There is a pink elephant in the room
not a small one either
There is a enormous pink elephant on the couch between us
and yet we both continue to ignore it… – Sammi
Biggestlie.com is an awareness campaign aimed at calling out this ‘pink elephant’ and with folks Pär Lannerö, Lars-Erik Jakobsson (icon), Gregg Bernstein, Carl Törnquist, Hanna Arkestål, Max Walter, Mattias Aspelund, Anders Carlman and CommonTerms are to trying to change the status quo.
“We lie every time we “accept” terms that we haven’t read — a pro forma behavior that is all but required by the calf-cow model of the Web that’s prevailed since 1995. We need to change that. And so we are.”
In the context of the web today not only has the relationship become compulsory, but who your are dealing with is totally cloaked. This ‘cloaked figure” (acting not only for itself but other cloaked figures) dictates all the terms of the relationship and on the other side there is just you (an individual). Take this ONE factor of compulsory relationship, with unknown parties, and alarm bells go off.
Let me give you an example: Mint.com.
First line in their TOS reads:
“This Agreement sets forth the terms and conditions that apply to your access and use of the Internet Web site located at http://www.mint.com (“Mint.com”), as owned and operated by Intuit Inc., a Delaware corporation, on behalf of those of its direct or indirect subsidiaries and/or affiliates, (collectively referred to as “Intuit”).”
Translation: This “agreement” is not between you and Intuit, Inc. RATHER this ‘agreement’ is AMOUNG you, Intuit, Inc. and ‘a whole bunch of other companies and people’ called *direct and indirect subsidiaries and affiliates. So every term that includes you granting rights to Intuit INCLUDES granting it to all of these other folks too. Oh, that is also true for every term that involves your agreement to limit Intuit’s liability for problems that arise. That, too, extends to this faceless crowd known as ‘direct or indirect subsidiaries and/or affiliates.’
*DON’T BE TRICKED BY MISLEADING LEGAL LANGUAGE: In this case people read subsidiary especially direct subsidiary and think that by law that means ‘companies under the direct control or owned by Intuit.” Often the interpretation is quite broad especially when the language includes “indirect.” Likewise, the term “affiliate’ may make you think that the relationship is limited but actually it can include a broader and more ‘distant’ (relationally) group of people and companies. When coupled with ‘indirect,’ the realm of possible parties could include just about any company and or person.
That said, efforts toward transparency and “iconization” of terms are actually quite troubling. In an effort to simplify they often lack context and fail to address the larger more anti-customer framework housing these policies taking it as immutable. Moreover, the messaging can be misleading. For example, Aza Raskin’s Privacy Icons includes the following statement under one of the icons:
“Your Data is Used for the Intended Use,” “Mint.com uses your login information to import your financial data from your banks — with your explicit permission.”
With that statement alone, a person may be led to trust Mint.com in a way he or she would not if they also read the terms effectively turning third party data collectors into first parties with all the accompanying rights and privileges.
For example let’s consider Personal.com:
Central to their business proposition is that they are unique in their approach to privacy and relationships with customers. Reviewing their recently updated terms of service reveals clauses like this:
“You agree to defend, indemnify and hold Personal, its directors, officers, employees, agents and affiliates harmless from any and all claims, liabilities, damages, costs and expenses, including reasonable attorneys’ fees, in any way arising from, related to or in connection with your use of the Sites and/or Personal Service, your violation of these Terms or the posting or transmission of any materials on or through the Site and/or Personal Service by you, including, but not limited to, any third party claim that any information or materials you provide infringes any third party proprietary right.”
Translation: I as the user must indemnify this company and their affiliates for ANY claim that in ANY way is connected with my use of this service.
In general, I am not opposed to indemnification clauses because they aim to have the people responsible for certain conduct step up to the plate and deal with issues that arise from their failure to do just that, HOWEVER, I do not agree to provisions as broad and sweeping as this provision. This folks, is what lawyers call ‘boilerplate’ that is drafted as broadly as possible forcing the other side to narrow it and customize it to suit the context of the situation. The problem here is that you don’t get to negotiate and even if you did you don’t have a legal department at your fingertips negotiating on your behalf.
If I were the lawyer for the people, I imagine the conversation would go something like this:
Personal.com Lawyer: “We put that provision in the contract because if your use of the services causes us to get sued then you should have to pay.”
Lawyer for the People: “What could they possibly do to get you sued?”
Personal.com Lawyer: “They could (fill in the blank personal.com)”
Lawyer for the People: “Personal, while you are thinking of ‘something’ people could do to get you sued, I’d like to remind you that in a business to business deal this provision would not fly. So trying to cram it down the throat of a customer is wrong!”
Second and more important, where is the Indemnity from Personal.com to the user? If you are promising that your service offers something more than the others out there shouldn’t you stand behind that promise? Not to mention, also that, in a typical business-to-business negotiation, the indemnity goes two way, a la ‘what’s good for the goose is good for the gander’. That said, at a minimum, Personal should step up and provide an indemnification for damages arising from their failure to protect your data.
Once again, the Devil is in the details. It is really terrific to see all of these efforts aimed at providing transparency of privacy or legal terms, pushing for awareness (and accountability, I hope) and new tools to foster customer understanding of those terms. However, I think that ‘privacy policies’ and terms of service ‘agreements’ as they are commonly written reflect an utter and complete disrespect for the individuals’ importance and role in commercial relationships. While it is not my goal to resolve this existential matter today, or in my lifetime perhaps, I believe that there is a lot to be gained by examining the matter thoroughly from the individuals’ side of the ‘agreement.’
The post was originally posted at Those Sneaky Bastards.