User:Jaobar/sandbox3

Media scholar Johnathan Obar in a 2022 video entitled The Clickwrap and the Biggest Lie on the Internet, notes that users lie when they click agree without having read the Privacy policy or the Terms of Service agreement.

The biggest lie on the internet is a growing concept among media scholars that suggests when users click on digital prompts that state "I agree to the terms and conditions" when signing up for a website or accessing a digital service, they are lying due to not having engaged with the policies put forth by the platform that provides important information for users on how their data may be utilized despite providing consent.

These lies are usually presented in the form of clickwraps, that users can click on to quickly access the services that a social media platform or website offers. A clickwrap can best be understood as a digital prompt that provides users the means to quickly accept the terms of a platform’s/website’s privacy and terms of service, policies without having to read them. Agreeing to the terms and conditions through such prompts has raised several alarms amongst media scholars as clickwraps and mechanisms similar to them have been critiqued as promoting the circumvention of materials necessary for acquiring user consent, as well as directing users away from channels of dissent.

The Biggest lie on the internet is one aspect of a larger debate surrounding topics such as consent, Big data surveillance & data governance that argues for more user autonomy and control over their data.

Consent
This section will seek to highlight some of the ways that the literature surrounding the issue of the biggest lie on the internet interprets the issue of consent in the digital era. As will be made clear, there are many ways the term consent is interpreted and captured by organizations seeking to collect user data.

Informed Consent
Central to the discussions surrounding The Biggest Lie on the Internet is the topic of consent being that the “lie” is that users accept terms they do not completely understand. Consent can be provided through several means, however, it is widely accepted throughout the literature that informed consent, defined as “an autonomous authorization by a patient or subject” should be considered as the highest standard of consent. This sentiment is embodied by organizations such as the Institutional Review Boards which mandate practices of providing informed consent within the research processes as it is seen as critical for protecting participant privacy in addition to empowering researchers to conduct themselves ethically.

It should also be noted here that many legal frameworks that govern privacy in the digital space such as the FTC Fair Information Practice Principles (FIPPs), as well as The Office of the Privacy Commissioner of Canada, frame consent as a critical and fundamental element of their policies.

Informed consent can best be understood through an understanding of its three main principles

Respect for Autonomy
Perhaps the most often cited principle within the literature, respect for autonomy privileges the ability of individuals to choose for themselves while remaining free from limitations that obstruct one’s ability to choose such as coercion, external influence, or personal limiting factors. Put more simply, the first of informed consent is about providing the individual with the tools and space to govern themselves.

Benefice
Benefice centers around the guiding Hippocratic principle of “do no harm”, meaning that informed consent is grounded within a moral theory that positions the maintenance of others' well-being above all else. This is a process that involves not only avoiding evil and harm but also actively promoting the good.

Justice
Building off of the principle of benefice,  the justice principle dictates that all be treated fairly and by their legal rights (Faden et al, 1986). This principle posits that any denial of a legal entitlement, such as a piece of information can be considered an injustice and therefore morally wrong.

The Biggest Lie on The Internet suggests that mechanisms such as clickwraps or the earlier browsewrap and checkboxes that enable users to quickly access the services they are seeking, fail to obtain meaningful consent by acting against the principles of informed consent by encouraging users to circumvent materials meant to inform and empower users to have more autonomy over their personal data

Implied Consent
The clickwrap and similar mechanisms instead suggest that consent is obtained through what is known as implied consent. This version of consent can be best understood as providing consent although there is no formal acknowledgment or record of it. This practice first appeared in what is known now as the shrink-wrap agreement, where software manufacturers would attach notices within their packaging that would be referenced again upon users loading up and using the software. These licenses would state:  “Your use of the program acknowledges that you have read the license, understand it and, agree to be bound by its terms and conditions”. In this case, although there is no means to confirm that a user has interacted with the notice provided on the packaging, they have implied their consent by proceeding to use the service.

Privacy Complication in the Digital Era
The biggest lie on the internet is but one part of a much larger debate surrounding digital privacy and Big data surveillance. This section will provide examples of these fields of thought to provide more context to the complications that The biggest lie on the internet and consent materials in the form of clickwraps and long policies, pose to the public more generally.

The Consent Dilemma
The Biggest Lie on the Internet also speaks to some of the ideas brought forward by David Soslove in his discussion of the “consent dilemma’’.

The consent dilemma is a concept that suggests that mechanisms such as the previously identified notice policy, and the clickwrap are introduced to users at a point in time that is too early and/or too isolated from the consequences of data collection and distribution for them to truly understand and provide meaningful consent. Put another way, the consent dilemma involves exterior actors imposing regulations on user abilities to exercise autonomy, by forcing them to consent to data collection and processing too early before the dangers/consequences can be known which in reality only serves to limit their freedom to choose later on

Soslove’s argument here is that strategies that policymakers have deployed under the privacy self-management framework in the latter half of the 20th century and the early 21st, to provide users with rights regarding the collection, disclosure, and use of personal  information in the form of data of notice, access, and consent do little to meaningfully empower users

Soslove’s evidence in favor of his argument is that the approach of modern privacy self-management initiatives is routed in the Fair Information Practice Principles, which have not evolved since their formal introduction into the American legal framework in 1973. Solslove posits that although these principles demand transparency of data, rights of notice, prevention, and amendment in addition to recognizing the collectors' role in the responsible handling of data, they fail to account for the modern data collection methods, or specify what is collected and used. Further, it is noted that these principles are routed in more modern approaches to privacy self-management such as the FTCs attempt to bring about greater levels of transparency concerning data collection, as well as the White House’s 2012 Consumer Bill of Rights that included greater pushes for tools that enable greater levels of informed consent.

The Privacy Paradox and Digital Resignation
Another set of phenomenon discussions surrounding The Biggest Lie on the Internet engage with is the privacy paradox and digital resignation. The privacy paradox is a phenomenon that much of the literature surrounding issues such as privacy, Big Data, and surveillance in the digital era looks to in order to explain user behaviours that are not in line with their beliefs surrounding privacy.

The Privacy Paradox refers to how people often cite privacy as a major concern to them but behave in ways that do not reflect these attitudes. The privacy paradox builds off of Solove’s consent dilemma as scholars have pointed to people lacking knowledge surrounding how their personal information is collected. In addition, the privacy paradox embodies user behaviours such as what Draper and Turow identify as “engaging in a rational cost, benefit analysis, disclosing only when they conclude the rewards accrued by sharing their data outweigh the possible risks”.

In line with the privacy paradox, digital resignation, a term coined by scholars Nora Draper & Joseph Turow, explains the growing complacency with the monitoring practices that occur within modern digital spaces. This complacency is a routed feeling of powerlessness surrounding the ability of individuals to navigate, manage, and understand what happens to their data as policies change and new services emerge. This term of resignation has also been used to describe how users feel unable to avoid or push back against, violations of their privacies as once again they feel ill-equipped, and poorly educated on the inner workings of the platforms they are engaging with

The Biggest Lie on the Internet which again suggests that users do not understand the terms and conditions they are agreeing to, is emblematic of the concerns the literature surrounding digital resignation and the privacy paradox raises regarding privacy self-management, consent, and autonomy.

Measuring The Biggest Lie on the Internet
Many studies have been carried out by academics that attempt to illustrate the pervasiveness of The Biggest Lie on the Internet. These studies examine participants' engagement with consent materials such as Terms of Service Agreements, End User Licensing Agreements (EULA) as well as Privacy Policies to demonstrate whether or not these tools of notice are sufficient in obtaining informed consent.  This section will highlight two of these studies, and their findings to provide a better understanding of The Biggest Lie on the Internet.

Rainer Böme & Stephan Köpsell’s Field Experiment on Consent Dialogues
This study was conducted in 2008 and in collaboration with a free online service that enabled users to remain anonymous called AN.ON/JonDonym. The study measured 81,920 users’ responses to consent dialogues which were buttons that enabled users to accept, deny or ask for help in response to a prompt for a software update. The text on the buttons was varied and issued to users at random. One variation of the text was designed to resemble that of typical EULA language such as “I accept/decline” and another with language that indicated a degree of real choice, featuring language such as “I consent/object”.

The results of the study demonstrate several conclusions that suggest that consent dialogues do not provide tools that enable informed consent. One of the study’s findings suggested that 50% of the participants clicked “accept” within 8 seconds, which is noted by the designers of the study to be too short a time to read the notice. In addition, this study revealed that the buttons that featured language similar to that featured in typical EULAs experienced interaction 26% more often than those featuring more consent-oriented language. These findings led researchers Bome and Kopsell to conclude that over the years users have become accustomed to EULAs and have been trained to accept their prompts. The authors of this study suggest that consent dialogues decrease the probability of consent, as notices aren’t read with their warnings ignored

Jonathan Obar & Anne Oelforf-Hirsch’s NameDrop Study
This study conducted by Obar & Oelforf-Hirsch involving 543 student participants and a fictitious social networking site called NameDrop, was conducted with the intent of addressing The Biggest Lie on the Internet specifically. The study aimed to capture how much time participants spent with NameDrop’s consent materials as well as how and when users made use of the clickwrap to provide their consent to the terms and conditions. The study required participants to either accept or reject NameDrop’s policy documentation, however, both options would have enabled participants to continue onto the fictitious social media platform. It should also be noted that the researchers identify the participants of this study as communications students, whose studies revolve around topics such as privacy, surveillance, and Big data.

NameDrop’s Privacy policy was 7977 words long, which the researchers suggest would take approximately 30 minutes for those with an average adult reading speed, with NameDrop’s Terms of Service agreement measuring 4316 words, requiring approximately 16 minutes of dedicated attention. The researchers note that both documents were molded after those deployed by LinkedIn throughout the signup process. To further assess and emphasize the importance of reading through the policies, the researchers included two “gotcha” clauses with outrageous terms. The first clause suggested that the data it collected can and would be shared with several entities and that it may impact users' credit scores, university application processes, and employment opportunities amongst other areas of impact. The second clause demanded that users offer NameDrop their firstborn child as payment for accessing the services the platform provided with no exceptions

The results of this study found that of 543 participants, 74% skipped the privacy policy via the clickwrap and of the 26% of participants who interacted with the privacy policy, a medium time of 13.60 seconds spent reading was recorded. The authors break this number down further, stating that 81% of the readers spent less than one minute reading. The results measuring user interaction with NameDrop’s Terms of Service mirror these results as 86% of participants are recorded as having spent less than a minute reading the TOS agreement. Of the 543 participants 17 did not agree to NameDrop’s privacy policy, while 37 decided to decline the terms of service, meaning the acceptance rates for the Privacy Policy and Terms of Serve agreement were 97% and 93% respectively. Lastly, 98% of participants were recorded as missing the “gotcha clauses”.

The researchers also logged the participant's sentiments towards internet policy documentation citing critiques from participants that they were “too long and wordy”, and that clickwraps help get through these materials faster. This led researchers Obar and Oelforf-Hirsch to conclude that the current state of notice and choice policy is deeply flawed and that The Biggest Lie on the Internet is a tangible issue.

Similar findings

 * A 2014 assessment of 48,000 users who visited commercial websites revealed that the Terms of Service was accessed less than 0.2% of the time, with median time spend on on the policy document pages being approximately 30 seconds
 * In 2012 study assessing the effectiveness of clickwraps including over 4500 participants revealed that only 7 clicked the policy link featured within the clickwrap
 * A 2011 study measuring 120 participants' engagement with consent materials for a fake search engine saw zero participants interact with policy links

The Common Terms Project
The CommonTerms project is an initiative by a Swedish technology company called Metamatix, that has been looking to solve the problems of the biggest lie on the internet since 2010. The project advocates for more to be done to empower users to not only have more control over what happens to their personal information but also to be more active in the process of consent. This involves calling for the standardization of legal contracts, standardization of language within policies, and for more protections to be installed for users.

In a 2013 report entitled Fighting the Biggest Lie on the Internet, Metamatrix identifies what they believe to be some of the problems the biggest lie on the Internet poses. These problems include: user exploitation, user exclusion, limiting value of services, wasting time (for those who do interact with long policy documents), less competition between platforms to innovate on consent materials, and the erosion of respect for contracts

The CommonTerms project builds on approaches taken by similar initiatives such as the Creative Commons and the Data Nutrition Project that make materials and language more approachable for the typical user. The project seeks to educate users on the language used within policy documents such as Privacy Policies and Terms of Service agreements so that users have a better sense of what’s going on when they click to agree. One of the ways they have done this is through their 2010 analysis of 20 different Terms of Service documents from popular websites at the time. These analyses revealed the overlapping use of more than 450 terms that were deemed by the project as “non-accessible legal texts”. The Project also logs examples of improvements in the space such as their 2013 report's recognition of MailChimp’s efforts to simplify, and make more clear their Terms of Service and Privacy policies, and their recognition of Italian-based firm Iubenda that offers organizations the tools to create simple policy documents.

In addition to providing insight into problems and educating users, The CommonTerms Project also experiments with different ways to deliver consent materials. One example can be observed in their 2013 “Beta proposal”. This proposal features a Terms of Service agreement that summarizes a policy’s most important elements and provides links through the form of icons that feature imagery that is meant to give users an idea of what its respective policy section is about. The section headers of the proposal calls for more disclosure on information about the organization's business model, payment and subscription cancellation resources, more details into the agreements being made when clicking accept, content and copyright information, privacy and security, user restrictions, and lastly certificates and guarantees.