
The Tech Pledge - sama
https://thetechpledge.com
======
abstractbeliefs
While I like the idea of a tech pledge to identify what Right is, and then do
the Right Thing, I can't help but feel that this particular implementation is
extremely narrow in how it was designed and how it ended up scoped out.

It seems very specifically about managing how the US govt. has interacted with
specific companies holding user data, and also the current trends expressed by
Trump regarding immigration.

These are both important issues, but it's hardly what I'd consider _The_ Tech
Pledge, being so narrow. I'd love to see a version that talks about, say,
security practices, and endeavoring to put consumer privacy above business
needs.

~~~
ocdtrekkie
Yeah, this has been specifically tailored so that people at companies like
Facebook and Google can sign it. Things like... not being able to ad-target
depressed youth (ex. Facebook in Australia), not paying to fabricate
"independent" academic studies that claim you aren't violating antitrust law
(Google's Joshua Wright), or operating software explicitly designed to help
your service avoid government regulators from being able to find it (ex.
Uber's Greyball), or other similarly immoral actions of Silicon Valley today
clearly aren't covered here.

This appears solely based on how tech companies should deal with the
government, not themselves.

~~~
tptacek
Employees at Google outnumber those of any other company on the
NeverAgain.tech pledge. I don't know what Google's _management_ can sign, but
Google's rank and file broadly opposes turning over big data to the DOJ, or
assisting in mass deportation. Obviously, the YC pledge is weak sauce compared
to what NeverAgain says: no matter what legal process is involved, NeverAgain
signatories pledge to leave a job that involves helping mass deportation.

I think we shouldn't care about what Google's management thinks, but rather
focus our attention on getting some pledges written that the rank and file can
sign on to. If even 1/5th of the engineers at a company publicly pledge to
something, their employers can't ignore it.

~~~
ocdtrekkie
I'm not seeing how your comment addresses my point. The neveragain.tech pledge
_does_ have a very vague term about "misuse of data that's illegal or
unethical", but the majority of that pledge also refers very specifically to
government overreach. It was in response to questions about if any of the
companies would help Trump create a database of Muslims, and cites a variety
of examples that all are about government abuses and overreaches that involved
technology to implement.

While agree with the statement others have made that neveragain.tech has a
_stronger_ pledge, I still don't feel it has much to do with extremely
unethical practices in the companies themselves so much as insisting those
companies don't help the government with it's unethical practices. If an
employer is reading these pledges and taking note, they're going to see that
they should resist government actions to use their data, not that they should
make any consideration how they use that data themselves.

~~~
tptacek
I may have misread your comment; the subtext I got from yours was that the YC
Pledge had been watered down to make it possible for Google to sign on to it,
and I just wanted to say that the (much stronger) NeverAgain.tech pledge got a
surprising amount of Google support, including from pretty senior people at
Google.

If you weren't implying that NeverAgain.tech needed to be watered down to make
it palatable to Google, my comment indeed wasn't responsive to yours. Sorry!

------
tptacek
A reminder:

It's nice if your company commits to something. But what's vital is that _you_
commit to things, and that you _organize around those commitments_. As a
profession, we have to stop looking to management and owners to own the ethics
and conditions of our work.

Things like this are fine, but don't lose sight of where the real power is.
It's the strongest market for tech talent I've seen in my entire career. Your
company cannot survive without people like you. Don't ask them to do things.
Organize with your peers and _demand_. You'll win, a lot of the time, and your
wins will be durable.

This pledge is pretty clearly a response to NeverAgain.tech (look at the
issues it cares about). NeverAgain.tech is about what _members of our
profession commit to doing_ ; that pledge doesn't give a damn what companies
say, because if employers contravene the pledge, the signatories have pledged
to leave as soon as possible. That's meaningful. This is window dressing.

~~~
angersock
Note in particular the utter lack of anything that actually benefits us, the
developers:

    
    
      * No protections on moonlighting
      * No mention of fair equity for work by early engineers
      * No condemnation of clawbacks of equity
      * No whistleblower protection
      * No comments on diversity or discrimination
      * No comments on harassment
      * No comments on reasonable workloads/workweeks
      * No comments on allowing remote work or helping remote workers
    

Make no mistake folks: this "pledge" does basically nothing to help you. Look
out for your own interests.

Further, it doesn't even have the balls to stand up and say "We won't do evil
things like give away user data to government agencies" and instead goes for
the much easier "well if the paperwork is okay we'll sell out the users i
guess".

This isn't worth the bytes it spent getting to you.

~~~
bermanoid
Do you _really_ think any company could or should publicly commit to refuse to
comply with valid court orders?

I'm all for strengthening the language and adding teeth to these demands, but
we've got to be realistic here. A US corporation declaring blanket refusal to
cooperate with the US government is not realistic.

~~~
tptacek
I think it's not the kind of question that's best asked of companies.
Companies should commit _not to collect abusable data in the first place_.

Employees, on the other hand, can in fact pledge not to assist the DOJ, even
if "correct process" is used. If enough of them pledge that, companies will
have to adjust their retention practices, lest their data function as a time
bomb waiting to blow their teams up.

I think if you're going to mirror NeverAgain.tech, don't water it down. But
the bigger issue is: stop looking to companies to make promises. People
promise. Companies can only posture.

~~~
bermanoid
Ok, but given the starting premise, "what's a pledge that we can coerce
companies into signing?", what would you shoot for, instead?

To me, the bit where companies would need to agree to not implement backdoors
into encryption protocols is actually pretty meaningful. You know that the
evil shitfuck companies like Palantir are not going to sign on with that
clause in place, but they weren't going to listen, anyways.

If Facebook signs on, though, it could actually be a toothy, verifiable
commitment.

------
mjg59
> We will only provide individual user data to governments under correct legal
> process.

If the law changes such that companies can be compelled to hand over
information that would be unethical to hand over, the pledge should require
that companies stop collecting that information and delete what they already
have. If there are countries that have existing laws that would permit them to
insist on handing over information that would be unethical to provide, the
pledge should require that companies cease doing business in those countries.

Right now this is simply a pledge not to engage in reprehensible behaviour. We
shouldn't be providing rewards or encouragement not to act in reprehensible
ways. We should be encouraging people to do _better_ than the socially
acceptable bare minimum. A pledge should be a promise to go above and beyond,
and this is nothing of the sort.

------
ThrustVectoring
The principle of least privilege seems very applicable to keeping user data
secure from the government. You cannot hand over data that you do not have. If
your business model requires collecting data that would not be conscionable to
hand over to the government upon demand, you should seriously reconsider your
business model.

I'd strongly prefer something based off that rather than the actual pledge.
It's fairly easy to lose a legal defense, go back on your pledge to produce a
legal defense, or change owners to one not bound by the pledge. It's much more
difficult to retroactively collect data.

~~~
lazaroclapp
> If your business model requires collecting data that would not be
> conscionable to hand over to the government upon demand, you should
> seriously reconsider your business model.

This is not reasonable in many cases, though. It is surprisingly hard to build
many useful services on top of strong zero-knowledge crypto and have them
operate in the real world where things like users forgetting their credentials
are common occurrences that consumers expect you to be able to recover from.
It is also actually impossible to do so when part of the service happens in
the physical world (e-commerce, car dispatching apps, etc). In practice, until
we solve a few long standing security and HCI problems, I can't envision a
world where a large set of private parties doesn't know more about me,
collectively, than what I would be comfortable with a hostile enforcement
agency knowing and correlating in a single place.

Don't get me wrong, I think there is a lot of value in being mindful of which
data we are collecting, why and if we can get away with building our software
so that we do not need that data. I also think keeping infinite records just
because "big data will make them useful in time" ignores the 'toxicity' of
huge troves of private data laying around. But even in a world where every
company takes extraordinary data handling measures, even against market
incentives, I still would want the companies to be very careful about sharing
the data they did absolutely need to collect...

------
mjg59
Why is this so much weaker than
[http://neveragain.tech/](http://neveragain.tech/) ?

~~~
williamsmj
Given neveragain exists and has thousands of signatures (many from employees
at YC companies) and prominent media coverage, it's impossible not to conclude
that the the glib vagueness of "The" tech pledge is deliberate.

~~~
tptacek
It's really weird, isn't it? NeverAgain is a pledge based on data collection
and mass deportation. "The Tech Pledge" is essentially a pledge to provide
large-scale data to the government, so long as the "correct" process is
followed, and to defend the rights of immigrants who happen to work for tech
companies.

The connection between the two pledges is pretty unmistakable, so much so that
you can read comments on this thread about how random the two issues in The
Tech Pledge sound.

Super weird.

------
rhapsodic
I don't know why this pledge has to take a position on immigration policy.

A flood of low-skilled, poorly educated immigrants definitely helps the rich
who don't mow their own lawns or make their own beds, and corporations who
benefit from the wage-suppressing effects of a huge surplus low-skilled and
poorly educated workers. But it hurts American citizens who are themselves
low-skilled and poorly educated.

I know it's not a popular opinion here, but I happen to think that US
immigration policy should be crafted solely on what is in the US's best
interests. Allowing highly-skilled and highly educated people in helps the
country, but I don't really see how allowing a flood of low-skilled immigrants
in helps the country in the larger picture. I understand how it does from the
Adam Smith/Milton Friedman perspective, but I don't think that benefit
justifies the harm done to the most vulnerable workers (or would-be workers)
who are citizens and taxpayers and in many cases veterans of our military.

~~~
tchaffee
While I am pro immigration and pro freedom of movement in general (so I mostly
disagree with your stance in general), I can't deny that the current
immigration rules have been mostly to the benefit of making tech company
owners richer by hiring highly skilled people at indentured servitude wages.
Truly free markets would allow immigrants to change employer at will. Suffice
it to say that this issue is controversial enough that it doesn't belong in a
simple code of ethics. We agree on that.

------
pjmorris
My software engineering professor had us read the ACM [0] and IEEE [1] ethics
codes. I vastly prefer the IEEE code (they both read like they were written by
committees, but IEEE seems like it was addressed to a professional engineer,
and ACM seems like it was written to a corporate drone.) Either one of the
codes is significantly more thorough than the pledge, which seems focused on a
few current issues, making it eventually irrelevant independent of whether its
goals are achieved.

[0] [http://ethics.acm.org/code-of-ethics/software-engineering-
co...](http://ethics.acm.org/code-of-ethics/software-engineering-code/) [1]
[http://www.ieee.org/about/corporate/governance/p7-8.html](http://www.ieee.org/about/corporate/governance/p7-8.html)

------
nostrademons
Many of these pledges require potentially expensive legal defense against the
U.S. government. Will YCombinator commit to providing funding for the legal
work committed to here? For their own portfolio companies only, or for any
early-stage startup that finds themselves in the position of "sell out our
users, or go bankrupt"?

------
CM30
It's a nice idea, and if people actually agreed to it, things could actually
change for the better in the tech industry. However here's the issue:

Only a small percentage of people in the tech world care about this stuff.

It sucks I know. But it's true. The vast majority of people out there simply
want a paycheck and don't really care how they get it. As a result this means
that anyone who does agree to the pledge will most likely be sacked in favour
of the person who doesn't. And there are millions of people in tech who will
throw everything and everyone under the bus as long as management says so and
the money ends up on the table.

So how do you solve this? Well, good question. In a lot of fields, they solve
it by either requiring accreditation or a union membership or god knows what
else, which causes those who go against what's seen as 'ethical' in their
field to have a very hard time finding new jobs afterwards.

That's not really a likely thing for the tech world, and I don't think most
people would want it to be. But as a result, it means pledges like this are
pretty much useless at the moment.

------
steven777400
Pledge 1 and 2 seem strangely distinct. It's odd to request someone to commit
to both. Pledge #1 seems like basic ethics of technical practice, but pledge
#2 is a specific position on a specific current political issue.

~~~
tptacek
It's a reaction to the NeverAgain.tech pledge, which is employee-centered, not
company-centered.

------
andreyf
A tech pledge to support user privacy which ignores the risk and market
dynamics of security breaches? The mind boggles...

How about dedicating resources to making sure everyone upgrades their devices,
patches security vulns on internet-facing servers, uses password managers,
etc?

How about at the very least asking "if we suffered a breach, how would we
know?". Because ethics aside, there seems little incentive for startups to
worry about it.

------
CPLX
I think this is amazing, and the premise of it, which is to recognize the
unprecedented power that is pooling in the tech sector and the
responsibilities that come with it, is highly laudable.

With that said, the fact that there's no reference to the greatest problem
facing our society, income inequality, is highly noticeable.

A pledge by tech companies to respect the rights of workers would actually be
something notable and daring.

------
tzs
> We'd like to invite comments on this for a two week period, starting today,
> May 2nd.

I'm guessing that this is just a temporary page that will be replaced once you
have developed the final version of the the pledge. If that is _NOT_ the case,
then may I suggest that "May 2nd" be changed to "May 2nd, 2017"?

------
codingdave
"The Tech Pledge" is way too generic of a name for what this is. Be specific
enough that it piques people's interest. Otherwise it is just poor branding.
(And branding does matter on grass roots efforts, not just corporate efforts.)

------
lacampbell
How about a pledge to keep politics out of the work place? I am very tired of
people dropping subtle and not so subtle hints about the strong political
views they have in professional environments.

~~~
greglindahl
Let's say that I work at a company that has employees who are married gay
people, and also a few transgender employees. What is politics in that case?

~~~
lacampbell
I don't find the presence of married gay or transgender people to be an overt
political statement.

On some level it is political of course, but only on the pedantic reductionist
level of "everything is a political statement". If you want to go down that
route, fine, but I won't be joining you.

~~~
greglindahl
I'm trying to figure out whether Google should express opinions about state
laws that unfairly affect their employees... is that "political", according to
this pledge?

~~~
lacampbell
I dunno. Is it political for me to be required to travel to Red China when I'm
an anti-communist? I'm no better equipped than you are to find out where the
line should be drawn.

~~~
greglindahl
The overwhelming majority of Americans agree that China is an authoritarian
state, whereas there's considerable disagreement about gay marriage, despite
the Supreme Court saying it's legal. So I don't think many people would agree
that it's a similar line.

------
zeveb
Placing 'We will provide support to efforts to keep the United States DACA
policy in place' under the heading 'Supporting Legal Immigration' is
misleading: DACA is Deferred Action for Childhood Arrivals, i.e. it is a
policy of tolerance for _illegal_ aliens, not legal immigrants.

Otherwise it seems a reasonably unobjectionable document.

------
sethbannon
I'd suggest a transparency section. Without companies committing to this it'll
be easy for them to sign on publicly but privately act differently.

Something at the end like:

"Transparency: On an ongoing basis, we will offer our employees and our users
reports on how we're fulfilling the above commitments."

------
vinceguidry
I did not know that this was a YC initiative until I read about it in the
comments. Initiatives like this need all the help they can get in order to
stand out above the noise. Everybody's got a manifesto. Only this one has YC
backing.

Consider making this a first-class effort.

~~~
forgotmysn
considering how weak the pledge is, I think it would be more effective to
concentrate efforts on growing neveragain.tech

------
lucasmullens
> We will provide support to efforts

"Provide support", and not just "support"? So a startup that isn't actively
involved in efforts around keeping the DACA policy would be breaking this
pledge? This seems to only make sense for giant companies.

------
EdSharkey
Exactly, DACA's just a policy made with a pen and a phone - it's a legal
phantasm that can easily be dispelled!

Pass an actual labor law or gtfo on this indentured servitude you execs are so
addicted to. Pay equivalent wages and allow imported labor to change employers
or GET THE FUCK OUTTA HERE! (Sorry to cuss, but I've got real hatred for the
self-serving progressive leaders who profit so much from cheap imported
labor.)

------
colinsidoti
Does this pledge deliberately avoid internal matters like employee
wages/benefits, HR dealings, etc?

~~~
jeffreybuchanan
Or what about the benefits and wages of subcontracted service workers? These
are the poverty wage workers on many of these company work sites. Not sure it
falls in line with anyone's values to have the world's richest companies be
relying on poverty wage workers to feed, clean, secure and drive their
employees every day.

Similarly, the way in which "Legal Immigration" is highlighted seems to ignore
the number of lower wage, undocumented workers within the service sector that
is a part of the operations of these tech companies. Why not support all
immigrants in their operations who are facing persecution?

