Coming from a law background this makes me, and I imagine many lawyers, nervous. Terms of Service agreements may be wordy and hard to understand, but they're also substantive--everything in them has meaning. Good lawyers should craft them to be as concise (and readable to lay people) as humanely possible, and there's no reason to believe that the lawyers that draft ToS agreements, particularly for highly profitable businesses, have done anything but that.

Even if you have a normal ToS and then try to abbreviate it, you have a host of issues: which one would control? You could explicitly say, "the normal ToS controls in the case of a conflict between the ToS and an abbreviated version," but, if people, don't read the normal ToS because there is an abbreviated version, is it really conscionable to say that the normal ToS would control? If the abbreviated controls, there have to be many caveats: like "We own everything you upload... unless you didn't own it to begin with, in which case, we don't own it, and you guarantee to us that you have the right to use it, and you give us the right to use it," or "There are no warranties, except if this statement itself is unenforceable (which is true in some states), in which case we disclaim all warranties to the extent applicable by law, and in the event this is unconscionable or found unenforceable, the rest of this agreement is still enforceable" etc etc. Once you're in that land, you've obviously lost the point of abbreviating it.

To the layman, much legalese looks and sounds repetitious because it is hedged with caveats and guards. It's precision is part of what makes it opaque. And yet, if one deciphers several T&C documents one starts to see similarities in structure and form. On this site full of people who are extremely adept at taking complex linguistic constructs and treating them as building blocks for even more complex structures, the temptation to abstract entire paragraphs into symbolic references is strong. We want to be able to minimize the cognitive load and maximise our understanding of the agreements we are being offered.

There is no legal equivalent to widely used open source libraries where one can go to the parts bin and pull out the functionality one needs and only that functionality. And yet most of the law firms I've worked with do have boilerplate documents that fit their practice. It's a knotty problem; lawyers and programmers operate under different constraints, and things that are obvious to one may be complete mysteries to the other.

If we had a legislature that worked and understood the internet, this sort of thing is exactly what they would be tackling...

I couldn't agree more. Having worked at a large law firm, and with an offer to work for one in the near future, I am amazed at the amount of "cut and paste" resources these law firms have available at their disposal (including research, memoranda,briefs, etc.). It's unthinkable how much work is replicated from law firm to law firm, although I understand liability concerns and the way these law firms are constituted which make solving this problem (and lawyers likely see this as substantially less of a problem, given that they get paid to do this) very challenging. This plus the fact that most large law firms I am aware of are practically institutionally opposed to change (like implementing new technologies that might make the firm more efficient, or permitting the sort of ideas we're discussing here). Part of it is how lawyers are trained, part of it is how law firms operate, part of it is grounded in liability concerns... but, given how badly this recession has hurt the legal market, I am optimistic that we will see lawyers and law firms change for the better in the years to come--it's just going to take deep-seated institutional changes to get there.

Is having a summary on a ToS any different than the Creative Commons deed vs. legalese? (cf. the disclaimer on http://creativecommons.org/licenses/by/3.0/ ).

It looks like Creative Commons tries to protect themselves with their disclaimer, which says that their deed has no legal value. I suppose a summary which similarly had no legal value would at least inform users about what the company does (which would be good) but, in the case of a lawsuit, if someone misunderstood the summary (or whatever), they're out of luck. And, anyhow, lawyers are taught to be risk averse. The more they have to think about and worry about the legal complications of something, the more they don't want it to happen. So, for places like Google, or whoever, adding increased readability even in a comparable "deed" would probably come at the cost of their legal department being very upset: and you can bet the second they got sued and the issue of some conflict between the summary/deed and the actual ToS came up is the second they would take that summary down.

Great example of what I had in mind.

Is it conscionable to say that a ToS, which most people won't a) read and b) understand, even if they did read it, should be enforceable at all?

The power relationship between a corporation and a user is one of extreme imbalance - the corporation can set the terms, and usually modify them at will, and usually does so to the interest of it and its investors.

Lawyers, by and large, seem to labour under the delusion that if legal matters can be specified precisely enough, then they will compile into reality. This isn't the case, and we have now reached a situation where an individual is required to deal with more agreements than s/he could possibly fairly comprehend. Anything that serves to remedy this situation is fine by me.

Mozilla introduced "Privacy Icons" (https://wiki.mozilla.org/Privacy_Icons) a few months ago, which seems to have the same goals.

The main problem I see is that if these icons are just opt in, why would a company use them if it wasn't respecting a user's privacy? It would be similar to a website having a badge that proudly says "Invalid XHTML".

P3P (http://en.wikipedia.org/wiki/P3P) tries to address a similar problem but in a machine-readable way.

A few months ago, we put together http://www.privacyparrot.com which uses machine learning to try to classify what's in a privacy policy. (right now just trying to determine if a site sells your data or not). I am unfortunately confident that there isn't a viable business model in selling people online privacy for free services.

Sounds a bit like the android permissions model applied to the web. I wouldn't mind it, but I doubt many people would pay attention to these more than they would the permissions they ignore when they add apps to their phones, or when they add a new Facebook app.

At a risk at repeatedly beating the same dead horse: outside the US privacy valued highly as a civil right, and is heavily protected by law. The same countries also typically have strong consumer protection. Warning labels alone are meaningless there.

Inconvenient reality alert:

I can promise you that many companies in the wild actively violate their own TOS, knowingly or unknowingly. I can promise you that you will never find out about all of those cases, even after there's a data breach.

I really like this idea. I would add info about how long certain data is retained.

Update: olefoo pointed out in the Pinterest thread that this has been tried apparently. Updated post to reflect.

It's a great idea, but how is it a startup idea? Not every good project is necessarily a business.

Have you seen http://safeshepherd.com/ ?

It's a little ironic that this site loads six elements which could be used to track its users, as reported by Ghostery: Facebook Conenct, Google +1, Google Analytics, Mixpanel, New Relic and a Twitter button.

It incorrectly identified me twice, and apparently I'm subject to identity theft because one of the instances it found included "me" in the white pages.

I hope that readers or anyone wanting to pursue this idea disregard the last sentence, or at least the "confirmed site logo" bit. How on earth could these things be confirmed by a third party and what information would a "confirmed site" badget convey? Sounds even flimsier than the "secured by <random antivirus>" or "secure SSL guaranteed" nonsense.

Given the legal concerns and the skew that attempting profitability would have, I'd rather just see this adopted by projects voluntarily. But even then, if it becomes mainstream to expect a "privacy ticker", there's still nothing to keep companies from selectively disclosing or straight up lying.