Abstract
We evaluate the usability of End User License Agreements (EULAs) of popular consumer programs. Results from an empirical evaluation of 50 popular programs show the lack of accessibility and readability of notices. Our data from a recent study with 64 users involved in installation tasks confirms the public perception that notice to and consent by the user is not achieved.
We are greatly indebted to Susheel Daswani for constructing the experimental framework. Part of this work is conducted jointly with Joe Konstan, Deirdre Mulligan and Becca Shortle. We also thank Chris J. Hoofnagle, Ira Rubenstein and the anonymous reviewers for their valuable feedback and suggestions. Jens Grossklags’ work is supported in part by the National Science Foundation under ITR award ANI-0331659. This work was also supported in part by TRUST (The Team for Research in Ubiquitous Secure Technology), which receives support from the National Science Foundation (NSF award number CCF-0424422) and the following organizations: AFOSR (#FA9550-06-1-0244) Cisco, British Telecom, ESCHER, HP, IBM, iCAST, Intel, Microsoft, ORNL, Pirelli, Qualcomm, Sun, Symantec, Telecom Italia and United Technologies.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-3-540-77366-5_37
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Good, N., Krekelberg, A.: Usability and privacy: A study of Kazaa P2P file-sharing. In: CHI 2003. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 137–144 (2003)
Dhamija, R., Tygar, J.D., Hearst, M.: Why Phishing Works. In: CHI 2006. Proceedings of the SIGCHI conference on Human factors in computing systems, pp. 581–590 (2006)
Bederson, B.B., Lee, B., Sherman, R.M., Herrnson, P.S., Niemi, R.G.: Electronic voting system usability issues. In: CHI 2003. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 145–152 (2003)
Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In: Proceedings of the 8th USENIX Security Symposium, pp. 169–184 (1999)
AOL and National Cyber Security Alliance: AOL/NCSA online safety study (December 2005), http://www.staysafeonline.info/pdf/safety_study_2005.pdf
Earthlink: Earthlink spy audit: Results complied from Webroot’s and Earthlink’s Spy Audit programs (2005), http://www.earthlink.net/about/press/pr_spyAuditReport/
Delio, M.: Spyware on My Machine? So What? Wired News (December 06, 2004) http://www.wired.com/news/technology/0,1282,65906,00.html
Good, N., Dhamija, R., Grossklags, J., Aronovitz, S., Thaw, D., Mulligan, D., Konstan, J.: Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware. In: SOUPS 2005. Proceedings of the Symposium On Usable Privacy and Security, Pittsburgh, PA , pp. 43–52 (July 6-8, 2005)
Slawson, W.D.: Standard Form Contracts and Democratic Control of Law Making Power. Harvard Law Review 84, 529–566 (1971)
Overly, M., Kalyvas, J.R.: Software Agreements Line by Line: A Detailed Look at Software Contracts and Licenses & How to Change Them to Fit Your Needs. Aspatore Books (2004)
Marotta-Wurgler, F.: Competition and the quality of standard form contracts: An empirical analysis of software license agreements. New York University working paper (2005)
Good, N., Grossklags, J., Mulligan, D., Konstan, J.: Noticing Notice: A large-scale experiment on the timing of software license agreements. In: CHI 2007. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 607–616 (2007)
Kucera, K., Plaisent, M., Bernard, P., Maguiraga, L.: An empirical investigation of the prevalence of spyware in internet shareware and freeware distributions. Journal of Enterprise Information Management 18(6), 697–708 (2005)
Schechter, R.E.: The Unfairness of Click-On Software Licenses. Wayne Law Review 46, 1735–1803 (2000)
Microsoft Corporation: Privacy Guidelines for Developing Software Products and Services (October 10, 2006)
Casamiquela, R.J.: Contractual Assent and Enforceability in Cyberspace. Berkeley Tech. L.J. 17, 475–495 (2002)
Lewandowski, L.J., Codding, R.S., Kleinmann, A.E., Tucker, K.L.: Assessment of Reading Rate in Postsecondary Students. Journal of Psychoeducational Assessment 21(2), 134–144 (2003)
Kincaid, J., Fishburn, R., Rogers Jr., R., Chissom, B.: Derivation of New Readability Formulas for Navy Enlisted Personnel. CNTECHTRA Research Branch Report , 8–75 (1975)
Flesch, R.: A new readability yardstick. Journal of Applied Psychology 32, 221–233 (1948)
Jensen, C., Potts, C.: Privacy policies as decision-making tools: An evaluation on online privacy notices. In: CHI 2004. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 471–478 (2004)
Breese, P., Burman, W.: Readability of Notice of Privacy Forms Used by Major Health Care Institutions. Journal of the American Medical Association 293, 1593–1594 (2005)
Hochhauser, M.: Lost in the Fine Print: Readability of Financial Privacy Notices (2001), http://www.privacyrights.org/ar/GLB-Reading.htm
Hochhauser, M.: Readability of HIPAA Privacy Notices (2003), http://benefitslink.com/articles/hipaareadability.pdf
Masson, M.E.J., Waldron, M.A.: Comprehension of legal contracts by non-experts: Effectiveness of plain language redrafting. Applied Cognitive Psychology 8, 67–85 (1994)
Acquisti, A., Grossklags, J.: Privacy and Rationality in Individual Decision Making. IEEE Security and Privacy 3(1), 26–33 (2005)
Vila, T., Greenstadt, R., Molnar, D.: Why We Can’t Be Bothered To Read Privacy Policies: Models of Privacy Economics as a Lemons Market. In: Camp, L.J., Lewis, S. (eds.) Economics of Information Security, pp. 143–153. Springer, Heidelberg (2004)
Hillman, R.A.: Online Boilerplate: Would Mandatory Website Disclosure of E-Standard Terms Backfire. Michigan Law Review 104, 837–856 (2006)
PC Pitstop: It pays to read EULAs (2007), http://www.pcpitstop.com/spycheck/eula.asp
Kreuter, M.W., Brennan, L.K., Scharff, D.P., Lukwago, S.N.: Do nutrition label readers eat healthier diets? Behavioral correlates of adults’ use of food labels. American Journal of Preventive Medicine 13(4), 277–283 (1997)
Hochhauser, M.: Compliance v Communication. Clarity: Journal of the International Movement to simplify legal language 50, 11–19 (2003)
Turow, J., Hoofnagle, C., Mulligan, D., Good, N., Grossklags, J.: Consumers & Privacy In the Coming Decade, Session on Communicating with Consumers in the Next Tech-ade - The Impact of Demographics and Shifting Consumer Attitudes. In: Public Hearings on Protecting Consumers in the Next Tech-ade, Federal Trade Commission, Washington D.C (November 6-8, 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Grossklags, J., Good, N. (2007). Empirical Studies on Software Notices to Inform Policy Makers and Usability Designers. In: Dietrich, S., Dhamija, R. (eds) Financial Cryptography and Data Security. FC 2007. Lecture Notes in Computer Science, vol 4886. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77366-5_31
Download citation
DOI: https://doi.org/10.1007/978-3-540-77366-5_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77365-8
Online ISBN: 978-3-540-77366-5
eBook Packages: Computer ScienceComputer Science (R0)