Consumers' Privacy Concerns Not Backed By Their Actions

Ian Barker, writing for BetaNews: A large majority of people say they are concerned about their online privacy, but this is not reflected in their actions according to a new study. The survey from Blue Fountain Media reveals that 90 percent of respondents are very concerned about their internet privacy and 48 percent wish 'more was being done about it.' Yet despite this 60 percent of those polled happily download apps without reading terms and conditions, and close to 20 percent still download apps even when they have read the terms and don't like them. A third of those polled say they would delete an app that tracks their whereabouts, but 50 percent say whether they would do so depends how much they like the app. Interestingly less than 10 percent believe an app that tracks their location is actually useful to them.

D'oh

[NettiWelho]

Yet despite this 60 percent of those polled happily download apps without reading terms and conditions,

Yeah I can't afford to hire a lawyer for 5-9 hours every time I install an app

Re:D'oh

[dgatwood]

Even without a lawyer, the cost of maintaining your privacy is too high these days. Suppose it takes you an hour to read all of the various privacy policies for Facebook in several different places. That's over 2 billion hours spent, just for one app, both when you install it and, potentially, every time they update the privacy policy. That would translate to an economic cost (if you assume U.S. minimum wage) of about $15.5 billion worldwide. Multiply that times the average number of apps that people install plus the average number of websites that people use.

Then, on top of that cost, you have to assume that the least reputable businesses won't actually follow their privacy policy, or will deliberately carve out exceptions that don't sound bad until you see how they use them. If you assume that everyone is behaving ethically, then privacy policies aren't needed, and if you assume that everyone is behaving unethically, then privacy policies do no good.

It doesn't take much effort, then, to understand why the only way to fix this is through laws that require a certain minimum set of privacy rights for every app and website that does business in your country. It's the only way to make it practical to protect your privacy in any meaningful way. That way, as soon as one person notices something wrong, they can get the state to assert their legal rights on behalf of everyone, and companies don't have the ability to carve out exceptions that look reasonable while actually violating your basic rights.

Re:D'oh

[Cajun+Hell]

Yeah I can't afford to hire a lawyer for 5-9 hours every time I install an app

Then you probably shouldn't install the app, don't you think?

That's awful common-sensy. If we replaced "intalling an app" with something a little more dramatic, like "cage diving with great white sharks" or "sky diving in the Himalayas" I think everyone would understand a little better.

"Hey Jim, wanna go diving?" [keeping it vague whether we're talking about in the sky or in the sea]

"Sure, except .. I don't know if I understand all the safety equipment. Seems it would take a while to learn how to use all that, and it looks heavy and inconvenient."

"No problem, just blow off the safety equipment until you have time to figure it out later."

You'd laugh. But if someone agrees to a contract without reading it (and also: runs potentially-hostile unaudited code on their very personal computer), oh no, we don't laugh at that person. No, we pretend they did a sane thing, instead. Surely whatever problems arise as a direct consequence of that conscious choice, are someone else's fault!

Re:D'oh

[null+etc.]

Then you probably shouldn't install the app, don't you think?

That's great advice. Let me go find an Amish community to live in, where the Terms & Conditions are implicit.

Re: D'oh

[CoolDiscoRex]

The 10% are forced to accept what the 90% will tolerate. Not installing things because of the T&C (often unenforced and unenforcable), requires one to drop out of modern society altogether since mist conpanies have the same objectionable terms. And they aren't "contracts", they are "contracts of adhesion", and the two are quite different.

Contracts of adhesion almost always mix enforcable with unenforceable terms, so you never truly know what will and won't apply to you. Many people that live in first-world countries also, rightly or wrongly, assume that their first-world governments will not let companies get away with anything truly abusive. At least, that is what they are all taught from age 3 ... that their superior country protects its people.

Finally, the easiest way to tell the reasonableness of an action, is to determine what would happen if everyone took it. If everyone read every T&C they presented with, the economy would grind to a halt overnight. Companies would go out of business en-masse, and unemployment would skyrocket.

Inasmuch as the economies of all first-world nations depend on people NOT reading these adhesion contracts, when the very existence of the businesses themselves depend on people NOT reading them, it's more than a little disengenuous to suggest that people do so.

And FWIW, the businesses themself know the "contracts" are a joke, because they treat them as such. Yesterday, one of my paid apps suddenly required that I agree to a new T&C before I could access the work I already created within it. This act clealy invalidates the "contract" and renders it illusory (see: Zappos). Companies themselves violate contract law ad-nauseum with those things, and the do so knowingly, hoping the custmer doesn't know any better. How about the number of companies who illegally state that reparing them yourself violates the warranty?

When a "contract" is so laen with unenforcable and questionably legal clauses, reading it is pointless as you have no idea what will be held to be binding and what will be tossed out.

Re:D'oh

[kiminator]

So what you're saying is you think it's reasonable to look very carefully at the fine print if all that I actually want to do is reserve a table at a restaurant? Why is that a good way of structuring an app ecosystem?

The entire point of having a mobile app ecosystem is to make it quick and easy for people to get things done. EULAs as a foundation of privacy controls are utterly hostile to the very concept of an app ecosystem.

Second sentence says it all...

[CrimsonAvenger]

and 48 percent wish 'more was being done about it.'

Which can be loosely translated as "I hear people are concerned about this, so I guess *I* should be concerned about this, but it's not really worth my time or trouble to bother ACTUALLY doing something about"....

Re:Second sentence says it all...

[Actually,+I+do+RTFA]

Yeah, it's almost like my life is finite and reading legalese isn't what I want to do with it. I want it outsourced to a third party. You know, like making sure my hot dog won't kill me. What's that called... government regulators.

Re:Second sentence says it all...

[Actually,+I+do+RTFA]

I find the rank-and-file employees tend to be pretty competent. The incompetence comes from the top-down. Probably because of who gets elected and the promises they have to make.

Re:Second sentence says it all...

[Actually,+I+do+RTFA]

I don't trust people to act against their self-interest. The regulators at least don't have a direct profit motive.

"I'm from the government, I'm here to help"

I never understood this complaint. I mean, the government seems pretty helpful to me. Certainly, the times I hear about government help, usually the problem is that there is not enough (See, Puerto Rico.) Do you have examples of widespread problems?

Re:Second sentence says it all...

[Jason+Levine]

The government is (at least in theory) accountable to the people. If the people don't like the actions of members of the government, those government officials can lose their jobs. Companies aren't accountable to people in general - only to those who pay them money. If your information is being sold by company A to companies B, C, D, and E, then you're not their customer - you're their product. They won't care if you don't like your information being sold because you have no say in what they do and likely don't have the legal muscle to stop them. (Especially if they're a big company like Equifax.) However, the government can stop them.

This isn't to say that government regulations are always the solution. Just that they are a useful tool to give people power over companies that wouldn't otherwise be beholden to anyone.

Read the terms and conditions everyone!

[nnull]

Yeah, because that's what I do every time I install an application. I hire a lawyer and we read through the terms and conditions (That was copy and pasted from another application) together at $400 an hour.

How about not doing this crap in the first place and we wouldn't have to worry about it? The absurdity this has gotten to. Blame the consumer!

Re:Read the terms and conditions everyone!

[Jason+Levine]

Terms and conditions are everywhere - not just in applications. Do you have a cell phone? You've agreed to your carrier's terms and conditions. Did you go to the movies? You've agreed to their terms and conditions. Did you attend a concert or sporting event? More terms and conditions. In fact, the terms and conditions for these likely make the ones for a phone app seem like plain, easily understood English.

So people can't avoid terms and conditions unless they stay in their house all day and never venture outside.

Re:Read the terms and conditions everyone!

[Merk42]

... unless they stay in their house all day and never venture outside.

The Slashdot lifestyle!

In other news

[Rosco+P.+Coltrane]

People are concerned about corruption in politics, yet keep electing the same sumbitches.

Re:In other news

[PPH]

Which one of those will help not elect the same sumbitches?

We just did that. The Dems put up their candidate. Because it's her turn (needs of the party over those of the voters). The GOP tried the same thing, but got an outsider. In part as a FUCK YOU to the good ol' boy system. And look who got elected. Not because he was the best choice. But because enough of the voters didn't want more of the same shit.

Or maybe...

[Travelsonic]

We shouldn't act like people are idiots for not reading something incredibly lengthy, wordy, and worded in such a way where they would not understand it, and instead point the finger, at least partially, at the people who insist on keeping these wordy EULAs without providing something that explains it in plain English?

Also

[cascadingstylesheet]

Also, not all gym memberships are fully utilized.

Sherlock doesn't give a shit

[PopeRatzo]

Consumers' Privacy Concerns Not Backed By Their Actions

That's like saying, "Patriots' Concerns About The Constitution, The Rule of Law, Limited Government, and Ethical Leadership Not Backed By Their Voting Records".

Stupid proxy

[thegarbz]

What kind of a stupid proxy is "Not reading terms and conditions" to "not caring about privacy"? How does reading 1000 words of legal junk help? It's not like there's a lot of active choice in the market for not having your data sucked up by some firm for reasons hither to unprofitable. You can barely buy a fridge without the TOS signing off your first born to some foreign Korean CEO.

If anything people concerned about the privacy are the ones who don't read TOS because they know what's in them and they know doing so is a waste of time.

What they say isn't what they mean

[petes_PoV]

90 percent of respondents are very concerned about their internet privacy and 48 percent wish 'more was being done about it.'

Which means they want someone else to do something about it.

I expect an even greater polarisation occurs with being overweight: 100% of people are concerned about it ... but what proportion are willing to do something themselves to fix it?

But anyone who relies on the output from a survey is either naive, negligent or is just using it to further their own desires.

I'm not worried about privacy

[rsilvergun]

I'm worried about healthcare, wages, retirement when I either can't work or nobody'll hire me. I'm worried about school for my kids, especially college.

Surveillance is just a symptom of oppression. The root cause is always money. If you want to render it moot the solution is to make sure everybody (and I mean _everybody_, even lazy people and the ones you don't like) has access to food, shelter, healthcare, education & transportation (the latter being required to effectively access the former).

Until we end the rat race we're going to be vulnerable. You're not free as long as somebody controls access to the things you need to live.

Educate

[fluffernutter]

This whole article basically found out that ignorance doesn't equal compliance. You can't blame people for being ignorant if you haven't tried to educate them. Who goes out of their way to educate in the current state of things?

What's the Implementation?

[Voyager529]

Correlating whether or not one reads a EULA is not an effective metric.

Take an app which allows texting from a web browser. Both will need to have a clause like "we collect your text messages and contacts", because that's genuinely necessary for the service to be performed. However, if it's followed up with "we don't sell to third parties" isn't helpful - it still allows them to give the data away, or sell access to the data, or give the data to a shell company who then does the selling. Even if none of these happen, such a clause allows for the first party firm to do their own data mining and sell the results in aggregate. Then, if they do any of the above, and *those* companies get hacked, you can be certain that even if the app developer doesn't have an arbitration clause, it would be almost impossible to take legal action against the other company.

Location data is equally messy. The company with the most location data is Google itself, and unless you root, you're not stopping them from getting it with creepy accuracy even if the GPS is off. From there, apps requiring it are equally troubling. The EULA is a binary "use it or not". Most people would understandably let a navigation app use the GPS location in order to provide directions, but while Apple only allows apps to pull location data while an app is running, Android will happily let apps run a resident location scraper in the background without providing meaningful feedback to the end user.

Finally, the real metric of whether people are willing to do something about their privacy starts small - paid apps with no-data-mining guarantees, and free apps where users pay with privacy. See what wins. ...but nobody wants to do that.

Re:What's the Implementation?

[fluffernutter]

This is where the new EU rules are interesting. Now in the EU (and even American companies with EU users), checking 'you may collect my data' they have to specify what the data is being used for, and the default is that the data will only be used for the app. If data is sent to a third party, then there must be clear wording to the affect of "We will send data to X for the purpose of Y".

GERD doesn't care

[WillAffleckUW]

They can't consent just by clicking.

It has to be an active consent with clear terms and clear choices and have a method allowing EU citizens to opt out.

Same technically is true of Canadian consumers. You can't infer active consent without active informed consent.