Hacker News new | past | comments | ask | show | jobs | submit login
Sony to ban gamers from PSN unless they waive right sue over security breaches. (bbc.co.uk)
288 points by sambeau on Sept 16, 2011 | hide | past | favorite | 102 comments

You can opt out of the arbitration clause by sending a snail-mail notification of your choice to Sony.

From the associated Ars Technica article[1]:


[1] http://arstechnica.com/gaming/news/2011/09/mandatory-ps3-upd...

If you do not wish to have a brick thrown through your window, your written notification must be mailed to...


wow that quote has been around forever and still proving itself to be relevant :/

Do you actually mean this kind of bullshit is legally sound in the US? Whoah. IANAL, but in Europe most of the EULA clauses are considered invalid due to consumer protection code and this sort of thing definitely would fall in to that category.

Other folks in this thread have gone into more detail, but the courts have indicated that EULAs with arbitration clauses are typically considered legal.

Even in a case like this where it is introduced after the fact? ie. the customers have already paid hundreds of dollars for their PS3 and games etc, and are later told they have to give up more rights if they want to keep using it. That seems worse to me than just the presence of this clause.

This is a very bothersome arrangement that is popping up all over: changing the contract after it's signed. Consider mobile phones, for instance: You have entered a two-year agreement with AT&T because of the iPhone. Then Apple changes its terms-of-service. Suppose you don't agree? You can stop using the phone, but you are still bound to your AT&T contract.

The pessimist in me says that their response would be to let you pay the early termination fee (perhaps with a small discount) & cancel the contract.

At least in the US, if they change the agreement, you get a get-out-of-contract free opportunity, where you can cancel without paying the early termination fee if you refuse to accept the agreement changes.

dhimes was talking about a situation wherein there are two related, yet separate, contracts at play.

You are contractually obligated to both Apple and AT&T, so even if you use this loophole to get out of your contract with Apple when they change the contract, your obligation to AT&T continues. IANAL, but my assumption would be that a change in the Apple contract in no way legally changes your AT&T contract, so you are still liable to either honour your obligation to AT&T or pay their (typically exorbitant) cancellation fee.

Indeed. It would be nice if the two contracts were bound: then at least Apple would have to vet their changes with AT&T, which would presumably react against changes that pissed off the users but whose functions acted in only Apple's best interest.

And note, I don't mean to pick on Apple. I just chose them as a concrete example. It could easily be the other way around or two different companies.

Your hundreds of dollars for a PS3 gets you the right to the PS3 and the right to play games on it, which is completely possible without PSN. This is fact. PSN is a separate free service not under the same terms under which you purchased your PS3.

Your spin isn't helping anyone and detracting from the actual issue at hand, which is whether SONY has a right to take your right to sue over security for a free online service.

Downvoter: Please explain why you disagree? Or have I mis-stated something as fact?

I'm not sure that's entirely accurate. Many games will not allow you to play (at all, even "offline") if updates (to the game, not the console's firmware) are available. I think Civ:Rev will only force you to update if you want to play "online", but I'm pretty sure Little Big Planet won't even load if updates to the game are available.

Other games require you to be online to simply install.

Some newer Blu-Ray discs require updates to the PS3's firmware. You cannot update the firmware without accepting the EULA.

You lose enormous functionality by not accepting the EULA.

With every one of these insane EULA updates, I'm thinking more and more about using one of the custom firmwares. One thing is for certain - their anti-consumer stance ensures I won't ever buy another Sony product!

> I'm not sure that's entirely accurate. Many games will not allow you to play (at all, even "offline") if updates (to the game, not the console's firmware) are available. I think Civ:Rev will only force you to update if you want to play "online", but I'm pretty sure Little Big Planet won't even load if updates to the game are available.

No that is not true. I downloaded little big planet and for a month I didn't have internet and was able to play without having updated it. If the game requires an update it's not mandatory. It only makes you update if you go online but you don't have to do that.

Problem is lots of people who don't have a PS3 and don't know the facts keep propogating anti-sony spin simply because they don't like certain practices of Sony the conglomerate. But it does no one a favor to keep up ad-hominem attacks on Sony.

I didn't downvote, but if Sony uses PSN as a selling point for PS3, it's pretty disingenuous to later claim that the ability to use PSN is unrelated to the purchase of a PS3.

Perhaps, but at the same time it's a free service and they aren't obligated to perpetually provide the exact same service to you for the initial $2xx you paid.

The solution to this is simple and has been clear for years: stop doing business with Sony.

It amazes me how little this seems to be grasped. Or even if people don't want to cut off Sony entirely, they could still think, "Ah, this is from Sony. That's a black mark. Do the positives really outweigh this negative?" But apparently few people do think this way.

Therefore, to those who wonder why Sony doesn't quit all this nonsense with rootkits and DRM and privacy violations, etc., etc., the answer is, because it doesn't hurt them. People still do business with them anyway.

(Kinda makes you wonder about all the "you must treat your customers well" articles you see on here.)

The gaming industry and the politics that surround it are some of the most toxic relationships I've ever seen. I dont think its a stretch to draw comparison between the relationship between and addict and a dealer.

I made that exact choice starting with the rootkit fiasco. Every bit of news I have seen since then has further validated that choice as a wise decision.

And more than once, I have physically put a product back on the shelf when I realized it was made by Sony, so it is costing them business, at least from me. I estimate that my decision has cost them at least $2,000 so far, most of that being when I went for non-Sony TVs.

Me too. I went a step further and showed my kids everything Sony has done. They probably dislike Sony more than they need to really. But if the general concept of "sociopathic corporation" needed a poster child to make the point, Sony volunteered and won the part.

Aren't all companies, if they do what they're supposed to do, sociopathic? And Sony, being a huge conglomerate, is statistically more likely to commit sociopathic acts because of its size?

Perhaps in theory. In practice, some companies manage to do less badly than others.

It's not necessarily even a contradiction, if your primary business is selling to consumers it's entirely reasonable that a company would want to keep a positive image going.

For a company that makes earth-moving equipment primarily purchased by strip mining operations, no one would question the business sense of them not donating a percentage of their profits to environmental protest organizations.

For a company that sells to some gamer demographic, perhaps it would be the better part of wisdom to, say, decline to antagonize the likes of Geohot and the noncommercial hackers, modders, and Linux users of their platform. (Never mind the legally questionable tactic of retroactively disabling previously advertised and purchased functionality).

Yup. Same reason I don't do business with Nokia or Siemens (developing DPI Internet Filter technology for oppressive regimes in the Middle-East, which is slightly worse than this, IMO).

This shouldn't even be legal.

Since it probably is; I think these days most people are probably buying a PS3 for PSN so if users can no longer access it they should bring the device back and demand their money bag. If Sony gets away with this expect more companies to follow suit.

The SCOTUS recently affirmed that not only are such clauses legal, but that individual States cannot pass laws to forbid them.


If I read that correctly (not a lawyer), SCOTUS ruled that an agreement prohibiting class-action lawsuits is legal if both parties agreed to use individual-arbitration instead. So you can still sue them individually in court, or go through the arbitration process, to grieve a claim against them.

My question is, how do you know the end-user agreed to that? You have no signature, video, or audio proof. PSN accounts generally remain logged-in, and it's possible someone other than you agreed to the EULA and upgraded your PS3's firmware, like a guest or roommate, without your knowledge or permission.

The problem with arbitration is legal resource mismatch and sealed results. Each complainant would have to find, pay for and manage any suit or negotiation (bringing the likelihood of complaints escalating beyond the initial offer to near-zero). And even if a John Doe and his cousin-lawyer managed to dig up a smoking gun, no-one else would know about it. So each individual would go through the process ignorant of other results, while the Corporation builds experience and additional strategic advantage dealing with the situation over and over again.

If you approach class-action lawsuits from the standpoint of "what good comes of it for the individual" there's not a big change and I've heard that we could expect more people (who put up with the process) would be more likely to get some award and that such an award is likely to be higher than what they'd get from a class-action suit. [1]

But if you approach class-action lawsuits from the standpoint of "what punishment does the misbehaving corporation suffer", mandatory individual arbitration is a tragedy. [2] It's implausible for the legal investigation into the corporation to approach the same level and implausible for the net penalty to even remotely approach that of a class action suit. The corporation is already heavily favored in any legal battle and individual arbitration simply compounds that advantage. And PR damage done from having said bad behavior exposed to the market at large is no longer a concern. In short: the penalty for misbehavior is massively reduced.

As to "how do you know the end-user agreed to that": click-through EULAs have also been upheld by US courts for some time. Though I don't believe the SCOTUS has addressed them directly just yet.

[1] I've read that multiple studies have found arbitration as having a higher and more frequent payout rate for complainants than class action lawsuits. I won't vouch for that position, but I don't take issue with it, as those results are largely irrelevant from my viewpoint.

[2] Yes, there is a ton of progress that could be made on the question of how that penalty gets distributed. But I believe it's far more important to address that issue on its own than to effectively end class-action suits.

Thanks for sharing that roc. :)

It's really a spectrum of enforceability. It doesn't matter whether it's ironclad. The idea is to discourage suits and to have something to point to when people try to sue you. It may not work but it might help. There are many issues of enforceability and this is one of them (although do you find that argument very convincing? You'd need to be able to point to someone and have some reason for why it was them and not you in order to be convincing).

"The majority opinion was written by Justice Antonin Scalia, and joined by Chief Justice John Roberts and Justices Anthony Kennedy, Clarence Thomas, and Samuel Alito"

And that's why we need a more liberal supreme court.

I'm not even sure it is legal in the UK - we have laws against "unfair contracts" [1], and there are also some statutory consumer protections that can't be waived. Of course, this is about security breaches, and IANAL, but I'd say this doesn't stop all potential lawsuits.

[1] http://www.oft.gov.uk/about-the-oft/legal-powers/legal/unfai...

It’s complicated but I think many countries have pretty strong protections for consumers against unusual or unexpected clauses in contracts. I would be very surprised if this part of the terms would be enforceable, for example, in Germany.

The title of this article is somewhat misleading.

A clause that prevented any right of action whatsoever would most likely be illegal in many countries (including, I think, all EU countries, the US and Australia/NZ).

However, "binding arbitration" clauses which require parties to submit to alternative dispute resolution procedures before any legal action is taken are actually quite common (perhaps more common in Aus/NZ, the UK and the EU than in the US?). They're a common feature of mobile phone contracts, internet contracts, et cetera.

Edit: I see this question has been given excellent treatment here: http://news.ycombinator.com/item?id=3001086

Binding arbitration clauses are quite common in the US, as well.

The only people qualified to determine whether a contract is fair or not are the parties that do or do not sign it.

I completely disagree. Being able to determine whether or not a contract is fair depends on domain knowledge. In the US anyway, being able to sign a contract is no indicator of domain knowledge. It is dependent on age and, if you represent another entity, your status as an agent for that entity.

Agreed. However, even with that domain knowledge, an outside party cannot determine for one of the parties whether or not they find it "fair" or not. This is not the role of government. It's common knowledge that contracts require domain knowledge, and if you proceed without it, it's akin to riding a motorcycle without a helmet, eating foods fried in trans fats, or driving a car without a seatbelt.

Oh, wait. Nevermind.

Seriously any agreement that waives the right to sue, is very likely to not be held up in a court of law.

This really isn't any different than any credit card application. The arbitration clause is buried in the fine print of those as well.

They're essentially confirming that their systems continue to be insecure and guaranteeing that your personal information will be leaked to third parties again in the future.

Thanks for the clarification Sony.

Yes. I understand that lawyers in a big corporation have a big responsibility to minimize liability because it measures in the billions. In this case they totally failed to take into account the direct damage this will do to their brand perception. If the press decides to pursue this, it's going to hurt them badly.

Sony doesn't seem to have much of a brand left to protect. Since the root kit debacle it's just been one thing after another. They seem actively customer-hostile.

Brand per se has been dragged through the mud, but Playstation is still a very valuable property, particularly in Europe. Frankly they have a lot to lose with this nonsense.

Not only that, but this sort of action is bound to make people upset, and give the hacker groups out there yet another reason to attack Sony again.

Would you guarantee that any system you build/manage will be safe?

The point isn't that it's impossible to happen.

The point is that Sony is disclaiming responsibility for anything it does wrong.

It's like saying, "Well, I'll work as an engineer for you, but I refuse to be held responsible if the bridge collapses." Even the nuttiest libertarian could find reasons to pass laws forbidding that kind of contract. And even if it's legal, I wouldn't drive on that bridge. (Or would I? If everyone does it and it looks safe enough...)

This is even worse when I think about it. It's more like buying a plane ticket, being in the airport, and suddenly the pilot goes "I am not legally liable if I crash the plane while I'm drinking on the flight."

Though a better analogy is that it's like buying your ticket, passing security, being boarded and right as you are about to enter the plane - the stewardess tells you you have to sign this agreement that the airline is not liable. You have the option of not agreeing to those terms - but then you will have to turn around and find another flight on another airline with no recourse for a refund on your ticket.

Or in the case of current PS3 owners, being presented that agrrement after take-off.

...with a parachute just in case you want to get off right there.

> The point is that Sony is disclaiming responsibility for anything it does wrong.

nope. you can still go to arbitration or small claims.

It's not that the bully isn't willing to accept responsibility. He just wants to deal with each complaint individually. In a dark alley with no witnesses.

I'm a sysadmin actually. No one can give that guarantee, but when I apply for a job I sure as hell don't put in the contract that I'm not liable for any security breaches that might occur.

If I leave an outdated version of SSH open to the internet, allow root login, password authentication, and set it to 'p4ssw0rd', then I'd fully expect to suffer some consequences.

You do the best you can and then carry insurance.

I'm sure this makes perfect sense to their legal department, but it's yet another reason why I'll never buy another Sony product.

I actually feel a little bit bad for the Japanese on this point. One can imagine them wanting to expand out of designing and manufacturing great value televisions and hi-fi components, coming to America to see how to do business here, and falling in with a pack of LA entertainment industry lawyers who steer them down the path to moral ruin.

I'm sure it didn't actually happen that way, but it's funny how it fits the observed behavior if you look at it a certain way. It's not like people would be any happier with them if they'd kept exactly the same set of business practices as goes on in Japan.

This is so bullshit!

Basically, leaves non-security-aware people out in the cold. Instead of trying to champion good security practices and locking down their shit, they are saying "this is a glory hole, buyer beware" in a document that no one reads.


Why use a Ps3 when Xbox has the same titles and a serious security team?

Uncharted, Infamous, Little Big Planet, Demon's Souls, The Last Guardian, Twisted Metal — discounting the Halo series, PlayStation has a lot more interesting exclusives than Xbox. The only other Xbox exclusive I can think of that's so interesting is Left 4 Dead — which isn't even actually an exclusive, just not on PlayStation.

Also, Microsoft's dickish behavior makes the for-pay Xbox Live service worse than the free version of PSN (e.g. updates get held in limbo and publishers are forced to charge for them even though Microsoft isn't providing the servers or bandwidth AFAIK).

Some people prefer the PS3 - I do. No fanboyism etc, I just have been a loyal Playstation user since the start and have every one of the consoles - and there are major issues I have with the Xbox line - but those are my personal opinions. It sucks that Sony has been mismanaging all of this and definitely took shortcuts in inappropriate places - and instead of improving on those issues they are just making things worth with bad PR. I hope they can change that in the future, as I would still be purchasing a PS4 when that became available - unless they really don't get a clue and make things even worse.

"loyal playstation user". Why? I mean, I hear this all the time with banks. Customers come in expecting an amazing mortgage rate with their shitty credit scores because they've always been a "loyal customer". We have to try to explain that loyalty has little value to the bank, other than lifetime value, which is already factored into the pricing.

For the playstation/xbox, go where the fun is. Don't support a company out of misplaced "loyalty" because in the end, it just slows free market progression.

I have fun on the PS3 - and while there are some serious issue in how things are working behind the scenes, to me that's where the fun is. I like the Playstation line, and I like the exclusive games they have, but as I said it's all about opinion and if others prefer the Xbox line, then that's where they go for their games - and that's fine with me.

You should realize that fanboyism doesn't have to imply an irrational dislike of competing brands (which thankfully you seem to lack). It need only imply an irrational affinity for a brand. Why would you "like the Playstation line" for any reason other than "the exclusive games they have"?

It might seem like an irrational affinity for a brand - but besides the exclusive titles, I actually enjoy the interface, the controller feels more natural to me than that of the leading competing systems, I like having a built in blue-ray player, and above all I like that I have been able to run custom code on each of my Playstation consoles. Things like backwards compatibility were huge for me as well (which is why I have the original 60gb PS3 with PS2 compatibility). There are various reasons that I have stuck with this line - and as far I'm concerned they are valid reasons because they are my opinion of the system and the line. I own a Wii, and I had an Xbox - bottom line is they are not my preferred systems.

As an owner of a PS3 I've been perfectly satisfied with the free service and the capabilities of the PS3.

I think most of the people bitching about the things happening to Playstation don't actually own a PS3. But as an owner I can tell you I really didn't care about the security breach, perfectly satisfied that they gave me 2 free games, and have not experienced any issues running my PS3 without connecting to the PSN. The fact is, it's not out of loyalty, it's simply because the PS3 has been a great product for me (believe it or not).

> No fanboyism etc, I just have been a loyal Playstation user since the start

Oddest sentence I've ever read.

Fanboyism implies a level of obsession or passion that is greater than just loyalty -- to the extent that you won't say anything bad about them at all, and will attack anyone that does.

I'm on my fourth or fifth xbox 360 due to hardware failures. I lost track... that's one reason.

Xbox doesn't have the uncharted games, metal gear solid, demon souls, etc.

It's hardware is more reliable, it's a better media center, blu-ray, no fee for multiplayer.

I bought a PS3 over an XBox for two reasons. One, Bluray. But more importantly, a good friend of mine has a PS3, and I wanted to play games with him online.

The reason I bought a ps3 instead of an xbox was because of the exclusive titles (mainly mgs4).

I got a PS3 because of OtherOS (Linux). We all saw how that turned out...

Did you get it for gaming online too?

Because Microsoft is teh suxxors! </sarcasm>

Sony took this from the Guide "How to write abusive and unfair contracts". Seriously, it will be interesting to see how the class action lawyers will deal with this: I'm not sure the judge will like that kind of shadow manoeuvering, where the consumers see nothing coming.

Wow. So let me get this straight. I can start a service, that people pay money to use. I also tell them that their credit card / personal information may not be secure and if they want to use the service that they already paid for, they have to accept that I am not liable for its security and if (when) this information does get stolen, I can give them a coupon and get way with it? Please tell me I'm wrong. This can't be legal.

Yet another instance of the triumph of short-term CYAism over long-term customer strategy.

This is the first news I've read of Sony reacting in any way to those hacks. Great press for them.

Hopefully they're not storing these waivers in plaintext.

The work around to this would be to not put any valuable Personally Identifiable Information on Sony's network. You can use a proxy credit card number. Set up an email address that is not connected to any of your other accounts and use a unique password. That way if your data gets compromised you wont really lose anything...

But basically they are saying that they are not willing to put their reputation and money behind their own business which makes you wonder....

These are my comments from an earlier thread on this story:

IANAL, but arbitration clauses are standard in contracts[1] at least in the United States. Arbitration is generally seen as preferred because suing people in court is actually very expensive for the plaintiff, the defendant, and the court system.

In Sony's favor, Sony excluded small claims. So for pretty much everyone this arbitration clause is meaningless. The limit for small claims is in the thousands of dollars depending on state [2]. The circumstances where Sony would be liable for more than a few thousand to a single consumer would have to be pretty extraordinary. And yes, this includes losses due to identity theft. Although the expenses due to fraud can be high, the out of pocket damages to the individual are generally very low. As of 2006 the average out of pocket expenses were about $422 and on a downward trend [3]. Keep in mind that the federal government limits liability for credit card fraud to only $50 in the United States [4]. And most credit card companies actually limit the liability to $0. The actual costs of fraud end up getting absorbed by businesses as the financial institutions try to unwind the transactions as best it can.

Also in Sony's favor, Sony did not choose to use the arbitration clause to set an onerous jurisdiction. Sony could have said all arbitration needed to take place in a specific city in the middle of nowhere. Sony didn't even pick the location of its headquarters; you can pick any jurisdiction. Most arbitration clauses I've seen set a jurisdiction that favors the contract writer, so I'd say this puts Sony in a decent light for not doing the same.

Likewise, Sony does not cap damages awarded through arbitration. It could have easily set the maximum damages to some amount that would make arbitration a non-starter compared to small claims.

If you really wanted to find fault with Sony's particular arbitration clause, it would be that neither side can appeal the decision of the arbitration panel to a higher court. But keep in mind this cuts both ways, and it really isn't unusual. It is even endorsed in the United States.

I should also note that arbitration clauses can be voided if the panel can be proven to be biased. So this isn't necessarily a license for Sony to circumvent the law, at least against a well funded opponent. And anyone with the balls to sue Sony for any serious amount of money would be a well funded opponent.

NB. I understand arbitration clauses such as this may not be legal in some countries such as Germany. Whether that is good or bad I can't say. I'm sure the Germans thought it was good, though.

[1] http://en.wikipedia.org/wiki/Arbitration_clause

[2] http://www.nolo.com/legal-encyclopedia/small-claims-suits-ho...

[3] http://www.bbbonline.org/idtheft/safetyquiz.asp

[4] http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre04.shtm

Ok, but Sony is still trying to block class action lawsuits. There are now millions of PSN users who are signing away their right to participate in and benefit from such an action if Sony is abusive or careless again.

That is a good thing. Judging from past results, rather than anti-business rhetoric, the only people who usually benefit from class action suits are lawyers. Many plaintiffs in class action suits end up with a few dollars or even just coupons while the lawyers get rich.

ADDED: Responding to a comment I read further down the stack; as for "punishing the company", in reality you are only "punishing" those who buy from them since they will just increase the price to cover the expected cost of dealing with suits.

If a suit wasn't expected, so they hadn't built it into the price, or other companies were keeping their prices low enough that they couldn't raise their prices, it might actually hit their stock price or dividends. Since, from comments from many PlayStation owners suggest neither is the case, my point that class action suits will just benefit lawyers and raise prices for PS users stands.

Hilarious that you talk about "anti-business" rhetoric and then respond with gems like:

>as for "punishing the company", in reality you are only "punishing" those who buy from them since they will just increase the price to cover the expected cost of dealing with suits.

Well, I guess there's nothing we can ever do to a company then! Wouldn't want them to raise prices.

It's not about "punishing", it's about incentive to get them to take their customer's privacy seriously.

If they would actually protect their customer's data well, they wouldn't get sued for security breaches in the first place.

While 100% security is impossible, they only need to secure their data so they can't get sued for neglecting to secure it enough.

Temporary solution: don't buy anything (i.e. give them credit card details) or store anything important (i.e. re-use a password) on PSN...

Yes, I know, we all miss DLC...

There are always gift cards if you want DLC.

And really, if you use anonymous gift cards (or no payment information), you have the option to not even give them your real personal information, never mind your financial information.

That way there's literally nothing to steal other than the account itself.

Devil's advocate here. Given that one (among others) of the motivations to hack Sony is to harm them in the press and financially, is it possible that forbidding gamers from class-action suing - and therefore eliminating the possibility Sony would be fucked over by a large settlement - could REDUCE the incentive for hackers to break Sony?

Why would this reduce anything? If anything I would expect this sort of customer bullying to get them targeted even more. After all, if customers have their credit card info stolen, get robbed and then can't even sue Sony for incompetence then that should make them less likely to spend money with Sony, no?

The average customer will subconsciously weigh the cost of enjoyment from using the PSN against the opportunity cost of a security breach to them. After making that calculation most will choose to waive their rights.

ansy comment here http://news.ycombinator.com/item?id=3000383 is clearer then both articles in my opinion.

Wait, can't a EULA be invalidated if it's deemed too extraneous? I remember something about that happening in a Microsoft case...

I'm not an expert in these matters, but I am interested to see how this will be interpreted under Louisiana's redhibition laws.

I hope there's some way PS3 owners can sue Sony for forcing them to waive their right to sue them.

Thank you, Sony for yet again reminding me why I refuse to spend any money on your products.

That means we can sue over prior security breaches?

You can sue your neighbors nonexistent cat for assassinating Elvis.

They don't give a damn.

I thought this was always the case, basically everywhere. This is what EULA's are for.

Since the start, the only piece of info I've had in there is a mailinator address and a password I don't use anywhere else. They can get breached all day for all I care.

As an answer, Sony headquarters should be enclosed in a huge airtight balloon and only let breathing air in if they agree to stop fucking people.

Useful contribution to the discussion.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact