In all great magic tricks, it is misdirection that convinces the audience that something magical took place. You can say the same for the privacy policies of various tech companies as it’s like a mirage where you think that your privacy is safe and secure but it’s far from it.
Machine learning is the next frontier for many tech companies. With growing emphasis on artificial intelligence, you can imagine how different services will collect data about your activities and online behavior.
The motive behind collecting enormous amounts of information from consumers was expressed by Microsoft’s CEO, Satya Nadella. On the day of his appointment, he sent out an email to all the employees, explaining that in the coming decade, every aspect from our life, business and world would be digitized. To achieve this feat, he stated, “This will be made possible by an ever-growing network of connected devices, incredible computing capacity from the cloud, insights from big data, and intelligence from machine learning.”
What this means is that Microsoft will go to great lengths to access your personal information. Insights from big data and intelligence from machine learning are only possible once Microsoft has knowledge about your online behavior. The worrying factor is that during the Prism fiasco, NSA collaborated with internet giants (including Microsoft) to tap into users search history, emails, live chats, transferred documents, communications, and much more. You can only imagine how many similar illegal surveillance programs are lurking in the shadows that no one has blown the whistle on yet.
Windows 10 is the latest example of how much information you are surrendering to Microsoft. Even if you turn off features such as Cortana and Bing search, Windows 10 still sends identifiable information about you to Microsoft. Similarly, you cannot select which upgrades to install, as Microsoft imposes them forcibly on Windows 10 users; which is a problem in itself because the updates sometimes cause problems to the end users who are then stuck until hotfixes are issued.
Data havens protected by dubious privacy policies
While Microsoft and Evernote are working towards machine learning and collecting piles of personal data, other tech companies are not far behind. If we look at various social media services, the wealth of personal data available on such platforms is unparalleled.
The list becomes even darker if you go into the details. To illustrate one of the points, Facebook collects your device information, including specific geographic locations. It tracks you through GPS, Bluetooth or Wi-Fi signals. The average user trades all this personal information just so that they can talk to their friends and post photos online while being heavily targeted by advertisements.
Snapchat further mentions that the Snaps will delete automatically from its servers once it has detected that all recipients have opened the Snap. However, this is circumstantial. Snapchat may decide to keep the contents of your Snaps for longer periods if it deems necessary and would share such data among Snap Inc. family of companies. Ironic, considering that the very reason people use the app is for the disposable nature of the media you create with it.
EULA share the same problem as privacy policies – they are lengthy documents to read. This gives tech firms the opportunity to conceal doubtful clauses in their EULA, masking it from the naked eyes of users. It also allows firms to manipulate users into giving up more personal information than they should.
“If they [tech companies] want to do bad stuff, it’s easy to hide a permission for that in a long and complex EULA,” said Mikko Hypponen when I inquired him about this issue.
Click-wrap and browser-wrap EULA
Likewise, if you don’t accept the terms of EULA, you won’t be able to use the software on your chosen device. The situation gets worse if you have already paid for a software or app and then presented with a EULA. Various software companies present their EULA at the time of purchase, but we tend to ignore such documents.
This underlying problem is because most EULA’s are click-wrap or browser-wrap in nature. Click-wrap EULA are agreements presented during installation process of a software or an app. You must have come across an installation step where you would have to click ‘I agree’ or check an ‘I agree to terms’ checkbox to continue the installation. Here’s what Microsoft Windows 10 EULA looks like while installing:
On the other hand, browser-wrap licenses are applicable on websites or services where you need access to use certain material. Under browser-wrap licenses, a user doesn’t have to click on an ‘I agree’ box to accepts the terms and conditions. The main criticism of click-wraps and browser-wrap licenses are that they tend to give little time to users for reviewing the licensing agreements, which is often true.
Users are more vulnerable to browser-wrap agreements, as they are located as hyperlinks somewhere on the website. Throughout history, there are many court cases highlighting the perils of browser-wrap terms of agreement.
Consider the case of Zappos, which lost because of improper presentation of browser-wrap EULA. In 2012, Zappos announced a massive data breach that affected over 24 million users. Swarmed with numerous lawsuits by consumers, Zappos send the lawsuits to arbitration based on a clause stated in its EULA. Sadly, a Federal court ruled against Zappos and turned down its arbitration requests.
The next step for defining privacy policies and EULA’s
With all the heated court battles and concerns raised by privacy enthusiasts regarding privacy policies and EULAs, there should be a way out. And, it should be a method that facilitates the user, doesn’t trick them into giving up sensitive data, and clearly defines how will firms use their data.
While talking to Hypponen, he puts forth an easy proposition that can resolve several issues with privacy policies and legal documents, “If companies behave responsibly, there is no reason why they couldn’t summarize the legal jargon into a few sentences in plain language.”
Therefore, tech firms now have to work even harder to layout their privacy policies in simpler language and make them more transparent. This issue becomes more critical as we move into an era where our reliance on digital platform intensifies and internet of things kicks into effect.