
If you enroll in Equifax's TrustedID you waive your rights to sue Equifax - JackFr
https://twitter.com/wyatt_privilege/status/906120794593427456
======
manyxcxi
So I checked their site and lo and behold I'm in the estimated 44% of
Americans affected by this.

Here's my question, how can we, as a massive group, get some type of recourse?

I'm not talking about suing for money necessarily, I don't need it (though if
I suffered some financial loss I'd at least like to be made whole).

I don't get it, the only reason identity theft is valuable is because
companies like Equifax have inserted themselves into the process.

They've turned what should be public information into information that has so
much ability to cause harm to our records (that we may never have asked
Equifax to keep on us in the first place) that now we have to fight to protect
all this data, when we're not even the ones attempting to put value to it.

So then Equifax offers identity monitoring services at a price. Then they leak
most of their data. Then they offer their monitoring services to us, because
now they're more needed than ever. So I'm gonna let the drug addled burglar
watch the dog for me when I leave town?

You can't really not play the game, but even if you try not to they're still
using you as a pawn.

Wouldn't it make sense to treat identity theft as a crime where the lending
institution was stolen from? Why couldn't I sue Equifax et al. for libel when
they have incorrect records on me that they won't remove in a timely fashion?

Luckily for my I've got a guy that manages my finances to a degree, and part
of it is keeping tabs on anything showing up in my credit profile- but now I'm
a juicy target because all I did was pay back any money I've ever borrowed in
a timely fashion like I said I would?

~~~
busterarm
86% of all US credit card holders (of which there are only 167 million)

~~~
cjsawyer
"only"

~~~
milsorgen
Out of 250 million adults that seems lower than I would of thought.

~~~
busterarm
Many things add up here. 2/3 of millennials don't have a credit card. That's
about 52 mil you take away there. Then you have about 3 million Muslims in the
US, who depending on religious observance may not be using credit cards. Then
you have all of the people whose income is low enough that credit cards aren't
even a consideration.

------
montecarl
IANAL, but this contract would not seem to be valid because it does not
include consideration[1] for the users entering it. Why would you give up your
right to sue for a data breach by enrolling for a service to protect yourself
from it? That seems like a protection racket.

[1] [http://www.nolo.com/legal-encyclopedia/consideration-
every-c...](http://www.nolo.com/legal-encyclopedia/consideration-every-
contract-needs-33361.html)

~~~
drostie
Yeah, sorry, IANAL either but that's total BS. The user has consideration in
the form of being able to use the service.

For those who are unaware, contract law deals with a process of people
exchanging things, usually in the form of promises -- "I will mow your lawn in
exchange for $30" is a contract, even if it is never written down. There are a
lot of interesting ways that this law works: for example you will see
reasonably often something like "I'll give you $30 to mow my lawn" / "Deal!" /
"What about $20?", where the one side seems to be assuming that there is no
actual contract until they both say "Deal!" \-- but actually the law believes
that the first person implicitly consented simply by the form of the language
of the "offer" above and if the sums were larger this could hypothetically be
the sort of thing that a lawsuit begins over.

The "consideration" idea is about this word "exchange" that I started off the
last paragraph with, it says that contract law explicitly does _not_ apply
with things that are just given away for free. If you say "Hey after I mow my
lawn tomorrow I'll mow yours", and your neighbor says "great!", and then
something comes up tomorrow so that you have to cut the job short only mowing
your lawn and not your neighbor's lawn, the law says _that was not a contract_
and your neighbor cannot sue you to mow their lawn for free. How do we know it
wasn't a proper contract where things were exchanged? Because _we can see that
you don 't get anything out of it_. But "get anything out of it" might get
into very abstract territory: for example if you are known among your
neighborhood for collecting the dead grass you've mowed and turning it into
expensive compost, and that's the reasonable expectation, that could be
consideration. At some point -- possibly presently, I haven't reviewed them
for this post -- the Creative Commons licenses said something like "to the
extent that this is a contract, the consideration for me is that I'm getting
to see my work used by other people who I don't know."

This exception to contract law obviously does not apply to the terms-of-
service agreements for paid services. It _might_ hold if you are not notified
about the terms of service prior to making the agreement, but US law tends to
be a bit lax about the details here and usually says "well if you used the
service _anyway_ after you found out about the terms of service then you
agreed to be bound by those terms." See the cases on "shrinkwrap licenses" for
details.

Note also that most free-software copyright licenses and so forth are simply
not contracts; that doesn't mean that they have no legal standing, but just
that their legal standing isn't in _contract law_ per se.

~~~
JackFr
What can invalidate a contact though is conscionability.

If the consideration is unconscionable, a court could invalidate it. The
classic example is selling a million dollar life preserver to a drowning man.
Such a contract would be unconscionable.

In this case, Equifax has thrown us into the water, and is willing to give us
the life preserver for free if we're willing to forget that they did it in the
first place.

------
markwaldron
I haven't enrolled, but wouldn't you be able to argue that because their
information was leaked you weren't the one who signed up?

~~~
chrisabrams
This is not only a valid point, but a scary one :/ You can't prove who it was,
if you could, then we wouldn't have this mess in the first place.

------
scrumper
You waive your rights to sue TrustedID, not Equifax.

Edit: And yes, it's a subsidiary, but you absolutely retain the right to sue
the parent company for an event that occurred before you agreed to these ToSes
requiring arbitration for disputes with the subsidiary. You just now can't sue
TrustedID if they fuck up their credit monitoring.

EDIT 2: Here are the _actual terms_ , not a selective screengrab of a scary-
looking bit from Twitter:
[https://trustedidpremier.com/static/terms](https://trustedidpremier.com/static/terms)

------
erikb
Current headline:

> If you enroll in Equifax's TrustedID you waive your rights to sue Equifax

Is something like that even legally possible in the US? I know in my country
it isn't.

A) You can't waive certain rights, even if you say so in a contract.

B) A contract that is general purpose, and not individually compromised by
both parties, has even stronger protection. If you can convincably argue that
you would not have assumed a clause, it is not valid.

C) Rules defined by laws overwrite contracts. So a law saying you can sue
overwrites a term in a contract saying you can't.

Triple protected. Even if the US is more "free" in that regard, some of that
protection must exist as well, right?

~~~
bskap
Your can't waive your right to seek remedy in the event of a breach of
contract, but US courts have ruled that clauses requiring mandatory
arbitration from a private arbitrator instead of going through the public
court system are legal.

Theoretically, it's just as fair to be heard by a neutral third party, but the
biggest difference is that if you agree to arbitration, there's no equivalent
of a class-action complaint meaning each impacted individual would have to
file an arbitration claim separately.

~~~
cjalmeida
In Brazil, mandatory arbitration is valid only on non consumer contracts.

------
mikestew
The title does not match the terms of service to which the tweet links. IOW,
no, that's not what it says. But this about the sixth story that's cropped up
on HN about waiving your rights, so getting the crowds to wipe the froth from
their lips is probably a lost cause.

------
1001101
IANAL, but the document refers to TrustedID, Inc., a subsidiary of Equifax,
not Equifax itself. I've seen arbitration clauses in many terms of use before,
so I don't get the impression that this is nefarious. Again, IANAL.

------
bmpafa
looks like Equifax responded to this point specifically in the terms of their
'see if you got screwed[0]' site:

"2). NO WAIVER OF RIGHTS FOR THIS CYBER SECURITY INCIDENT In response to
consumer inquiries, we have made it clear that the arbitration clause and
class action waiver included in the Equifax and TrustedID Premier terms of use
does not apply to this cybersecurity incident."

[0]
[https://www.equifaxsecurity2017.com/](https://www.equifaxsecurity2017.com/)

