The devil is in the detail
Would you sell your soul in exchange for free Wi Fi? If you didn't read the small print, maybe you already have.
A recent experiment by the UK's Cyber Security Research Institute had some eye-opening results. For a cost of about £200 they set up a portable WiFi hotspot in a business district of London and watched as people passing through connected to it. Over a period of 30 minutes, 250 devices connected to the hotspot, but most of those were as a result of people's phones and tablets hunting out wifi stations and logging in automatically.
During the experiment, a total of 33 people used the hotspot to carry out things like web searches, and sending and receiving email. The researchers found that the people using the hotspot for email were not making use of encryption, and not only could the content of their emails be read by the research team, but so too could their email login username and password details.
In another run of the experiment, the team introduced a Terms and Conditions (T&C) page, which people had to agree to before using the service. These terms included a Herod clause, where people had to agree to give up their first born child or, failing that, favourite pet, in return for using the free WiFi. Six people agreed to that.
This experiment does not show that people would be willing to sell their soul to the devil, only that people are bad at reading the long-winded legalese that goes into T&C documents, and the devil is in the detail. Unfortunately, opaque T&Cs seem to become ever more common, especially via websites where people are increasingly asked to say they have read and agreed with something written in dense type and even denser language. For instance, the O2 wifi T&C, which is one of the shorter ones I've seen, runs to about 5,000 words, (not including links to other important documents), covers all sorts of reasonable stuff such as how you cannot use it for spamming etc, and then buried in the middle is:
"You also agree to information about you and your use of the Service including, but not limited to, how you conduct your account being used, analysed and assessed by us and the other parties identified in the paragraph above and selected third parties for marketing purposes including, amongst other things, to identify and offer you by phone, post, our mobile network, your mobile phone, email, text (SMS), media messaging, automated dialling equipment or other means, any further products, services and offers which we think might interest you. If you do not wish your details to be used for marketing purposes, please write to The Data Controller, Telefónica UK Limited, 260 Bath Road, Slough, SL1 4DX stating your full name, address, account number and mobile phone number."
Did you spot that, for instance, you have agreed to them advertising basically anything they want to you using automated diallers? I have yet to meet anyone who appreciates having their dinner interrupted by a telephone call so that a recorded voice can tell them about the great deal they can get on double glazing, but the legalese seemingly gives O2 that option.
These T&C documents are in a language written by lawyers, for lawyers. How can the man in the street without a law degree give informed consent when the T&C is written in this jumble of language? It is wholly one-sided in favour of the service provider. It isn't there to strike a fair balance, but to intimidate people. To add insult to injury, it is perfectly fine for you to be opted in online, but if you want to opt out they create another obstacle by requiring you to revert to pen and paper,.... and this from a telecomms company.
O2 is by no means alone in having a tortuous T&C and by no means the worst offender. This approach is all too common in all business spheres. The bank loves to send me T&Cs in the form of a 16 page booklet of small print, with the cover letter saying I should read it carefully as it contains important information about my account. If you try to hire a Boris Bike in London, you are asked to agree to a document which is 17 pages of A4 smallprint long. Have you tried reading 17 pages of smallprint on a smart phone? Even iTunes has a monster T&C which includes this sinister sentence:
"The Organizer may remove any Family member from the Family, which will terminate that Family member's ability to initiate authorized purchases on the Organizer's payment method, and that Family Member’s ability to view and share other Family members' products and information."
Thankfully, it says nothing about removing the family's cats, dogs or hamsters.
22nd October 2014
This article comes from the SKILLZONE email newsletter, published monthly since January 2008, and covering topics related to technology and the internet. All articles and artwork in the SKILLZONE newsletter are orignal content.