WingNews logo WingNews
top | item 15202073

(no title)

msimpson | 8 years ago

This seems to be a bunch of people on Twitter, lead by a security researcher, reading legal documents and coming to conclusions which are being second guessed over the course of the thread.

Some keep quoting this line from the terms of service:

> YOU MUST ACCEPT THE TERMS OF THIS AGREEMENT, INCLUDING THE ARBITRATION AGREEMENT CONTAINED IN SECTION 4 BELOW, BEFORE YOU WILL BE PERMITTED TO REGISTER FOR AND PURCHASE ANY PRODUCT FROM THIS SITE. BY REGISTERING ON THIS SITE AND SUBMITTING YOUR ORDER, YOU ARE ACKNOWLEDGING ELECTRONIC RECEIPT OF, AND YOUR AGREEMENT TO BE BOUND BY, THIS AGREEMENT. YOU ALSO AGREE TO BE BOUND BY THIS AGREEMENT BY USING OR PAYING FOR OUR PRODUCTS OR TAKING OTHER ACTIONS THAT INDICATE ACCEPTANCE OF THIS AGREEMENT.

Whereas others have pointed to the Opt-Out:

> Right to Opt-Out of this Arbitration Provision. IF YOU DO NOT WISH TO BE BOUND BY THE ARBITRATION PROVISION, YOU HAVE THE RIGHT TO EXCLUDE YOURSELF. Opting out of the arbitration provision will have no adverse effect on your relationship with Equifax or the delivery of Products to You by Equifax. In order to exclude Yourself from the arbitration provision, You must notify Equifax in writing within 30 days of the date that You first accept this Agreement on the Site (for Products purchased from Equifax on the Site). If You purchased Your Product other than on the Site, and thus this Agreement was mailed, emailed or otherwise delivered to You, then You must notify Equifax in writing within 30 days of the date that You receive this Agreement. To be effective, timely written notice of opt out must be delivered to Equifax Consumer Services LLC, Attn.: Arbitration Opt-Out, P.O. Box 105496, Atlanta, GA 30348, and must include Your name, address, and Equifax User ID, as well as a clear statement that You do not wish to resolve disputes with Equifax through arbitration. If You have previously notified Equifax that You wish to opt-out of arbitration, You are not required to do so again. Any opt-out request postmarked after the opt-out deadline or that fails to satisfy the other requirements above will not be valid, and You must pursue your Claim in arbitration or small claims court.

Therefore, I'd take everything with a grain of salt and/or read the full terms for yourself:

http://www.equifax.com/terms/

discuss

order

josefresco|8 years ago

If by "people on Twitter" you include the New York State Attorney General than yes.

tptacek|8 years ago

The NY AG, like several other lawyers, pointed out that the contract term isn't enforceable. At the very least, it appears to be a contract of adhesion.

The AG is also pissed about the language, but that doesn't mean he's confirmed it's enforceable.

msimpson|8 years ago

If by "New York State Attorney General" you mean Eric Schneiderman, or the guy jumping on every controversy to further his career, then yes.

KomradeKeeks|8 years ago

Thanks for posting that; depending on the site (if you go to equifaxsecurity2017 or trustedidpremer) you see different ToUs.

Equifax has the clause for opting out of arbitration, but Trusted ID Premier's Terms of Use doesn't have it. The enrollment site I've seen is owned by Trusted ID Premier, and it's arguably deceptive that Equifax structured the site as a bat-and-switch to see if their shitstorm exposed you.

Heck, they may have even planned a PR push around telling news outlets to refer readers to that site, omitting that using trustedidpremier.com means that you agree to a ToU that mentions only waiving the right to participate in class-action suits, but not how to opt-out.

dictum|8 years ago

>equifaxsecurity2017

It's so phishing-sounding that I want to believe it was chosen after a quick focus group with the "people who are most likely to become fraud victims" demographic.

jerf|8 years ago

It sounds like copy/pasted boilerplate that may happen to be overreaching, rather than a conspiracy. Upon what do I base this? Not a legal argument, but a pragmatic one that it simply won't work to discharge them of liability in this case, because they'll be lucky if 5% of the affected people use this form to see if they were affected. (For instance, even before I heard about this legal stuff, I didn't even bother, because I'm just going to assume "yes".) I want to say they'll be lucky if 1% do, but the news story is pretty big.

But there's no way that anything like 100% of the affected people will, which is what it would take to even theoretically get them out of the class action lawsuit(s).

Arguing about the legal details seems pointless, this isn't going to get them out of this scrape even if it was 100% iron-clad and court tested, and I seriously doubt anyone at Equifax ever thought for a second this clause would be used that way.

asksol|8 years ago

You don't think Equifax have lawyers? Of course they do, and they know that the clause exists. Just having the clause in the first place is a conspiracy to abuse consumers.

anigbrowl|8 years ago

It sounds like copy/pasted boilerplate that may happen to be overreaching, rather than a conspiracy.

Probably, but people and companies should stop doing that. Equifax has the resources to pay lawyers to do things fairly if they want, they're just choosing not to.

TallGuyShort|8 years ago

How does one prove they wrote and satisfied the requirements within 30 days? I actually currently have a situation where my HOA claims I have violated covenants, but there's an architectural review committee one can write to for exceptions, and the covenants state that if no response is received within 100 days the exception is automatically approved. However the committee members have a habit of cancelling public meetings, ignoring emails, and their other employers are very good at deflecting attempts to contact them on committee business. I'm at their mercy to prove that I qualify for an exception. Same problem. In hindsight, best I could have done is prove I sent some mail to the right address on a certain date. That's it.

derobert|8 years ago

That's basically what you do—you send the correspondence via certified mail, and keep the certified mail receipt. That doesn't prove what you mailed, but it gives verification that you sent something. (You purchased something from Equifax on the 1st, sent them a certified letter on the 10th. You claim it was the arbitration opt-out; they had better have some evidence it wasn't, or the judge/jury is probably going to believe you.)

Honestly for this (the Equifax thing), you just keep record of when you sent it—it's only an issue if you litigate, and then I'd expect your record of when you sent it + your testimony would be sufficient. But IANAL, and you should of course talk to one if it matters.

For your HOA, hopefully you have some record of when you sent the request (e.g., you kept a copy of the ARC application with a note that you mailed it on $DATE). (Of course, the HOA should be maintaining records of when applications are received.) Depending on what it is, this is something that may be worth paying for legal advice on.

imroot|8 years ago

CertifiedMailLabels.com is what I use -- They send it certified mail, keep a copy of the letter (so there is no disputing what the contents of the letter are) and give you effectively indisputable proof of delivery -- they give you a proof of mailing that they sent the letter that is in .pdf form, and then they provide a .pdf receipt that is your return mail copy.

I've had to use it in the past for creditors who don't have a clue.

drspacemonkey|8 years ago

I had a similar issue with my bank dealing with an identity theft problem I had a while back.

Ultimately, I had to resort to sending them letters via certified mail.

anigbrowl|8 years ago

You're right about the grain of salt, but offering an opt-out to shitty conditions that they know most people won't read about that most people who read about won't act on, and will those waive their legal rights, is an unconscionable condition.

Personally I think that lawyers ought not to draft agreements and contracts that are likely to be found unconscionable or wildly asymmetric as a matter of professional ethics. Adversarial legalism between private parties tends to yield crappy results for the public. I mean, if you've just created a problem for 140 million people, trying to trick them into waiving their rights of redress basically confirms that you're a Bad Person - a bad corporate person, a bad executive making the decision on behalf of shareholders, and a bad lawyer for agreeing to promulgate such trickery.

Navarr|8 years ago

That right to opt-out does not appear in the complementary protection enrollment, those terms are here:

https://trustedidpremier.com/static/terms

gnicholas|8 years ago

I think you're probably right about the intention. The trouble is that the enrollment website (equifaxsecurity2017.com) has a TOS link that goes to the regular Equifax TOS. These TOS claim to apply to several listed websites

> "AND ALL OTHER WEBSITES OWNED AND OPERATED BY EQUIFAX AND ITS AFFILIATES".

So this would mean that the general TOS would apply to the Trusted ID site also.

And while some parts of this TOS make it seem like it would only apply if you purchase and use a product (which is inapplicable to the Trusted ID program, which is free), other parts make it seem like it applies beyond purchases, to any use:

> YOU ALSO AGREE TO BE BOUND BY THIS AGREEMENT BY USING OR PAYING FOR OUR PRODUCTS OR TAKING OTHER ACTIONS THAT INDICATE ACCEPTANCE OF THIS AGREEMENT.

So it's a big mess, and probably unintentionally so, from the looks of the legal docs.

ohazi|8 years ago

> You must notify Equifax in writing within 30 days of the date that You first accept this Agreement

Approximately nobody is going to do this. Fuck that.

xutopia|8 years ago

I didn't agree to the terms though. They were just linked to the page I used.

miguelrochefort|8 years ago

I'm sure there's a lot of people who share the same last name and last 6 SSN digits.

For example, the last name SMITH matches almost any 6-digit numbers on Equifax's website.

tanderson92|8 years ago

Yes, read the full terms for yourself. But you linked to the equifax terms, not the TrustedID terms (which do not include the FCRA exemption).

hugenerd|8 years ago

This will NEVER fly with a court.

dfabulich|8 years ago

I have bad news for you. https://en.wikipedia.org/wiki/AT%26T_Mobility_LLC_v._Concepc...

"On April 27, 2011, the Court ruled, by a 5–4 margin, that the Federal Arbitration Act of 1925 preempts state laws that prohibit contracts from disallowing class-wide arbitration, such as the law previously upheld by the California Supreme Court in the case of Discover Bank v. Superior Court. As a result, businesses that include arbitration agreements with class action waivers can require consumers to bring claims only in individual arbitrations, rather than in court as part of a class action."

After this decision, tons of click-wrap ("contracts of adhesion") agreements added "oh BTW you can't join a class-action suit against us." They seem to be on very solid legal ground. :-(