“The biggest lie on the web”

Is that text big enough for you?

Is that text big enough for you?

Introduction

Terms of service agreements are in need of a redesign. In all our literate years (50 between us) we have never read an entire terms of service agreement. They are long, dry, uninteresting and — usually — formatted in ways that are uncomfortable to read. Furthermore, the more controversial, and therefore more interesting, terms can be hidden deep in the text, as in this example of the Gmail terms cited by Raul et al, which one MUST agree to before being permitted to use the product: “On the 193rd line, the terms note that Google may ‘‘reproduce, adapt, modify, translate, publish, publicly perform, publicly display, and distribute any content which [the user] submit[s],’’ with a ‘‘perpetual, irrevocable, worldwide [and] royalty-free’’ license.” We can see how conspicuously placed terms are one major problem with current TOS design.

Real users don’t read the terms

Raul et al, with a palpable mix of terror and outrage, write of the Sears case that “this proposed settlement would first and foremost set a precedent that material is ineffectively disclosed if it is merely included in a standard length privacy policy.” This may be a radical realignment in regulatory terms, but to the end user it just sounds like common sense. The idea that any lay person actually reads the legalese in website privacy policies or software terms of service is commonly regarded as a joke.

Whether or not you have read an agreement before expressly consenting to it is almost always irrelevant in the eyes of the law. It may even be essentially impossible to read the terms of a software purchase before making the purchase. Take the the “shrinkrwap” licenses discussed in the ProCD case, where the court says “notice on the outside, terms on the inside, and a right to return the software for a refund if the terms are unacceptable … may be a means of doing business valuable to buyers and sellers alike.”

The court approvingly cites Allan Farnsworth’s assertion that the standardized contracts that enable such arrangements “are essential to a system of mass production and distribution. Scarce and costly time and skill can be devoted to a class of transactions rather than the details of individual transactions.” The savings of “skilled time” is due to the expectation that nobody is actually going to read these contracts. Rather, consent is based mostly on the end user’s level of trust and assumptions that surely some informed lawyers have made sure the details are reasonably fair and acceptable.

The result is that the terms of a software license can be considered “disclosed” as long as they are included in a document that is never intended to be read. This may be legally sound, but in today’s data landscape it seems increasingly out of touch with reality.

Raul et al point out that the courts may intervene to invalidate the terms of unread, standardized contracts “where there is a disparity of relative bargaining power between the parties,” and the stronger party takes advantage of the weaker party’s ignorance to slip in some onerous provisions. Critics of the notice-and-consent framework online might argue that web users are faced with just such a power imbalance, one so extreme that it renders the notice-and-consent framework insufficient to protect them. In a blog post praising the Sears settlement, the Center for Democracy and Technology concludes that “the FTC has said that consumers are harmed by privacy invasions in and of themselves. Companies have no right to surreptitiously spy on consumers – even if they are willing to pay consumers for the privilege.”

The UX of TOS

Source: ToS;DR

The CDT warns that far more work needs to be done to increase the fairness of privacy disclosures and other ToS provisions. One problem that we have recognized is that the the “standardization” of these contracts refers only to the verbose and specific legal language that is carefully calculated to protect the service provider against lawsuits. There is a lack of accompanying design standards for ToS pages to promote clarity, readability, and ease of identifying key provisions. Indeed, the typical user interface design of ToS pages that we are all familiar with — tiny text, cramped reading windows, pagination that emphasizes how massively long the documents are —  suggests that ToS pages are designed not to be read.

In the Sears case, as the FTC’s David Vladeck told The New York Times in 2009, regulators came to the same conclusion — and they decided to do something about it. “Disclosures are now written by lawyers,” Vladeck said. “I don’t think they’re written principally to communicate information… in the face of these kinds of quote disclosures, I’m not sure that consent really reflects a volitional, knowing act.”

One interesting solution to this design deficiency is the activist Terms of Service; Didn’t Read project, which offers this mission statement: “‘I have read and agree to the Terms’ is the biggest lie on the web. We aim to fix that.”

ToS;DR Project Lead Hugo Roy says the system is “deeply broken” because the policy documents are excessively long, hard to read, and incomprehensibly complex because of all the third-party relationships they implicate. On top of that, he adds, they are often subject to frequent change without notice.

The solution advanced by ToS;DR puts a premium on at-a-glance digestibility, since the typical user experience on a ToS page is to quickly click through to the next page anyway. ToS;DR boils the license agreements and privacy policies of popular web services down to a handful of salient bullet points and assigns each point and the overall service a fairness score, highlighting positive and negative ratings with colorful “thumbs up” and “thumbs down” icons. These short summaries and colored icons support clear communication of the positive and negative terms that are most relevant to end users.

ToS;DR

ToS;DR

Conclusion

Herein we have laid forth issues that deter consumers from reading and understanding the legal contracts that they are entering into upon purchase or installation of products or software. The increasing connectedness of the modern world will only increase the complexity of service terms, and new innovations will continue to create novel threats to data privacy. The FTC owes the public long-overdue overhaul of ToS formatting and design guidelines. They should take a page out the the FDA’s playbook, who recently invested in a redesign of nutrition labels on products, a change that values an informed consumer.

— by Ian MacFarland and Shaun Giudici