I'm not a lawyer, so I have no opinion about what's binding and what isn't, but I'll add this data point in case it's important:
A web server has a lot of opportunity to make decisions before it sends anything back to you at all - even just acknowledging that a request was made - and the HTTP protocol already provides a way for it to say that it doesn't agree to a request.
When your browser asks for a page, it sends technical information about what kinds of response it can accept back. Compression, character sets, image formats, stuff like that.
Your browser could also send a header that says, "By providing the contents of this URL, you agree to be bound by my terms, which can be found at http://myterms.info/standard_terms_1_0.txt".
The existing server frameworks already provide ways for the site to look at the these headers, and this one of the ways that they do things like supporting browser-specific features or redirecting you to a mobile version of the site.
If the server doesn't agree, it sends back HTTP 401 ("Unauthorized") and you don't get your web page. It's not subtle.
P3P and Do Not Track tried to "solve the problem" by providing fine grained, machine-readable terms that would be negotiated in real time. That requires a lot of technical agreement between the browser makers and the sites, which requires a lot of people with differing interests to agree to a lot of things up front.
In the spirit of Chris' original suggestion, I propose to ignore machine readable terms entirely and just stick a plain language web page in a well-known place.
If what you want to accomplish is to provide motivated users with a way to specify terms that a server can accept or reject, then this is possible with the things we have today. That word "motivated" is important, though, because it will require a plugin. This isn't something that you can deploy without active user involvement, and it won't scale for the same reasons that Do Not Track didn't (as Doc said, DNT was built on this same HTTP header idea). It could be fun as a bit of agitprop, though.
All that said, you could provide motivated users with a way to say what they expect. Sites can answer or ignore as they see fit. After that, it's up to the lawyers.
Steve
On 1/14/2013 10:16 PM, Savage, Christopher wrote:
I was pretty tied up on my day job today but I wanted to follow up on somebody’s comment that just sending some “here are my own T&C, that you agree to by sending me your website files” bits to an enterprise’s servers might not be enough to trigger a contractual obligation on the part of the enterprise.
Ideally to deal with that, we could also generate server code that would create the option for the website to respond in some way. Revealing my technical ignorance, I have no idea what portion of servers run open source software, but assuming the number is nontrivial, we could/should write server-side code to go along with the individual-side bits.
While a particular enterprise may not chose to run that server-side code, if it existed and was out there, freely available, their failure to run it could be argued as an affirmative decision to ignore the individual’s (software-based) communication to the enterprise. That would be another piece of evidence in favor of the individual in the test lawsuits that would ensue…
Thanks,
Chris S.
From: Larry Smith [ " target="_blank">mailto: ]
Sent: Monday, January 14, 2013 6:33 PM
To: ProjectVRM list
Subject: Re: [projectvrm] Battle of the Online Forms
A couple thoughts:
1/ Create a registry where unacceptable T&C could be logged. Link it to a browser plug-in similar to WOT --web of trust https://addons.mozilla.org/en-us/firefox/addon/wot-safe-browsing-tool/?src="cb-dl-mostpopular
2/ Create new or modify existing certificate grantors with color coded icons signaling good/green, fair/yellow, bad/red icons. Create a browser plug-in that alerts you to fair/bad sites. Connect it to the Mozilla initiative: https://wiki.mozilla.org/Privacy_Icons
3/ Convince a recognized sovereign nation to legislate certain data collection rules and run traffic through proxy servers located there. This is somewhat similar to how Ireland is driving the privacy regulations in the EU -- mostly because Facebook is located there.
Larry
On Jan 14, 2013, at 4:00 AM, John Harrison | PIB-d wrote:
I like Chris’s idea about reversing the burden of contract acceptance. But is there not a one-to-many / one-to-one problem here ? Given that a corporation deals with thousands of individuals, it is simply impractical for it to negotiate different terms in each case: the logic of numbers forces it to define standard terms and conditions, which are then imposed on customers. The remedy is for the customers to club together into a group large enough to require / expect bespoke contracts from a corporation. Which takes us back to consumer rights / advocacy groups (such as the Consumers’ Association / “Which” here in the UK) and recent experiments in collaborative purchasing.
As so often, it all comes back to the values of the people who design the underlying infrastructure. John Naughton maintains - in ‘A brief history of the future’ - that the internet and the web succeeded because the academics who designed them believed that openness / distribution / account portability and the like were all important. What we need is infrastructure that permits and supports collaborative purchasing, working on the side of the consumer. But I preach to the converted . . . . . for which apologies.
Regards,
John
_______________________________________________
John Harrison – www.pib-d.net – mobile 07801 231 693
From: Savage, Christopher ]" target="_blank">[mailto: ]
Sent: 14 January 2013 02:20
To: John S James; ProjectVRM list
Subject: RE: Battle of the Online Forms [Was: [projectvrm] Mobile SSL holes]
From: " target="_blank"> ]" target="_blank"> [mailto: ] On Behalf Of John S James
Sent: Sunday, January 13, 2013 8:05 PM
To: ProjectVRM list; Savage, Christopher
Subject: Re: Battle of the Online Forms [Was: [projectvrm] Mobile SSL holes]
>>We need new ideas and new thinking, and Christopher's proposal is a good example.<<
>>It won't work as stated, because corporations run the government and basically everything, so in the end the law means whatever they want it to mean. We do have a serious problem here.<<
I wouldn’t assume we lose. Motivated people have used pre-planned litigation to achieve social ends for decades. Sometimes you lose, but the cause becomes sufficiently well known by virtue of the lawsuit that if political stars align you can get something done anyway (e.g., the so-called Lily Ledbetter Act regarding the time you are allowed to sue for discrimination). Sometimes you surprise the heck out of yourself and win (e.g., Brown v. Board of Education). And sometimes you lose first, then you win (e.g., Bowers v. Hardwick (1986) saying that states could criminalize private homosexual conduct, followed by Lawrence v. Texas (2003) saying they can’t).
Corporations are powerful but not omnipotent. Any other view is simply a counsel of despair.
Chris S.
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2013.0.2890 / Virus Database: 2638/6030 - Release Date: 01/13/13
--
John S. James
www.aidsnews.org
www.RepliCounts.org
Archive powered by MHonArc 2.6.19.