Mutually Assured Protection: Toward Development of Relational Internet Security Contracting Norms

Article Source: in Securing Privacy in the Internet Age, Anupam Chander, Lauren Gelman, Margaret Radin, eds., Stanford University Press, 2008, pp. 73-90
Publication Date:
Time to Read: 2 minute read
Written By:

Search for the full article on Bing



This chapter analyzes websites’ use of privacy policies and terms of use over time and how it relates to the user.


Policy Relevance:

The current system of websites presenting terms of use and privacy policies to individual users is inefficient and unworkable over time. Thus, a more flexible paradigm should be used going forward.


Key Takeaways:
  • Currently, two methods are used by websites to ensure legal security in dealings with their users: privacy policies and terms of use.
    • Privacy policies are published statements of some of the ways that the website gathers, uses, and disseminates data gathered about the website users.
    • Terms of use are rules that a user must agree to before they use a webpage and often limit the rights that the user has if a problem arises.
  • In order to test how the use of these legal security issues has changed over time two hypotheses were made.
    • That both terms of use and privacy policies have shifted more risk and liability onto users over time.
    • That many of the included terms and conditions are unenforceable under current law.
  • Privacy policies and terms of use were tested at two different time points in order to see how they had changed over time. First in 1999 to establish how websites had initially dealt with these issues and then in 2004 to see how the system had matured.
  • The results clearly showed that there was a dramatic increase in the number of websites that had some form of terms of use and/or privacy policy in the 2004 group. Moreover, both of the postulated hypotheses proved true.
  • These results indicate that trust is not being facilitated between websites and their users online. This is the natural result of the terms of use and privacy policy system and a new system needs to be introduced in order to remedy the problem.
  • Three factors should be considered in creating a new internet security landscape:
    • Tension between content entrepreneurship and consumer protection.
    • Tension between legal content customization and legal standardization.
    • Tension in simultaneously aiding development of both content providers and users.



Andrea Matwyshyn

About Andrea Matwyshyn

Andrea Matwyshyn is Professor of Law and Engineering Policy with Penn State Law and the College of Engineering and Associate Dean for Innovation and Technology with Penn State Law. She is the founding director of the Penn State PILOT Lab (Policy Innovation Lab of Tomorrow), an interdisciplinary technology policy lab. Professor Matwyshyn is also a faculty affiliate of the Center for Internet and Society at Stanford Law School and a Senior Fellow of the Cyber Statecraft Initiative at the Atlantic Council's Brent Scowcroft Center on International Security.