Re: Security/Privacy Awareness click through

[Ruth Ginzberg <rginzberg () UWSA EDU>]

On the other hand, the 7th Circuit Court explicitly ruled that click-through agreements and the like are enforceable.

http://caselaw.findlaw.com/us-7th-circuit/1405266.html



Ruth Ginzberg, CISSP, CTPS 

Sr. I.T. Procurement Specialist 
University of Wisconsin System 

rginzberg () uwsa edu 
608-890-3961 


----- Original Message -----
From: "Tracy Mitrano" <tbm3 () CORNELL EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Tuesday, March 12, 2013 7:45:09 AM
Subject: Re: [SECURITY] Security/Privacy Awareness click through

I second this motion of Harry's and want to add a twist.  

I await the day that click throughs are found by courts to be contracts of adhesion.  
adhesion contract (contract of adhesion) n. a contract (often a signed form) so imbalanced in favor of one party over 
the other that there is a strong implication it was not freely bargained. Example: a rich landlord dealing with a poor 
tenant who has no choice and must accept all terms of a lease, no matter how restrictive or burdensome, since the 
tenant cannot afford to move. An adhesion contract can give the little guy the opportunity to claim in court that the 
contract with the big shot is invalid. This doctrine should be used and applied more often, but the same big guy-little 
guy inequity may apply in the ability to afford a trial or find and pay a resourceful lawyer. (See: contract)

We have made a point at Cornell of not "contracting" with any constituency, including students, to abide by policy. The 
superficial reason is that the very notion goes against the principles of a contract, two independent parties agreeing 
to consideration.  The more important reason goes directly to the our sense of purpose.   As a not-for-profit 
educational institution with a long and proud history (not just Cornell, but of all higher education), we are a unique 
community into which we have invited students to participate in our missions.  Policy rises above the floor of law, and 
supplies students with not only rules but a distinct sense of that community, one grounded in academic integrity most 
importantly.  If students want to be a part of our community, and have met the requisite standards to join, we embrace 
them with the expectation that they accept those rules while among us.  To contract out those rules would be, in my 
view, lowering ourselves to the operations of the marketplace instead of celebrating higher educations' unique 
qualities.

Wow, and I have not even had a second cup of coffee yet this morning :-)

Tracy


On Mar 12, 2013, at 7:48 AM, Harry Hoffman wrote:

> Right, I think (or thought) that's the point I was trying to make.
>
> Those click-throughs are in place as a policy reminder/enforcement vehicle.
>
> Internal, private organization policies are very different then legal,
> binding contracts.
>
> Cheers,
> Harry
>
> On 03/11/2013 11:32 PM, Valdis Kletnieks wrote:
> > On Mon, 11 Mar 2013 17:26:27 -0400, Harry Hoffman said:
> > > The obvious, IANAL statement first.
> > >
> > > Can you really hold your users "legally" liable for activity under their
> > > name/identity?
> >
> > Actually, those login disclaimers don't do what you think they do. :)
> >
> > In general, you're not going to enforce the full extent of the law on
> > "innocent miscreants" - you're going to give them a warning and remind
> > them what the AUP says and tell them you don't want to see them in your
> > office ever again.  Because everybody *knows* that nobody ever reads the
> > "You agree to the EULA/APU to continue", they just click through to get their
> > goal accomplished.  So unless you add a "enter the animal name from line 4
> > and the arithmetic sum from line 6" question, they won't read it.
> >
> > (The only case law I'm familiar with in that area is all stuff you
> > really *don't* want to attach yourself to - it may win a legal battle
> > but you'll lose the PR war.  See the Aaron Swartz and Lori Drew debacles
> > for examples why).
> >
> > If they're bound and determined to do something egregious and nefarious,
> > they're going to do it anyhow.  And if they're one of your users, they'll
> > claim they didn't actually read what it said.
> >
> > What it *does* do is protect you from the indignant tenured professor who is
> > *very* upset that you were snooping through his activity without permission
> > while you were trying to find somebody *else*.