On avoiding anxiety-inducing words in online terms of service

2507666021_6ba47b7d74_z

Are “worldwide” “perpetual” rights really necessary?

Designer/developer Robert Nealan wrote a post questioning whether self-hosted blogging is dead. The piece is interesting as a commentary on the current state of blogging in general — a state that has changed a lot in the past decade or more, primarily due to the influences of outside social platforms, namely, Twitter, and more recently, as Robert notes and critiques, Medium.

The piece is a refreshing singing of praise for self-hosted blogs (like the one you’re reading). But another, no less important element of the post is an undercurrent shaped by a not-unjustified freak out of sorts over what third party platforms’ online terms of service say about their claim of rights in the users’ intellectual property. When we look to the terms of service for some of these platforms (and even more so if we actually think about what those terms say), we recognize that platforms quite often over-aggressively grab onto rights to do things with the content the user posts. So much depends on how these terms of service are written.

Lawyers can learn a lot from the commentary like that Robert Nealan has posted. As an object lesson and example, he takes issue with Svbtle’s terms, particularly the following:

Marketing. As a paid customer, you give Svbtle a perpetual world-wide license to use your company’s assets and logos, unless Svbtle agrees in writing otherwise. These assets and logos will be used purely for marketing and sales efforts, such as being displayed on the home page.

Good practice here would might consider adopting the ethos of certain “by design” concepts we see in the privacy and data security world. Think of “privacy by design” or “security by design” — the idea that a technology developer (e.g., someone building an app) should build the system in a way that it does not keep data around for longer than what is needed, and certainly for no longer than what the developer promises its users it will.

The same could be applied here — and it seems even simpler — for platforms to adopt principles establishing they will only exercise rights in relation to users’ intellectual property for only as long as they meaningfully need to do so. Let’s call it “Appropriate Rights by Design“. Words like “perpetual” and “world-wide” can be frightening. A platform hosting users’ content probably doesn’t need such extensive rights. If that’s the case, then the platform shouldn’t grab those rights. Those terms can be a red-herring. Robert Nealan took comfort in his piece in Medium’s terms which say that users of Medium “own the rights to the content [they] post on Medium,” and that Medium “[doesn’t claim ownership over any of it.” Funny thing is, a platform that grabs a world-wide, perpetual license could truthfully say the very same thing. So by not grabbing more rights than necessary, i.e., applying principles of Appropriate Rights by Design,  platforms will avoid having users latch on to scary words unnecessarily. For as long as this happens, it’s likely users will continue to have anxiety about moving to a third-party hosted platform, and in the same way, keep a light shining on what’s good about self-hosted blogs and other platforms.

Evan Brown is a Chicago attorney advising enterprises on important aspects of technology law, including software development, technology and content licensing, and general privacy issues.

Photo courtesy Flickr user fady habib under this Creative Commons license.

Want your online agreements to be enforceable? Keep good transaction data.

Chicago internet attorney Evan Brown

A recent court decision underscores the importance of building online e-commerce platforms with the ability to reliably gather information about transactions. The case also says some troubling things about open source.

Plaintiff loaned money in exchange for the borrower assigning its accounts receivable to plaintiff. As part of plaintiff’s services, it provided a platform for its borrower to generate and send invoices to the borrower’s customers. The borrower began generating fake invoices, and one of its customers — the defendant in this case — refused to pay. There was a dispute over whether defendant had accepted or rejected the invoices using plaintiff’s invoice platform.

After a trial, the judge ruled in favor of defendant. The court found that the digital data showing whether defendant had accepted or rejected the invoices was unreliable. The court found credible the testimony of one of defendant’s employees that he never clicked “I agree” on the fraudulent invoices. And there was no good database evidence that he had.

Plaintiff sought review with the Court of Appeal of California. On appeal, the court affirmed, agreeing that the data was unreliable, and further commenting on the problematic use of open source software in plaintiff’s online invoice platform.

The court of appeal found that substantial evidence supported the lower court’s findings. Specifically, it agreed with the lower court’s findings that the defendant’s employee never clicked on the “I agree” button to accept the fraudulent invoices. The court also credited the lower court’s finding that the data was unreliable in part because plaintiff’s website was developed from open source code, and that the developer made untested changes to the software on a weekly basis.

The treatment of the open source aspect is perhaps unfortunate. One unfamiliar with open source would read the court’s opinion as an indictment against open source software’s fundamental reliability:

Open source code is problematic because anonymous people on the internet design it, and “holes” are not fixed by vendor updates. Notifications that there are issues with the code may not go out.

The lack of reliability of the data in this case was not due to the fundamental nature of open source. (We know that open source software, e.g., Linux, powers essential core features of the modern internet.) So it is unfortunate that future litigants may look to this case to argue against vendors who use open source solutions. Fortunately, the case is not citable as precendent (many California Court of Appeal cases are not citable). But the court’s negative treatment of the nature of open source is a troubling example of how a judge may be swayed by a technological red herring.

21st Capital Corp. v. Onodi Tooling & Engineering Co., 2015 WL 5943097 (Not officially published, California Court of Appeal, October 13, 2015)

Evan Brown is a Chicago attorney advising enterprises on important aspects of technology law, including software development, technology and content licensing, and general privacy issues.

Photo by Flickr user bookfinch under this Creative Commons license.

Forum selection clause in browsewrap agreement did not bind parties in bitcoin fraud case

We all know that clickwrap agreements are preferable to browsewrap agreements, assuming, of course, the objective is to establish binding contracts between participants in online transactions. Nonetheless, some online platforms still (try to) rely on browsewrap agreements to establish terms of service. That avoidance of best practices gives us situations like the recent case of Hussein v. Coinabul, LLC, in which a federal court in Illinois refused to enforce a forum selection clause in a “bitcoin to gold marketplace” browsewrap agreement.

Plaintiff alleged that he sent about $175,000 worth of bitcoins to defendants in June 2013, expecting to get gold in return. (Plaintiff alleges he transferred 1,644.54 BTC. The average exchange value in June 2013 was $107.82/BTC. You can get historical bitcoin price data here: http://www.coindesk.com/price) When the gold never arrived, plaintiff sued for fraud.

Defendants moved to dismiss, citing a forum selection clause contained in a browsewrap agreement found on its website. That purported agreement required all disputes to be heard in the state courts of Wyoming, and for Wyoming law to apply. The court denied the motion to dismiss, finding that the browsewrap agreement afforded plaintiff neither actual nor constructive knowledge of its terms and conditions.

The court observed that the hyperlink that directed users to defendants’ Terms of Service was listed among ten other hyperlinks at the bottom of each page. (See this Wayback Machine capture of the website from June 2013).

As for lack of actual knowledge, the court credited plaintiff’s allegations that he did not review or even know of defendants’ Terms of Service when he entered the bitcoin transaction. And there was no evidence to the contrary in the record.

And as for lack of constructive knowledge, the court found that the hyperlink, “buried at the bottom of the webpage – [was] without some additional act of notification, insufficient for the purpose of providing reasonable notice.”

Hussein v. Coinabul, LLC, No. 14-5735, 2014 WL 7261240 (N.D. Ill. December 19, 2014)

Megaupload takedown reminds us why website terms and conditions can be important

Kashmir Hill pointed out that at least one erstwhile file sharing service has changed its business model in response to the federal government’s action against Megaupload. She observes that:

FileSonic users can’t be too happy to have one of the main features of the site taken away. But the company must be less worried about its breach of contract with existing users than it is about the possibility of getting the Megaupload treatment, i.e., arrest, seizure of its property, and a criminal indictment.

This raises an important point. Any kind of online service that pushes the legal envelope may want to build in some mechanisms to pull back with impunity if it gets freaked out or loses its envelope-pushing courage. Said another way, that service should not make promises to its users that it cannot keep in the event the service wants to change what it is doing.

Some well known user generated content sites do this pretty well already in their terms of service. For example:

  • Dropbox: “We reserve the right to suspend or end the Services at any time, with or without cause, and with or without notice.”
  • YouTube reserves the right to discontinue any aspect of the Service at any time.”
  • Reddit: “We also reserve the right to discontinue the Program, or change the content or formatting of the Program, at any time without notice to you, and to require the immediate cessation of any specific use of the Program.”
  • Facebook (being kind of vague): “If you . . . create risk or possible legal exposure for us, we can stop providing all or part of Facebook to you.”

All good examples of foresight in drafting website terms and conditions that help innovative sites with damage control.

1 2 3