by Kevin J. Conroy
Earlier this year, in Kauders v. Uber Technologies, Inc., 486 Mass. 557 (2021), the Supreme Judicial Court provided further clarity on an issue likely to impact every resident of the Commonwealth and the businesses they interact with online – namely, the enforceability of agreements created through website and mobile apps, including the terms and conditions that purport to govern the use of those businesses’ online platforms.
The Test for Enforceability
In Kauders, the SJC evaluated the interface by which Uber had attempted to secure its users’ assent to its terms and conditions, including a mandatory arbitration clause. Recognizing that “[t]he touchscreens of Internet contract law must reflect the touchstones of regular contract law,” the SJC held that to create an enforceable online contract under Massachusetts law, there must be both reasonable notice of the terms and a reasonable manifestation of assent to those terms.” Id. at 572. Kauders’ two-part test is consistent with the approach taken by appellate courts from around the country as well as in a 2013 decision from the Massachusetts Appeals Court. Id. (citing Ajemian v. Yahoo!, Inc., 83 Mass. App. Ct. 565, 574-75 (2013) and Conroy & Shope, Look Before You Click: The Enforceability of Website and Smartphone App Terms and Conditions, 63 Boston Bar J. 23, 23 (Spring 2019)). See also Emmanuel v. Handy Technologies, Inc., No. 20-1378 (1st Cir. Mar. 22, 2021) (applying Kauders to find that plaintiff had formed an arbitration agreement with the defendant).
Reasonable Notice of Terms
With respect to reasonable notice, the SJC clarified that actual notice will generally be found if the user has been presented and viewed the terms, or if the user is required to interact with the terms somehow before proceeding to use the app or website. Thus, interfaces that require the user to scroll through the entire text of the terms before being allowed to progress should satisfy the reasonable notice prong of the test under Kauders. Absent actual notice, the SJC indicated that clarity and simplicity of the presentation of the terms should be the focus. If the terms are not presented directly on the screen, the full text should at least be available (if not required to be accessed) by following a clear link with minimal intermediate steps.
The SJC explained that, ultimately, reasonable notice involves a determination of whether “the offeror [has] reasonably notif[ied] the user that there are terms to which the user will be bound and [has] given the user the opportunity to review those terms.” Id. at 573. The Court noted that Uber’s notice, in contrast, was not reasonable as the terms could be reached only by following two successive links which the user was not required to access to complete the registration process. The SJC also identified several other features of Uber’s interface that detracted from the clarity of the notice of the terms. For example, the nature of the transaction – registering for an account to enable future ride services – might not suggest to a reasonable user that the user is entering into a contractual relationship governed by the extensive indemnification and waiver provisions included in Uber’s terms. The SJC also observed that the language informing the user of the contractual consequences of proceeding with the registration was displayed less prominently than other elements. That language appeared at the bottom of the screen, whereas the elements the user was required to interact with to proceed (e.g., entering payment information) drew the user’s attention away to the top of the screen.
Reasonable Manifestation of Assent
With respect to reasonable manifestation of assent, the SJC declared a clear preference for “clickwrap” interfaces in which the user is required to indicate express and affirmative assent to the terms by checking a box or clicking a button that reads “I agree” or its equivalent. The Court likened the affirmative act of clicking such a box or button of assent to “the solemnity of physically signing a written contract” and suggested that this would help alert the user to the contractual significance of their action. Where the interface does not require the user to expressly agree – as in the Uber interface at issue in Kauders – assent may still be inferred from the actions the user takes. However, the SJC cautioned that in such cases the courts would need to engage in careful consideration of the totality of the circumstances, and “it will be difficult for the offeror to carry its burden to show that the user assented to the terms.” Id. at 575.
The Court admonished that Uber’s interface obscured the connection between the user’s action and assent to Uber’s terms because the app only required the user to click a button labelled “DONE” (rather than “I agree” or “Create Account”) on the screen that provided notice of Uber’s terms. Id. at 577. To underscore that “uncertainty and confusion in this regard could have simply been avoided by requiring the terms and conditions to be reviewed and a user to agree,” the SJC compared Uber’s rider registration interface (at issue in the case) with its separate, driver registration interface. The latter required prospective drivers to confirm at least twice that they had reviewed and accepted the terms of the agreement by clicking a button expressly stating “YES, I AGREE.” In contrast, the SJC observed that the Uber rider interface at issue “enables, if not encourages, users to ignore the terms and condition.” Id. at 577.
The Substance of the Terms
The SJC also expressed skepticism about various aspects of Uber’s terms, including a provision that purported to permit the company to make unilateral changes to the terms without notice (placing “the burden on the user to frequently check to see if any changes have been made”). The Court likewise expressed doubt about a provision that “totally extinguishe[d] any possible remedy” against the company. While the Court did not reach the question of the enforceability of such terms given its determination that no contract had been made, it included the severe consequence of the terms in its analysis of whether reasonable notice was provided.
Kauders confirms that Massachusetts courts will closely scrutinize the manner in which websites and apps communicate, and attempt to secure users’ agreement to, the terms and conditions that purport to govern their use, particularly if there is any indication that the existence or import of the terms are minimized or obscured. Anything less than an interface that is designed simply and clearly to require (1) that the terms be viewed actively by the user (through direct display on the screen or a direct hyperlink to the full terms) and (2) that there be express and unambiguous assent (through check-the-box style interfaces or “I Agree” buttons) is likely to invite avoidable court challenges.
Kevin J. Conroy is a litigation attorney at Nystrom, Beckman & Paris in Boston. Kevin’s practice focuses on complex disputes including contract claims, insurance coverage claims, and other business disputes.
The emergence of blockchain technology led in recent years to a surge in sales and trading of digital currencies – including well-known currencies like Bitcoin as well as hundreds of offerings of so-called digital “tokens” issued for use on individual websites. In 2017 and 2018 alone, more than $20 billion was raised through “initial coin offerings,” in which technology companies, typically startups, sold tokens for use on their web- based platforms. Federal and state regulators have scrambled to understand the technologies behind this new class of assets, including whether and by whom they should be regulated. The federal Securities and Exchange Commission (“SEC”) has been at the forefront in these efforts. In April 2019, after two years of proceeding in fits and starts, it recently issued guidance that finally seeks to set firm ground rules for issuers. This article reviews the SEC’s and other regulatory and enforcement responses to date, and the landscape going forward.
Digital Currency Basics
What is Blockchain Technology?
Digital currency is built on blockchain technology, often described as a “distributed ledger” digital technology. A blockchain is a form of online database that operates upon a peer-to-peer network of computers. Those networks may be decentralized, meaning that transactions upon the ledger are independently verified by individual computers (called nodes) accessing the network rather than being routed through a proprietary central data system. In a blockchain transaction, a user requests a transaction; that request is broadcast to the network of nodes; and those nodes verify the transaction and the user’s status through a known algorithm. Once verified, the transaction is combined with others and memorialized in entries called “blocks” of data for the ledger. Finally, the new block is cryptographically (i.e., securely) linked to the previous block after validation by the network, and added to the existing blockchain. The resulting blockchain is immutable, and the new block of data then is available to the next user on the chain. Major financial and technology firms have embraced and invested heavily in blockchain: it is widely expected to cut costs and processing times sharply in fields such as financial services and supply chains.
What is Digital Currency?
The best-known application of blockchain is Bitcoin, the digital currency created over a decade ago whose market value rose as high as $20,000 per digital coin at its peak in 2017 before falling sharply since. Bitcoin and its competitors (such as Ether and Litecoin) are sometimes referred to as “cryptocurrencies” – digital assets that can be used as exchange media in online commercial transactions with parties. The novelty of cryptocurrency is that it requires no third-party bank or other agency to clear transactions: the transfer occurs directly between two parties and is permanently memorialized on the blockchain. Cryptocurrencies are now exchange-traded and widely distributed, with growing acceptance among mainstream businesses.
Digital currency also includes so-called digital “tokens,” a term used because conceptually, they are said to operate like arcade tokens – they function like money on the host’s website. A digital token typically works on the framework of an existing blockchain (say, on the Ethereum blockchain) rather than a blockchain unique to the issuing company, and is generally capable of use only upon the issuing company’s application. Hundreds of companies have issued tokens as a feature of their applications – typically to attract users to the site and seek to build loyalty in a wide range of uses.
What is an Initial Coin Offering?
Issuers have offered tokens for sale in a process referred to as an “initial coin offering” or “ICO.” In advance of token sales, offerors have issued an offering document, usually referred to as a “white paper,” that generally described the company, its plans for the token sales and their intended use, and, to varying extents, how the issuer plans to use the proceeds from the token sales. Until recently, the offerors usually didn’t conceive of the tokens as securities, in part because the tokens had a designated utility on the offeror’s web-based platform, and in part because they were referred to as “tokens” or “coins.” The offering materials typically had nowhere near the required content of a registration statement that would need to have been filed with the SEC in an offering of securities.
Despite the often scant offering information, ICOs in the last several years attracted a community of purchasers who collected and traded the tokens. Issuers sold tokens in limited supply; and third parties launched unregulated, online trading exchanges through which tokens could be traded and their value bid higher than the issuing price. The result was a considerable amount of speculation on their value.
The market for digital tokens exploded in 2017 and early 2018. While available data is inexact, hundreds of ICOs are thought to have raised roughly $20 billion in those two years alone. Total funds raised through ICOs increased from 2017 to 2018, while at the same time the average offering size was halved, from an average of $24 million in 2017 to $12 million in 2018. ICOs were launched around the globe. Initially, China had the largest presence in this market (until it essentially outlawed them in late 2017). The United States accounted for most of the market in 2017, and the United Kingdom, Singapore, and Eastern European countries also became popular forums. Amounts raised have dropped sharply since early 2018, with an estimated $100 million having been raised in the first several months of 2019.
The SEC Takes on Digital Currency
The success of many ICOs and the subsequent climb in many tokens’ trading value commanded the attention of state and federal regulators in 2016 and 2017. The SEC saw a need to balance “support [of] innovation and the application of beneficial technologies” with concerns that issuers were essentially raising capital in defiance of securities laws.
The DAO Report and Munchee Order
In mid-2017 – after billions had already been raised through ICOs – the SEC began a series of incremental steps to delineate its regulatory and enforcement reach. In the so-called DAO Report issued in July 2017 (involving a virtual organization known as “the DAO”), the SEC announced that digital currencies were securities if they met the test for an “investment contract,” an enumerated type of security under the federal securities laws. The SEC applied the Supreme Court’s 1946 decision in SEC v. W.J. Howey Co. that defined an investment contract – essentially, any contract that involves an investment of money in a common enterprise with a reasonable expectation of profits from the efforts of others. The DAO Report found the digital token at issue to be a security, but under a relatively unique set of facts; the DAO currency carried with it voting and profit-sharing rights, which most digital currencies lack and which strongly resemble rights associated with common stock.
The next SEC action of note was its December 2017 Cease and Desist Order to a token issuer called Munchee that provided more generally-applicable guidance. The Munchee Order indicated that a token would likely be deemed a security if a company: primed purchasers to expect profits (e.g., by describing how a token would or could increase in value); broadly marketed tokens rather than targeting sales to users of the platform; and/or used proceeds from the token sale to further develop the platform. All of these activities suggested that the Munchee token met the key Howey factors: purchasers reasonably expected to profit from the efforts of others by holding the tokens and were investing in a common enterprise, i.e., development of the platform. The company agreed to shut down its offering.
SEC Enforcement Remedies for Failure to Register
In late 2017 and most of 2018, the SEC stepped up its public statements referring to digital currencies as securities. Top SEC officials noted that they were proceeding carefully but also that, as SEC Chairman Clayton stated in late 2017, he had “yet to see an ICO that doesn’t have a sufficient number of hallmarks of a security.” The SEC had issued dozens of investigatory subpoenas to issuers in 2017, but it had commenced few actions against digital currency offerors.
In late 2018, the SEC brought and settled two enforcement actions spelling out, for the first time, the remedies that it would demand where it determined that an ICO amounted to an unregistered securities offering. In each case it: imposed penalties of $250,000; required implementation of a public claims process whereby investors who purchased the tokens in the initial offering would notified of their rights to sue and a mechanism by which they could recover the consideration paid for the tokens plus any amounts to which they are entitled under Section 12(a) of the Securities Act; required registration of the tokens as securities; and required ongoing compliance with its public reporting requirements.
The SEC’s settlement in February 2019 settlement with Gladius Network was also significant, since it signaled the somewhat softer line it would take in a scenario where the issuer self-reported and cooperated. As with the prior settlements, the company agreed to register its tokens and establish a notice and claims process, but avoided any monetary penalty due to its self-report, cooperation, and remedial steps.
The April 2019 Investment Contract Framework and First No-Action Letter
Finally, and most recently, the SEC announced on April 3, 2019 two significant actions. First, it issued a “Framework for ‘Investment Contract’ Analysis of Digital Assets” (“Framework”) that, though not a rule or regulation, provides a roadmap for how the SEC intends to apply Howey. It states essentially that two factors drive its analysis: whether the purchaser would be relying on managerial efforts of others, and whether he or she anticipated profits from those efforts. Key factual considerations are: the state of development of the issuer’s network; whether company management continued to oversee it; and whether the issuer had taken any steps to enhance the token’s market price including its tradability on secondary markets. A token has a better chance of avoiding classification as a security if (1) the token is not designed for use as an investment, (2) the network on which it is utilized is complete prior to the sale, and (3) there is little, if any, opportunity for price appreciation.
On the same date, the SEC’s Corporation Finance Division issued is first “no-action letter” to a token issuer, allowing it to proceed with an unregistered token issuance on the issuer’s proposed terms, which aligned with the Framework factors. The requestor, TurnKey Jet, Inc. proposed to issue a token usable to purchase private jet services through its network. The SEC stated it would take no action against the company if the unregistered sale adhered to the proposed terms. Among the terms prescribed in the letter were that the tokens were usable immediately upon sale, TurnKey Jet would not use sale proceeds to develop its network, the tokens’ value was fixed at a dollar, they would be repurchased only at a discount and could not be used or transferred elsewhere, and that marketing would focus solely on the tokens’ functionality.
The Framework and no-action letter together provide a guide to whether and how an offeror may avoid having its token classified as a security and being subject to SEC registration and regulation. Alternatively, token issuers whose tokens will be deemed securities might be able to structure more restricted offerings so as to comply with any of several different exemptions: Regulation D, applicable to private offerings to qualified investors; Regulation S, a safe harbor applicable to offerings occurring solely overseas; or Regulation A+, providing a streamlined process for SEC registration, disclosure, and review of certain offerings capped at $50 million, with other restrictions. Finally, more established digital-token offerors may just bite the bullet and pursue a traditional securities offering. For example, in April 2019, blockchain software provider Blockstack filed with the SEC a securities registration statement for a $50 million token sale pursuant to Regulation A+.
Other Federal and State Law Enforcement
While the SEC has been the most visible actor, a range of government agencies have sought to regulate or launch enforcement matters in connection with ICO activity. They include:
U.S. Department of Justice: The Department of Justice has actively investigated and prosecuted a number of high-profile cases against individuals for fraud and money laundering based on deliberate and materially misleading statements in connection with ICOs and other token sales. Recent cases include United States v. Zaslavskiy, No. 17-CR-647 (E.D.N.Y.) (filed October 2017), the first federal criminal action against an ICO issuer; United States v. Rice, No. 3:18-CR-587-K (N.D. Tex.) (filed November 2018); and United States v. Crater, No. 19-CR-10063 (D. Mass.) (filed February 2019).
U.S. Commodity Futures Trading Commission: The Commodity Futures Trading Commission (“CFTC”) views certain digital currencies as commodities and has pursued enforcement actions and published extensive guidance in the area. It deems virtual currencies to be commodities under the Commodity Exchange Act, which prohibits fraud in the sale or trading of commodities and derivative instruments based upon commodities. Recently, two federal courts upheld the CFTC’s position that digital currencies are commodities.
Financial Crimes Enforcement Network: FinCen, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network, has issued guidance concerning digital currency since 2013. In 2018, it announced that it too intends to apply its regulatory requirements to digital currencies, and on May 9, 2019, it issued extensive guidance describing how crypto businesses may be considered “money transmitters” and thus subject to the restrictions of the Bank Secrecy Act and other laws.
State regulators and Cross Border Actions: Securities and financial services regulators in Texas, Massachusetts, and New York all have brought recent enforcement matters. Cross-border, the North American Securities Administrators Association, an organization of state, provincial, and territorial securities regulators, announced a coordinated series of state and provincial enforcement actions in the United States and Canada.
The SEC has proceeded cautiously in its early years of addressing digital currency offerings. Ultimately, though, its enforcement matters in 2017 and 2018, capped by its April 2019 guidance, have sought to thwart the use of ICOs to raise operating capital without complying with securities laws. Going forward, those involved in digital currency offerings will need to navigate carefully the federal securities laws, other federal and state laws, and the efforts of myriad enforcement authorities who will be closely watching the digital currency arena for currency, antifraud, and other regulatory compliance.
Jack Falvey is a partner at Goodwin in Boston, where he represents companies and individuals in securities-related and other white collar matters as well as a range of complex civil litigation. He has represented digital currency issuers in matters before the SEC and other enforcement agencies. He was a federal prosecutor in Boston from 1994 to 2000.
Brendan Radke is a senior associate at Goodwin in San Francisco. His practice includes a variety of work within the cryptocurrency and blockchain sectors, as well as commercial, intellectual property, securities, and white collar litigation.
 Daniele Pozzi, ICO Market 2018 vs 2017: Trends, Capitalization, Localization, Industries, Success Rate, Cointelegraph (Jan. 5, 2019), https://cointelegraph.com/news/ico-market-2018-vs-2017-trends-capitalization-localization-industries-success-rate.
 #Crypto Utopia, Autonomous NEXT, https://next.autonomous.com/crypto-utopia (last visited May 16, 2019); Paul Vigna, Bitcoin Is in the Dumps, Spreading Gloom Over Crypto World, WSJ (Mar. 19, 2019), https://www.wsj.com/articles/bitcoin-is-in-the-dumps-spreading-gloom-over-crypto-world-11552927208?mod=searchresults&page=1&pos=5.
 Public Statement on Digital Asset Securities Issuance and Trading (Nov. 16, 2018), https://www.sec.gov/news/public-statement/digital-asset-securities-issuance-and-trading
 William Hinman, Director, Division of Corporation Finance, Remarks at the Yahoo Finance All Markets Summit: Crypto (June 14, 2018), https://www.sec.gov/news/speech/speech-hinman-061418.
 Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, Exchange Act Release No. 81207 (July 25, 2017), https://www.sec.gov/litigation/investreport/34-81207.pdf. (“The DAO Report”).
 Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, Exchange Act Release No. 81207 (July 25, 2017), SEC v. W.J. Howey Co., 328 U.S. 293, 299 (1946) (the definition embodies a “flexible rather than a static principle, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits”);Tcherepnin v. Knight, 389 U.S. 332, 336 (1967) (“form should be disregarded for substance”); United Hous. Found., Inc. v. Forman, 421 U.S. 837, 849 (1975) (the emphasis should be “on economic realities underlying a transaction, and not on the name appended thereto.”); see 15 USC § 77(b)(a)(1) , Section 2(a)(1) of the Securities Act of 1933 and 15 U.S.C. § 78c(a)(10), Section 3(a)(10) of the Securities Exchange Act of 1934.
 The DAO Report, at 1, 3.
 Public Statement, SEC Statement Urging Caution Around Celebrity Backed ICOs (Nov. 1, 2017), https://www.sec.gov/news/public-statement/statement-potentially-unlawful-promotion-icos; In the Matter of Munchee Inc., Securities Act Release No. 10445 (Dec. 11, 2017), https://www.sec.gov/litigation/admin/2017/33-10445.pdf.
 Gladius Network, LLC, Securities Act Release No. 10608 (Feb. 20, 2019), https://www.sec.gov/litigation/admin/2019/33-10608.pdf.
 Statement on Framework for “Investment Contract Analysis of Digital Assets” (Apr. 3, 2019), https://www.sec.gov/corpfin/framework-investment-contract-analysis-digital-assets.
 TurnKey Jet, Inc., SEC No-Action Letter (Apr. 3, 2019), https://www.sec.gov/divisions/corpfin/cf-noaction/2019/turnkey-jet-040219-2a1.htm.
 See 17 C.F.R §§ 230.500 et seq.; 17 C.F.R. §§ 230.901 et seq.; 17 C.F.R. §§ 230.251 et seq.
 The SEC largely concedes that the cryptocurrencies Bitcoin and Ether aren’t securities, in light of their decentralized and operational networks, but this will remain a fact-specific inquiry. The Director of its Division of Corporate Finance observed in June 2018: “[W]hen I look at Bitcoin today, I do not see a central third party whose efforts are a key determining factor in the enterprise… Applying the disclosure regime of the federal securities laws to the offer and resale of Bitcoin would seem to add little value… Over time, there may be other sufficiently decentralized networks and systems where regulating the tokens or coins that function on them as securities may not be required.” W. Hinman, Remarks at the Yahoo Finance All Markets Summit, https://www.sec.gov/news/speech/speech-hinman-061418; see also https://www.cftc.gov/Bitcoin/index.htm.
 See 7 U.S.C. § 1a(9) (commodities include “all other goods and articles … and all services, rights and interests … in which contracts for future delivery are presently or in the future dealt in”); In the Matter of Coinflip, Inc., d/b/a Derivabit, CFTC No. 15-29 (Sept. 17, 2015), https://www.cftc.gov/sites/default/files/idc/groups/public/@lrenforcementactions/documents/legalpleading/enfcoinfliprorder09172015.pdf; CFTC v. McDonnell, 287 F. Supp. 3d 213 (E.D.N.Y. 2018); CFTC v. My Big Coin Pay, Inc., 334 F. Supp. 3d 492 (D. Mass. 2018);
 McDonnell, 287 F. Supp. 3d at 228 and My Big Coin Pay, Inc., 334 F. Supp. 3d at 498.
 U.S. Dep’t of Treas., Letter to The Honorable Ron Wyden (Feb. 13, 2018), https://coincenter.org/files/2018-03/fincen-ico-letter-march-2018-coin-center.pdf; Kenneth A. Blanco, Director, FinCEN, Prepared Remarks at the 2018 Chicago-Kent Block (Legal) Tech Conference (Aug. 9, 2018), https://www.fincen.gov/news/speeches/prepared-remarks-fincen-director-kenneth-blanco-delivered-2018-chicago-kent-block; Kenneth A. Blanco, Director, FinCEN, Prepared Remarks at the 11th Annual Las Vegas Anti-Money Laundering Conference and Expo (Aug. 14, 2018), https://www.fincen.gov/news/speeches/prepared-remarks-fincen-director-kenneth-blanco-delivered-11th-annual-las-vegas-1; FIN-2019-G001, “Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies,” (May 9, 2019), https://www.fincen.gov/sites/default/files/2019-05/FinCEN%20CVC%20Guidance%20FINAL.pdf.
 In the Matter of Mintage Mining, LLC, Tex. State Sec. Board, Order No. ENF-19-CDO-1774 (Feb. 21, 2019), https://www.ssb.texas.gov/sites/default/files/Mintage_ENF_19_CDO-1774.pdf; 2018 Enforcement Report, Tex. State Sec. Board (Feb. 7, 2019), https://www.ssb.texas.gov/sites/default/files/YEAR_IN_ENF_2018_post.pdf; Press release, NASAA, State and Provincial Securities Regulators Conduct Coordinated International Crypto Crackdown (May 21, 2018), http://www.nasaa.org/45121/state-and-provincial-securities-regulators-conduct-coordinated-international-crypto-crackdown-2/; Letter, N.Y. Dep’t of Fin. Servs., In re Bittrex, Inc. (Apr. 10, 2019), https://www.dfs.ny.gov/system/files/documents/2019/04/dfs-bittrex-letter-41019.pdf.
Modern technology allows individuals to conduct an ever-increasing number of activities through websites and internet-connected smartphone apps. The proprietors of those platforms frequently make their use subject to terms and conditions, some of which—such as arbitration clauses, forum selection clauses, waivers, licenses, and indemnification provisions—carry potentially significant legal consequences. Most users will not have read the terms and, in some instances, may not have even seen the terms or any reference to them. Do these terms amount to an enforceable contract? In at least some circumstances, the answer may be “no.” Answering the question in particular cases involves fact-intensive analysis and potential evidentiary challenges. Businesses offering such platforms, and their counsel, should be aware of these complexities and take precautions to maximize the likelihood that courts will enforce their terms.
The First Circuit and the Massachusetts Appeals Court have addressed this issue in cases involving the terms and conditions of a ride-sharing app and an email account. See Cullinane v. Uber Techs., Inc., 893 F.3d. 53 (1st Cir. 2018); Ajemian v. Yahoo!, Inc., 83 Mass. App. Ct. 565 (2013). In each case, the court concluded that users were not bound by the terms and conditions. Cullinane, 893 F.3d at 64; Ajemian, 83 Mass. App. Ct. at 575-76. Both courts employed a two-part test to assess whether the terms at issue amounted to an enforceable contract, asking: (1) whether the terms were “reasonably communicated” to the user, and (2) whether the terms were accepted by the user. Ajemian, 83 Mass. App. Ct. at 574-75; Cullinane, 893 F.3d at 62 (citing Ajemian). This two-part test is consistent with the approach taken by other courts around the country. E.g., Meyer v. Uber Techs., Inc., 868 F.3d 66, 76 (2d Cir. 2017) (applying California law and articulating the test on a motion to compel arbitration as whether “the notice of the arbitration provision [contained in the terms] was reasonably conspicuous and manifestation of assent unambiguous as a matter of law.”).
A Spectrum of User Interfaces
Analysis of whether the requirements of “reasonable communication” and “acceptance” are satisfied begins with the interface presented to the user. While the possible variations are endless, interface designs tend to fall within three general categories, often referred to as “clickwrap,” “browsewrap,” and “sign-in-wrap” (sometimes called “hybridwrap”). In “clickwrap” interfaces, the user is required to take a distinct, affirmative action to indicate assent to the terms, such as checking a box or clicking a button stating “I agree.” Courts considering this category of interface generally have little trouble finding the necessary notice and assent. E.g., Wickberg v. Lyft, Inc., 356 F. Supp. 3d 179, 184 (D. Mass. 2018).
On the other end of the spectrum is “browsewrap,” where a user receives notice of the terms only by means of a link at the bottom of the webpage (often undifferentiated from other links) or buried in the menus or settings of an app. A typical browsewrap interface does not offer any notice outside of the terms themselves that the user is purportedly agreeing to be bound. Nor does it offer the user any reason to follow the link and read the terms. Courts generally find that browsewrap interfaces do not create enforceable agreements. See Ajemian, 83 Mass. App. Ct. at 576 (“[W]e have found no case where [a forum selection clause] has been enforced in a browsewrap agreement”).
The question becomes more complicated and fact-intensive in the case of “sign-in-wrap” interfaces, where the user is informed that signing in, creating an account, or taking some other specified action (but not an action distinct from the user’s intended use of the website or app) will signify assent to the terms, which are often available by following a link within or adjacent to the text of the notice. In such cases, the enforceability of the terms depends on how clearly the interface design notifies the user that he or she will be bound by taking the specified action. Compare Cullinane, 893 F.3d at 64 (finding that the design of Uber’s account creation interface did not provide adequate notice to user) with Meyer, 868 F.3d at 79 (assessing a different version of Uber’s account creation interface and finding that the design did provide adequate notice).
The Importance of Good Design
Several common design features of “sign-in-wrap” interfaces have received judicial attention in determining issues of enforceability. While courts do not demand perfection, incorporating multiple design features that promote notice of the terms and make clear the user’s manifestation of assent will increase the likelihood that the terms will be enforced.
Clearly important are the size and color of the language informing the user that proceeding will signify agreement to the terms and the link to the terms. Making these elements as large as other elements on the screen (preferably larger) and in a color that contrasts with the background so as to promote their readability will bolster the argument that the terms were reasonably communicated to the user. A perception that the notice or link is hidden in tiny or otherwise difficult-to-read font may cause a court to find that the user did not have adequate notice. Compare Meyer, 868 F.3d at 78-79 (enforcing terms where text notifying user that creating account would signify assent to the terms, although small, was clearly visible, in contrasting color on an uncluttered screen) with Cullinane, 893 F.3d at 62-64 (holding terms unenforceable in part because the notification appeared in a dark gray, small, non-bold font on a black background and because the screen contained many other elements in equal or larger font size).
The design of the interface should also make obvious to the user that the full content of the terms are available to read by following a link. See Cullinane, 893 F.3d at 63 (questioning “whether a reasonable user would have been aware that the gray rectangular box was actually a hyperlink”). Although blue underlined text may be the quintessential indicator of a hyperlink, other appearances may also be adequate, so long as they are sufficiently differentiated from the surrounding text. E.g., Wickberg v. Lyft, Inc., 356 F. Supp. 3d 179, 181 (D. Mass. 2018) (pink, non-underlined link); Selden v. Airbnb, Inc., No. 16-cv-00933 (D.D.C. Nov. 1, 2016) (red, non-underlined links).
The placement of the notice and link are also important. If the notice and link appear above the button a user clicks to proceed, a user reading from top to bottom would encounter these elements, and have an opportunity to investigate the linked terms, before encountering the button to proceed. Courts have also enforced terms where the notice and link are placed below, but in reasonable proximity to, the relevant button. Compare Meyer, 868 F.3d at 78 (finding that placement of the notification text and link directly below the relevant button, immediately visible without any scrolling, contributed to enforceability of terms) with Specht v. Netscape Communs. Corp., 306 F.3d 17, 23 (2d Cir. 2002) (not enforcing terms where reference to the terms would have been visible “only if [the user] had scrolled down to the next screen”); see also McKee v. Audible, Inc., No. CV 17-1941-GW(Ex), 2017 U.S. Dist. LEXIS 174278, at *27-28 (C.D. Cal. July 17, 2017) (placement of notice and link to terms at the bottom of the screen “approximately 30-40% of the screen’s length below” the button to proceed, separated by a horizontal line, contributed to inadequate notice).
Placing the notice and link below the relevant button creates another potential obstacle to enforcement of the terms: if the screen prompts the user to enter information such as a username, password, or email address, users on a smartphone or tablet may see a software keyboard appear on the screen when they begin to enter the requested information. Because this software keyboard generally appears at the bottom of the screen, it may obscure the notice and link. At least one court has found that this contributed to lack of the necessary notice, see McKee, 2017 U.S. Dist. LEXIS 174278, at *27-28, although it is reasonable to argue that what matters is what the user sees before he or she engages the keyboard.
Courts also give attention to the particular words used to inform the user that proceeding will signify assent to the terms. If the user is not required to take any action to assent to the terms other than the actions inherent in the ordinary use of the website or app (such as signing in or creating an account), the consequences of that action should be clear to the user. One way to accomplish this is to match the language of the notice to the action the user takes. For example, if the user is required to click a button labelled “Create Account,” the notice should inform the user that “by clicking ‘Create Account’ you indicate acceptance of our terms and conditions.” Where the words used for the notice do not parallel the description of the action, a court may question whether it is sufficiently clear to a user that he or she is assenting to the terms by taking that action. See, e.g., TopstepTrader, LLC v. OneUp Trader, LLC, No. 17 C 4412, (N.D. Ill. Apr. 18, 2018) (declining to enforce terms where user clicked a button labelled “Sign Up,” accompanied by a statement reading “I agree to the terms and conditions,” because the website “gave the user no explicit warning that by clicking the ‘Sign Up’ button, the user agreed to the [t]erms”); see also McKee, 2017 U.S. Dist. LEXIS 174278, at *22-23 (identifying lack of parallel wording as a factor weighing against enforcement of the terms); but see Meyer, 868 F.3d at 80 (“Although the warning text used the term ‘creat[e]’ instead of ‘register,’ as the button was marked, the physical proximity of the notice to the register button and the placement of the language in the registration flow make clear to the user that the linked terms pertain to the action the user is about to take.”).
Finally, the timing and context in which the terms are presented can also contribute to the enforceability of the terms. Several courts have observed that, where the terms are presented in conjunction with a purchase or the creation of an account involving a transactional relationship, an average user is more likely to understand that the transaction or relationship will be subject to the terms. See Meyer, 868 F.3d at 80 (“The transactional context of the parties’ dealings reinforces our conclusion.”); Selden v. Airbnb, Inc., No. 16-cv-00933 (D.D.C. Nov. 1, 2016) (“The act of contracting for consumer services online is now commonplace in the American economy. Any reasonably-active adult consumer will almost certainly appreciate that by signing up for a particular service, he or she is accepting the terms and conditions of the provider.”).
Litigating the question of whether a user is bound by the terms of a website or app can present challenges beyond analyzing the interface type and design choices. Because the party seeking to enforce the terms bears the burden to prove adequate notice and manifestation of assent, that party (often the proprietor of the website or app) will need to present evidence of what the user actually saw and did. Where that party is seeking to enforce an arbitration or forum selection clause, it will likely want to satisfy this burden early in the case, before conducting discovery.
The proponent of the terms thus should maintain records of when the user accessed the website or app and what it looked like at those times. Because websites and apps are occasionally redesigned, and terms are occasionally updated, simply presenting screenshots of the current version of the website or app is unlikely to satisfy the burden of establishing what the user saw and did. Instead, the proponent of the terms must be prepared to establish when the user took the relevant action on the website or app, what the operative version of the website or app looked like at that time, and which version of its terms were presented to the user. Providing such evidence may be particularly challenging depending on the amount of time that has passed and the ability of the proponent to access or recreate historic versions of the website or app.
Presenting evidence of how the interface appeared to a particular user may be further complicated if the appearance varied based on the device used to access it. A website, for example, may appear differently when viewed on a laptop or desktop computer screen than when viewed on a smartphone. The differing screen size may affect what is immediately visible to the user without scrolling and the relative conspicuousness of the notice and terms vis-à-vis other elements. In the case of smartphone users, there might also be meaningful variation in the appearance of the interface depending on the size of the phone used. See, e.g., Cullinane, 893 F.3d at 56 n.3 (noting the 3.5 inch screen size of the iPhone used to access the app in question and reproducing the screenshots in the opinion to correspond to that size). Inability to identify the device used could prevent early enforcement of an arbitration clause or forum selection clause and require further discovery. Conversely, the party challenging the terms might argue insufficient notice by offering competing evidence as to what he or she saw when using the website or app. For example, even if the proponent can establish that the user accessed the website on a desktop computer, the user may have done so in a browser window that occupied less than the full screen, changing the appearance of the interface and potentially the adequacy of the notice. A user will not, however, avoid enforcement of the terms simply by asserting that he or she does not recall seeing notice of the terms or did not read the terms.
Given the potential consequences of enforcement of terms, such as application of an arbitration clause foreclosing a class action, challenges to enforcement will likely continue to arise. Prudent counsel will do well to guard against such challenges through recommending careful design choices and electronic records retention.
John A. Shope is a partner in the Boston office of Foley Hoag, where he specializes in class action defense, consumer law, and commercial arbitration. He also serves as an arbitrator for the AAA and CPR.
Kevin J. Conroy is a litigation associate Boston office of Foley Hoag. Kevin focuses on complex business disputes and shareholder disputes.