We’ve all done it before, simply clicking the box next to the words “accept” and “agree” after zooming past what is effectively a long (legally binding) contract. Even though terms of service agreements should be taken seriously, it’s hard to expect any of us to read them, given that it’d take the average person 76 days of quality reading and the comprehension of a college sophomore to understand every terms of service agreement they’ve seen. Still, the consequences for not doing so are serious, especially since we’re vulnerable to security breaches and identity theft because of the standards and practices of the services we use. Read below as we discuss why understanding terms of service agreements is a good starting point for combating identity theft.
Terms of service agreements can contain identity compromising clauses
Last year, several studies tested the limits of what terms of service agreements could get away with. In April, researchers wrote a terms of service for a fictitious social media site that stated access to the site required users to give information to the NSA and grant the site custody of their first-born child. Only 15% of study participants had concerns with the terms of service, and even fewer could specifically identify the extreme clauses. In another study, over a dozen security experts logged onto fake public Wi-Fi without reading the terms of service agreement. Some of the things they unwittingly agreed to included the “harvesting of personal information,” the possibility of strangers “reading and responding to your emails” and the possibility for permanent “[damage to] your device.”
While these two studies seem to illustrate examples of “gotcha” clauses specifically designed to make a point, the truth of the matter is that real terms of service agreements are written in much the same way. In fact, many public Wi-Fi privacy polices contain clauses that permit the tracking of users’ activity. While that’s a very serious clause, there are instances when the so-called “fine print” can be rather harmless and funny. For example, iTunes’s terms of service once included a clause prohibiting consumers from using iTunes to build weapons of war. In another example, a company actually hid a $1,000 prize in its terms of service. That said, more often than not, the clauses buried in a terms of service agreement are no laughing matter and directly affect our privacy.
What parts of a terms of service agreement might contain clauses that put your identity at risk?
Terms of service agreements determine how a company handles users’ information and what protections users are granted under the law. The terms of these documents should factor into your decision about joining new services, as services with unfavorable terms could be more likely to compromise your privacy or sell your information. Before you click “agree,” make sure you look for these important sections, clauses and keywords:
1. Privacy and data
Many terms of service agreements contain either sections devoted to privacy and data, or will reference secondary documents (like a notice of privacy policies) that detail these issues. The reason this section is important is because the world is becoming predominately digital,which means your relationship with companies could extend beyond your lifetime — companies could retain your data on their servers long after you’ve left their service or died. Furthermore, the expansion of the Internet of things means that your data can be shared or collected by dozens of parties unaffiliated with the service you’re using. As such, you’ll first want to know specifically what protections any terms of service agreement affords your data (like during a security breach or law enforcement requests). You’ll also want to know what parties can access your data and for what purpose, as well as the duration of time that your data will remain on a company’s servers. Ideally, you should look for a guarantee that your data will be deleted if you stop using the service. Though, realistically, given the nature of backups and data retrieval, you might not obtain such a forthright promise from every company. Finally, you should look to see if the company encrypts any of the information you provide them with, because encrypted data, even if stolen, is hard for thieves to read and put to use.
2. Cancellation policies
We are now living in a service-based economy and as such, many companies are storing names, addresses, credit cards and other identifying information on their systems indefinitely. This storing of data allows them to continually renew your service or advertise to you. While it may seem convenient if you ever choose to return to a service, the trade-off is you’re potentially putting your identity at risk. That’s why it’s important for you to know what the terms for cancellation are as well as what you’re entitled to upon unsubscribing (e.g., refunds, deletion of data, etc.). Some services make you jump through hoops to cancel, using either odd customer service hours or hidden cancellation options to frustrate you, which means you might want to include the difficulty of cancellation into your decision to use a service, while others may make cancellation easy, but it means they get to keep all your data. It’s in your best interest to know what you’re signing on to before you sign up for or use the service.
3. Rights and liabilities
You should consider if a terms of service allows a company to claim ownership over anything you produce while using its services. This might include materials that can be linked to your identity, like photos or written content. Without ownership over your content, you have limited recourse for mitigating privacy invasions and potential instances of identity theft. Second, you should know your rights in case the service provider does something wrong. You might be surprised to find some companies waive users’ right to sue through “forced arbitration clauses.” Instead, they have to settle with a private arbiter outside of court, and worse yet, arbitration for certain issues could also be prohibited. As such, it’s wise for you to know exactly what a company’s terms of service agreement does and does not permit you to do.
4. Revisions to the terms of service
Sometimes companies will reserve the right to change any content in a terms of service agreement at will, which can make a service less private and secure without users’ direct consent or knowledge. Should you find such a clause, you’ll want to check if the company is obligated to notify you whenever the terms change to detail which parts of its terms have changed. You’ll also want to see if future changes are retroactive, meaning that you’ve opted into them by virtue of signing up for the service. It should be noted that some companies will allow you to opt out of a service after notifying you of terms of service changes, while other companies may not even notify you of the changes.
Where can you find help understanding a terms of service agreement?
Unfortunately, knowing what words or clauses to look for in a terms of service agreement can only go so far, given how big and complex these documents are. To shed some light on these agreements, users who were frustrated with the length and legalese of terms of service agreements have invented programs like EULAlyzer and websites like Terms of Service; Didn’t Read to help others out. Both of these examples draw your attention to key parts of a terms of service so you can more easily follow along and evaluate.
Diligently examining terms of service agreements can be difficult and take a long time, but it’s worth it to protect your identity. Keep reading our privacy blog to learn more ways you can secure your information from identity theft in the era of the Internet of things.