

Sony to ban gamers from PSN unless they waive right sue over security breaches. - sambeau
http://www.bbc.co.uk/news/technology-14948701

======
ansy
These are my comments from an earlier thread on this story:

IANAL, but arbitration clauses are standard in contracts[1] at least in the
United States. Arbitration is generally seen as preferred because suing people
in court is actually very expensive for the plaintiff, the defendant, and the
court system.

In Sony's favor, Sony excluded small claims. So for pretty much everyone this
arbitration clause is meaningless. The limit for small claims is in the
thousands of dollars depending on state [2]. The circumstances where Sony
would be liable for more than a few thousand to a single consumer would have
to be pretty extraordinary. And yes, this includes losses due to identity
theft. Although the expenses due to fraud can be high, the out of pocket
damages to the individual are generally very low. As of 2006 the average out
of pocket expenses were about $422 and on a downward trend [3]. Keep in mind
that the federal government limits liability for credit card fraud to only $50
in the United States [4]. And most credit card companies actually limit the
liability to $0. The actual costs of fraud end up getting absorbed by
businesses as the financial institutions try to unwind the transactions as
best it can.

Also in Sony's favor, Sony did not choose to use the arbitration clause to set
an onerous jurisdiction. Sony could have said all arbitration needed to take
place in a specific city in the middle of nowhere. Sony didn't even pick the
location of its headquarters; you can pick any jurisdiction. Most arbitration
clauses I've seen set a jurisdiction that favors the contract writer, so I'd
say this puts Sony in a decent light for not doing the same.

Likewise, Sony does not cap damages awarded through arbitration. It could have
easily set the maximum damages to some amount that would make arbitration a
non-starter compared to small claims.

If you really wanted to find fault with Sony's particular arbitration clause,
it would be that neither side can appeal the decision of the arbitration panel
to a higher court. But keep in mind this cuts both ways, and it really isn't
unusual. It is even endorsed in the United States.

I should also note that arbitration clauses can be voided if the panel can be
proven to be biased. So this isn't necessarily a license for Sony to
circumvent the law, at least against a well funded opponent. And anyone with
the balls to sue Sony for any serious amount of money would be a well funded
opponent.

NB. I understand arbitration clauses such as this may not be legal in some
countries such as Germany. Whether that is good or bad I can't say. I'm sure
the Germans thought it was good, though.

[1] <http://en.wikipedia.org/wiki/Arbitration_clause>

[2] [http://www.nolo.com/legal-encyclopedia/small-claims-suits-
ho...](http://www.nolo.com/legal-encyclopedia/small-claims-suits-how-
much-30031.html)

[3] <http://www.bbbonline.org/idtheft/safetyquiz.asp>

[4] <http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre04.shtm>

~~~
sudoman
Ok, but Sony is still trying to block class action lawsuits. There are now
millions of PSN users who are signing away their right to participate in and
benefit from such an action if Sony is abusive or careless again.

~~~
billswift
That is a good thing. Judging from past results, rather than anti-business
rhetoric, the only people who usually benefit from class action suits are
lawyers. Many plaintiffs in class action suits end up with a few dollars or
even just coupons while the lawyers get rich.

ADDED: Responding to a comment I read further down the stack; as for
"punishing the company", in reality you are only "punishing" those who buy
from them since they will just increase the price to cover the expected cost
of dealing with suits.

If a suit wasn't expected, so they hadn't built it into the price, or other
companies were keeping their prices low enough that they couldn't raise their
prices, it might actually hit their stock price or dividends. Since, from
comments from many PlayStation owners suggest neither is the case, my point
that class action suits will just benefit lawyers and raise prices for PS
users stands.

~~~
danssig
Hilarious that you talk about "anti-business" rhetoric and then respond with
gems like:

>as for "punishing the company", in reality you are only "punishing" those who
buy from them since they will just increase the price to cover the expected
cost of dealing with suits.

Well, I guess there's nothing we can ever do to a company then! Wouldn't want
them to raise prices.

------
falcolas
You can opt out of the arbitration clause by sending a snail-mail notification
of your choice to Sony.

From the associated Ars Technica article[1]:

IF YOU DO NOT WISH TO BE BOUND BY THE BINDING ARBITRATION AND CLASS ACTION
WAIVER IN THIS SECTION 15, YOU MUST NOTIFY SNEI IN WRITING WITHIN 30 DAYS OF
THE DATE THAT YOU ACCEPT THIS AGREEMENT. YOUR WRITTEN NOTIFICATION MUST BE
MAILED TO 6080 CENTER DRIVE, 10TH FLOOR, LOS ANGELES, CA 90045, ATTN: LEGAL
DEPARTMENT/ARBITRATION AND MUST INCLUDE: (1) YOUR NAME, (2) YOUR ADDRESS, (3)
YOUR PSN ACCOUNT NUMBER, IF YOU HAVE ONE, AND (4) A CLEAR STATEMENT THAT YOU
DO NOT WISH TO RESOLVE DISPUTES WITH ANY SONY ENTITY THROUGH ARBITRATION.

[1] [http://arstechnica.com/gaming/news/2011/09/mandatory-
ps3-upd...](http://arstechnica.com/gaming/news/2011/09/mandatory-ps3-update-
removes-right-to-join-in-a-class-action-lawsuit.ars)

~~~
johngalt
If you do not wish to have a brick thrown through your window, your written
notification must be mailed to...

<http://bash.org/?577451>

~~~
mindstab
wow that quote has been around forever and still proving itself to be relevant
:/

------
cryptoz
The solution to this is simple and has been clear for years: stop doing
business with Sony.

~~~
ggchappell
It amazes me how little this seems to be grasped. Or even if people don't want
to cut off Sony entirely, they could still think, "Ah, this is from Sony.
That's a black mark. Do the positives really outweigh this negative?" But
apparently few people do think this way.

Therefore, to those who wonder why Sony doesn't quit all this nonsense with
rootkits and DRM and privacy violations, etc., etc., the answer is, because it
doesn't hurt them. People still do business with them anyway.

(Kinda makes you wonder about all the "you must treat your customers well"
articles you see on here.)

~~~
throwaway32
The gaming industry and the politics that surround it are some of the most
toxic relationships I've ever seen. I dont think its a stretch to draw
comparison between the relationship between and addict and a dealer.

------
danssig
This shouldn't even be legal.

Since it probably is; I think these days most people are probably buying a PS3
for PSN so if users can no longer access it they should bring the device back
and demand their money bag. If Sony gets away with this expect more companies
to follow suit.

~~~
roc
The SCOTUS recently affirmed that not only are such clauses legal, but that
individual States cannot pass laws to forbid them.

[http://www.scotusblog.com/case-files/cases/att-mobility-v-
co...](http://www.scotusblog.com/case-files/cases/att-mobility-v-concepcion/)

~~~
dgallagher
If I read that correctly (not a lawyer), SCOTUS ruled that an agreement
prohibiting class-action lawsuits is legal if both parties agreed to use
individual-arbitration instead. So you can still sue them individually in
court, or go through the arbitration process, to grieve a claim against them.

My question is, how do you know the end-user agreed to that? You have no
signature, video, or audio proof. PSN accounts generally remain logged-in, and
it's possible someone other than you agreed to the EULA and upgraded your
PS3's firmware, like a guest or roommate, without your knowledge or
permission.

~~~
roc
The problem with arbitration is legal resource mismatch and sealed results.
Each complainant would have to find, pay for and manage any suit or
negotiation (bringing the likelihood of complaints escalating beyond the
initial offer to near-zero). And even if a John Doe and his cousin-lawyer
managed to dig up a smoking gun, no-one else would know about it. So each
individual would go through the process ignorant of other results, while the
Corporation builds experience and additional strategic advantage dealing with
the situation over and over again.

If you approach class-action lawsuits from the standpoint of "what good comes
of it for the individual" there's not a big change and I've heard that we
could expect more people (who put up with the process) would be more likely to
get some award and that such an award is likely to be higher than what they'd
get from a class-action suit. [1]

But if you approach class-action lawsuits from the standpoint of "what
punishment does the misbehaving corporation suffer", mandatory individual
arbitration is a tragedy. [2] It's implausible for the legal investigation
into the corporation to approach the same level and implausible for the net
penalty to even remotely approach that of a class action suit. The corporation
is already heavily favored in any legal battle and individual arbitration
simply compounds that advantage. And PR damage done from having said bad
behavior exposed to the market at large is no longer a concern. In short: the
penalty for misbehavior is massively reduced.

As to "how do you know the end-user agreed to that": click-through EULAs have
also been upheld by US courts for some time. Though I don't believe the SCOTUS
has addressed them directly just yet.

[1] I've read that multiple studies have found arbitration as having a higher
and more frequent payout rate for complainants than class action lawsuits. I
won't vouch for that position, but I don't take issue with it, as those
results are largely irrelevant from my viewpoint.

[2] Yes, there is a ton of progress that could be made on the question of how
that penalty gets distributed. But I believe it's far more important to
address that issue on its own than to effectively _end_ class-action suits.

~~~
dgallagher
Thanks for sharing that roc. :)

------
onosendai
They're essentially confirming that their systems continue to be insecure and
guaranteeing that your personal information will be leaked to third parties
again in the future.

Thanks for the clarification Sony.

~~~
alexandros
Would you guarantee that any system you build/manage will be safe?

~~~
scarmig
The point isn't that it's impossible to happen.

The point is that Sony is disclaiming responsibility for anything it does
wrong.

It's like saying, "Well, I'll work as an engineer for you, but I refuse to be
held responsible if the bridge collapses." Even the nuttiest libertarian could
find reasons to pass laws forbidding that kind of contract. And even if it's
legal, I wouldn't drive on that bridge. (Or would I? If everyone does it and
it looks safe enough...)

This is even worse when I think about it. It's more like buying a plane
ticket, being in the airport, and suddenly the pilot goes "I am not legally
liable if I crash the plane while I'm drinking on the flight."

~~~
elliottcarlson
Though a better analogy is that it's like buying your ticket, passing
security, being boarded and right as you are about to enter the plane - the
stewardess tells you you have to sign this agreement that the airline is not
liable. You have the option of not agreeing to those terms - but then you will
have to turn around and find another flight on another airline with no
recourse for a refund on your ticket.

~~~
evilduck
Or in the case of current PS3 owners, being presented that agrrement after
take-off.

~~~
dasil003
...with a parachute just in case you want to get off right there.

------
gentle
I'm sure this makes perfect sense to their legal department, but it's yet
another reason why I'll never buy another Sony product.

~~~
marshray
I actually feel a little bit bad for the Japanese on this point. One can
imagine them wanting to expand out of designing and manufacturing great value
televisions and hi-fi components, coming to America to see how to do business
here, and falling in with a pack of LA entertainment industry lawyers who
steer them down the path to moral ruin.

I'm sure it didn't actually happen that way, but it's funny how it fits the
observed behavior if you look at it a certain way. It's not like people would
be any happier with them if they'd kept exactly the same set of business
practices as goes on in Japan.

------
mathgladiator
This is so bullshit!

Basically, leaves non-security-aware people out in the cold. Instead of trying
to champion good security practices and locking down their shit, they are
saying "this is a glory hole, buyer beware" in a document that no one reads.

Sigh

~~~
brador
Why use a Ps3 when Xbox has the same titles and a serious security team?

~~~
elliottcarlson
Some people prefer the PS3 - I do. No fanboyism etc, I just have been a loyal
Playstation user since the start and have every one of the consoles - and
there are major issues I have with the Xbox line - but those are my personal
opinions. It sucks that Sony has been mismanaging all of this and definitely
took shortcuts in inappropriate places - and instead of improving on those
issues they are just making things worth with bad PR. I hope they can change
that in the future, as I would still be purchasing a PS4 when that became
available - unless they really don't get a clue and make things even worse.

~~~
brador
"loyal playstation user". Why? I mean, I hear this all the time with banks.
Customers come in expecting an amazing mortgage rate with their shitty credit
scores because they've always been a "loyal customer". We have to try to
explain that loyalty has little value to the bank, other than lifetime value,
which is already factored into the pricing.

For the playstation/xbox, go where the fun is. Don't support a company out of
misplaced "loyalty" because in the end, it just slows free market progression.

~~~
elliottcarlson
I have fun on the PS3 - and while there are some serious issue in how things
are working behind the scenes, to me that's where the fun is. I like the
Playstation line, and I like the exclusive games they have, but as I said it's
all about opinion and if others prefer the Xbox line, then that's where they
go for their games - and that's fine with me.

~~~
burgerbrain
You should realize that fanboyism doesn't have to imply an irrational dislike
of competing brands (which thankfully you seem to lack). It need only imply an
irrational affinity for a brand. Why would you "like the Playstation line" for
any reason _other_ than "the exclusive games they have"?

~~~
elliottcarlson
It might seem like an irrational affinity for a brand - but besides the
exclusive titles, I actually enjoy the interface, the controller feels more
natural to me than that of the leading competing systems, I like having a
built in blue-ray player, and above all I like that I have been able to run
custom code on each of my Playstation consoles. Things like backwards
compatibility were huge for me as well (which is why I have the original 60gb
PS3 with PS2 compatibility). There are various reasons that I have stuck with
this line - and as far I'm concerned they are valid reasons because they are
my opinion of the system and the line. I own a Wii, and I had an Xbox - bottom
line is they are not my preferred systems.

------
psychopaf
Sony took this from the Guide "How to write abusive and unfair contracts".
Seriously, it will be interesting to see how the class action lawyers will
deal with this: I'm not sure the judge will like that kind of shadow
manoeuvering, where the consumers see nothing coming.

------
zalthor
Wow. So let me get this straight. I can start a service, that people pay money
to use. I also tell them that their credit card / personal information may not
be secure and if they want to use the service that they already paid for, they
have to accept that I am not liable for its security and if (when) this
information does get stolen, I can give them a coupon and get way with it?
Please tell me I'm wrong. This can't be legal.

------
jonnathanson
Yet another instance of the triumph of short-term CYAism over long-term
customer strategy.

------
artursapek
This is the first news I've read of Sony reacting in any way to those hacks.
Great press for them.

Hopefully they're not storing these waivers in plaintext.

------
Pynkrabbit
The work around to this would be to not put any valuable Personally
Identifiable Information on Sony's network. You can use a proxy credit card
number. Set up an email address that is not connected to any of your other
accounts and use a unique password. That way if your data gets compromised you
wont really lose anything...

But basically they are saying that they are not willing to put their
reputation and money behind their own business which makes you wonder....

------
tekacs
Temporary solution: don't buy anything (i.e. give them credit card details) or
store anything important (i.e. re-use a password) on PSN...

Yes, I know, we all miss DLC...

~~~
wanorris
There are always gift cards if you want DLC.

And really, if you use anonymous gift cards (or no payment information), you
have the option to not even give them your real _personal_ information, never
mind your financial information.

That way there's literally nothing to steal other than the account itself.

------
hammock
Devil's advocate here. Given that one (among others) of the motivations to
hack Sony is to harm them in the press and financially, is it possible that
forbidding gamers from class-action suing - and therefore eliminating the
possibility Sony would be fucked over by a large settlement - could REDUCE the
incentive for hackers to break Sony?

~~~
danssig
Why would this reduce anything? If anything I would expect this sort of
customer bullying to get them targeted even more. After all, if customers have
their credit card info stolen, get robbed and then can't even sue Sony for
incompetence then that should make them less likely to spend money with Sony,
no?

------
Yhippa
The average customer will subconsciously weigh the cost of enjoyment from
using the PSN against the opportunity cost of a security breach to them. After
making that calculation most will choose to waive their rights.

------
francescolaffi
ansy comment here <http://news.ycombinator.com/item?id=3000383> is clearer
then both articles in my opinion.

------
ltamake
Wait, can't a EULA be invalidated if it's deemed too extraneous? I remember
something about that happening in a Microsoft case...

------
robert_nsu
I'm not an expert in these matters, but I am interested to see how this will
be interpreted under Louisiana's redhibition laws.

------
tlrobinson
I hope there's some way PS3 owners can sue Sony for forcing them to waive
their right to sue them.

------
daimyoyo
Thank you, Sony for yet again reminding me why I refuse to spend any money on
your products.

------
username3
That means we can sue over prior security breaches?

~~~
burgerbrain
You can sue your neighbors nonexistent cat for assassinating Elvis.

------
voidnothings
They don't give a damn.

------
wavephorm
I thought this was always the case, basically everywhere. This is what EULA's
are for.

------
funkah
Since the start, the only piece of info I've had in there is a mailinator
address and a password I don't use anywhere else. They can get breached all
day for all I care.

------
Gring
As an answer, Sony headquarters should be enclosed in a huge airtight balloon
and only let breathing air in if they agree to stop fucking people.

~~~
john-n
Useful contribution to the discussion.

