Terms of Service: What Did I Just Sign?

Somewhere along the line, corporations decided that they needed to tack licensing agreements (terms of service) onto just about every product produced. We’ve gotten to the point where we just ignore them and click “Agree” or rip off the little sticker that says something about “by removing this sticker you agree to…. ” blah, blah, blah. Too long; didn’t read (abbreviated “TL;DR”.) The lawyers who write these agreements know we don’t read them. You would not be blamed for believing that they intentionally make these agreements long and hard to read so that we don’t read them.

And yet, does it really matter? When was the last time you looked back and said to yourself “man, I wish I hadn’t clicked ‘Agree’…”. Probably never. That’s because in many cases you’re signing away something you’ll probably never notice: your right to privacy or your right to sue.

Informed Consent

The bottom line, though, is that in order to have a productive debate on these issues, we have to be informed consumers. For market forces to work, we have to be able to easily compare this product with that product, and that should include the legally binding agreements attached to these products and services. And on a deeper level, we also need to be informed citizens so that we can vote for representatives that promise to protect our rights.

To that end, let me introduce you to a cool new web site: ToS;DR (that’s short for “Terms of Service; Didn’t Read”). The site cuts through the lengthy, obfuscating language and summarizes the key elements of these Terms of Service and End User License Agreements. They even have a simple report card grading system to help you quickly assess a given service, though I would still read the individual ratings because each of us will care about different things. You can even help them to keep the ratings up to date.

A Cure for Your Apathy

If you still find yourself unconcerned, then I highly encourage each of you to watch the documentary called Terms and Conditions May Apply (which can be found on Netflix and Amazon Prime Video). You can find more privacy information and links on my Resources page.

Equifax Hack: Protecting Against Identity Theft

You’ve probably already heard about the massive data breach at Equifax, one of the three major US credit bureaus. The company says that up to 143 million people may be affected, which is almost half of the entire population of the United States. The stolen data may include names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In other words, just about everything you might need to commit identity theft. Equifax has a “potential impact” web site that will supposedly tell you if you were affected, but there have been mixed results in practice. If you were affected, it will send you to enroll in their TrustID credit monitoring service. And then tell you to come back in a few days to do it. They are frankly not handling this well, and the law suits are already coming.

Step One: Mitigating Identity Theft

So what should you do? I would go ahead and take the free monitoring service, when it becomes available. It can’t hurt (and shouldn’t prevent you from participating in a class action suit). But there are two other things you should consider strongly: either a credit freeze or a fraud alert.

A credit freeze will prevent any new requests for your credit history, which should stop anyone (including yourself) from getting a new credit card or opening a loan in your name. You will have to do this by contacting each of the three major bureaus (Equifax, Experian and TransUnion) and it will cost between $5-10 each. However, credit histories are used for many other purposes. So it might also interfere with applying for a new job, signing up for new service (e.g., phone, cable, utilities), or even the above-mentioned credit monitoring. You can always ‘thaw’ your credit and re-freeze it, but you will have to pay again.

The simpler option is a fraud alert, which is totally free but less effective. A fraud alert will simply require credit institutions to do a little more verification before allowing credit to be opened in your name. For example, they may call you if you have a phone number on file. Unlike the credit freeze, you only need to contact one of the three agencies and they are required to tell the other two. However, it only lasts for 90 days, though you can renew it as many times as you like. (If you can prove you have actually been a victim of identity theft, you can get a 7-year fraud alert.) I would do this immediately, and then after signing up for Equifax’s free monitoring service, you can consider implementing a full credit freeze.

Step Two: Basic Security Hygiene

Your next steps should be to beef up your general security – things you should already be doing, but things that become much more important in the wake of this horrific data breach.

  1. Use strong, unique passwords for your important accounts (financial, email and social media). Do not repeat passwords! To help with this, use a password manager like 1Password, LastPass, KeePass, etc.
  2. Set up and use two-factor authentication for these same accounts. This means you’ll have to enter a password and a one-time PIN code. (This is usually only for the first time you log in from an unknown location.) You can search for your service here and get quick links to help.
  3. Get your free annual credit reports from each credit bureau. I would recommend spreading them out – do one every four months, rotating through each of the three services. Set a repeating annual calendar reminder for each one, maybe Experian in January, Equifax in May and TransUnion in September.
  4. Keep a close eye on your credit card, bank and other financial statements for suspicious activity.

Stay tuned… I’m sure there will be more on this soon. My radio show and podcast will delve into this a bit further later this week.

UPDATE: This is another excellent article on credit freezes and fraud alerts.

UPDATE 2: Great article on the broader issues for democracy and privacy. The above is about you; this article is about everyone. The market is not able to fix these problems, it’s going to require legislation – and that means you need to be informed and lobby your  representatives.