Dear Dunstan and Leslie, As you know, Electronic Frontier Foundation has participated in the development of these principles since its beginnings in early 2006. Since then, thanks in great part to your tireless work as facilitators, much progress has been made. To honor the achievement of this final agreement and show our commitment to ensuring that all Internet companies recognize the importance of protecting civil liberties globally, EFF wishes to sign on to the agreed documents. We will continue to participate in the ongoing process. We do so while maintaining that there are key omissions in the principles, implementation guidelines, and the description of the governance of the watchdog organization that will oversee this agreement. We will continue to work together with our fellow participants to address these concerns, some of which we list below: * Even when the signed principles and the accompanying implementation guidelines are fully adhered to and enforced, companies are still not obligated to inform Internet users of the storage location of personal data, and from where it is accessible. To protect their own rights in a meaningful way, Internet users need to know the location of personal data and whether it can be obtained by state actors. Without this knowledge, they cannot make informed choices about where their privacy may be protected by stronger legal safeguards or a neutral political environment. * Participating companies have not yet accepted a fundamental commitment to inform users when a company hands over their information to agents of government and law enforcement. It is EFF's strongly-held belief that such knowledge is a vital part of limiting the abuse of human rights in all countries, and that this value should be reflected in principle and in practice. * The role of technological design in implementing values of free speech and privacy in products and protocols is significant, and we regret that companies did not give a more specific and binding commitment to provide support in this area. * The value of the independent assessors' review of participating companies' internal practices and in turn, the usefulness of the Organization’s best practice recommendations in its annual report, depends on untrammeled access to all relevant company documents. We are concerned that companies, in their sole discretion, can choose to withhold information from assessors that may be very material to independent assessors’ review and thereby undermine the principle of transparency that is the keystone of this enterprise. The organization will need to be vigilant in its oversight of the second phase assessments to provide guidelines to minimize this risk. * While we recognize the good will of the present management of companies, we are troubled by the lack of assurance in the governance documents that the evident loopholes for evading oversight will not be exploited by participants and governments that may not be as committed to this agreementin the future. As long as companies select their own assessors, as they do in the current governance document, we believe the independence of the investigator from the company's short term interest could be compromised. We are also concerned that the included provision for initiatives that "seek to identify, prevent and limit access to illegal online activity" could be misused in part to trump the obligations of this agreement and therefore undermine the spirit of the agreement as a whole. No statement is perfect, and we commend the companies that have not only taken this important step towards embedding civil liberties protections in the infrastructure of our digitally networked environment, but also acknowledged that it must be done in cooperation with activists, academics, investors and their own competitors. We look forward to collaborating with all parties to build improved defenses, evolving from this bedrock agreement. Best wishes, Danny O'Brien, Electronic Frontier Foundation