Privacy Policies Are Great — For PhDs

An anonymous reader writes "Major Internet companies say that they inform their customers about privacy issues through specially written policies. What they don't say is that more often than not consumers would need college undergraduate educations or higher to easily wade through the verbiage. BNET looked at 20-some-odd privacy policies from Internet companies that received letters from the House about privacy practices. The easiest to read policy came from Yahoo, at a roughly 12th grade level. Most difficult? Insight Communications, which at a level of over 20 years of eduction officially puts it onto IRS Code territory."

Privacy issue

[140Mandak262Jamuna]

This company [geni.com] is jockeying to become a social website by allowing its registered users to construct their family trees. The idea seems to be once a vast tree is created the users will be able to find their rich and famous relatives etc. I could imagine this being a very useful service to many people. One of my relatives added my name to his tree and geni created an account in my name and added me to the tree and notified me about it. The email had options to opt out of more spam from them. I had a talk with my relative and expressed my concern about adding vast quantities of private info about our lives to a searchable, indexable database owned by some for-profit company over which we have absolutely no control. As it is the net has so much of our public information. Why compound the problem by adding our private information as well?

Looks like it had an impact and my relative decided to close his account and destroy the tree. But geni claims they need my permission to destroy my account. Is it reasonable for a company that bribes its users with free family tree service in exchange for private info about people to follow a opt-out policy? Shouldn't they be required to notify me and get my consent before they add my name? I have received invites from other social networking sites, but they all require me to create an account first. If I ignore the email, I hope, they would not add me to their databases. Probably they will just sell my email address to spammers and stop with that.

I believe there is neither a technological or legal solution to this problem. A new geni.com could easily be run by Russian mafia outside US borders and thumb their noses at us. I think the only solution is social. They are using social engineering to pry private info from the public by offering some service or the other for free. We need to educate the public about the implications of succumbing to the temptations by them. Today if I set up a stand in a fairground and ask people to give the names, addresses and phone numbers of their relatives and friends in exchange for small token gifts the response would not be overwhelming. Somehow people believe it is wrong to tell strangers such information. But set up the same stand in the internet and people are punching in the email addresses of their friends and relatives like gangbusters. What would it take to educate the public about the menace to privacy these companies pose?

I did my best. I pointed out the liability issues the company has like some stalker tracking down someone hiding in a relative's home or identity thieves making use of the mother's maiden names data etc. Told the company that they must disclose their liability to their investors and to anyone they are trying to sell to. Made it official and made it difficult for the company officers to claim later, "We never anticipated that development". If we keep raising the liability issue with these companies, may be we can get their venture capital to dry up. Just a thought.

Dubious measure.

[ledow]

I don't believe it for a second - the measures used are dubious at best (try the Word readability macros and see for yourself - they do Fleisch-Kincaid scores too). At minimum, they have to be used properly. For instance, the single word text "communication" is so unutterably high on all the indices that it skews the results completely. And the text of Alice in Wonderland on Project Gutenberg scored:

Coleman Liau index : 28.19
Flesh Kincaid Grade level : 11.95
ARI (Automated Readability Index) : 21.61
SMOG : 11.68

So that's a hefty margin of error, removes all use of any average and says that you have to be a virtual genius to read Alice in Wonderland, or a 11th-grader. Mmm. Yes. Accurate measure.

Re:Dubious measure.

[tpjunkie]

Ever read Alice in Wonderland? The verbiage is...unique, to say the least, with long, made-up words, as well as normal words modified in unconventional ways. "Curiouser" springs to mind immediately. Point is, a Lewis Carroll work might not be the best thing to use to check machine-determined readability.

Re:Word length

[vmxeo]

That's actually an intriging idea. Since many EULAs, privacy policies, contracts, etc. contain similar legal language, imagine coming up with a standardized set of icons for each point (think of the hazard icons from Portal). So for instance, an obviously imbalanced pair of scales when a contract requires arbitration, or a shrugging stick figure for the standard "we're not responsible for anything bad that happens when using our product".

Ok, so chances of it actually being implemented are close to nil. But I'm sure if you summarized the policy or EULA with cute little icons, people would start paying attention to what they're agreeing to.

I wonder?

[BCW2]

A year or so ago a man was being sued by M$ for having one copy of XP running on 3 computers (one purchased key). His defence was the EULA was unenforceable since it was only understandable by a lawyer and nobody has a lawyer looking over their shoulder when installing software. His lawyer (go figure) did a masterful job of saying that since the average person could not understand the EULA it was meaningless and unenforceable.

Does anyone know the outcome of that case?

Re:Writing quality...

[Kjella]

Am I the only one who thought that IRS Code territory is actually pretty simple. Pretty much a bunch of 4th grade arithmitic with some logic operators. Disclaimer: I only have ever had to work on my personal taxes, not corporate taxes.

That depends entirely on whether you're trying to follow the rules or circumvent the rules. I'm guessing 90% of the "misunderstandings" are more like "we thought we could get away with this, you mean we can't?"

Re:Word length

[gnick]

Writing like this is intended to obfuscate rather than illuminate, and its sole purpose is usually to impress you with how intelligent the moron is.

I think you meant:
Writing like this is intended to confuse the reader rather than communicate clearly...

Eschew obfuscation.

Cheers =)