you if you're also not taking any actions. However tech workers are building powerful tools that could be abused if the software or data got into the wrong hands.
If you're building a tool that can be used as a Muslim registry (Facebook), and the president's stated goal is a Muslim registry, silence speaks volumes.
But where do you stop? Any database or even a text file could be used to create a Muslim registry.
In a dating site religion is an important feature for users. If people don't want this data collected then they should not provide the data, it's that simple.
Atheism is a religion insomuch as it's protected under the concept of freedom of religion, and puts you into a protected class. Collecting stamps or not, not so much.
How else can a Silicon Valley programmer convince himself his job is meaningful to society when he's altering CSS tags and writing code to cache requests all day?
"The 0.5% increase in engagement after the A/B test result is making the world a better place." <-- that's not enough anymore, a programmer's employer has to be taking a stand for something now. Not anything that would harm revenue. Something that is meaningful to tech types, like net neutrality.
How many SV companies have made the world a better place? Most seem intent on making it worse by hoarding private data and creating bloated web/electron apps.
I'm mystified as to what this means. Let's say I'm trying to decide what Google's policy is about travel to a state where transgender people are required to use a bathroom where they look like they're perverts. Is that politics, or ethics, or what?
Google doesn't have a generic policy that encompasses all situations where an employee might be discriminated against? What? They do.
The point of calling out this particular law in North Carolina is that this law claims to not be discriminatory, but it actually is. A generic policy requires interpretations.
But to be relevant to this thread, is this "politics" that a company should avoid?
I don't find the presence of married gay or transgender people to be an overt political statement.
On some level it is political of course, but only on the pedantic reductionist level of "everything is a political statement". If you want to go down that route, fine, but I won't be joining you.
I'm trying to figure out whether Google should express opinions about state laws that unfairly affect their employees... is that "political", according to this pledge?
I dunno. Is it political for me to be required to travel to Red China when I'm an anti-communist? I'm no better equipped than you are to find out where the line should be drawn.
The overwhelming majority of Americans agree that China is an authoritarian state, whereas there's considerable disagreement about gay marriage, despite the Supreme Court saying it's legal. So I don't think many people would agree that it's a similar line.
I did not know that this was a YC initiative until I read about it in the comments. Initiatives like this need all the help they can get in order to stand out above the noise. Everybody's got a manifesto. Only this one has YC backing.
> We will only provide individual user data to governments under correct legal process.
If the law changes such that companies can be compelled to hand over information that would be unethical to hand over, the pledge should require that companies stop collecting that information and delete what they already have. If there are countries that have existing laws that would permit them to insist on handing over information that would be unethical to provide, the pledge should require that companies cease doing business in those countries.
Right now this is simply a pledge not to engage in reprehensible behaviour. We shouldn't be providing rewards or encouragement not to act in reprehensible ways. We should be encouraging people to do better than the socially acceptable bare minimum. A pledge should be a promise to go above and beyond, and this is nothing of the sort.
Or what about the benefits and wages of subcontracted service workers? These are the poverty wage workers on many of these company work sites. Not sure it falls in line with anyone's values to have the world's richest companies be relying on poverty wage workers to feed, clean, secure and drive their employees every day.
Similarly, the way in which "Legal Immigration" is highlighted seems to ignore the number of lower wage, undocumented workers within the service sector that is a part of the operations of these tech companies. Why not support all immigrants in their operations who are facing persecution?
"Provide support", and not just "support"? So a startup that isn't actively involved in efforts around keeping the DACA policy would be breaking this pledge? This seems to only make sense for giant companies.
Exactly, DACA's just a policy made with a pen and a phone - it's a legal phantasm that can easily be dispelled!
Pass an actual labor law or gtfo on this indentured servitude you execs are so addicted to. Pay equivalent wages and allow imported labor to change employers or GET THE FUCK OUTTA HERE! (Sorry to cuss, but I've got real hatred for the self-serving progressive leaders who profit so much from cheap imported labor.)
> We'd like to invite comments on this for a two week period, starting today, May 2nd.
I'm guessing that this is just a temporary page that will be replaced once you have developed the final version of the the pledge. If that is NOT the case, then may I suggest that "May 2nd" be changed to "May 2nd, 2017"?
62 comments
[ 4.6 ms ] story [ 135 ms ] threadHow about dedicating resources to making sure everyone upgrades their devices, patches security vulns on internet-facing servers, uses password managers, etc?
How about at the very least asking "if we suffered a breach, how would we know?". Because ethics aside, there seems little incentive for startups to worry about it.
It seems very specifically about managing how the US govt. has interacted with specific companies holding user data, and also the current trends expressed by Trump regarding immigration.
These are both important issues, but it's hardly what I'd consider The Tech Pledge, being so narrow. I'd love to see a version that talks about, say, security practices, and endeavoring to put consumer privacy above business needs.
This appears solely based on how tech companies should deal with the government, not themselves.
I think we shouldn't care about what Google's management thinks, but rather focus our attention on getting some pledges written that the rank and file can sign on to. If even 1/5th of the engineers at a company publicly pledge to something, their employers can't ignore it.
While agree with the statement others have made that neveragain.tech has a stronger pledge, I still don't feel it has much to do with extremely unethical practices in the companies themselves so much as insisting those companies don't help the government with it's unethical practices. If an employer is reading these pledges and taking note, they're going to see that they should resist government actions to use their data, not that they should make any consideration how they use that data themselves.
If you weren't implying that NeverAgain.tech needed to be watered down to make it palatable to Google, my comment indeed wasn't responsive to yours. Sorry!
I'd strongly prefer something based off that rather than the actual pledge. It's fairly easy to lose a legal defense, go back on your pledge to produce a legal defense, or change owners to one not bound by the pledge. It's much more difficult to retroactively collect data.
This is not reasonable in many cases, though. It is surprisingly hard to build many useful services on top of strong zero-knowledge crypto and have them operate in the real world where things like users forgetting their credentials are common occurrences that consumers expect you to be able to recover from. It is also actually impossible to do so when part of the service happens in the physical world (e-commerce, car dispatching apps, etc). In practice, until we solve a few long standing security and HCI problems, I can't envision a world where a large set of private parties doesn't know more about me, collectively, than what I would be comfortable with a hostile enforcement agency knowing and correlating in a single place.
Don't get me wrong, I think there is a lot of value in being mindful of which data we are collecting, why and if we can get away with building our software so that we do not need that data. I also think keeping infinite records just because "big data will make them useful in time" ignores the 'toxicity' of huge troves of private data laying around. But even in a world where every company takes extraordinary data handling measures, even against market incentives, I still would want the companies to be very careful about sharing the data they did absolutely need to collect...
Only a small percentage of people in the tech world care about this stuff.
It sucks I know. But it's true. The vast majority of people out there simply want a paycheck and don't really care how they get it. As a result this means that anyone who does agree to the pledge will most likely be sacked in favour of the person who doesn't. And there are millions of people in tech who will throw everything and everyone under the bus as long as management says so and the money ends up on the table.
So how do you solve this? Well, good question. In a lot of fields, they solve it by either requiring accreditation or a union membership or god knows what else, which causes those who go against what's seen as 'ethical' in their field to have a very hard time finding new jobs afterwards.
That's not really a likely thing for the tech world, and I don't think most people would want it to be. But as a result, it means pledges like this are pretty much useless at the moment.
The connection between the two pledges is pretty unmistakable, so much so that you can read comments on this thread about how random the two issues in The Tech Pledge sound.
Super weird.
It's nice if your company commits to something. But what's vital is that you commit to things, and that you organize around those commitments. As a profession, we have to stop looking to management and owners to own the ethics and conditions of our work.
Things like this are fine, but don't lose sight of where the real power is. It's the strongest market for tech talent I've seen in my entire career. Your company cannot survive without people like you. Don't ask them to do things. Organize with your peers and demand. You'll win, a lot of the time, and your wins will be durable.
This pledge is pretty clearly a response to NeverAgain.tech (look at the issues it cares about). NeverAgain.tech is about what members of our profession commit to doing; that pledge doesn't give a damn what companies say, because if employers contravene the pledge, the signatories have pledged to leave as soon as possible. That's meaningful. This is window dressing.
Further, it doesn't even have the balls to stand up and say "We won't do evil things like give away user data to government agencies" and instead goes for the much easier "well if the paperwork is okay we'll sell out the users i guess".
This isn't worth the bytes it spent getting to you.
I'm all for strengthening the language and adding teeth to these demands, but we've got to be realistic here. A US corporation declaring blanket refusal to cooperate with the US government is not realistic.
The could create a situation where they can't comply, at least meaningfully. "Here's the data judge, too bad it's encrypted and we don't have the key".
Employees, on the other hand, can in fact pledge not to assist the DOJ, even if "correct process" is used. If enough of them pledge that, companies will have to adjust their retention practices, lest their data function as a time bomb waiting to blow their teams up.
I think if you're going to mirror NeverAgain.tech, don't water it down. But the bigger issue is: stop looking to companies to make promises. People promise. Companies can only posture.
To me, the bit where companies would need to agree to not implement backdoors into encryption protocols is actually pretty meaningful. You know that the evil shitfuck companies like Palantir are not going to sign on with that clause in place, but they weren't going to listen, anyways.
If Facebook signs on, though, it could actually be a toothy, verifiable commitment.
[0] http://ethics.acm.org/code-of-ethics/software-engineering-co... [1] http://www.ieee.org/about/corporate/governance/p7-8.html
Something at the end like:
"Transparency: On an ongoing basis, we will offer our employees and our users reports on how we're fulfilling the above commitments."
Otherwise it seems a reasonably unobjectionable document.
With that said, the fact that there's no reference to the greatest problem facing our society, income inequality, is highly noticeable.
A pledge by tech companies to respect the rights of workers would actually be something notable and daring.
A flood of low-skilled, poorly educated immigrants definitely helps the rich who don't mow their own lawns or make their own beds, and corporations who benefit from the wage-suppressing effects of a huge surplus low-skilled and poorly educated workers. But it hurts American citizens who are themselves low-skilled and poorly educated.
I know it's not a popular opinion here, but I happen to think that US immigration policy should be crafted solely on what is in the US's best interests. Allowing highly-skilled and highly educated people in helps the country, but I don't really see how allowing a flood of low-skilled immigrants in helps the country in the larger picture. I understand how it does from the Adam Smith/Milton Friedman perspective, but I don't think that benefit justifies the harm done to the most vulnerable workers (or would-be workers) who are citizens and taxpayers and in many cases veterans of our military.
Of course, we all know that it's safe for some political persuasions to speak out, but not others. I suppose the people advocating for this are - literally - Politically Correct.
I agree, politics at the workplace is inappropriate, except concerning issues of importance to that company or industry, e.g. Exxon being critical of drilling restrictions or Google evincing opinions about the continued legality of enumerating people's home wifi access points.
If you're building a tool that can be used as a Muslim registry (Facebook), and the president's stated goal is a Muslim registry, silence speaks volumes.
In a dating site religion is an important feature for users. If people don't want this data collected then they should not provide the data, it's that simple.
"The 0.5% increase in engagement after the A/B test result is making the world a better place." <-- that's not enough anymore, a programmer's employer has to be taking a stand for something now. Not anything that would harm revenue. Something that is meaningful to tech types, like net neutrality.
The point of calling out this particular law in North Carolina is that this law claims to not be discriminatory, but it actually is. A generic policy requires interpretations.
But to be relevant to this thread, is this "politics" that a company should avoid?
On some level it is political of course, but only on the pedantic reductionist level of "everything is a political statement". If you want to go down that route, fine, but I won't be joining you.
Consider making this a first-class effort.
If the law changes such that companies can be compelled to hand over information that would be unethical to hand over, the pledge should require that companies stop collecting that information and delete what they already have. If there are countries that have existing laws that would permit them to insist on handing over information that would be unethical to provide, the pledge should require that companies cease doing business in those countries.
Right now this is simply a pledge not to engage in reprehensible behaviour. We shouldn't be providing rewards or encouragement not to act in reprehensible ways. We should be encouraging people to do better than the socially acceptable bare minimum. A pledge should be a promise to go above and beyond, and this is nothing of the sort.
Similarly, the way in which "Legal Immigration" is highlighted seems to ignore the number of lower wage, undocumented workers within the service sector that is a part of the operations of these tech companies. Why not support all immigrants in their operations who are facing persecution?
"Provide support", and not just "support"? So a startup that isn't actively involved in efforts around keeping the DACA policy would be breaking this pledge? This seems to only make sense for giant companies.
Pass an actual labor law or gtfo on this indentured servitude you execs are so addicted to. Pay equivalent wages and allow imported labor to change employers or GET THE FUCK OUTTA HERE! (Sorry to cuss, but I've got real hatred for the self-serving progressive leaders who profit so much from cheap imported labor.)
I'm guessing that this is just a temporary page that will be replaced once you have developed the final version of the the pledge. If that is NOT the case, then may I suggest that "May 2nd" be changed to "May 2nd, 2017"?