Handbook Revolutionary

Slashdot recently published a story about the difficulty involved in reading privacy policies. They claim that some policies require a PhD to read, and they’re absolutely right. I recently did an analysis of Google’s privacy policy, which was an all-day project for somebody who knows the law fairly well. In fact, a recent lawsuit against Facebook criticizes them for having a confusing privacy policy, saying that a user would have to read 27,000 words just to understand their advertising program.

Why do companies like Facebook and Google make their privacy policies so hard to understand? For one, these policies are written by lawyers. By nature, they will be more difficult to understand than most other parts of the site but it doesn’t have to be that way. By writing excess amounts of disclaimers and vague definitions, they can be sure that they’ve covered all of their basis and that they are immune to legal attack. Or, at least that’s the impression they get. The recent lawsuit against Facebook shows that by having a confusing privacy policy, they are opening themselves to attack on the mere basis that it is confusing and also because it is hard to be diligent about privacy with such large policies.

It is hard to follow through with privacy policies. As a webmaster of Colorado Indymedia, I have to remember to delete logs regularly and retain user data no more than a certain amount of days. For a company with multiple people or hundreds of people who touch user information, they must all be taught about the privacy policy and somebody has to make sure that they are following through with it. From a logistical perspective, privacy policies are difficult to implement, especially if they require a PhD to understand.

The main reason that these privacy policies are so long and difficult to understand is to stop the average user from understanding and asserting their privacy rights. For instance, Google is a member of the Safe Harbor Program. Under this program, Google must delete your personal information at your request. If everybody knew this, Google would start getting a lot more requests to delete personal information from their databases. In order to find out that Google is a participant in the Safe Harbor Program, you would have to read their full privacy policy, click on the link for the program, and then read the specifications which are longer than Google’s original privacy policy. Buried deep within those specifications is the part that tells you your rights as a user.

It used to be that nobody cared about privacy policies but as they continue to be tested in court and users gain a better understanding of the importance of their privacy, these policies continue to make headlines. When consumers take notice of something, so do entrepreneurs. Recently, a search engine started by ex-googlers called Cuil opened its doors and started things off right with a great privacy policy.

Cuil’s privacy policy is simple, informative, and human-readable. It starts off by saying why they have a privacy policy and then issuing this beautful statement that sums up their privacy practices, “when you search with Cuil, we do not collect any personally identifiable information, period. We have no idea who sends queries: not by name, not by IP address, and not by cookies“. They even bolded it for extra emphasis. It’s made clear to the user that this statement is all they need to take away from the policy, but for those who want to dig a little deeper, they section out the policy into bolded headlines by topic such as logs, cookies, and support requests. At the end of the policy, they provide the user contact information should they have any questions about the policy. All of this information is provided to the user in under a page, as opposed to Facebook’s policy which takes up an amazing seven pages.

How should a webmaster go about making a good privacy policy? The privacy policy should have the goals of being simple, informative, and human-readable while covering all aspects of the site’s privacy policy. Here is a sample privacy policy for Colorado Indymedia. It starts out by saying why privacy is important and why the user should read the privacy policy.

At Colorado Indymedia, we understand that independent journalists and
whistle blowers are often subject to harassment or threats to their
safety. We also understand that average, everyday citizens who are
trying to “be the media” may not want their personal information spread
across the web, especially in the face of large data mining operations
where a users identity is sold to advertisers.

After that, it provides a basic overview of how the user’s information is handled:
In order to create a safe space for people to be the media, we are very
careful to not store your personal information, only doing so when you
have explicitly given it to us or given us permission to do so.

The policy then specifically states what information is collects, what it does with it, where it goes, and how long it is kept.
1. We do not log IP addresses, user agents, or other personally
identifiable information. We store your username, email address, and
any other information provided during registration however we only store
that information which you have explicitly given us.

5. Any updates made to this policy will be published to the main page of
the site and posted to the “all” list.

This final section of the privacy policy is important, because it should be included in all privacy policies.

Unfortunately, Colorado Indymedia and the web team can’t protect your
anonymity and privacy from all avenues of attack. Your connections are
logged by your place of work, school, internet service provider, and
various government agencies. Furthermore, our servers are not protected by armed guards or state of the art firewalls, so our server settings could theoretically be modified by an adversary. If this is of concern to you, you need to take charge and use a program such as Tor to protect your identity.