Slashdot Mirror
Privacy Policies Are Great — For PhDs
An anonymous reader writes "Major Internet companies say that they inform their customers about privacy issues through specially written policies. What they don't say is that more often than not consumers would need college undergraduate educations or higher to easily wade through the verbiage. BNET looked at 20-some-odd privacy policies from Internet companies that received letters from the House about privacy practices. The easiest to read policy came from Yahoo, at a roughly 12th grade level. Most difficult? Insight Communications, which at a level of over 20 years of eduction officially puts it onto IRS Code territory."
Well--and this is all from the prospective of a geography ignorant non-lawyer American--the fact is that most policies are in place to avoid confusion. Ah, who am I kidding, they're there so nobody sues the hell out of anyone else. And a policy is there to stop the worst kind of lawsuits: class action. I'm sure you would notice this if you did the same analysis of other policies--like healthcare, dental or auto insurance policies. Yes, your health and your automobile might seem more important than your privacy but the United States Justice system (is supposed to--like in the NYTimes article) stop companies from swindling any of those.
And there's not a lot you can do about this, we're going to want to sue the pants off a bastard company if suddenly our name and address is being traded on a disc with 50,000 others on the black market. So they write these policies to be air tight and they use terms that have legal connotations because I'm sure the only time these things are scrutinized are in court anyway. And the second you take away that level of granularity, I'm sure you see yourself as a company open up to lawsuits.
My work here is dung.
Yes, but it's 5000 words long. Who has time to read 5000 words?
Commodore64_love: I don't comprehend people who're so frightened of death that they'll bankrupt themselves to stay alive
... in my over-20 years of education, is that some things just aren't worth reading.
eduction!
Looks like it had an impact and my relative decided to close his account and destroy the tree. But geni claims they need my permission to destroy my account. Is it reasonable for a company that bribes its users with free family tree service in exchange for private info about people to follow a opt-out policy? Shouldn't they be required to notify me and get my consent before they add my name? I have received invites from other social networking sites, but they all require me to create an account first. If I ignore the email, I hope, they would not add me to their databases. Probably they will just sell my email address to spammers and stop with that.
I believe there is neither a technological or legal solution to this problem. A new geni.com could easily be run by Russian mafia outside US borders and thumb their noses at us. I think the only solution is social. They are using social engineering to pry private info from the public by offering some service or the other for free. We need to educate the public about the implications of succumbing to the temptations by them. Today if I set up a stand in a fairground and ask people to give the names, addresses and phone numbers of their relatives and friends in exchange for small token gifts the response would not be overwhelming. Somehow people believe it is wrong to tell strangers such information. But set up the same stand in the internet and people are punching in the email addresses of their friends and relatives like gangbusters. What would it take to educate the public about the menace to privacy these companies pose?
I did my best. I pointed out the liability issues the company has like some stalker tracking down someone hiding in a relative's home or identity thieves making use of the mother's maiden names data etc. Told the company that they must disclose their liability to their investors and to anyone they are trying to sell to. Made it official and made it difficult for the company officers to claim later, "We never anticipated that development". If we keep raising the liability issue with these companies, may be we can get their venture capital to dry up. Just a thought.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I really think something needs to be done about this, because 99.9% of people don't read lengthy EULAs and privacy policies simply because they are too long, boring, and difficult to understand, yet we are agreeing to conditions we probably would never agree to if we knew about them. Perhaps a law stating that the policies must be written at a sixth grade level, use small and non-legal words wherever possible, and come with a 1-page summary of the major rights. I think that would be a fantastic idea.
Privacy policies need a PhD to decipher, or just an bachelors? I'd love to run around saying I have a PhD when I only have a bachelors, since clearly nobody cares about the difference...
I Browse at +4 Flamebait
Open Source Sysadmin
I don't believe it for a second - the measures used are dubious at best (try the Word readability macros and see for yourself - they do Fleisch-Kincaid scores too). At minimum, they have to be used properly. For instance, the single word text "communication" is so unutterably high on all the indices that it skews the results completely. And the text of Alice in Wonderland on Project Gutenberg scored:
Coleman Liau index : 28.19
Flesh Kincaid Grade level : 11.95
ARI (Automated Readability Index) : 21.61
SMOG : 11.68
So that's a hefty margin of error, removes all use of any average and says that you have to be a virtual genius to read Alice in Wonderland, or a 11th-grader. Mmm. Yes. Accurate measure.
Insight Communications, which at a level of over 20 years of eduction officially puts it onto IRS Code territory.
Slashdot, on the other hand, is sitting somewhere around a grade 3 level.... :)
"City hall" in German is "Rathaus" Kinda explains a few things......
Um, as far as I can understand, privacy policies are there for legal reasons, written in legalese to give them a quasi-legal basis for defending their policies.
Unless you're a lawyer or have a lawyer present each and every time you agree to a privacy policy (assuming you even agree to it, most are just implied to "work"), then it's basically just embedded, textual bullshit to somehow protect the company from lawsuits.
I seriously doubt that a privacy policy would stand up very well in court, unless the judge is completely in the dark on matters of technology, in which case it's simply a matter of presenting the test case as a physical contract and seeing how it would stand up, or limiting the amount of power a privacy policy holds on a public website.
Disclaimer: IANAL
Once this is taken into account is it any surprise that the vast majority of web users simply click "I agree" to anything they see
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Just use this video as a model. Should be easy enough to understand then.
Are these privacy policies any more difficult to read than the rules to McDonalds' annual Monopoly game? Come on, they are worded in a way so as to protect the company posting them, not to genuinely inform their customers.
Whale
I do drugs so you don't have to.
The GNAA has leaked the soulja boy gay sex tape. Search Google for it now!
That would be a POSTgraduate degree
-- "At Microsoft, quality is job 1.1" -- PC Magazine, Nov. 1994
I knew I was making those student loan payments for SOMETHING.
And, given my experience working with the typical American, it would be impossible to dumb down anything enough for most of them to understand anyway. When I was in college, I took educated friends and co-workers for granted. When I came out into the "real world" it was a bit of culture shock to realize that the vast majority of real people not only don't have college degrees, but also read at about a "See Dick run" level.
SJW: Someone who has run out of real oppression, and has to fake it.
You'd only need a college undergraduate degree to understand these things, according to the description.
So privacy policies are great -- for BS.
The sad thing is, people are complaining the the privacy policies are "too hard" instead of complaining that companies treat customers like idiots everywhere else.
The EULAs from U.S. companies are in plain English. Granted, they may describe details to exhaustion and there are clauses which do not explain why exactly they want this or that.
If you're willing to understand the EULA, you just have to pay attention while you read.
English is not my first language, I don't live in a English-speaking country and, still, I'm able to understand that stuff (no, I don't have a PhD).
You people complain too much.
Certain countries have a really hard legalese language, one which you cannot really understand no matter how good you're at the base language.
Just out of curiosity, I ran Slashdot's privacy policy through the online site linked to in the article. [I selected starting with "SOURCEFORGE, INC. UNITED STATES/EUROPEAN UNION SAFE HARBOR PRIVACY STATEMENT ("PRIVACY STATEMENT")" and ended with "Mountain View, CA 94041".] The results?
:
Number of characters (without spaces) : 19,080.00
Number of words : 3,465.00
Number of sentences : 178.00
Average number of characters per word : 5.51
Average number of syllables per word : 1.90
Average number of words per sentence: 19.47
Indication of the number of years of formal education that a person requires in order to easily understand the text on the first reading
Gunning Fog index : 15.88
Approximate representation of the U.S. grade level needed to comprehend the text
Coleman Liau index : 15.09
Flesh Kincaid Grade level : 14.42
ARI (Automated Readability Index) : 14.24
SMOG : 15.19
Flesch Reading Ease : 26.32
The average of Gunning Fog, Flesh Kincaid, and SMOG indices is 15.16. If you do a scatterplot of lines versus complexity, interestingly Slashdot's policy appears pretty much dead center out of all the policies. Yahoo's is long but not too complex, Qwest and Bright House Networks fall in the short and less complex corner of the plot, and Insight Communications is indeed a bit of an outlier.
Comment removed based on user account deletion
Just read the part that says "No matter what this privacy policy says, we reserve the right to change any part of it in any way at any time without any notice to anyone, and the new policy will automatically and instantly apply to anyone who ever agreed to any other privacy policy we have ever had" and the part that says "we absolutely positively guarantee that we will not share any of your information in any way with anyone ever, except our business partners, which we define as 'anyone who gives us money'".
Every privacy policy I have ever bothered to read contained both of those provisions. With those in place, why bother reading the rest?
Just because their privacy policy might be difficult to understand doesn't mean they don't provide an amazing service. Because they do. (at least where I live)
You have now given another generation of Students For Life a thesis topic for their PhDs.
Rich And Stupid is not so bad as Working For Rich And Stupid.
A year or so ago a man was being sued by M$ for having one copy of XP running on 3 computers (one purchased key). His defence was the EULA was unenforceable since it was only understandable by a lawyer and nobody has a lawyer looking over their shoulder when installing software. His lawyer (go figure) did a masterful job of saying that since the average person could not understand the EULA it was meaningless and unenforceable.
Does anyone know the outcome of that case?
Professional Politicians are not the solution, they ARE the problem.
I think as a rule, if you just educate people that free sites that take personal information are in the business of selling that information, the public would get the drift.
This is my sig.
The language of lawyers is complicated just to be not understood by anyone who is not a lawyer. (And think lawyers language translated to a complicated language like portuguese of my country, is a hell to understood)
Religion: The greatest weapon of mass destruction of all time
privacy policies read at the level of a cambridge philosophy laureate...but the average EULA spells out its rape-doctrine in plain english. guess nobody ever expects to have to defend their privacy policy with much rigour in court.
Good people go to bed earlier.
http://www.insight-com.com/privacy.asp this really isnt THAT hard to read.
guess it should be mentioned the score is coming from online-utility.org
Good people go to bed earlier.
I think you're giving far too much weight to the average college education. There were people in my MBA classes that had maybe a 7th grade reading level...
Interesting results.
Please tell me you cut the legalese of the PG preface from the text before testing it.
I'd rather have someone respond than be modded up.
We value your privacy, but we're going to give or sell your personal information information to anyone who asks. That's what most of them say, especially HPPA and Insurance Privacy Statements.
A privacy policy is a type of contract. Contract law is a two-way street. Each party can assert terms. If Google can assert its legal privacy terms just by publishing them (on something less than its homepage), then maybe Internet users can assert their own terms of privacy protection just by publishing them! --Ben http://hack-igations.blogspot.com/2008/05/google-privacy-policy-terms-of-service.html This idea is not legal advice, just something to discuss.
Benjamin Wright, Dallas, Texas, benjaminwright.us
The other half of this topic, being web privacy and Congress, once again illustrates the fact that our sagacious government leaders are always far behind the times when dealing with these important issues. How many years, for example, did we suffer with telemarketers until the FTC finally implemented the "Do Not Call" list? Web privacy has also long been threatened and only now is Congress expressing a desire to learn more about it. Each of us is again very likely to be continually assaulted for many more years during our on-line wanderings before an effective remedy is finally put into place. I wish that our politicians could remain more on the cutting edge of these issues and act to forestall them in their formative, rather than more mature, stages.
Isn't there some kind of standard text for these things? I mean really, what does one ISP need to have a different policy from another ISP? The same goes for software EULAs.
It confuses customers, suggests at least one of any two differing policies has got it wrong, and it's expensive. Why isn't there a standard policy which has been thoroughly examined but only costs $100 because it's "off the shelf"? Better yet, anything considered "standard industry practice" is a strong legal argument.
If only Slashdot posts were like Privacy Agreements! Then I could edit them, at my discretion, on a later date.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
Most computer hardware comes with EULAs which require understanding of legalese, but at the same time one usually finds couple of silica gel pouches with "DO NOT EAT" printed on them. So who do they think their customer is? An educated mind, capable of understanding EULA or an idiot putting everything in his/her mouth?
I'm a Ph.D. and never bother to read the privacy policies. Life is too short for that. Besides not all Ph.D.s can read.
Sometimes I care enough to use eulalyzer, sometimes I don't (I did not read the eulalyzer eula)
See http://www.javacoolsoftware.com/eulalyzer.html
It would be interesting to see a precident set that if a law (or contract/agreement/whatever) could be deemed to be not-binding if the language used to define it was either above the education level of the defendant/signer, or just above whatever the national average education level is.
While I know that ignorance isn't a defence, mental capacity is, so why not level of education? Just a thought...
--Not to be worried, Pitr fix.
I read the IRS code for a living and I only have 19 years of education,* you insensitive clod!
* K-11th = 12, undergrad = 4, law school = 3
Moral? Bitch up. Tell the fuchwads to write privacy statements at a 7th grade reading level as an adjunct to the necessary legal notices.
[1] No, I don't know if they ran usability studies. Just bite me.
Considering you need a college level education to get a job stacking boxes in warehouses in this age, I don't see this as a problem.
The few people i've seen without such educations usually don't make enough to afford internet.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Unfortunately I think we're wasting a lot of money on a legalist culture, I think we should just have laws that disavow certain kinds of things to be sued for to begin with, and we should remove corporate personhood as well and make the owners liable.
The whole problem is no one takes responsibility for anything, we live in a resonsibilityless culture, both in business and from consumers.
They bad ones harm the good businesses and good consumers in the process. It sucks.
"Speak properly, and in as few words as you can, but always plainly; for the end of speech is not ostentation, but to be understood." -William Penn
From a web site privacy policy:
"If we decide to change our privacy practices, we will post those changes on this page."
In other words, the policy is non-binding on the web site owner - and therefore seems meaningless as a source of protection.
This is one thing I like about free software; one only has to understand a handful of standard licenses to work with a million programs.
When I see, for example, "GPL Version ___", I instantly know what all of the terms are, just from reading those three words.