
How Zappos' User Agreement Failed In Court and Left Zappos Legally Naked - dctoedt
http://blog.ericgoldman.org/archives/2012/10/how_zappos_user.htm
======
jonknee
This reminds me of some PadMapper discussions on HN where people noted that
scraping Craigslist for public data (addresses) was "against their TOS" so of
course it's wrong. Well guess what, Craigslist's TOS is a browsewrap and
completely unenforceable.

<http://www.craigslist.org/about/terms.of.use>

They even have the "we can change this at any time" part that is especially
pathetic:

> CL may post changes to the TOU at any time, and any such changes will be
> applicable to all subsequent access to or use of craigslist.

~~~
tedunangst
I wonder what your thoughts are on the GPL. Browsewrap? Check. This or any
later version? Check.

~~~
anonymouz
The GPL is a completely different beast. First of all it does not govern the
usage of software, but its distribution. It does not matter that you don't
have to click through it when downloading GPL'd software, because it's only
important when you want to distribute software. And in that case the default
under copyright law would be "you don't have any right to distribute". The GPL
grants you the right to distribute the software under specific conditions. So
when making GPL software available for others you can either agree to the GPL
or you are simply in violation of copyright.

Secondly, the "this or any later version" is again quite different. It allows
you to distribute the given software under the current or any later version of
the licence, but since you have the choice of which version to use, a new
version cannot retroactively restrict your rights (e.g. if GPLv4 doesn't allow
you something that GPLv3 does, you can simply keep distributing under GPLv3 if
the original software said "GPLv3 or later"). As long as you comply with the
version that _you_ choose when distributing, you're fine. I don't think any
court would find a problem with that, as you can't be surprised by someone
else retroactively reducing your rights.

------
dalke
I find the phrase "legally naked" to be suspect. The point is that terms of
use statement on a website does not constitute a contract because there is no
meeting of the minds and no assent from both sides. Moreover, judges don't
accept a unilateral statement that that terms can change at any time. Hence,
Zappos' TOS was found to not be a legal contract.

The linked-to article says "Zappos governed by the default legal rules, which
aren't nearly as favorable to it. Losing its contract provisions meant Zappos
is legally naked."

Naked means unprotected, correct? But the default legal rules include
protection, yes? So naked here can only be a euphemism, rather like in the
first warm days of spring where I go outside without a coat and feel 'naked'
because I'm missing clothing that I expected. Zappos has protections, just not
the protection that it wants. This isn't "naked."

Yet I get the feeling that the author believes that the management provisions
that Zappos had in its TOS ("its disclaimer of warranties, its waiver of
consequential damages, its reduced statute of limitations, its clause
restricting class actions in arbitration") are almost morally necessary. These
of course are provisions that so-called "bricks and mortar" stores doesn't
have.

~~~
dctoedt
> _But the default legal rules include protection, yes?_

1\. Without a contractual disclaimer of 'consequential' damages [1], Zappos
could find itself forced to defend against exorbitant claims for such damages
--- and disputes about the underlying facts will usually mean that such claims
would have to be resolved via an expensive and uncertain jury trial, as
opposed to being disposed of on summary judgment [2] by the trial judge.

2\. Different states have different degrees of legal protection for
businesses. A brick-and-mortar store generally will be sued only in the
jurisdiction where the store in question is located (or a chain might be sued
at the location of its headquarters or other, limited venues) [3]. On the
other hand, Zappos could be vulnerable to being sued just about anywhere a
customer places an order --- the rules about 'personal jurisdiction' are a
little fuzzy when it comes to Web sites [4].

So by not having contractual protections, Zappos arguably is exposing itself
to the vagueries of whatever the default legal rules happen to be, in whatever
state an unhappy consumer happens to live in.

3\. The actual business risk to Zappos might not be terrifying here, because
the potential harm to consumers from buying an ill-fitting pair of shoes seems
manageable (although Zappos does carry more than just shoes). It might be a
different story for other e-commerce Web sites. So the object lesson of the
Zappos case is worth heeding.

[1] <http://en.wikipedia.org/wiki/Consequential_damages>

[2] <http://en.wikipedia.org/wiki/Summary_judgment>

[3] <http://en.wikipedia.org/wiki/Personal_jurisdiction>

[4]
[http://en.wikipedia.org/wiki/Personal_jurisdiction_in_Intern...](http://en.wikipedia.org/wiki/Personal_jurisdiction_in_Internet_cases_in_the_United_States)

~~~
dalke
I made a mistake in referring to a bricks-and-morter store. I should have
asked how mail-order catalog companies survived and thrived for decades under
the same laws that Zappos and seemingly also you find sufficiently worrisome
as to require a special contract in order to avoid.

I recognize the legal principles which you listed, but is it realistic for
this case? That is, of the over 100 years of mail-order catalogs in the US,
how many such "expensive and uncertain" trials have occurred, how many were
won or lost by the company, and what was the overall business cost?

I say this because I believe that the laws are already, and in general, in
favor of the company over the consumer.

Let's take this specific lawsuit as the most relevant case. It wasn't, as you
wrote, a case of ill-fitting shoes. It was a data security breech where
personal information from some 24 million Zappos customers was copied. A
customer claims that Zappos did not follow "federal consumer credit laws by
failing to protect her personal information." If that was the case, should
that customer not have the right to sue?

Note that as this is a federal law, it does not fall under your #2 point, that
"Different states have different degrees of legal protection for businesses."

Should it be so easy for a company and customer to enter into a contract via a
TOS which waives those federal protections? If so, should we extend that
flexibility to other companies? I think the answers are "no" and "no."

This issue deals with risk management, I know. There are other solutions to
risk management. For example, data breeches are a known risk, and can be
planned for by designing the system to reduce the impact of the risk, by
setting aside funds in order to handle litigation which might arise, and by
purchasing insurance coverage should those funds prove insufficient. These
make operations more expensive for the company, certainly, while a TOS which
waives federal data protections is cheap. There should be no way that
exorbitant claims - if unfounded! - based on data security issues should have
a severe impact on Zappos.

I'm certain that some restaurants would like customers to waive food
protection laws in the interests of cheaper food. Is that acceptable via a
TOS-like contract agreement between the restaurant owner and the customer? Why
should it be common for an online company, like Zappos, to have a TOS which
waives certain customer rights?

~~~
dctoedt
'dalke ---

1\. At least on first reading, I don't disagree with anything in your analysis
responding to my own; in particular, your mail-order catalog analogy seems
quite apt.

2\. You're correct that the risk-management precautions to which you refer
have costs associated with them. Within limits worked out over decades in
legislatures and courts, the law allows companies to use contracts to reduce
such costs by shifting the associated risks to others.

When a company has sufficient bargaining power, its management typically
attempts to do just that: Use standard-form contracts to shift risks to
others, and thus reduce the company's costs.

(I spend some of my time helping to negotiate such contracts. As you might
imagine, the standard-form contract of a powerful customer will usually be
very different from that of a supplier.)

At the risk of belaboring the obvious, this is the same principle that's
behind self-service gasoline pumps and self-service checkout lines in grocery
stores: The more of a company's costs that the company can get its customers
(or its suppliers) to take on, the higher the company's margins will be for
the same amount of revenue. Not least, companies' managements are motivated to
do this because eventually a company's aggregate costs will necessarily be
reflected in the price, and thus the competitiveness, of the company's
products and services.

(The costs of a company whose stock is publicly traded will also be reflected
eventually in the price of the company's stock. That's generally high on the
list of management concerns as well.)

3\. The question you seem to pose is whether we should simply forbid
contracting parties from contractually shifting risk as described in #2.
Various state- and federal laws already do that to a certain extent; see, for
example, consumer-protection laws, as well as article 2 of the Uniform
Commercial Code (which in most states governs the sale of goods), not to
mention employee-protection laws.

Whether a given jurisdiction should attempt go even further in that direction
is a question that comes up every so often. One example is the recent
controversy over the U.S. Supreme Court's 5-4 decision that companies can
legally include mandatory arbitration provisions in their consumer contracts,
thereby largely eliminating the possibility of class-action lawsuits and thus
considerably reducing consumers' leverage [1].

Whenever the issue does come up, representatives of various affected interests
converge from all directions --- including but not limited to so-called
consumer lawyers eager to gain, or preserve, sources of contingent fees and/or
statutory attorneys' fees awards.

Ultimately the issue boils down to a political question: What should or should
not the law be? As with so many such questions these days, the deep
ideological divisions among the American people often result in no change to
the status quo.

[1] <http://en.wikipedia.org/wiki/AT%26T_Mobility_v._Concepcion>

------
hopeless
I think this is really interesting and important.

We (web developers, entrepreneurs) can't expect to just slap a "Terms of
Service" link in tiny grey font at the bottom of every page and expect that to
be legally binding. We can't expect agreement without asking for it. It's
especially problematic for sites which don't require registration (and I'd
like to see those ToS disappear). One site I saw today had a ToS link but no
about page. Which is really more important?

~~~
tptacek
Well. You can't use a browse-wrap contract to enforce a binding arbitration
clause to strip your customers of the right to avail themselves of civil
courts. That doesn't mean every other term of a browse-wrap TOS would
necessarily fail in court. It is particularly difficult to compel arbitration
in consumer relationships; its doable, but clauses that seek to compel
arbitrary have to meet a higher standard than some other contract terms do.

~~~
larrys
"That doesn't mean every other term of a browse-wrap TOS would necessarily
fail in court."

Not to mention the fact that what happened in this court on this issue would
not necessarily happen in every court viewing the same facts. Or whether in
some cases a company makes a conscious decision to do what they know _might_
fail in order not to add friction to the process. Clean up the mess
afterwords, get the extra business now. "Polute the river and if we get get
caught and fined, pay the fine!"

Separately, what I would like that I haven't seen in this thread are some
thoughts on how a company like Zappos could have made this type of a mistake
if it is so obvious.

------
DanBC
Frustrating that "click wrap" is seen as acceptable. Some of them are very
many screens in tiny font on a small screen. I don't know how many people
actually read those at the time they accept them, but I suspect the number is
very low.

It'd be great if there was a standard, simple, AUP / TOS. Perhaps even a TOS-
Builder app - you select what your users will be doing and it interactively
creates a TOS for you using simple English and short sentences.

~~~
rmc
I wish there was some law saying that a 'contract' like that is not valid if
it has more than X words (e.g. 1,000), it's between a corporation and a
person, and the corporation has not resonably established that the person has
consulted legal advice. That would be a relatively unambiguous way to ban such
one sided contracts.

~~~
stordoff
The UK Unfair Terms in Consumer Contracts Regulations 1999 [1] are reasonably
good in this regard IMO. It gives effect to an EU directive, so most/all EU
countries should have similar protection.

Summary of major provisions:

> s.8(1) - An unfair term in a contract concluded with a consumer by a seller
> or supplier shall not be binding on the consumer.

> s.5(1) - A contractual term which has not been individually negotiated shall
> be regarded as unfair if, contrary to the requirement of good faith, it
> causes a significant imbalance in the parties' rights and obligations
> arising under the contract, to the detriment of the consumer.

> s.7(1) and s.7(2) - A written term must be in plain intelligible language.
> Any doubt is resolved in the customer's favour.

[1] <http://www.legislation.gov.uk/uksi/1999/2083/contents/made>

~~~
rmc
That is _very_ interesting. I didn't know about this sort of law (and yes I'm
in another EU member state, so this is relevant to me). Thanks!

------
DanBlake
It seems like this would have all been mute if zappos did the standard
industry thing of including a "I agree to the terms and conditions" checkbox
on account creation page:

<https://secure-www.zappos.com/register?checkout=true>

~~~
gadders
Sorry to be a pedant. It's "moot":

[https://www.google.co.uk/search?hl=en&q=define%3Amoot](https://www.google.co.uk/search?hl=en&q=define%3Amoot)

~~~
blowski
Isn't it moo? Like the cow?

~~~
joshAg
you're stll kind of new, so let me give you some friendly advice, since i've
been here slightly longer: hacker news hates jokes and jokes are a great way
to get downvoted.

~~~
brudgers
What HN tends to discount are useless and derivative comments of the sort
which may turn into "insider" memes.

Humorous comments may get upvoted, particularly when they extend the content
cleverly and are well written. However, you are correct in so far as the
threshold tends to be higher than is common.

In my experience, it is best to view downvotes as editorial suggestions rather
than personalizing them as "hate." A downvote may mean a lot of things, but in
general it is often best to consider them as an indication of how well one's
point has been communicated. I recommend using them as feedback regarding the
quality of one's writing.

Likewise on the subject of communication, one might read your post as a bit
uncivil in regard to the way it addresses the author of the parent comment.
Curtailing incivility is a current point of emphasis within the HN community.

My question is, how could your point have been better communicated in a way
which promotes meaningful dialog, and how could the "edit" feature be used to
implement an improved version?

------
Codhisattva
This entire TOS thing should just be eliminated. It's inevitably a bunch of
ridiculous legal mumbojumbo and does little but eliminate accountability and
give lawyers busy work.

------
robomartin
Lately I've been thinking that this should be part of the login process. Enter
username and password. Just below the "Login" button there's the "If you click
on this button..." text with a link to the TOS. Every time someone logs in
they are accepting the TOS. If your login events are recorded you even have a
record of when each user logged-in and, effectively, accepted the TOS.

~~~
lambda
I would not consider that to provide adequate notice of a change in the TOS.
If it's just a link that never changes, you won't have been notified if it
updates.

~~~
carbocation
What if it included the date of most recent update? Worst case, you could
store the user's most recent TOS agreement version or date identifier, and
force them to agree after logging in if they want to continue. This seems to
be how Apple operates for the App Store.

~~~
vidarh
When I was at Yahoo years ago, and we handled billing for premium servies,
we'd explicitly store the version of the TOS the user had indicated express
consent to as an extra precaution (express consent in this case meant the user
had ticket a checkbox to confirm they agreed _and_ then submitted the form).

------
eob
Given that Eric points to the bottom-of-page placement of the TOS as further
evidence of its inadmissibility, it's a bit ironic that the first paragraph of
his article says "This post will make some suggestions" and the _last_
paragraph, pages down, says "[this post] doesn't provide legal advice"

An interesting read though -- thanks.

~~~
DanBlake
I think it has been well established that disclaimers on legal advice and
commentary are less important than 10 years ago. A reasonable person must be
under the assumption that the author is acting as their lawyer. Adding the
extra "This is not legal advice" is moreso just a extra nail in the coffin of
protection.

Its the same reason webmd does not have a big disclaimer at the top of the
page saying they are not acting as your doctor.

~~~
tomkinstinch
Are there specific legal precedents that have made such disclaimers less
important, or has it been a general trend?

~~~
rprasad
Yes, generally see the NOLO line of cases.

------
bravura
"As you can see from the screenshot snippet above, Zappos' terms of use says
"We reserve the right to change...these terms and conditions at any time."
Zappos isn't the only website using language like this; it's ubiquitous on the
Internet. _Unfortunately, despite its widespread usage, this language is toxic
to a contract._ "

Isn't toxic to strong a word here? That particular clause it unenforceable,
but the rest of the contract is unaffected, because of (I presume) a
severability clause? The article seems to indicate that this clause taints
other aspects of the contract.

~~~
starnixgod
Toxic is not too strong of a word here.

The use of a unilateral change-of-terms clause, without notification or
assent, in their contract with the users of their website invokes an
illusionary promise of a contract which vitiates the entirety of the contract
at its very roots, including the severability clause.

------
dasil003
This raises an interesting question of whether forcing every user to click an
annoying accept checkbox would actually hurt their bottom line more than the
results of the lawsuits.

~~~
kalininalex
As far as I understand it doesn't have to be annoying. Simply having the
legible text "By clicking the Purchase button you agree to the Terms" should
suffice. There'll be just one Purchase button in both cases (of course,
getting a legal advice wouldn't be a bad idea).

------
screature2
If anyone's particularly interested in the online contract issues highlighted
by the Zappos User Agreement, Stanford Law had a great hour long session on
online contracts at their 7th Annual Stanford E-commerce Best Practices 2010
E-commerce Best Practices Conference.

[http://blogs.law.stanford.edu/stanfordebp/files/2010/07/2010...](http://blogs.law.stanford.edu/stanfordebp/files/2010/07/20100625_LST_ECommBP-002C-OnlineContracts.mov)

------
ricardobeat
How does one prove that at the time a user signed up there was a
checkbox/button to accept the terms, not a different version of the page?

~~~
bo1024
Any half-informed Internet user should be saving copies of terms they have
agreed to (after reading them thoroughly, of course).

That's sarcasm, but I feel like that's what would be legally argued in court,
and it shows how much power websites have compared to their users.

~~~
celticninja
how do you keep a record of terms you have not agreed to, a screen grab of an
unchecked box?

~~~
dredmorbius
You could, say, post a digitally-signed repudiation of the ToS. Or,
interesting concept, of _all_ ToS terms to which you explicitly do not agree.

Put that somewhere that, say, Internet Archive would get ahold of it. Among
the Archive's revenue-generating services is providing notarized copies of
data that it's archived, essentially substantiating someone's claims that
material was available online at a given point in time.

