Legal complexity is nothing new. The scope of its unhappy consequences, however, seems to be getting ever wider thanks to the internet. Now texts land right in the living rooms — or the pants pockets — of half the planet at a keystroke. And, as a colleague once complained, computers and the internet “grease the skids of prolixity” where lawyers are concerned: ten words can become a hundred or a thousand at no marginal cost.
The terms of service “agreements” governing almost all the software and services you use are famously long and impenetrable. Just to read privacy policies alone would take a month, according to some estimates. Now there’s a risk that Americans will encounter not merely fatigue and ennui because of these EULAs (end user licence agreements) but a criminal conviction as well. The Senate is about to consider amendments to the proposed Cybersecurity Act that could take it beyond its core purpose of criminalizing hacking and sweep in as well violations of “contracts” between users and online providers of software and services. The Center for Democracy and Technology has a good summary of the situation.
The heart of the matter is the language of the amendment championed by Senator Leahy that makes it an offence to use a computer “in excess” of “authorization.” This is sufficiently vague to lead some to worry that it would criminalize breaches of contract — which happen quite regularly and in most cases innocently — such as accessing someone else’s Facebook account with their permission, for example.
I think that the risk this vague language will survive scrutiny of the US Senate is small. But the concern brings to the fore a larger worry, for me at least, which has to do with giving any legal impact to EULAs. On the one hand, companies will be unlikely to provide services in the manner they do now if the terms of their “agreements” are unenforceable; and on the other hand, it’s simply a fiction that end users do, or can, give informed consent to what these “agreements” require. These are not contracts in any but the most tortured sense, and it seems to me to do harm to law generally to continue to regard them as such. It may be necessary to create a new category of legal obligation that deals genuinely with the needs and situations of the parties and that recognizes that EULAs are forms of private legislation. There has been this need for some time in relation to a host of other contracts of adhesion – insurance contracts, for example — but the prevalence of EULAs and their proximity to critical national interests make them important in a way that we haven’t seen up till now.