Getting Internet Companies to Do the Right Thing

[Commentary] New America’s Open Technology Institute has been working on answering this question: how do you get companies to do the right thing? We’ve studied three positive privacy and security practices that have been adopted by internet companies over the years—first by a few companies as an innovative new practice, then as a best practice by more companies, and finally as an established standard practice by most of the industry—so that we could chart the different events and influences that helped make that widespread adoption possible. Our hope was that by looking across several cases, we could identify what types of political, technical, and social interventions were most likely to help spur widespread change at the industry level, and could maybe even provide a roadmap for future advocates to follow.

Specifically, OTI’s new “Do The Right Thing” project has mapped the key milestones along the road to adoption for three major privacy and security practices that have now become standard in the internet industry: (1) publishing transparency reports that detail government demands for user data, (2) encrypting web traffic by default (as of the end of last year, over half of all web traffic is now encrypted!) and (3) offering two-factor authentication (2FA) to better guard your online accounts against unauthorized intruders.