Packaging EULA's

[Jukka K. Korpela]

Right, so in the analogous web-based situation, someone running a web
site ought not to have the initial burden of proving that the user
read the EULA.

Don't be ridiculous. If I put a note (in fine print, for example) on my
page, saying that by reading my page you commit to giving me everything you
own, that would constitute a contract between us, if your approach were
correct. The same would apply if my page contained, before a link, a note
saying that by following the link you commit to giving me everything you
own. According to your approach, we could discard even the fact that there
might be (well, there _would_ be, thanks to search engines) _other_ links to
the linked page, with no such note before the link.

Followups trimmed to alt.html. This was never really an HTML question.

 

[Harlan Messinger]

Don't be ridiculous. If I put a note (in fine print, for example) on my
page, saying that by reading my page you commit to giving me everything
you own, that would constitute a contract between us, if your approach
were correct.

If I asked someone for the time of day, and he handed me a printed form
reading "In return for the time of day from X I agree to pay him one
million dollars", my response would be not to sign it. If I read
something like that on a web page with a link, my response would be not
to click it. You still aren't giving any indication why the web-based
interaction ought not to be binding (or not binding--even with written
contracts, there are bars to validity such as unconscionability or
illegality of the terms) to the same extent that the hard-copy
equivalent is.

The same would apply if my page contained, before a link,
a note saying that by following the link you commit to giving me
everything you own. According to your approach, we could discard even
the fact that there might be (well, there _would_ be, thanks to search
engines) _other_ links to the linked page, with no such note before the
link.

Oh, of *course* the burden is on the person presenting the EULA to
assure that it isn't readily circumvented by the unknowing. But as I
said in my previous message, that's easily done. Again, the existence of
invalid contracts doesn't make all contracts invalid, and likewise for
any particular *form* of contract, such as an on-line EULA. If a EULA is
too vague, or doesn't sufficiently demonstrate a meeting of the minds,
or contains mistakes of fact, etc., etc., etc., it may not be. But that
doesn't mean that no EULA is.

 

[Andy Mabbett]

If you know what constitutes a contract in the first place, yes, it is
obvious,

I know what constitutes a contract and no, it is not obvious (that all
the elements are possessed by a click-though EULA).

 

[Jukka K. Korpela]

If I asked someone for the time of day, and he handed me a printed
form reading "In return for the time of day from X I agree to pay him
one million dollars", my response would be not to sign it. If I read
something like that on a web page with a link, my response would be
not to click it.

I didn't write anything about links in the part quoted above.

By reading this message, you commit yourself to giving me everything you
own.

Now, will you follow your own logic and send me your money, please?

 

[Harlan Messinger]

I didn't write anything about links in the part quoted above.

By reading this message, you commit yourself to giving me everything you
own.

Now, will you follow your own logic and send me your money, please?

Your simulation here isn't binding for reasons that have nothing to do
with it being on-line. It isn't binding because it isn't even a
contract, and it isn't a contract because it's missing at least one of
the essential ingredients of a contract: an agreement to do something,
or not do something, in exchange for the consideration of everything I
own. Everything on Usenet is publicly viewable by everybody, so
permission to view your words on Usenet is not yours to give or withhold.

I assumed when you made your pronouncement about agreement dialogs
having no legal meaning that you would have some background knowledge
about what determines whether agreements to or don't carry legal weight,
or else you wouldn't make such a flat assertion.

Since it doesn't have the form of a contract, your illustration gives no
insight into the binding nature of agreements, on-line or on paper or
oral, that do possess the essential elements of a contract.

 

[Jukka K. Korpela]

Your simulation here isn't binding - -

I guess that's a "No" answer in pseudo-legalese. Too bad, I would have had
some use for some extra money, but I wasn't really holding my breath.

 

[TC]

Jukka K. Korpela wrote:

By reading this message, you commit yourself to giving me everything you own.

That example lacks a key component of a contract, namely, the free
choice to accept or reject it. The reader has read and understood those
words, before he can possibly know that they purport to form a
contract. This removes the legal requirement that each party can review
& consider the contract before they accept or reject it.

TC (MVP MSAccess)
http://tc2.atspace.com

 

[Harlan Messinger]

I guess that's a "No" answer in pseudo-legalese. Too bad, I would have
had some use for some extra money, but I wasn't really holding my breath.

Now that you've established that something that isn't a legal contract
isn't a legal contract, shall we go on to establish that a document in
which I bequeath only things that belong to other people isn't a legal
will? Or some other tautology? Either way, you still haven't explained
why EULAs have no legal meaning, which is what I originally asked you
about. What was the purpose of this digression?

 

[Harlan Messinger]

I know what constitutes a contract and no, it is not obvious (that all
the elements are possessed by a click-though EULA).

Two parties, agreement, free will, consideration, etc., etc., all are
perfectly capable of existing in a EULA. What element do you think is
inherently absent from a EULA?

 

[Andy Mabbett]

Two parties, agreement, free will, consideration, etc., etc., all are
perfectly capable of existing in a EULA.

Sure, they are all /capable/ of existing. Now explain how you think you
can determine, for any given case, that they /do/ exist.

 

[Eric B. Bednarz]

Jukka K. Korpela wrote:

And the company's web logs will show the the EULA was never requested
by the user.

Oh. How?

(It seems to me a hack is easily prevented, by inserting
a random string into a hidden INPUT tag [ObHTML] and expecting to
receive that same string from the same IP

If the form is available with different protocols, I would settle for
one particular.

to which it was sent and/or
from within the same user session.)

ISPs can assign a different address to every request of one particular
user. Or the other way round. But I agree that this sort of prevention
is easy to implement, just like identifying the browser with the
user-agent field.

 

[Andy Mabbett]

With a contract printed on paper, you also can't prove that the person
who signs it has read it, even if his signature is under a printed
statement reading, "I affirm that I have read this contract." So? The
contract is still binding.

NO, but you can prove that he's the one who signed it.

You do that with an EULA, how, exactly?

 

[Harlan Messinger]

NO, but you can prove that he's the one who signed it.

You do that with an EULA, how, exactly?

If the EULA accompanies a purchase made with a credit card, then the
evidence of the person's identity is as strong as it ever is in an
on-line credit card purchase. If the user is required to respond to an
e-mail or to return to the website to enter a code that was provided via
e-mail, then ownership of the e-mail address that the user supplied for
this purpose would, I would think, suffice as prima facie (though
rebuttable) evidence of his identity. If either of the previous
conditions held in a previous visit to the site, at the time the user
created a site membership with a user name and password, and the user
has now logged in with that user name and password, that could again be
construed as prima facie evidence of his identity.

If the EULA mechanism is not structured in such a way as to provide
sufficient assurance of the user's identity, then naturally the user
could challenge any later claim that he'd accepted it (assuming, of
course, that he hadn't).

Identities can be stolen, of course, but if that fact were sufficient to
make all on-line EULAs inherently nonbinding outright, wouldn't the same
hold for all other on-line transactions? And then you could make the
same case for any non-in-person transaction where the person agreeing to
terms doesn't provide proof of identity.

 

[Harlan Messinger]

Oh. How?

How do you tell from a web log whether a request for a particular page
by a particular person at a particular time did or not occur? By looking
at it, no?

(It seems to me a hack is easily prevented, by inserting
a random string into a hidden INPUT tag [ObHTML] and expecting to
receive that same string from the same IP

If the form is available with different protocols, I would settle for
one particular.

to which it was sent and/or
from within the same user session.)

ISPs can assign a different address to every request of one particular
user.

Theoretically, but they don't, do they? Even if it happens every so
often, how does that affect the usual case where the IP *hasn't* changed
from one request to the next?

I don't think a judge is going attribute much likelihood to a scenario
where the DNS operator at an ISP is eavesdropping on users' sessions and
swapping IPs when they reach EULA pages and agreeing to the EULAs in
their stead so that they can later get in trouble for using software
without a license. Courts don't ordinarily base their rulings on the
remotest of possibilities.

 

[Harlan Messinger]

Sure, they are all /capable/ of existing. Now explain how you think you
can determine, for any given case, that they /do/ exist.

It isn't *less* possible to establish their existence than in the case
of an oral contract, since electronic and possibly paper records are
kept. Since oral contracts can be found to be binding, it follows that
it's possible to provide sufficient evidence of the existence of the
basic elements of a contract in an oral agreement. Since it's even more
possible to do so with an on-line EULA, there's no less reason why an
on-line EULA could be established to be a contract and found to be binding.

 

[Shawn K. Quinn]

begin quotation
from Jukka K. Korpela <[email protected]>

Well, I do have an ObHTML here:

Given any normal www form or link that is claimed to constitute a
contract when clicked on, based on stuff on the page where it resides,
one can construct a link that leads to the same page and does not
involve any kind of reference to any commitment or contract. (If the
form uses POST method, you need either a little bit of JavaScript or a
simple server-side piece of software.) So how could you prove that the
user who enters the page has actually even seen your "click-through
agreement"? Right, you don't.

There is a way, and I think a lot of sites do this: Make the contract
part of the form when submitted (using e.g. <textarea>), compare it
to the contract as it was sent out, and save all the logs. There still
may well be some hole in this I have not thought of, however.

 

[Jukka K. Korpela]

There is a way, and I think a lot of sites do this: Make the contract
part of the form when submitted (using e.g. <textarea>), compare it
to the contract as it was sent out, and save all the logs.

So what would that prove? The form handler would get the same data if person
A creates a form, with the text of contract in a hidden field, and other
data as in the original form but with no reference to any contract being
made. If person B clicks on a submit button on A's page like that, would
that constitute a contract between B and some C?

 

[Adam Smith]

Well, that's one approach I had in mind, I do have a java script that
prevents submission without acknowledgment of Agreement. Reading or not
reading the script is up to the acknowledging party, same as signing a
legal document without reading it. It's still legally binding in courts
and electronic documents are w/ EDI's in many industrialized countries,
w/ others following suite.
The logistical problem here is that the log of the form goes into the
Database and storage of n redundant copies of an 8 page legaleese doc
can make for a bloated DB rather quickly. Using an external link,
although providing some relief, raises the question of the authenticity
of the link at any given instance in time (was it changed etc.).

Probably may have to include ADOBE Acrobat digitally signed documents as
well