<link rel="stylesheet" type="text/css" href="https://newamericadotorg-static.s3.amazonaws.com/static/css/newamericadotorg.min.css"></link>

Getting Internet Companies To Do The Right Thing

Introducing the "Do the Right Thing" Project

For advocates seeking to protect the privacy and security of internet users, one of the most powerful levers for change is the internet industry itself. Getting the right companies to flip the right switches or make the right policy and design decisions—to do the right thing when it comes to protecting their users—can have a positive impact on hundreds of millions or even billions of people. Which naturally raises the question...

How do you get companies to do the right thing?

What are the conditions that most often can push companies’ to do the right thing? What are the signs that signal an opportunity for advocates to focus more pressure on a particular issue? What are the different factors that play into the companies’ decisions, and what are the different kinds of influence that can be leveraged?

We sought to answer these questions by developing case studies looking at the history of three different positive privacy and security practices, and mapping the timeline over which those three practices went from something no one did, to something one company did, to it becoming a best practice that a few companies did, to it becoming a standard practice that almost all of the major companies implemented.

The three privacy & security practices that are the subject of our case studies:

  • Using transit encryption by default to shield data sent between a company’s site and its users, or between data centers or mail servers, in order to better protect the privacy and integrity of users’ data;

  • Offering two-factor authentication (2FA) tools to users to help prevent users’ accounts from getting broken into, even if their password is stolen or easily guessed;

  • Issuing transparency reports to educate policymakers and the public about the extent of government demands for the handover of user data or the takedown of user content.

Each case study is in the form of a graphical timeline that maps key developments over the years that either reflected or helped spur the growing adoption of each practice, accompanied by a prefatory narrative to introduce some basic information about the practice and the key factors that influenced its implementation over time. You can see those timelines now by following the links above or below, or start here with the key lessons from the three timelines.



Key Lessons

Case Study #1: Using Transit Encryption by Default

Case Study #2: Offering Two-Factor Authentication

Case Study #3: Transparency Reporting