What are online contracts, and why are they a threat?
You've probably encountered this situation before. You go to sign up for an account on a new website or app, and after you enter in all your information, you're prompted to check a box or click a button that says "I agree to the Terms of Service" or "I agree to the Privacy Policy". When you do this, you are signing an online contract. But does anyone ever actually read those? The answer is, largely, no.
A 2020 study run by two communications professors at York University and the University of Connecticut found that over 90% of the 543 participants agreed to the experimental website terms of service and privacy policy, which stated that it would share all your information with the NSA and that users must give their first-born child as payment. Most of us would probably do the same. This was a fake website and fake contracts, but it showed that most just click through, and at best skim through online contracts. However, this opens people up to agreeing to some very sketchy things. A quick look through the frontpage of the website ToS;DR shows that most online services you might be familiar with have terrible "privacy grades". Click on the link and search up a website or service you use a lot - are you surprised by what was hidden in their Terms of Service or Privacy Policy contract? Would you have agreed if you knew about it?
What needs to change?
It's tempting to think that it's your own fault if you don't like the contents of an online contract that you signed, even if you didn't read it. It was your responsibilility to read it and know what information you're giving away or giving the service access to, right? Well, not really. Terms of service and privacy policy documents are deliberately made complicated and confusing so that companies can hide suspicious policies that users wouldn't agree to otherwise. The control is very much on the company's side: users must agree to the terms in the contracts, there are virtually no opportunities to negotiate, and terms can be changed whenever the company decides. It's no wonder that people just click "agree" without reading or understanding the contracts. Clearly, change needs to start at the source: with the contracts themselves.
Online contracts are filled with dense legalese and small font that takes a while to scroll through, not just read. Apple's iTunes user agreement contains 20,000 words and Facebook's Terms and Conditions contains over 15,000. But companies with short contracts, such as Google's less than 5,000 word Terms of Service and Privacy Policy agreements, use vague language to collect as much data as possible. The solution to these problems? Plain language. Basically, a contract should be written easy-to-understand terms. In the business world, plain-language contracts are much friendlier to customers and save time and money for many organizations. In the online world, plain language contracts would be far fairer to users. Terms of service and privacy policy agreements would be less impenetrable and people would better understand the risks. A change to plain language would also shine a spotlight on unscrupulous data collection and dishonest privacy practices, since many companies rely on confusing contracts to cover these up. Over time, a shift to plain language contracts would likely lead to a better online world and decrease the cyber threat of online contracts.
What can I do?
Right now, it seems like the status quo of deliberately complex, confusing, and even predatory online contracts will continue. So what can you, an individual, do to protect yourself from this cyber threat? Here's a few tips.
1) Use an online contract summary tool or website. These condense a service's terms and conditions, privacy policy, or user agreement into the main points which will help you more than reading through the contents of the entire contract. Along with the previously mentioned ToS;DR, there's also TOSBack and Clickwrapped.
2) Use ctrl+F or the equivalent. If you can't find a contract summary of the website or service you want to use, you can simply use the ctrl+F keyboard shortcut and search for keywords throughout the contract. Search for words like "data", "ad information", "browser history" or "browser activity", and similar words to see what the policy is regarding those topics.
3) Spread awareness and advocate! Change is slow-going, but there's a lot you can do. Tell other people about this cyber threat and advocate for plain language and transparency in online contracts. The more people that are aware, the more people will have the tools to protect themselves. To take action and get inspiration, check out the EFF Action Center.
What career relates to this cyber threat?
When it comes to working against the cyber threat of online contracts and advocating for transparency and change, there is no specific career in this area. According to Cyber.org, the closest career might be Knowledge Manager since a common job duty is to have "knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy". An example of someone who works in this space is Madeline O'Leary, a software developer at ToS;DR who also has a background in journalism. Her experience with journalism and software development helps her work against this cyber threat just as much as someone who specializes in contract law would be able to. There are really no restrictions on what job you need to have to be involved and work against this threat.