Educause Security Discussion mailing list archives
Re: Security/Privacy Awareness click through
From: Ruth Ginzberg <rginzberg () UWSA EDU>
Date: Tue, 12 Mar 2013 09:03:10 -0500
On the other hand, the 7th Circuit Court explicitly ruled that click-through agreements and the like are enforceable. http://caselaw.findlaw.com/us-7th-circuit/1405266.html Ruth Ginzberg, CISSP, CTPS Sr. I.T. Procurement Specialist University of Wisconsin System rginzberg () uwsa edu 608-890-3961 ----- Original Message ----- From: "Tracy Mitrano" <tbm3 () CORNELL EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Sent: Tuesday, March 12, 2013 7:45:09 AM Subject: Re: [SECURITY] Security/Privacy Awareness click through I second this motion of Harry's and want to add a twist. I await the day that click throughs are found by courts to be contracts of adhesion. adhesion contract (contract of adhesion) n. a contract (often a signed form) so imbalanced in favor of one party over the other that there is a strong implication it was not freely bargained. Example: a rich landlord dealing with a poor tenant who has no choice and must accept all terms of a lease, no matter how restrictive or burdensome, since the tenant cannot afford to move. An adhesion contract can give the little guy the opportunity to claim in court that the contract with the big shot is invalid. This doctrine should be used and applied more often, but the same big guy-little guy inequity may apply in the ability to afford a trial or find and pay a resourceful lawyer. (See: contract) We have made a point at Cornell of not "contracting" with any constituency, including students, to abide by policy. The superficial reason is that the very notion goes against the principles of a contract, two independent parties agreeing to consideration. The more important reason goes directly to the our sense of purpose. As a not-for-profit educational institution with a long and proud history (not just Cornell, but of all higher education), we are a unique community into which we have invited students to participate in our missions. Policy rises above the floor of law, and supplies students with not only rules but a distinct sense of that community, one grounded in academic integrity most importantly. If students want to be a part of our community, and have met the requisite standards to join, we embrace them with the expectation that they accept those rules while among us. To contract out those rules would be, in my view, lowering ourselves to the operations of the marketplace instead of celebrating higher educations' unique qualities. Wow, and I have not even had a second cup of coffee yet this morning :-) Tracy On Mar 12, 2013, at 7:48 AM, Harry Hoffman wrote:
Right, I think (or thought) that's the point I was trying to make. Those click-throughs are in place as a policy reminder/enforcement vehicle. Internal, private organization policies are very different then legal, binding contracts. Cheers, Harry On 03/11/2013 11:32 PM, Valdis Kletnieks wrote:On Mon, 11 Mar 2013 17:26:27 -0400, Harry Hoffman said:The obvious, IANAL statement first. Can you really hold your users "legally" liable for activity under their name/identity?Actually, those login disclaimers don't do what you think they do. :) In general, you're not going to enforce the full extent of the law on "innocent miscreants" - you're going to give them a warning and remind them what the AUP says and tell them you don't want to see them in your office ever again. Because everybody *knows* that nobody ever reads the "You agree to the EULA/APU to continue", they just click through to get their goal accomplished. So unless you add a "enter the animal name from line 4 and the arithmetic sum from line 6" question, they won't read it. (The only case law I'm familiar with in that area is all stuff you really *don't* want to attach yourself to - it may win a legal battle but you'll lose the PR war. See the Aaron Swartz and Lori Drew debacles for examples why). If they're bound and determined to do something egregious and nefarious, they're going to do it anyhow. And if they're one of your users, they'll claim they didn't actually read what it said. What it *does* do is protect you from the indignant tenured professor who is *very* upset that you were snooping through his activity without permission while you were trying to find somebody *else*.
Current thread:
- Security/Privacy Awareness click through Jacobson, Dick (Mar 11)
- Re: Security/Privacy Awareness click through Harry Hoffman (Mar 11)
- Re: Security/Privacy Awareness click through Roger A Safian (Mar 11)
- Re: Security/Privacy Awareness click through Valdis Kletnieks (Mar 11)
- Re: Security/Privacy Awareness click through Harry Hoffman (Mar 12)
- Re: Security/Privacy Awareness click through Tracy Mitrano (Mar 12)
- Re: Security/Privacy Awareness click through Ruth Ginzberg (Mar 12)
- Re: Security/Privacy Awareness click through Valdis Kletnieks (Mar 12)
- Re: Security/Privacy Awareness click through Harry Hoffman (Mar 11)