Simson Garfinkel compares the current situation with spyware and adware with the problems of patent medicines before the United States' Pure Food and Drug Act of 1906 was passed [Garfinkel, 2004a]. With the introduction of the Pure Food and Drug Act, ``... with the knowledge of what they were to ingest, consumers were able to identify and avoid (if they wished) consuming potions that were `habit forming' ''. Garfinkel claims that this could be a useful way to approach the problems of ``overly-broad and turgid click-through license agreements'' [Garfinkel, 2004a]. Garfinkel specifically suggests using icons on a label at the top of license agreements, and in other visible places, such as on install screens and in the Windows ``Add or Remove Programs'' area of the operating system user interface. Software that displays such icons is not necessarily engaging in user-hostile practices, but the aim is to make it easy for consumers to easily identify which software displays which behaviour.
The icons he suggests are as shown in Figure 4.1. They cover a few possible issues that users encounter in software, and which could be considered violations of normative expectations.
One of these issues is software that modifies the operating system, usually to access pieces of hardware by installing drivers, or to access some of the lower-level functions of the operating system, such as manipulating the system memory used by other applications. Another is the issue of monitoring, such as in the example of keystroke logging, where a piece of software keeps a record of every keystroke made on the keyboard (this is often used by malicious software aiming to access usernames and passwords to Websites and other services and information contained in private files), or software that tracks what Websites the user visits from their Web browser. Pop-up windows are also addressed, as is software that downloads updates for itself ``that could change its behaviour''. Although diallers are a little old-fashioned now, since many internet connections are no longer directly through a phone line, they used to be a major issue, because the software would hijack the phone line and make expensive phone calls (often overseas!) without the knowledge of the user. Another issue Garfinkel recommends for highlighting is the problem of software running at start-up. Software that loads its core functionality when the computer starts up appears to load faster when the application icon is later clicked by the user, but ultimately makes the computer run slower, even when the application is not being used. When many applications use this functionality, the slowdown becomes quite noticeable, especially when the computer starts up. Also, software that allows others to control the computer remotely (I believe the intention of the author is to call that label ``Remote'' rather than ``Remove''), such as with the popular software program called VNC, often used in company technical support situations, and software that does not allow itself to be easily uninstalled (as was addressed earlier in Chapter 2) would get their own label under Garfinkel's scheme.
One requirement of Garfinkel's idea is that the labelling be mandatory; legislated by government. In this he appeals to the Pure Food and Drug Act of 1906's success in allowing people the power to know what is in a food product in order to effect changes in peoples' decisions. It seems to me that it would also cause changes in the sorts of things that companies would actually include in their products. Products with an ingredient that turns out to cause hyperactivity, for example, would likely lose sales because of the sudden public knowledge of the problematic ingredients in the product. At any rate, Garfinkel's idea is worth considering, given not only the success of the Pure Food and Drug Act, but the appealing nature of labelling things simply.
The benefits of this sort of system would be that it would be immediately obvious what norms would potentially be violated, should the user install the software. A standard set of icons for the label would be available for software manufacturers to describe the activities of their software, and an external group would have jurisdiction over the use (and misuse) of the labels. It would have the potential, if fully enacted as Garfinkel would like, to change the behaviour of software manufacturers, much in the same way I argue that food manufacturers changed their behaviour, i.e., some mechanisms would no longer be used because they would be considered detrimental if obviously part of the software (such as pop-up advertising or hijacking the telephone line). Overall, users would have much more control over their software through market force in this way, and would appreciate the easy way to determine what sorts of behaviour software exhibits.
Of course, there are (somewhat unfortunately) immediately obvious problems with this approach. For one, unlike the importation and buying and selling of food and drugs, software is not physically restricted within a particular jurisdiction. The availability of software on the Internet makes it difficult to require mandatory labelling of software, since software companies could easily set up elsewhere, somewhere that doesn't require this standard, especially companies that essentially rely on particularly egregious expectation violations to make money, such as advertising software companies. The market forces at work here mean that there is a lot of momentum required to change procedures, since markets only improve products under competitive conditions. However, this doesn't make the idea unviable, because ideally the companies that work out of that jurisdiction would be able to establish using the labelling system as having advertising merit as well as inherent moral worth. This sort of marketing strategy could improve both the company brand and the view of the licensing scheme, with a labelling culture eventually seen as a competitive status symbol.
Garfinkel points out another issue, in that it would be difficult to decide what sorts of potential expectation violations should be labelled.
``The more information required on the label, the more expensive it will be to produce, and the less likely that consumers would be to actually pay attention to the information. Any regulatory body implementing this policy will need to avoid icon creep - having 23 different icons on each piece of software won't serve the needs of consumers, it will just cause confusion.'' [Garfinkel, 2004b]
This is a very important point, and one that would have to be dealt with particularly comprehensively, since it is obvious that there would not only be potential creep but also the requirement to deal with old and outdated labels as well (such as the dialler discussed above). However, this could be overcome by developing icons well enough so that they can encapsulate at least the essence of the issue within the drawing, allowing people to acquire a reasonable idea and then check back against a list. This would still be preferable to the computer user having to wade through five thousand words of legalese as is the current expectation.
Overall this is an interesting approach to solving the problem of difficult-to-read license agreements. Unfortunately it is unlikely to work in its current incarnation, since there is little momentum behind it (little active advocacy or any real attempt to institutionalise it) and it requires government legislation to be fully effective, which requires lobbying and probable industry backing, or other critical mass elements. It also ideally requires global acceptance and institution in order to become the dominant culture in the internet-enabled market. This problem, as well as some of the other limitations discussed above shows that although this idea does not fully solve the informed consent problem, it certainly is a step in the right direction.