Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Policies Are Great — For PhDs

Posted by CmdrTaco on from the they-have-many-advanced-degrees dept.

An anonymous reader writes "Major Internet companies say that they inform their customers about privacy issues through specially written policies. What they don't say is that more often than not consumers would need college undergraduate educations or higher to easily wade through the verbiage. BNET looked at 20-some-odd privacy policies from Internet companies that received letters from the House about privacy practices. The easiest to read policy came from Yahoo, at a roughly 12th grade level. Most difficult? Insight Communications, which at a level of over 20 years of eduction officially puts it onto IRS Code territory."

15 of 161 comments (clear)

  1. It's Quite Obvious Why They're At This Level by eldavojohn · · Score: 5, Insightful

    Well--and this is all from the prospective of a geography ignorant non-lawyer American--the fact is that most policies are in place to avoid confusion. Ah, who am I kidding, they're there so nobody sues the hell out of anyone else. And a policy is there to stop the worst kind of lawsuits: class action. I'm sure you would notice this if you did the same analysis of other policies--like healthcare, dental or auto insurance policies. Yes, your health and your automobile might seem more important than your privacy but the United States Justice system (is supposed to--like in the NYTimes article) stop companies from swindling any of those.

    And there's not a lot you can do about this, we're going to want to sue the pants off a bastard company if suddenly our name and address is being traded on a disc with 50,000 others on the black market. So they write these policies to be air tight and they use terms that have legal connotations because I'm sure the only time these things are scrutinized are in court anyway. And the second you take away that level of granularity, I'm sure you see yourself as a company open up to lawsuits.

    --
    My work here is dung.
    1. Re:It's Quite Obvious Why They're At This Level by houghi · · Score: 4, Insightful

      a policy is there to stop the worst kind of lawsuits

      And that explains who the EULA is written for. It is is not written for Joe Sixpack. It is not for the user. It is to be used in lawsuits. This means it is written for the people who work with the law, lawers.

      And those are the people who write them, because they are also the people who they are intended for.

      Also often I see a lot of copy and paste. Especially on the bullshit attachments they put under an email.

      In some countries an EULA is not even legal and most of them are written for US law. Well, many countries have different laws and if you don't like that, then you should not make the software available there from your website.

      Then there is the fact that an EULA is not available in the language(s) of the country.

      Yeah, it is a bitch that you should make the EULA available for all those laws, languages and countries, so cry me a river.

      --
      Don't fight for your country, if your country does not fight for you.
    2. Re:It's Quite Obvious Why They're At This Level by F�an�ro · · Score: 4, Insightful

      So we need some standardisation for EULAs, just like foods must list their ingredients in some standard way.

      Analyze the available EULAs, 90% of it boils probably down to the same few terms.
      Make a list of these terms, label each with a descriptive short name, and maybe a symbol.
      Then make a regulation that companies must use those labels if they want to describe terms equivalent to those labels in their EULA.

      Every year, make a survey of EULAs to find parts that are not covered by any existing label to find wich new labels need to be added to the system.

      Discourage companies from using terms not covered by labels, for example by a tax.

      If this leads to mass lawsuits, fix the laws.

  2. One thing I've learned.... by gardyloo · · Score: 4, Funny

    ... in my over-20 years of education, is that some things just aren't worth reading.

    1. Re:One thing I've learned.... by MyLongNickName · · Score: 4, Funny

      and you visit Slashdot anyway.

      --
      See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  3. Re:Word length by oldspewey · · Score: 5, Funny

    Who has time to read 5000 words?

    You just need to break the task down and come up with a manageable work plan - if you tackle 5 words a day, you'll be done in less than 3 years.

    --
    If libertarians are so opposed to effective government, why don't they all move to Somalia?
  4. Re:Word length by click2005 · · Score: 4, Funny

    Yeah, couldn't they just do it as 5 pictures?

    --
    I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
  5. Privacy issue by 140Mandak262Jamuna · · Score: 4, Interesting
    This company is jockeying to become a social website by allowing its registered users to construct their family trees. The idea seems to be once a vast tree is created the users will be able to find their rich and famous relatives etc. I could imagine this being a very useful service to many people. One of my relatives added my name to his tree and geni created an account in my name and added me to the tree and notified me about it. The email had options to opt out of more spam from them. I had a talk with my relative and expressed my concern about adding vast quantities of private info about our lives to a searchable, indexable database owned by some for-profit company over which we have absolutely no control. As it is the net has so much of our public information. Why compound the problem by adding our private information as well?

    Looks like it had an impact and my relative decided to close his account and destroy the tree. But geni claims they need my permission to destroy my account. Is it reasonable for a company that bribes its users with free family tree service in exchange for private info about people to follow a opt-out policy? Shouldn't they be required to notify me and get my consent before they add my name? I have received invites from other social networking sites, but they all require me to create an account first. If I ignore the email, I hope, they would not add me to their databases. Probably they will just sell my email address to spammers and stop with that.

    I believe there is neither a technological or legal solution to this problem. A new geni.com could easily be run by Russian mafia outside US borders and thumb their noses at us. I think the only solution is social. They are using social engineering to pry private info from the public by offering some service or the other for free. We need to educate the public about the implications of succumbing to the temptations by them. Today if I set up a stand in a fairground and ask people to give the names, addresses and phone numbers of their relatives and friends in exchange for small token gifts the response would not be overwhelming. Somehow people believe it is wrong to tell strangers such information. But set up the same stand in the internet and people are punching in the email addresses of their friends and relatives like gangbusters. What would it take to educate the public about the menace to privacy these companies pose?

    I did my best. I pointed out the liability issues the company has like some stalker tracking down someone hiding in a relative's home or identity thieves making use of the mother's maiden names data etc. Told the company that they must disclose their liability to their investors and to anyone they are trying to sell to. Made it official and made it difficult for the company officers to claim later, "We never anticipated that development". If we keep raising the liability issue with these companies, may be we can get their venture capital to dry up. Just a thought.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  6. From a lawyer's perspective... by imyy4u3 · · Score: 5, Insightful
    I really don't see the point in these privacy policies. They are written in the most boring, impossible-to-comprehend way in the hopes that no one will actually take the time to figure out what the policy is. Because let's face it, if everyone knew that Slashdot's privacy policy allows them to sell your email address and first born child (just kidding!), no one would sign up on the site. So companies word these statements in a way that discourages anyone from reading them, yet still covers their ass if they get sued.

    I really think something needs to be done about this, because 99.9% of people don't read lengthy EULAs and privacy policies simply because they are too long, boring, and difficult to understand, yet we are agreeing to conditions we probably would never agree to if we knew about them. Perhaps a law stating that the policies must be written at a sixth grade level, use small and non-legal words wherever possible, and come with a 1-page summary of the major rights. I think that would be a fantastic idea.

    1. Re:From a lawyer's perspective... by cfulmer · · Score: 4, Insightful

      They're mandated by the Children's Online Privacy Protection Act (COPPA).

      There's also no reason for them to be hard to read. See, for example, the FTC's privacy policy: http://www.ftc.gov/ftc/privacy.shtm

      Unfortunately, with Internet T&C, there are a few times where the requirements to be legally binding are at odds with being readable to the layman. For example, if you want to disclaim the implied warranty of merchantability, you generally need to put that disclaimer in all-caps and specifically mention that warranty. But, "Warranty of Merchantability" is really a term of art, and a lay person may not understand what it means.

      But, absent those times, the fact that a websites T&C are hard to read is really a problem with the lawyer not drafting them for the appropriate audience. Sometimes that comes from the site operator, who doesn't want to be billed for the extra legal time.

      That said, I'm not a big fan of your suggested law -- that's a lot of money spent on documents that nobody really reads. More often than not a typical user who slogged through the T&C will conclude "Yeah, that's about what I expected."

      Funny story: my kid signed up for the Ty Beanie Baby on-line service. At the end of the sign-in process (which was clearly intended for children to read), there was a cartoon character that said "Be sure to read the terms and conditions and click accept!" The T&C were in a separate scrolling 4-line text box, and was written in absurd legalese. I have no idea how Ty things that's going to be binding.

  7. Dubious measure. by ledow · · Score: 5, Interesting

    I don't believe it for a second - the measures used are dubious at best (try the Word readability macros and see for yourself - they do Fleisch-Kincaid scores too). At minimum, they have to be used properly. For instance, the single word text "communication" is so unutterably high on all the indices that it skews the results completely. And the text of Alice in Wonderland on Project Gutenberg scored:

    Coleman Liau index : 28.19
    Flesh Kincaid Grade level : 11.95
    ARI (Automated Readability Index) : 21.61
    SMOG : 11.68

    So that's a hefty margin of error, removes all use of any average and says that you have to be a virtual genius to read Alice in Wonderland, or a 11th-grader. Mmm. Yes. Accurate measure.

    1. Re:Dubious measure. by ledow · · Score: 5, Informative

      I did - with several PG texts. Alice shows the most "variability" of the ones I tried between the different scores. Are these same grading schemes designed to cope with pages of numbered T&C's? I don't know. The point is that the measures are useless unless used under certain conditions and no effort has been made to ensure those conditions were met.

      It's a poor application of what are basically statistical formulae on the lengths of certain words. What if the ISP's name was "BT" compared to "International Communications"? What if one ISP uses the "hereafter referred to as THE COMPANY" trick and one states the company name each time? It's a totally bogus measure. I could easily form any conclusion I felt like by playing with this "experiment" and it would be hard to argue against it without a basic knowledge of statistics. However, the article's approach is completely rubbish and anyone who looks at what those grades measure can see it's a waste of time.

      That said, most ISP T&C's don't follow the "plain English" doctrine more than "we use long words". They HAVE to use long words, the technical descriptions demand it most of the time. I could reword any of those T&C's to be MORE difficult to understand, despite being perfect English, and get a lower reading score.

      If you're gonna quote numbers about something, know what the numbers mean and how they apply.

  8. Writing quality... by cbiltcliffe · · Score: 4, Funny

    Insight Communications, which at a level of over 20 years of eduction officially puts it onto IRS Code territory.

    Slashdot, on the other hand, is sitting somewhere around a grade 3 level.... :)

    --
    "City hall" in German is "Rathaus" Kinda explains a few things......
  9. BIG NEWS!!! by qoncept · · Score: 4, Insightful

    Are these privacy policies any more difficult to read than the rules to McDonalds' annual Monopoly game? Come on, they are worded in a way so as to protect the company posting them, not to genuinely inform their customers.

    --
    Whale
  10. Re:Word length by sm62704 · · Score: 5, Insightful

    Actually, in most case (although not a legal document, even an illegal legal document like a EULA) the lower the education level needed to read, the more intelligent the writer.

    For example, Isaac Asimov's books are written at roughly an eighth grade level, and his nonfiction still managed to educate intelligent, learned people. He was actually called "the great educator". Dr. Asimov held a PhD in biochemistry and taught and did research at (IIRC) Boston University. Asimov was a very intelligent man with a great imagination, and was one hell of a writer.

    OTOH I read a paper once by some dimwit PhD who used the word "enumerate" five times in a single paragraph without once using the word "count". Writing like this is intended to obfuscate rather than illuminate, and its sole purpose is usually to impress you with how intelligent the moron is.

    In a EULA the obfuscation's purpose is obviously to make you think the damned people won't use your personal information when in fact it actually says the opposite. These people are just slimy.

    The thesaurus entry for obfuscate says bewilder, blur, cloud, confuse, darken, dim, garble, hide, muddle, obscure, perplex, puzzle. None are exact synonyms, so sorry; I'm not smart enough to convey this information well.

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest