Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
The click-wrap conundrum
Mark Rasch, 2005-10-24

Suppose you are setting up a website to deliver the latest software, product, or service. Before the site goes live, you go to your lawyer (of course you do, don't you?) who reviews your online privacy policy, your online security policy, and your policy regarding collecting information from or about children. Your lawyer reviews the site overall for anything that might be considered or interpreted a fraudulent or deceptive practice. Of course, if it were up to lawyers, the only content on the Internet would be in the form of disclaimers.

Comments Mode:
The click-wrap conundrum 2005-10-24
Todd Knarr (1 replies)
Re: The click-wrap conundrum 2005-10-24
Mark Rasch (1 replies)
wo points. First, contracts are rarely all or nothing as you describe. Companies routinely include severability clauses in contracts specifically to avoid the "enforceable or not as a single unit" situation. No company wants the entire contract voided because one sentence was found to be invalid. So it's not only reasonable but routine for contracts to be partially valid/enforceable if they're not fully enforceable/valid.

Many jurisdictions will NOT parse a contract. How could they know which portions the parties would have agreed to if other portions are deemed unenforceable? What if the court found that the amount of money I agreed to pay was not enforceable, but the delivery of the product was -- does this mean I get it for free? Most courts WILL NOT Novate a contract. Besides, how would you parse the spyware EULA? Which parts are enforceable?

Second, EULAs aren't conventional contracts. A standard contract involves a negotiation between the parties over the terms.

That is hardly true. In fact, MOST contracts are NOT negotiated. Your contract for carriage on an airplane, contract for care of your car by a valet, contract for use of a stadium, contract allowing you entrance into a theater, car rental agreement, ISP agreement, etc... none are negotiated. They are all contracts of adhesion. Same is true with all Terms of Service for use of websites, online privacy policies, etc. In fact, probably 90 percent of the contracts you are bound by you have no ability to negogitate. They are take it or leave it.

EULAs allow for no negotiation, the user has to take them as-is or leave them. They're what's called a contract of adhesion. The law applies different standards to a contract of adhesion to compensate for the fact that one party has no say over the terms. The FTC is merely arguing that certain terms of the EULA in question fall into the class of unreasonable and/or unconscionable terms that aren't valid in a contract of adhesion.

Are you suggesting that even if you placed clear and conspicious warnings about the nature of the software, you could NEVER agree to it? Or that (as the FTC actually argued) the warnings were not conspicious.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/365/32593#32593
Re: Re: The click-wrap conundrum 2005-10-25
Anonymous
Cigarettes 2005-10-24
Theuns
The click-wrap conundrum 2005-10-25
Anonymous
The click-wrap conundrum 2005-10-25
Dan S. (1 replies)
Re: The click-wrap conundrum 2005-11-04
Roger
Understanding 2005-11-01
Sean
The click-wrap conundrum and limitations 2005-11-02
Kevin Wall







 

Privacy Statement
Copyright 2009, SecurityFocus