Yesterday, I was supposed to make a payment. So I went to the website of a bank whose online services I have preferred, and was surprised by a new requirement. After authenticating, I had to explicitly accept their so-called "privacy policy". No service without accepting it.

Nothing so unusual about that, you might think. Well, I think there were several unusual facts. First, the policy had been last changed since September last year. Why require explicit acceptance now?

I set out to read it before clicking through. There was the second surprise. The actual privacy policy was quite reasonable. The problem was the, erhm, tortoises. I explain: "jabuti", Portuguese for (land) tortoise, is used in congress to refer to provisions that are written into an unrelated bill to get them approved without much attention, while the spotlights are on the official purpose of the bill. One may then read the bill, or act, and wonder how those unrelated terms got there. Well, the conclusion is that someone put them there, with a purpose. Which brings us to origin of the term: tortoises don't climb trees, so if you find a tortoise on a tree, something quite unusual and unexpected, that means someone must have put it there, presumably with a purpose.

Anyway, back to the tortoises in the privacy policy. It stated it became part of service contract, that you accepted that the bank could change it at any time as it wished and for any reason, and that the service could be discontinued or changed whenever the bank liked. See?, that has nothing to do with privacy policies. It's tortoise on top of tortoise!

Now, here's a thing: they stop providing the service, unless you agree they can stop providing the service whenever they like. Could they actually stop it to begin with, and make the current service hostage to force you to agree to giving them the lion's share? (Are lions and tortoises friends?) If they could already do that, why do they bother "forcing" people to give their explicit consent?

This sounds awfully illegal to me. If they are in a contract to offer a service, they can't make the service a hostage to force you to sign another contract, let alone one that lets them rewrite the contract to their will! More so under a document that a lot of people won't even read, and would reasonably expect it to state commitments and obligations the provider undertakes regarding the way it deals with data you provide it with. Not tortoises.

At least in Brazil, if you offer a service to the public and enter a service conract with customers, you can't just decide you don't wish to offer that service any more, and impose a different service on your customers. You have to convince your existing customers to switch to a different contract, or get them to terminate the contracts, before you can stop providing the service. It looks like they're trying to render another bit of consumer protection law inoperative.

Update: the next day, when I tried to connnect again, I was not locked out any more.


Now, that got me thinking, if we don't manage to stop this sort of abusive practice, where will that lead? Vendors of computers already think of themselves as permanent owners of computers they sell, entitled to control what gets done with those computers they pretended to sell.

I recall some home automation systems, whose vendor was bought by Google, got turned into paper weights when Google powered off the server they depended on. I recall music and games ceased to be playable because their license servers were permanently turned off. I recall when a SIP phone adaptor I thought I owned stopped working, and after some investigation, I found out that every time it powered up, it downloaded its software from a certain URL, and some day the vendor decided to discontinue the service. These cases were abusive, they were morally wrong and bad for customers, but AFAIK they got away with them, despite all the inconvenience they've caused.

What kind of trouble are we waiting for before ruling out such consumer-hostile behaviors? A death because a car or a digital lock made its operation hostage of a new leonine contract during a medical emergency? An implanted insuline pump that stops working because you haven't accepted the new privacy policy governing the controlling app? A train collision because the railroad switch controlling app became unavailable because new terms of service were rolled out and had to be explicitly accepted? A nuclear power plant meltdown because the cooling system got removely deactivated over a contract dispute? A nuclear strike because a dead man switch became inacessible when a hosting provider required explicit acceptance of their new contract?

I don't like where this is going. The providers may be just thinking of maximizing their profits, but the consequences to people can be quite fatal. I think it would be wise to put an end to such practices before it gets too late.

So blong,