US Court of Appeals: TOS may be updated by email, use can imply consent [pdf]

Posted by dryadin 6 hours ago

US Court of Appeals: TOS may be updated by email, use can imply consent [pdf](cdn.ca9.uscourts.gov)

211 points | 125 commentspage 3

throwaw12 2 hours ago|

Why not remove TOS completely, if your provider is anyway forcing new terms?

Suppose I start with simple TOS at the beginning: do not use in criminal scenarios

Then I change it to: do whatever you do with it, you are responsible for it anyways

I can even do this per sign-up, show TOS which makes sense, then next day send new TOS to allow everything

throwaway81523 4 hours ago||

I have altered the deal. Pray I do not alter it again.

krickelkrackel 3 hours ago||

Even if it makes things overly complicated sometimes, I like the EU style that forces companies to make people actively confirm their consent, and puts the 'inform' part of 'informed consent' into the company's responsibility.

netcan 3 hours ago||

I remember various judges writing ope-eds about being presented a 40 page TOS for updates. Southpark also did an episode.

TOS simultaneously became extremly important, commanding CEO attention and became completely ritulized.

I'm surprised that the legal profession has tolerated this is escalation of dysfunction.

lurk2 3 hours ago||

The original Minecraft EULA did not have any of the usual boilerplate language to support unilaterally modifying the terms. I had a Minecraft account purchased under this original EULA which was modified a year or two after I bought the game. Around 5 or 6 years ago, Mojang emailed me about changes to their login system that would require me to migrate my account to Microsoft’s system (no doubt under new T+C), but the migration process never worked and they never responded to my support requests.

When I tried to resolve it a couple of years ago I received boilerplate emails informing me that the migration period had ended.

So if you deal with companies that simply don’t honor their contracts—companies like Microsoft and Mojang—you don’t even need use to imply consent, because they can just lock you out of your purchases and tell you to pound sand.

dataflow 6 hours ago||

Fundamentally, the court seems to be treating this identically to a scenario where the user was ignorant and failed to read their inbox. The court seems to be completely disregarding that it was misdelivered into spam. The word "spam" doesn't even appear more than twice in the ruling (one of which is in an irrelevant footnote)!

Why the heck is the court completely oblivious to that fact when weighing the facts on each side? You'd think a case hinging on a crucial email being sent into spam would at least mention that fact more than once? (!) The court certainly seems to take into account common practices in every other aspect of the case except that most crucial one... why?! No explanation whatsoever? Would this really survive on a hypothetical appeal?

> As Tile users, each Appellee provided an email address during account registration, and should have expected to receive relevant updates there while the account was active.

Well yes, they did, but:

> Because “there is very little empirical evidence regarding” Internet users’ expectations, the focus of this inquiry is “on the providers, which have complete control over the design of their [apps and] websites and can choose from myriad ways of presenting contractual terms to consumers online.”

...Tile should've expected that its email might go into spam, right? Shouldn't the court at least mention this, even if it doesn't lend it any weight?

> Evaluating whether inquiry notice has been established is, however, always a “fact-intensive analysis,” and we do not hold that notice by mass email establishes inquiry notice in every case.

At least they say their ruling doesn't generalize...

handoflixue 5 hours ago||

>> You'd think a case hinging on a crucial email being sent into spam would at least mention that fact more than once?!

> Broad did not locate the Oct. 2023 Notice until January 2024, when she affirmatively searched for the email and found it in her spam folder.

I think it's rather relevant that she affirmatively searched for and found the email?

nickff 5 hours ago|||

Unless the user’s e-mail was controlled by their counter-party, what folder the message ended up in seems to be irrelevant to me. The user is the one who selected the e-mail inbox service provider, and has some degree of control over message categorization.

noirscape 2 hours ago||

That does sound like there's an exploitable element there isn't it?

Statistically speaking, most people use one of the biggest email providers, which use their own models to detect spam (or even quietly drop messages). If you're doing an unpopular TOS change, why not set the mail up to still be RFC compliant but in such a way where the mail isn't going to be allowed through by any of the providers. Then you can just claim the problem is userside.

For example, the Message-ID header is technically not required (SHOULD rather than MUST), but as a spam detection measure, Gmail just drops the message entirely for workspace domains: https://news.ycombinator.com/item?id=46989217

hrimfaxi 1 hour ago||

Okay and if you did that only for that message your intent would be really easy to prove.

thaumasiotes 4 hours ago||

> The court seems to be completely disregarding that it was misdelivered into spam.

Spam categorization isn't a delivery issue. The delivery is the same whether you, upon taking delivery, toss the message into a bin labeled "spam" or one labeled "inbox".

quietbritishjim 2 hours ago||

I guess it's an instance of a more general principle: sending an email doesn't guarantee it gets to the user's inbox, never mind that it gets read.

Even if you are OK with the idea that a user can be presented updated TOS with no option to disagree (I don't, but put that aside for a moment), it should still require a mechanism that actually guarantees (or at least verifies) that the user has seen that the terms are updated. Email is not that. (An unskippable notice on login to a web service would be.)

hrimfaxi 1 hour ago||

If registered mail is sufficient and that only requires proof of delivery/receipt, why would the same thing for email be insufficient?

Noaidi 1 hour ago||

Gonna try this with my landlord....

koolala 5 hours ago||

So much stuff is getting put in Terms of Services that have nothing to do with using the service. Games will tell you how your allowed to make fan art in them. If I am drawing a picture at my desk I'm not even in the game.

codelion 5 hours ago||

the key issue is the interpretation of "consent" when continued use is the only option. aree users truly consenting, or are they simply left with no alternative?

batrat 4 hours ago|

I had the somehow the same problem with a mobile operator here in EU. They said just by sending an email I agree with their new terms and subscriptions. It's a gray area, IMO. They could simply terminate the service but who wants that?

More comments...