The click-wrap conundrum, 2005-10-24
Story continued from Page 1
“
"The real problem here is that it is possible to demonstrate assent to the terms of a EULA, but not true consent. And this problem exists for all people who want to contract online."
”
The FTC's enforcement action alleges that the company failed to adequately disclose the fact that downloading the program would also install other programs, that it could not be uninstalled, and that it frankly didn't actually work as an anonymizer at all. For their efforts, I applaud them. I personally hate spyware, and currently have three different anti-spyware programs running on my home PC (please don't challenge their effectiveness - I have enough problems.) But the FTC's enforcement actions do raise the question of what every company can - and can not - put into the terms of an End User License Agreement, and whether users who agree to terms and conditions can escape their provisions just by asserting that they didn't read them, or that they are unfair.
Some observations about EULAs
First, nobody put a gun to the downloader's head and forced them to download the executable. In fact, based on the advertised purpose of the program, those who did think it actually worked likely wanted the software so they could illegally get copyrighted digital content (such as music, movies, and so on) without fear of the RIAA and MPAA. It's like buying one of those "brand new" Rolex watches out of the back of a truck for $20, and then complaining that it isn't genuine.
Second, and as a general matter, either the terms of a EULA are enforceable or they are not. In other words, either there was a contract or there wasn't. Look, if I want to install software that goobers up my machine, shouldn't I be allowed to do so? People "give away" personal information all the time, both with and without consent. If I want to install software that acts as a key logger and downloads all sorts of other programs, plus is impossible to remove and doesn't really do what is advertised, why can't I do that? If I wanted to sell such a program (or give it away) how would I notify customers?
Let's face it. People don't read EULAs. Lawyers don't read EULAs. EULAs are next to impossible to read. Yet they set out all the terms and conditions for the use of the software, and have generally been found to be enforceable, unless the terms of the agreement are "unconscionable" or void against public policy. There is nothing here to suggest that the voluntary download of a program which does exactly what the EULA says it will do is against public policy. Indeed, the Odysseus EULA is more explicit about what the program does than is most commercial software EULAs. There is nothing in, for example, the Microsoft Windows XP Home EULA that gives me any idea what the software does, or how to remove its components.
The FTC's apparent insistence that the terms of the clickwrap agreement not be enforced can effectively eviscerate the ability of companies to contract online. For example, America Online just announced a change in its privacy policy allowing it to capture all the places the user goes online and what the user does as a means of providing "enhanced service" to the customer. Would such a policy be deceptive or unfair? Isn't my recourse to simply find another ISP? If the Terms and Conditions are unfairly hidden, difficult to find, or impossible to understand (aren't they all? After all, they are written by lawyers) then they may be unenforceable. Unfortunately, this is not what the courts have been saying.
The fact that you didn't understand what you were doing by downloading and installing the software doesn't mean you weren't bound. After all, how many consumers understand the difference between mandatory arbitration and mediation, or choice of law and choice of venue?
The crunchy frog analogy
In an old Monty Python sketch, two constables complain to the manufacturer of the Whizzo Quality Chocolate Assortment about the unfair sale of such confections as "spring surprise," which causes springs to shoot out of the consumer's cheeks, and "crunchy frog" made from "the finest baby frogs," as well as the ram's bladder cup, made with "lark's vomit." The chief Inspector notes that despite the fact that "lark's vomit" appears on the list of ingredients on the bottom of the box (right next to MSG), he says, "I think it would be more appropriate if the box bore a large red label -- WARNING LARK'S VOMIT."
What the FTC is really saying in these spyware prosecutions is that there are some things software does that is so dangerous and malicious that mere notice or ability to be aware of the fact that it does these things is not enough. Essentially, there should be a large red label stating "WARNING - SPYWARE. THIS WILL DESTROY YOUR COMPUTER AND POSSIBLY YOUR LIFE" which should appear before you download, and then again before you install the software and ask you five times in 12 different languages, "Do you agree?" and "Are you sure?" Even then, you know that people will still download and install the stuff. The real problem here is that it is possible to demonstrate assent to the terms of a EULA, but not true consent. And this problem exists for all people who want to contract online.
Finally, there was one dead giveaway to anyone who downloaded software from Odysseus Marketing, Inc., by considering the origin of the company name itself. As any follower of Homer can tell you, Odysseus (Ulysses) was the guy who came up with the idea of a particularly nasty contraption called the Trojan horse.
