How Online Notices Obscure Privacy and Ownership on the Web

In an information age dominated by digital content, contemporary leisure is conducted on the very same machines once intended solely for work. Personal computers connected to the internet have made many individuals into seemingly nonstop information-producing machines without pay. While we may very well consider the average internet surfer as a consumer of digital information, we actually produce almost as much information as we consume through the creation of Facebook posts, tweets, YouTube comments, emails, and from browsing data that is automatically produced every time a page is opened. This content is often produced within websites that come with no monetary cost for their users to access (i.e. after purchasing a computer and a connection to the internet) and their users’ creations almost always come with no monetary rewards. While some sites do reward their content producers with ad revenue (e.g. YouTube has such rewards for users that post popular videos to its site), incredible amounts of digital content produced without monetary rewards create an unsettling problem. Online notices are often used to rescind a users’ rights to their digital content, eliminating privacy and transferring digital ownership often without the user’s knowledge (McChesney 150-152).

 

Establishing Ownership: Agreements and Notices

There exists a simple concept to signify online ownership of information: the agreement. An agreement on a website usually includes a notice in the form of a popup window or as a page during a profile setup that establishes, usually in legal language, the terms and conditions of a user’s access to a web domain. These terms and conditions describe how the company that runs the web domain can use the information that a user creates – even information that the user is not aware of creating. On the same page as a notice, there is typically an “agree or disagree” option: pressing “agree” grants the user access to the site while pressing “disagree” blocks access. As described, this particular type of online agreement is called an opt-in/opt-out agreement; more specifically, a click-wrap agreement. These agreements include an exorbitant amount of text wrapped down a page that must be scrolled to view in its entirety and are typically responded to by the user without actually having been read. The offline predecessor to this agreement is the shrink-wrap agreement, of which the terms and conditions take effect after the shrink wrap on a box is broken by the recipient. However, some sites today still use an online form of the shrink-wrap agreement called the browse-wrap agreement (“The Origin of Click-Wrap”). If a site ever includes a banner that contains text that equates your use of the site with your consent to its privacy policy, an example of which can be seen in Figure 1.0 below, you have consented to a browse-wrap agreement. In most cases, these click-wrap, shrink-wrap, and browse-wrap agreements are considered sufficient enough by to inform users of how a company will use their information.

Figure 1.0: Example of a shrink-wrap agreement ("The Origin of Click-Wrap").
Figure 1.0: Example of a shrink-wrap agreement (“The Origin of Click-Wrap”).

When scrolling through a timeline on Facebook or through your friends’ tweets on Twitter, you have already agreed to allow sites to track your interactions and use your digital creations. In short, you do not typically own the content that you produce on these sites because you either knowingly or unknowingly gave the companies that own the web domains ownership over your creations and shared data.

 

Why Do We Give Away Our Information?

It seems reasonable to assume that individuals would generally like to keep their digital privacy and ownership over their creations (McChesney 152). Giving away our digital labor for free, even if done through leisure, does not make much sense. It would appear counter-intuitive for so many people to give up these things every day, but this is exactly what happens. There are a few possible reasons that I find for this: (a) existing online agreements include notices that provide either poor discoverability or poor understandability, (b) users cannot properly assess their own value for privacy and ownership at the time of the agreement, and (c) users want instant access to sites regardless of what they are sacrificing.

Poor Discoverability & Understandability

Poorly placed notices are easy to find online. The position of the browse-click agreement notice from Figure 1.0 can be seen in Figure 2.0 below. This notice is placed at the bottom of the web page with a gray background that closely matches the gray colors of the banners near the top of the page. It neither blocks the user from reading or interacting with the content on the page nor does it attract the user’s attention. This notice is not easily discoverable by a user, and so, consent to its contents may be established without the user’s knowledge.

Figure 2.0: Example of a shrink-wrap agreement on a web page ("The Origin of Click-Wrap").
Figure 2.0: Example of a shrink-wrap agreement positioned on a web page (“The Origin of Click-Wrap”).

Oftentimes, notices are simply not understandable to the average user. Notices used for click-wrap agreements are typically long and include legal language. A frustrated user in a hurry might not have the patience to look up legal jargon and spend the time reading multiple pages of text about terms and conditions of use. Even when we know that we are consenting to an agreement online, we may not have the knowledge, or time, to fully understand it.

The Wrong Context

Similar to how lengthy notices are hard to understand because of how long it takes for a user to read them, notices that appear for agreements early in a user’s interaction with a site (typically during registration) do not allow a user to properly assess their importance. For example, it is hard to understand why you might be concerned about how Facebook will use your post of a video to its site before you even learn how to create a Facebook post. Two possible solutions for this problem are just-in-time and visceral notices. A just-in-time notice, as seen in Figure 3.0 below, is a notice that asks for an agreement at the time when a user’s privacy would be intruded or when ownership of content may be transferred (Young, “The FTC Mobile Privacy Staff Report”).

Figure 3.0: An example of a just-in-time notice ().
Figure 3.0: Example of a just-in-time notice (Young, “The FTC Mobile Privacy Staff Report”).

A visceral notice, which may be easier to include when too many just-in-time notices would be required, is a notice that allows a user to experience its contents (Hagan, “Visceral Notice Types”). The reason behind using a visceral notice is that information may be better understood when it is experienced. In the example used earlier of a Facebook post of a video, this may involve a walkthrough of the creation of a Facebook post with the inclusion of clear descriptions, with diagrams, about how that information will be shared with other parties. Just-in-time and visceral notices help provide context about privacy intrusions and ownership transfers of digital content where typical notices provide none.

Instant Access

When a user opens a web page, they intend to use that page immediately. A notice provides a block to that use, a constraint to experiencing the page. The internet, as opposed to a library or museum, seems to promise users quick access to information. When a notice warning of privacy intrusion and ownership transfers appears on a web page, a user will likely have no patience for it. In addition to a user’s drive for instant access on the internet, social and professional pressures to access sites like Facebook, Twitter, YouTube, and LinkedIn further encourage users to click through agreement notices in order to access sites quickly. While this may seem like the fault of an individual, their prevalence in society points more to a social trend, something that can be easily profited off of by an aware domain owner. Pairing this knowledge with poor contexts and poor discoverability and understanding for a notice allows for most users to quickly disregard their right to privacy and ownership of personal information.

 

Looking Forward

Enhancing digital privacy and users’ rights to ownership of their digital creations in the U.S. will require legal pressures that protect user data to be strengthened, especially with regards to Section 5(a) of the FTC Act which states that “unfair or deceptive acts or practices in or affecting commerce…are…declared unlawful” (“A Brief Overview of the Federal Trade”). Profit-driven domain owners have no reason to better design their notices in the ways that I have described above when they are profiting off of a user’s inability to find or understand them. Another concern, however, is that access to certain sites, such as Facebook and Twitter, could be lost if privacy and ownership agreements were better understood by their users. Our free access to sites is often dependent on a domain owner’s ability to sell our content and interactions to ad companies. Nevertheless, from a consumer standpoint, users should be able to decide on their own whether or not sacrificing their privacy and ownership of digital content is worth the access to a specific site – with full knowledge of the consequences of their actions.

 

Works Cited

“A Brief Overview of the Federal Trade Commission’s Investigative and Law Enforcement Authority.” Federal Trade Commission, Jul. 2008, https://www.ftc.gov/about-ftc/what-we-do/enforcement-authority. Accessed 24 Sep. 2017.

Hagan, Margaret. “Visceral Notice Types.” The Program for Legal Tech & Design, http://legaltechdesign.com/GoodNoticeProject/2014/01/22/visceral-notice-types/. Accessed 25 September 2017.

McChesney, Robert W. Digital Disconnect: How Capitalism is Turning the Internet Against Democracy. New York, The New Press, 2014.

“The Origin of Click-Wrap: Software Shrink-Wrap Agreements.” WilmerHale, 22 Mar. 2000, https://www.wilmerhale.com/pages/publicationsandnewsdetail.aspx?NewsPubId=95543. Accessed 24 September 2017.

Young, Michael. “The FTC Mobile Privacy Staff Report.” Data Privacy Monitor. BakerHostetler LLP, 11 Feb. 2013, https://www.dataprivacymonitor.com/behavioral-advertising/the-ftc-mobile-privacy-staff-report/. Accessed 25 Sep. 2017.

 

The Internet Archive is Moving to Canada: Publicity Stunt or Reasonable Decision

On December 7, 2015, Donald Trump spoke to a crowd at the U.S.S. Yorktown in South Carolina, “We’re losing a lot of people because of the internet, and we have to do something. We have to go see Bill Gates and a lot of different people…about, maybe in certain areas, closing the internet up in some way. Somebody will say, ‘Oh, freedom of speech! Freedom of speech! These are foolish people…We’ve got to do something with the internet.” He insisted that ISIS recruitment of “impressionable youth” through the internet was severe enough to warrant limitations in access and availability (Vicens, 2016)

While his statements were not necessarily based on extensive research or even a rudimentary understanding of how the internet works, his flippant response towards the limitation and restricted access of information struck many information freedom activists and professionals as worrisome.

Brewster Kahle, founder of the Internet Archive, was one of the first to speak out after Trump’s election in November. On November 29th he issued a statement on the Internet Archive blog stating that Trump’s election “was a firm reminder that institutions like ours, built for the long-term, need to design for change…[I]t means preparing for a Web that may face greater restrictions.” Kahle explained that the Internet Archive had been working to create a partial backup in Canada (they currently have additional backups in Alexandria and Amsterdam), but after the election made the decision to make the Canadian archive a full backup of their database, essentially creating a second hub for the archive. This duplicate is often called a “mirror” and is a platform that many websites use to ensure a backup and evade censorship (Johnson, 2016).

Kahle’s response to the election and announcement of their move elicited responses from Rachel Maddow¹, MSNBC, Huffington Post, and nearly every major news outlet. A once obscure website became a hot button topic of discussion seemingly overnight.

I wanted to understand their reasoning behind the move, obviously it makes sense to continue the work that they had already been doing in Canada by advancing the project further, but why Canada?

Canadian laws regarding access to online information and access to the web are very similar to those in the United States. The Personal Information Protection and Electronic Documents Act (PIPEDA) was passed in 2001 under certain limitations, and more comprehensively in 2004 (Wilson). This act implements certain restrictions on the storing of personal information by large corporations and was originally developed to encourage consumer online shopping.

In 2015, Bill C-51, the Anti-Terrorism Act, was passed in Canada which gave government greater access to citizens’ web based data, and allowed for that information to be used to target potential terrorists (Mendhelson, 2016). While the new president, Justin Trudeau, has promised to repeal a large portion of the more problematic elements of the bill, the restrictions and allowance for government access is very similar to the Federal Information Security Management Act of 2002 which was passed in the United States (NIST).

While Canada does offer fewer restrictions than the United States in some areas, it has greater limitations on content, and as recently as 2005 internet providers had the ability to block certain IP addresses without any legal ramifications or modifications to laws to prevent it happening again (CBC News, 2005).

The Freedom House non-profit published “Freedom on the Net 2016”, which discusses various countries’ current laws and standings on internet accessibility and freedom of web based information. It rates countries based on three attributes; obstacles to access, limitations on content, and violations of user rights. Canada rates 16 out of 100, and the United States rates 18 out of 100. Canada rated lower than the United States in “violation of user rights”, but higher on their “limitations of content”. Meaning that they are more apt to protect their citizens rights and information on the internet than the US, but that they in turn restrict more information than the US. Ultimately, both countries rate relatively low and similar. The countries that rate best (lowest) on their scale include Estonia and Iceland, both 6 out of 100 significantly lower than both the US and Canada(Mendhelson, 2016).

Ultimately, the regulations and laws surrounding internet and information accessibility do not differ greatly between the United States and Canada. Each have positives and negatives, each are constantly being modified and circumnavigated to appease whoever needs whatever information. The similarities still beg the question, why are they creating an additional copy there? Although it is reasonable to be cautious of storing information in the United States considering our current political climate, it is important to recognize that the same restriction and obliteration of information could rapidly occur in Canada if their political climate were to change. While I do agree that “lots of copies keep stuff safe”, I think it is important to consider where those copies are being stored, especially when taking into account the amount of time and funding that it takes to create those additional copies. It might be paying off for the Internet Archive to draw attention to work that they are currently doing by using it as a means t0 take a stand against the administration, but to praise their decision might be hasty. As purveyors of a world of digital born content, the Internet Archive now holds the weight of responsibility for that information, and in the long run it makes more sense to focus efforts on the creation of more stable copies in countries that are better known for their unrestrictive information laws.


¹ http://www.msnbc.com/rachel-maddow/watch/internet-archive-looks-to-move-beyond-trump-s-reach-820476483790


CBC News. (2005, July 24). Telus cuts subscriber access to pro-union website. Retrieved February 22, 2017, from http://www.cbc.ca/news/canada/telus-cuts-subscriber-access-to-pro-union-website-1.531166

Johnson, A. (2016, November 29). Internet Archive, web’s warehouse, creating Trump-era copy in Canada. Retrieved February 22, 2017, from http://www.nbcnews.com/news/us-news/internet-archive-web-s-warehouse-creating-trump-era-copy-canada-n689916

Kahle, B. (2016, November 29). Help Us Keep the Archive Free, Accessible, and Reader Private. Retrieved February 22, 2017, from https://blog.archive.org/2016/11/29/help-us-keep-the-archive-free-accessible-and-private/

Mendehlson, A., & Reed, L. (2016). Freedom on the Net 2016. Retrieved February 22, 2017, from https://freedomhouse.org/report/freedom-net/freedom-net-2016

NIST. FISMA Background. Retrieved February 22, 2017, from http://csrc.nist.gov/groups/SMA/fisma/overview.html

Vicens, A. (2016, December 10). The coolest thing on the internet is moving to Canada. Retrieved February 22, 2017, from http://www.motherjones.com/politics/2016/12/internet-freedom-wayback-machine-moving-copy-to-canada-donald-trump

Wilson, P., & Fekete, M. (2011). Privacy Law in Canada. Doing Business in Canada. Retrieved February 22, 2017, from https://www.osler.com/uploadedFiles/News_and_Resources/Publications/Guides/Doing_Business_in_Canada_-_2011/DBIC-Chapter12.pdf