Feeds

Closing spyware loopholes

Court decision against AOL sets limits

  • alert
  • submit to reddit

Build a business case: developing custom apps

I have this terrible recurring nightmare. One night, there is a knock on the door and Bill Gates and Steve Ballmer are there. When I ask why, they reply, "We are here for your kidney. Don't you remember the contract you clicked on when you downloaded the beta version of Internet Explorer? Don't you read those things?"

Fortunately, while "clickwrap" contracts are ubiquitous in the realm of e-commerce, a recent decision of a New York federal appeals court may limit how they are employed, even as it injects even more uncertainty into an already confused legal environment.

First, some contract law basics. A binding contract generally requires a bargain and a "meeting of the minds," which generally assumes some ability to know what you are agreeing to, and negotiate fairly. It does not require that the parties have equal bargaining power, and many (if not most) contracts that consumers end up entering into are of the "take it or leave it" variety -- buy the product and agree to the terms and conditions, or don't buy (and in some cases return) the product.

The problem for sellers of products online is, how do you get purchasers to agree to terms and conditions? The problem for purchasers of online products is, how do you negotiate? The answer to the first has traditionally been "clickwrap."

The lawsuit in New York involved the download, installation, and use of Netscape's Communicator. There were, at the time, two ways to get the browser. First you could download the browser directly from Netscape's website, and click through a contract that requires you to assent to the terms and conditions of the software license agreement, including a provision that required all disputes relating to the agreement to be subject to binding arbitration in Santa Clara County, California -- a bright, sunny part of the lower San Francisco Peninsula that's happens to be home to Netscape's offices.

The ability to control the manner and place of the litigation -- and indeed, whether you could even litigate issues arising out of the use of the Communicator software -- was of critical importance to Netscape, and to the plaintiffs who alleged that Netscape's installation of "spyware" violated their rights to privacy. The only way to reach that issue was to make it to court -- something Netscape hoped to avoid with its mandatory arbitration language.

Unfortunately for Netscape, they had provided a second way to download the product. Users could use the "SmartDownload" plug-in which did not require the user to "click-through" the agreement. There was simply a clickable warning noting:

The use of each Netscape software product is governed by a license agreement. You must read and agree to the license agreement terms BEFORE acquiring a product. Please click on the appropriate link below to review the current license agreement for the product of interest to you before acquisition. For products available for download, you must read and agree to the license agreement terms BEFORE you install the software. If you do not agree to the license terms, do not download, install or use the software.

So the question the 2nd Circuit Court of Appeals had to decide was this: was there any meaningful difference between a contract that is thrown up in front of a user's face before they can use a product, and one that's merely referenced in a clickthrough warning notice? The court held that there was -- in the former case, the parties would have been bound. But in the latter, no contract was formed. In other words, if you have the ability to read a contract, the terms of which indicate that by installing the software you agree to be bound by the terms, this is insufficient to form a binding agreement.

The court stated that a reasonable consumer would not know about the existence of the license terms, and that the warning was not "immediately visible" and did not require "unambiguous manifestation of assent" The court referenced by analogy California's consumer fraud statute, Cal. Bus. & Prof. Code Section 17538, which requires online consumer contract terms to be located either "[on] the first screen displayed when the vendor's electronic site is accessed, on the screen on which goods or services are first offered, on the screen on which a buyer may place the order for goods or services, on the screen on which the buyer may enter payment information, such as a credit card account number, or for nonbrowser-based technologies, in a manner that gives the user a reasonable opportunity to review that information."

The crux of the case then is that simply making contract terms (including warranties and other legal disclaimers) available to consumers is not likely to be sufficient to bind them. This rationale may end up applying to an employee's consent to be monitored by their employer. Merely stating that using a computer system grants such consent may no longer be sufficient.

In the long term, the rationale of requiring firm proof of a "meeting of the minds" could mean the full text of contracts will be popping up on our screen every time we every time we use an ATM, visit a Web portal, or log on at work. There is no good way to negotiate a fair contract in cyberspace. We are frequently bound by language we fail to read or comprehend, even when the text is easily available to us and not hidden. Although the Netscape language could have been placed in a more conspicuous manner, there was no evidence that it was hidden or buried. Therefore, it seems reasonable to place it on par with other contract language.

Sad to say, this may make it even less likely that people will read such contracts, as they become more ubiquitous and annoying. The clickwrap nightmare isn't over yet.

© 2002 SecurityFocus.com, all rights reserved.

Next gen security for virtualised datacentres

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?