Re: [projectvrm] Battle of the Online Forms

[Doc Searls < >]

I'd like to go back to what Chris proposed early on, and develop something that can be easily implemented, straightforward and executed in the short term. 

Here's what Chris said...

5/            Start with the reality that we do not “visit” websites; websites “visit” us.  That is, when someone enters “www.example.com” into their browser, they don’t “go” to that web site; they send out a request that the server associated with that URL send a copy of the files representing the website to the individual’s computer.  (Yes, this is obvious to everyone on this list, but common language surrounding the process is different, and not our friend.)

This is critical, and a point that Don Marti has been making for a long time. 

6/            The legal hack I have in mind is to turn the presently not-particularly-conditional “send me a copy of those files” into something more like the “Apples – 25 cents each” sign.

 

7/            I propose that we (the technical gurus of the VRM community) write an add-on to a browser such that the “send me copies of the files” message also contains a message that boils down to, “…but by doing so you, the vendor whose website I am asking for a copy of, agree to the terms and conditions stated at [IP address or URL here]”

It doesn't matter that the site-owner does not actually agree to this, any more than it doesn't matter that we don't actually agree with what we don't read when we use a site's service.

 8/            I don’t know squat about the actual technical specifications of the message that my browser sends to a server that tells the server to send me a copy of the web site I am trying to look at.  I throw myself on the mercy of the technical gurus here and to whom the VRM community has access as to how to embed that message.

Do Not Track does it with an HTTP header. Whether or not we use that method matters less than the fact that it can be done. So let's do it.

  But what I am looking for is some individual equivalent to “click here for terms of service.”  I want to legally convert the unconditional command to “send me copies of the files that make up your web site” into an offer: “by sending me copies of the files at your URL, you agree to my terms and conditions, as stated at MY URL.” 

Does it have to be a URL? That's what I think too, but I lack the knowledge or imagination to cast about for a wider range of options here. The more technical among us should weigh in.

The technical challenge is to deliver that message in some way that at least in principle, if the vendor were paying attention, it could indeed check out what is stated at the URL that contains the individual-friendly terms and conditions.

My own public noodlings on this are here:

<http://blogs.law.harvard.edu/vrm/2012/09/04/lets-turn-do-not-track-into-a-dialog/>

<http://blogs.law.harvard.edu/vrm/2012/02/23/how-about-using-the-no-track-button-we-already-have/>

The latter has this potential dialog between browser and site, from a whiteboard at MIT:

This isn't what Chris proposes, but it does vet some personal policy choices, and might help frame discussion of the below...

 9/            “My URL” in the above would be something that we (VRM community) would develop.  We would of course have a field day with the individual-friendly terms and conditions:

 

a/            No arbitration of disputes; all disputes to be resolved in the small claims court physically nearest to me; Vendor consents to the jurisdiction of such court;  Vendor must be represented by private counsel in any dispute. 

b/           I do not consent to any use of any information you or your agents, vendors, partners, or advertisers may learn about me by virtue of you agreeing to send me a copy of your website files, including even the fact that I made such a request.  If you make any such use of my information you must (i) send me notification that you have done so, describing what use you have made and (ii) pay me a Personal Information Usage Fee of $100 per use, payable at my option in cash or in the form of discounts off your otherwise best available price for purchases I make on your website.

c/            Placing a cookie on my computer is not permitted; if you place a cookie on my computer you agree to disk space rental at the rate of $50 per week, which may be paid in the form of discounts off your otherwise best available price for any purchases I make on your website.

Later Chris wrote,

My idea is not that there actually would be truly individualized negotiations between individuals and enterprises, leading to a myriad of separate contracts.  My idea is that some organization would develop (say) two or at most three standard individual-friendly contracts (cf. Creative Commons).  People would pay $10 (or £10, over there) to sign up.  You would get the “tell the enterprises that all downloads from their server are conditional on acceptance of your terms” add-on.  The organization would then have a group of potential parties to legal disputes with enterprises that violate the individual terms that the enterprises agreed to by downloading their files to the individual’s computer.

The first time this kind of thing came up was when Tom Stites proposed a "reverse cookie" to this list back in '07 or so. It's come up a number of times since, in various forms. This time let's pick up the ball and run with it. Let's name this project and get to work on it.

Doc

On Jan 14, 2013, at 6:48 AM, Mark Lizar < "> > wrote:

Hi Chris, 

Comments inline, 

On 14 Jan 2013, at 14:26, "Savage, Christopher" < "> > wrote:

 

From: Mark Lizar [mailto:info@smartspecies.com] 
Sent: Monday, January 14, 2013 8:44 AM
To: Savage, Christopher
Cc: John Harrison | PIB-d; 'ProjectVRM list'
Subject: Re: [projectvrm] RE: Battle of the Online Forms

 

Hi All, 

 

>>We have set up a work group called Open Notice which focuses on this particular problem which we presented at the recent W3C - Do Not Track and beyond conference. <<

 

>>The Open Notice effort was a call to participation last year for companies and organisations that are working in solving this problem now and we now have a sizable list of companies and academics that have joined and we are working to launch the website, provide a newsletter, and create a survey for ways in which we can collaborate to address these types of problems. <<

 

>>Open Notice specifically refers to the principle of openness and notice refers to TOSA, Privacy Policies and the like, which are required to be as open as possible so that standard approaches to policy transparency and negotiating terms can be developed.  Calling for basic standards so that companies working to address these problems can work together to help develop this ecosystem. <<

 

I will read the paper.  Note however that my proposal is a bit different than the standard Internet model of collaboration.  Cynical lawyer that I am, I assess likely actions in terms of the players’ interests.  Right now large commercial organizations, as a general matter, will not see allowing flexibility in terms of service, and certainly not substantive modifications to tilt rights towards individuals, as in their interest.  Hence they will participate and stall (if they think that is good PR) or simply ignore, non-binding collaborative efforts to cut back on the rights/powers/etc. they now believe they enjoy under the current regime.

Well, this is definitely an issue that we think about a lot. Companies like TOS:DR and Privacy Choice crowd source transparency etc.  but this just helps doesnt address this issue. 

Newly Proposed EU laws and FTC actions and the like are the big stick that will drive change, although, the critical point to be focused on in my opinion is the consent transaction.  

If these terms and policies were in a standard location, with a standard format, we could use them in an aggregated fashion to systematically find the terms we want to negotiate, or to automatically provide our own standard terms etc. 

Customer Commons is working on these types of functionalities.    Much to be said, more than I can at the moment. 

 

Imagine the scene: XYZ Megacorp’s CMO is sitting down with their General Counsel.  The question is, “Should we make our terms of service more friendly towards our customers?”  

 

The GC will say, “Why would you want to give up the rights that you now have in your TOS?” 

 

The CMO says, “People don’t like our current oppressive TOS.” 

 

“Are ours more oppressive than anyone else’s?  Are we actually losing sales because of them?” 

 

“Well, no, but they do look bad.” 

 

“Well,” says the GC, “I’m not going to approve giving up rights that may be really valuable in case of some dispute or some screwed up situation for PR.  If we have some situation where it looks bad to insist on something in our standard TOS, we can waive it and look like good guys.  But why waive it in advance.”

 

“I guess you’re right,” says the CMO, feeling slightly deflated…

 

So I’m actually proposing some legal “guerilla warfare” – things that might be useful to move the ecosystem in the right direction, or at least start to, whether large enterprises are inclined to collaborate or not.

I like this direction, I have taken this approach for awhile, in some ways its effective in many its futile.  I have for a while worked on a way to asses the legal compliance of terms of services and the like. The truth is that these are no longer fit for purpose and legal compliance is questionable at best.  Many times a company and a customer are in different jurisdictions, as well, most often there are many TOS, EULA, Privacy Policies  that are relevant for each online transaction. E.g.Browser, Computer OS, Org, Third Parties all have relevant terms and polices for each transaction.  

More to come on this topic.  (have to run )

Mark

 

 

Chris S.