The average consumer does not read the terms and conditions agreements that accompany the services they use, but a recent study by two University faculty members and one post-doctorate student suggests that perhaps they should.

The study, “Information Privacy and Data Control in Cloud Computing,” was conducted to look into privacy concerns for consumers who use the cloud, a computing system used by a majority of Internet sites.

“Everybody uses the cloud. It is simply remote storage,” said Jay Kesan, professor of law and co-author of the study. “Facebook is in the cloud, and all your webmail and Gmail. The cloud is simply saying that you are using resources that are remote from you.”

Masooda Bashir, assistant professor of Library and Information Sciences and a co-author of the study, said even though the University, the government and individuals use cloud computing for various reasons, several privacy concerns and questions have not yet been addressed.

“It is the forefront of the type of computing that is used now, and the projection is that it will be used for 70 to 90 percent of computing that we do in the next five to 10 years,” she said. “At this point, I feel like people are using these services without really understanding the platforms, the technology (and) what the risks might be regarding their privacy rights,” Bashir said.

Brian Mertz, a CITES spokesman, said end-user license agreements, also called terms and conditions, may be written so densely to allow companies to get away with more because they know users won’t read it or because we live in a “lawsuit-happy world,” and the companies are simply trying to cover their bases.

He said consumers are conditioned to hit “agree” whenever a message pops up on their electronic devices.

But this is not a defense in court, Mertz said. If a problem arises from an end-user license agreement, a consumer cannot say to a judge, “I did not read it.” Once they hit “agree,” they are bound by the terms presented in the agreement, he said.

Companies keep terms and conditions agreements very vague and broad to avoid potential liabilities, leaving the consumer with more restrictive and unclear policies, Bashir said. 

Kesan cited the story of a teenage girl. Based on the items she was buying online and the websites she was visiting, Target knew she was pregnant before her parents did. Mertz added that this is not uncommon because companies can figure what stage of her pregnancy a woman is in based on what she has been buying, and they can advertise certain products that correlate with her current week.  

Bashir said she thinks the best way to move forward is to research more about the subject and to raise public awareness about the way that cloud computing technologies actually work. She said another important factor is accessing people’s knowledge, which led to another research project that she and Kesan are currently working on.

“It would be nice if we had a plethora of services so people could choose between providers and make meaningful choices between providers who are more protective of privacy and maybe some others who are not,” Kesan said.

He said perhaps if people had a better understanding of the online environment, they might make different choices and agree to pay some amount for the services that they use.

“Privacy in the digital age is an important research question and factor for us all to consider because of all of the digital information we are all sharing and using on a day-to-day basis,” Bashir said.

Bashir is teaching a class on digital privacy to help raise awareness about the problem but also to unite students from both technical and non-technical sides. There are more research questions than answers right now, she said in an email, but she hopes that through education and research, “We can address some of these questions going forward.”

Claire can be reached at [email protected].