Closing spyware loopholes

Court decision against AOL sets limits

I have this terrible recurring nightmare. One night, there is a knock on the door and Bill Gates and Steve Ballmer are there. When I ask why, they reply, "We are here for your kidney. Don't you remember the contract you clicked on when you downloaded the beta version of Internet Explorer? Don't you read those things?"

Fortunately, while "clickwrap" contracts are ubiquitous in the realm of e-commerce, a recent decision of a New York federal appeals court may limit how they are employed, even as it injects even more uncertainty into an already confused legal environment.

First, some contract law basics. A binding contract generally requires a bargain and a "meeting of the minds," which generally assumes some ability to know what you are agreeing to, and negotiate fairly. It does not require that the parties have equal bargaining power, and many (if not most) contracts that consumers end up entering into are of the "take it or leave it" variety -- buy the product and agree to the terms and conditions, or don't buy (and in some cases return) the product.

The problem for sellers of products online is, how do you get purchasers to agree to terms and conditions? The problem for purchasers of online products is, how do you negotiate? The answer to the first has traditionally been "clickwrap."

The lawsuit in New York involved the download, installation, and use of Netscape's Communicator. There were, at the time, two ways to get the browser. First you could download the browser directly from Netscape's website, and click through a contract that requires you to assent to the terms and conditions of the software license agreement, including a provision that required all disputes relating to the agreement to be subject to binding arbitration in Santa Clara County, California -- a bright, sunny part of the lower San Francisco Peninsula that's happens to be home to Netscape's offices.

The ability to control the manner and place of the litigation -- and indeed, whether you could even litigate issues arising out of the use of the Communicator software -- was of critical importance to Netscape, and to the plaintiffs who alleged that Netscape's installation of "spyware" violated their rights to privacy. The only way to reach that issue was to make it to court -- something Netscape hoped to avoid with its mandatory arbitration language.

Unfortunately for Netscape, they had provided a second way to download the product. Users could use the "SmartDownload" plug-in which did not require the user to "click-through" the agreement. There was simply a clickable warning noting:

The use of each Netscape software product is governed by a license agreement. You must read and agree to the license agreement terms BEFORE acquiring a product. Please click on the appropriate link below to review the current license agreement for the product of interest to you before acquisition. For products available for download, you must read and agree to the license agreement terms BEFORE you install the software. If you do not agree to the license terms, do not download, install or use the software.

So the question the 2nd Circuit Court of Appeals had to decide was this: was there any meaningful difference between a contract that is thrown up in front of a user's face before they can use a product, and one that's merely referenced in a clickthrough warning notice? The court held that there was -- in the former case, the parties would have been bound. But in the latter, no contract was formed. In other words, if you have the ability to read a contract, the terms of which indicate that by installing the software you agree to be bound by the terms, this is insufficient to form a binding agreement.

The court stated that a reasonable consumer would not know about the existence of the license terms, and that the warning was not "immediately visible" and did not require "unambiguous manifestation of assent" The court referenced by analogy California's consumer fraud statute, Cal. Bus. & Prof. Code Section 17538, which requires online consumer contract terms to be located either "[on] the first screen displayed when the vendor's electronic site is accessed, on the screen on which goods or services are first offered, on the screen on which a buyer may place the order for goods or services, on the screen on which the buyer may enter payment information, such as a credit card account number, or for nonbrowser-based technologies, in a manner that gives the user a reasonable opportunity to review that information."

The crux of the case then is that simply making contract terms (including warranties and other legal disclaimers) available to consumers is not likely to be sufficient to bind them. This rationale may end up applying to an employee's consent to be monitored by their employer. Merely stating that using a computer system grants such consent may no longer be sufficient.

In the long term, the rationale of requiring firm proof of a "meeting of the minds" could mean the full text of contracts will be popping up on our screen every time we every time we use an ATM, visit a Web portal, or log on at work. There is no good way to negotiate a fair contract in cyberspace. We are frequently bound by language we fail to read or comprehend, even when the text is easily available to us and not hidden. Although the Netscape language could have been placed in a more conspicuous manner, there was no evidence that it was hidden or buried. Therefore, it seems reasonable to place it on par with other contract language.

Sad to say, this may make it even less likely that people will read such contracts, as they become more ubiquitous and annoying. The clickwrap nightmare isn't over yet.

© 2002 SecurityFocus.com, all rights reserved.

Sponsored: Network DDoS protection