• SALES EXECUTIVE
• Project Manager - Telco
• Chief Information Officer
• MANAGER STRATEGIC INDUSTRY...
• ANALYST PROGRAMMER, WEB...

End-User Licence Agreements and informed consent - an ethical matter?

Catherine Flick, Information Age

12/04/2006 12:32:30

Most modern software programs come with some sort of End-User Licence Agreement (EULA), which usually presents itself on installation in a dialogue box with a small text field filled with a large slab of legal text, and options to accept or decline the agreement.

This is the generally accepted way of informing users of the agreement they are entering into and gaining their informed consent.

Informed consent The last time you installed a piece of software on your computer and reached the EULA dialogue box, you probably clicked "I accept the terms of the Licence Agreement" without even reading it, hoping that the software company would act in your best interests and not, for example, install something nasty to log your keystrokes and send them elsewhere.

Chances are, even if you did read it, you probably didn't fully comprehend it, noticing the fact that it was written in almost a completely different language aimed at lawyers and the like, and not at you. Despite this, you most likely didn't employ a solicitor to give you legal advice about the agreement you were entering into.

For the most part, your hopes that the software company has your best interests in mind are probably right. However, you most likely have been burned as a result of this blind acceptance at some point in your computing life, or have known someone else who has.

The concept of informed consent arose out of many different fields and social contexts, including law, social sciences, health professions and moral philosophy. Although it is most often talked about in terms of medical procedures and experimentation, the principles are applicable in many more situations, that is, wherever a person needs to give autonomous authorisation to something or someone, such as in the acceptance of a EULA.

Software companies believe they are informing their customers with the agreement presented on installation, but they turn a blind eye to the way this agreement is presented and written, and occasionally will use it to their advantage. The problem arises due to several factors:

1. The presentation is usually of a small dialogue box with a text field, containing anywhere from 500 to 10,000 words (or even more). For 500 words the text field may be enough to allow for easy reading of the agreement, but for 10,000 words it is entirely too cumbersome. This encourages the user to skip reading the agreement entirely. 2. The language used in the EULA is difficult to understand without legal training so any user without this training will not be able to give fully informed consent because of a lack of understanding of the language of law. Not only does this difficult language obfuscate what is being asked for, but it once again encourages users to skip reading the agreement. 3. Users are enticed into installing the software. If they have bought a piece of software off the shelf, they've paid money for it and are highly unlikely to want to send it back due to the non-acceptance of the licence agreement. Also, the presentation of the dialogue box that asks for acceptance is highly biased toward the acceptance of the agreement - nowhere does it say what rights you have if you don't accept the agreement, nor any easy-to-understand explanation of why the software cannot be installed without the user's acceptance.

From this we can see that there is definitely an issue with the acquisition of informed consent when it comes to acceptance of licence agreements. This opens the way for exploitation of the EULA by gaining a user's (uninformed) consent to engage in dubious activities while being protected by the acceptance of the agreement.

Exploitation An example of such exploitation is found in spyware and adware programs, which often take advantage of the above situation in order to distribute software which in most situations users would not want installed on their computers.

Often this is achieved by encouraging users to install something novel for free, such as a game, file sharing application or screen saver, and bundling these third-party applications along with a clause in the EULA to state that the user accepts not only the installation of the third-party program but the installation and EULAs of those programs as well.

In one such case a popular, freely downloadable file sharing application bundled five third-party applications, each with their own EULA that were implicitly accepted by accepting the EULA of the original program. The users were informed of this in a clause buried deep within the over 7000 words of the agreement. Most of these third party applications were adware programs, or programs which modified the default behaviour of the computer on which it was installed.

What made things worse was that when the original piece of software was uninstalled, the third-party bundled software remained installed, with no easy mechanism for identification or uninstallation.

If users knew that the software would install advertising material or toolbars on their Web browser, they most likely will not install it. However, due to the information being present only in the EULA, they are usually simply unaware that this is going to happen, or think that if they uninstall the original software, the bundled software will also be uninstalled.

Solution The situation outlined above is only one of many examples of cases of lack of informed consent in acceptance of EULAs that can lead to exploitation of users. A suggestion for helping users to understand software licensing is to have a labelling system similar to that for food that indicates whether, for example, third-party software is installed as a bundle, whether the software "phones home" with personal information about the user, etc.

This, however, would require a substantial amount of effort to establish because it would be necessary to set up a standard and have some regulation. This would be difficult because the Internet and its many software companies operate under different laws.

Until a wide-scale informed consent gathering mechanism can be implemented, it should be possible to make the experience of reading a EULA a little easier for users, for example by presenting it in a larger text field, forcing the user to scroll to the end before allowing them to click the "I agree" button, highlighting key phrases and generally making it easier to read. This would at least make it more likely that users gave their informed consent.

Catherine Flick is a PhD candidate at the Centre for Applied Philosophy and Public Ethics, Charles Sturt University, on an APAI scholarship as part of the ACS linkage research project on ethics in IT. She completed a BSc with Honours in Computer Science and History and Philosophy of Science at the University of Sydney.