Most debates–from privacy to net neutrality–about consumer protection in Internet policy come down to the following increasingly-cliched exchange:
1. Advocate of Regulation: “The government must intervene to protect users against Companies who want to [___________] by writing new laws or regulations!”
2. Regulatory Skeptic: “Why don’t we rely on the FTC’s enforcement of End User License Agreements (EULAs), privacy policies and other terms of service (TOS) under existing law? If companies spell out their policies clearly and then are required to stick to them, those policies will become part of competition: Companies will compete for consumers by offering attractive policies the same way they compete for consumers by offering attractive products & prices.”
3. Advocate of Regulation: “That doesn’t work because nobody actually reads all that legalese! They’re impossibly dense for non-lawyers, so companies always make such agreements as broad as possible to allow them to do whatever they damn well please–and bury all the really scary provisions.”
And yet… within 12 hours of releasing its new Chrome Browser, Google removed a clause from the Chrome EULA that essentially would have Given Google the right to whatever it liked with all content posted by users anywhere online using Chrome. If this incident demonstrates anything, it’s that there are significant “market forces” at work to restrain companies from writing agreements & policies that allow them to screw consumers. Indeed, it beautifully demonstrates why the Regulatory Skeptic ultimately wins this debate with one final response:
4. Regulatory Skeptic: “It doesn’t matter if 99%+ of users never read a EULA or TOS. No matter how hard companies might try to bury some ominous provision, the relatively small number of consumer protection watchdogs who do read such provisions protect everyone else by calling attention to true areas of concern. Not every blogger who complains about something he doesn’t like in a EULA is going to make Slashdot, but overall, provisions that cross a certain line will get public attention and most companies will bend over backwards to avoid bad PR. So, the market does work to protect consumers without the need for further government regulation.”
Google made the following change:
11. Content licence from you
11.1 You retain copyright and any other rights that you already hold in Content that you submit, post or display on or through the Services. By submitting, posting or displaying the content, you give Google a perpetual, irrevocable, worldwide, royalty-free and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content that you submit, post or display on or through the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
Google has explained that the company simply made a mistake by essentially copying and pasting this provision from the EULAs for other Google products:
Google’s Rebecca Ward, Senior Product Counsel for Google Chrome, now tells Ars Technica that the company tries to reuse these licenses as much as possible, “in order to keep things simple for our users.” Ward admits that sometimes “this means that the legal terms for a specific product may include terms that don’t apply well to the use of that product”
The outcry over this provision has produced 189 stories (according to my last Google News search)–and even made The Nerd York Times, a/k/a Slashdot.
Mehan Jayasuriya of PublicKnowledge (an organization best known for its multiple Emmy-winning performances in the role of “Advocate of Regulation” alluded to above) has decried Google’s over-reach and echoed the same general themes the advocates of regulation always resort to about the inadequacies of EULAs:
the Google Chrome EULA controversy is just another case of a high-profile company lazily copying and pasting together a EULA with little regard for the terms therein. And as humorous as the entire 12-hour fiasco might be, Google’s misstep reminds us yet again why it’s important for end-users to read the EULAs that come attached to software and services and why it’s doubly important for companies to run a fine-tooth comb over the language in their EULAs before releasing them into the wild. In all honesty, though, end-users shouldn’t have to dig through every EULA for fear that something like this might be buried inside. If a EULA requires that a user relinquish significant rights in order to use a piece of software or a service, that fact should be made abundantly clear to the user, through some means other than a condition buried deep inside a click-through EULA.
But this incident demonstrates why the ordinary user doesn’t “have to dig through every EULA!” As long as there are bloggers eager for a “big story,” the truth will get out, and as we’ve seen with Google Chrome, that’s generally going to be enough to cause companies to back down–not merely because they want consumers to use that particular service but because, in the case of a company like Google with a larger reputation to uphold, it’s just not worth damaging their public image.
Mehan himself applauds the blogosphere for its role in spreading the story “like wildfire” and gives Google credit for having “acted quickly to rectify the situation”–but doesn’t seem to connect the dots and recognize the broader policy implications: That this process of public pressure might not only eliminate the need for regulation, but work even work better than attempts by bureaucrats to keep pace with rapidly evolving technologies and changing expectations of privacy–especially online. Simply put, consumers always look to experts as surrogates. Thanks to the Internet, surrogate-expertise is far more effective (and rapidly so) than ever before: The blogosphere itself plays the role of collective experts & consumer protection watchdogs.
I’ll take that process–messy as it is–any day of the week over clumsy, one-size-fits-all regulation by would-be techocrats who don’t really understand technology.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.