US Court of Appeals: TOS may be updated by email, use can imply consent [pdf]

Posted by dryadin 5 hours ago

US Court of Appeals: TOS may be updated by email, use can imply consent [pdf](cdn.ca9.uscourts.gov)

166 points | 78 commentspage 2

ruined 4 hours ago|

by reading or not reading this comment, you imply consent for me to access, manipulate, and/or assume control of any of your checking and savings accounts, investments, stocks, bonds, options, futures, securities, lines of credit, and real estate that you hold now or may acquire in the future, regardless of my chosen method or manner of access. disputes arising from any such activity shall be arbitrated by me. you may opt out at any time by replying “I CONSENT”

thaumasiotes 3 hours ago|

You're going to run into problems with the concept of an unconscionable contract.

allreduce 35 minutes ago||

The point is that the tech companies don't.

Agreeing to say, forced arbitration with a company, because you signed up for say, their streaming service, is obviously unconscionable. What would be even worse if those TOS said that you have to go into arbitration in matters unrelated to the streaming service.

Yet, this is what's happening. Disney used such an agreement (obtained through Disney+ TOS) when a man sued them on behalf of his dead wife, who died in their parks. It's common practice now to have these clauses in TOS, e.g. Discord has it too.

contubernio 5 hours ago||

US law fails to recognize real world practice. It's bad engineering at its finest.

thaumasiotes 4 hours ago|

The analysis isn't great. In particular, they say "this is a three-factor test, two of the factors are in favor, one is against, two is more than one, so Tile is fine". Normally you'd expect some kind of analysis of how much weight each factor contributes.

That said, they do also say this:

> we determine that Appellees received inquiry notice of the Oct. 2023 Terms. Evaluating whether inquiry notice has been established is, however, always a “fact-intensive analysis,” Godun v. JustAnswer LLC, 135 F.4th 699, 710 (9th Cir. 2025), and we do not hold that notice by mass email establishes inquiry notice in every case.

So the HN headline is misleading at best.

(They also note that, while they should consider how normal internet users behave, they can't do this because "there is very little empirical evidence regarding" the question. So they substitute a discussion of how reasonable they find Tile's actions in the abstract.)

dryadin 4 hours ago||

Naturally this does not apply in every case. But the comment is fair, I updated headline to be clearer.

ForgeCommandApp 3 hours ago||

The implications for B2B contracts are significant here. In construction, for example, subcontractor agreements often reference separate terms documents that get updated independently. If email notice plus continued use constitutes acceptance, it changes the calculus for how companies manage contract amendments across multi-party project teams. The practical challenge is that on a large project you might have 50+ subcontractors who all need to actively acknowledge revised terms, and this ruling suggests passive acknowledgment through continued use may suffice.

yread 4 hours ago||

By both sides?

jrflowers 4 hours ago||

Reminds me of the guy that rewrote the terms of his credit card application and succeeded

https://www.independent.co.uk/news/world/europe/read-the-sma...

dwedge 3 hours ago|||

On a much smaller scale I did the same thing with a consulting contract. They sent it me and said to full in my own job description and "check the contract". The laziness annoyed me, so I altered the payment terms from 30 days to 7. Every month they paid after around 15 days and I let it go, but one month they hadn't paid after 31 days and I sent them an invoice for late payment for every single invoice to that date (only 4 or 5). I didn't think they'd pay it but they did

2Gkashmiri 4 hours ago|||

Now this is a case that's something I can get behind and fight for.

ruined 4 hours ago|||

worth a shot

PunchyHamster 2 hours ago||

Of course not

lurk2 2 hours ago||

The original Minecraft EULA did not have any of the usual boilerplate language to support unilaterally modifying the terms. I had a Minecraft account purchased under this original EULA which was modified a year or two after I bought the game. Around 5 or 6 years ago, Mojang emailed me about changes to their login system that would require me to migrate my account to Microsoft’s system (no doubt under new T+C), but the migration process never worked and they never responded to my support requests.

When I tried to resolve it a couple of years ago I received boilerplate emails informing me that the migration period had ended.

So if you deal with companies that simply don’t honor their contracts—companies like Microsoft and Mojang—you don’t even need use to imply consent, because they can just lock you out of your purchases and tell you to pound sand.

throwaway81523 2 hours ago||

I have altered the deal. Pray I do not alter it again.

batrat 2 hours ago||

I had the somehow the same problem with a mobile operator here in EU. They said just by sending an email I agree with their new terms and subscriptions. It's a gray area, IMO. They could simply terminate the service but who wants that?

dataflow 4 hours ago||

Fundamentally, the court seems to be treating this identically to a scenario where the user was ignorant and failed to read their inbox. The court seems to be completely disregarding that it was misdelivered into spam. The word "spam" doesn't even appear more than twice in the ruling (one of which is in an irrelevant footnote)!

Why the heck is the court completely oblivious to that fact when weighing the facts on each side? You'd think a case hinging on a crucial email being sent into spam would at least mention that fact more than once? (!) The court certainly seems to take into account common practices in every other aspect of the case except that most crucial one... why?! No explanation whatsoever? Would this really survive on a hypothetical appeal?

> As Tile users, each Appellee provided an email address during account registration, and should have expected to receive relevant updates there while the account was active.

Well yes, they did, but:

> Because “there is very little empirical evidence regarding” Internet users’ expectations, the focus of this inquiry is “on the providers, which have complete control over the design of their [apps and] websites and can choose from myriad ways of presenting contractual terms to consumers online.”

...Tile should've expected that its email might go into spam, right? Shouldn't the court at least mention this, even if it doesn't lend it any weight?

> Evaluating whether inquiry notice has been established is, however, always a “fact-intensive analysis,” and we do not hold that notice by mass email establishes inquiry notice in every case.

At least they say their ruling doesn't generalize...

handoflixue 4 hours ago||

>> You'd think a case hinging on a crucial email being sent into spam would at least mention that fact more than once?!

> Broad did not locate the Oct. 2023 Notice until January 2024, when she affirmatively searched for the email and found it in her spam folder.

I think it's rather relevant that she affirmatively searched for and found the email?

nickff 4 hours ago|||

Unless the user’s e-mail was controlled by their counter-party, what folder the message ended up in seems to be irrelevant to me. The user is the one who selected the e-mail inbox service provider, and has some degree of control over message categorization.

noirscape 1 hour ago||

That does sound like there's an exploitable element there isn't it?

Statistically speaking, most people use one of the biggest email providers, which use their own models to detect spam (or even quietly drop messages). If you're doing an unpopular TOS change, why not set the mail up to still be RFC compliant but in such a way where the mail isn't going to be allowed through by any of the providers. Then you can just claim the problem is userside.

For example, the Message-ID header is technically not required (SHOULD rather than MUST), but as a spam detection measure, Gmail just drops the message entirely for workspace domains: https://news.ycombinator.com/item?id=46989217

hrimfaxi 10 minutes ago||

Okay and if you did that only for that message your intent would be really easy to prove.

thaumasiotes 3 hours ago||

> The court seems to be completely disregarding that it was misdelivered into spam.

Spam categorization isn't a delivery issue. The delivery is the same whether you, upon taking delivery, toss the message into a bin labeled "spam" or one labeled "inbox".

quietbritishjim 1 hour ago||

I guess it's an instance of a more general principle: sending an email doesn't guarantee it gets to the user's inbox, never mind that it gets read.

Even if you are OK with the idea that a user can be presented updated TOS with no option to disagree (I don't, but put that aside for a moment), it should still require a mechanism that actually guarantees (or at least verifies) that the user has seen that the terms are updated. Email is not that. (An unskippable notice on login to a web service would be.)

hrimfaxi 8 minutes ago||

If registered mail is sufficient and that only requires proof of delivery/receipt, why would the same thing for email be insufficient?

koolala 4 hours ago||

So much stuff is getting put in Terms of Services that have nothing to do with using the service. Games will tell you how your allowed to make fan art in them. If I am drawing a picture at my desk I'm not even in the game.

cbsmith 4 hours ago|

Might be fun to take some BSD or MIT licenses and send out e-mails updating them to GPLv3...

duskdozer 2 hours ago|

No problem - I'll just have my AI copy it to turn it back to MIT :)

More comments...