`Informed consent' is a term usually associated with contractual settings, such as allowing a surgeon to operate or signing a bank loan form. It is not surprising, then, that in areas where other contracts are entered into, such as when installing software with End User License Agreements, there would be some sort of informed consent process to make sure that the computer user is giving a proper informed decision when consenting to the terms of the contract. It is unfortunate that what passes for consent in computing is substandard at best, appropriating theory and practice from the legal and medical fields without taking into account the specific and different contexts for informed consent in information technology.
In looking at informed consent and how it is used in information technology, direct references to informed consent practice in the medical and legal fields are extremely common, which is why I have chosen to specifically compare the use of informed consent in medical and legal settings with that of information technology. The literature within information technology on informed consent is surprisingly sparse, reflecting these direct references back to the medical and legal fields, but my purpose in this thesis is mainly to present a description of the consent used in information technology, and take a prescriptive look at improving the informed consent processes, particularly for the computer user.
The problems of informed consent in information technology are particularly obvious in the presentation and usage of End User License Agreements. These agreements are used to gain consent from computer users to clauses allowing the software and developer access to personal information, or modify the operation of the computer, for example, before the user installs the software on their computers. They are frequently presented as large amounts of legal text in a small box with an easy mechanism to move to the next step of the install (see Figures 2.1 and 2.2 for examples). The agreement text, in its complexity and length, often masks undesirable activity on the behalf of the software or developer, and the nature of the consent given by the user to allow this activity is questionable at best. It is often not due to any malicious intent on the part of the developer or vendor to make their agreements unreadable or hide information, but developers and vendors do not typically try very hard to make the information needed by users to make an informed decision accessible. Some companies, however, have used these very issues to exploit their users, leading to uncertainty and apprehension by users toward the agreements. These problems stem from inherent issues with the theory of informed consent used by software developers and vendors to frame their informed consent agreements. These problems, and the particular problems associated with End User License Agreements, are expanded on throughout this thesis, but particularly in chapters 2 and 3.
It is the recognition of the differences between information technology and the traditional settings for informed consent that forms the motivation for this thesis, in which I argue that the current methods and practices for obtaining consent in information technology are inadequate and inappropriate. I also present feasible alternatives to the current methods which can be practically implemented and which provide for a much easier, and in particular, a more informed consent decision process for the computer user with only minor changes for consent-requesters.