@gvwilson @kataclyst Lots of banks use docusign. I’ve had to complain repeatedly about my ssn being sent to them without my consent and about the default “we’ll email this document full of highly sensitive data to you and us at the end, where it’s subject to more use by Google or Microsoft “

@gvwilson

I feel so vindicated in not pursuing getting DocuSign for the company I work for

@gvwilson Well now we know how confidential documents ended up in ChatGPT's training set.

edit: the support page claims that it's only used to train DocuSign's in house models, although your documents may or may not end up in Microsoft's hands anyway.

@gvwilson Can this shit get any more gross?

@gvwilson zero percent endorsing this practice. Highlighting this in case prevents other enterprise IT types from having the sheer “oh shit” moment I did.

This is for “CLM, CLM AI Extension, and eSignature (for select eSignature customers). It is also relevant for AI Labs services.”

Doesn’t make it better, and doesn’t do a thing to protect end users.

@gvwilson If you live in Europe immediately file a GDPR complaint

If you live in Switzerland file a FADP complaint

Canadians file a complaint with the federal privacy commissioner in regards to PIPEDA right here: https://www.priv.gc.ca/en/contact-the-opc/

@gvwilson oh so THIS one is especially fun, because a lot of official forms / contracts / NDAs / etc that I (and I'm sure MANY others) have signed in recent years were on DocuSign.
a) there was no other choice
b) I'm like 98.5% sure some of the stuff in there was confidential 🤣

@gvwilson wait what? Not good.

@gvwilson@mastodon.social Well fuck DocuSign then, going forward...

@gvwilson if it’s not stated in their T&Cs then I don’t see how that would be legal in any court.

@gvwilson ah. we have experience with this specific contractual provision from our privacy work.

the wording that does this is: "Without limitation of any term in the Terms, DocuSign may analyze Customer Data and Customer usage patterns using techniques such as machine learning in order to improve and develop DocuSign’s current and future products, services, methods, and processes. "

@gvwilson Yikes! Is there any alternative to them? There's no way to opt-out? Ick.

@gvwilson I view this as a good thing because they have to do something to improve that set of products. They’re commoditized and lagging at that.

@gvwilson we are FUKed as a society

@gvwilson
Can't wait to see the lawsuits in the US for this, probably one of the worst businesses to try to fuck around with what is reasonably expected in their small print (and if it's not even in there?? yeah, try explaining to the tech unsavvy judges why you're using contracts presented as confidential in an unauthorized way lol)

@gvwilson So the only really truly secure one way hash we have is *maybe* black holes. Physicists are still trying to sort that out. And just right before this, people figured out how to extract the images text processing neural networks were trained on. So this could be exciting.

@gvwilson docuseal is a good alternative

@gvwilson@mastodon.social FFS. If you're not, say, OpenAI, and you need a full-blown "AI FAQs" page, you should probably rethink a lot of things.

@gvwilson tanstaafl

@gvwilson what? What??? This is not informed consent!

@gvwilson oof. Couple of thoughts:

1 this seems likely to result in significant court activity from other large organisations who use them

2 is there a market for an end-to-end encrypted alternative?

@gvwilson oh my. I can just imagine the conversation with an uncomprehending potential employer or landlord of "I'm happy to sign, but not via this platform".

Probably as futile as my attempts to get various HR departments to stop requiring me to send all my passport info in email.