Clickthrough Agreement With Acknowledgement Checkbox Enforced–Scherillo v. Dun & Bradstreet

By Eric Goldman

Scherillo v. Dun & Bradstreet, Inc., 2010 WL 537805 (E.D.N.Y. Feb. 17, 2010)

I teach my Cyberspace Law students that the most effective online contract formation process is a “mandatory non-leaky clickthrough agreement”:

* mandatory = the user cannot proceed to the destination without going through a screen soliciting their consent to the user agreement.

* non-leaky = there are no alternative ways the user can reach the destination. I realize this is redundant with “mandatory,” but I remind students that a seemingly mandatory process can have leaks. For example, if customer support representatives will manually set up user accounts occasionally, the mandatory online process has become leaky because now a few users reached the destination without consenting to the agreement.

* clickthrough = the user manifests assent to the contract by clicking, and the user is told that the click signifies assent.

There are other ways to form online contracts (e.g., email exchanges), but if executed properly, the mandatory non-leaky clickthrough process should do very well against contract formation challenges. But even this description leaves open a number of user interaction judgments. Does likelihood of contract formation vary if:

* the agreement terms are presented on the clickthrough page itself or are only available for review by hyperlink?

* the agreement terms are presented in a scrollbox? If a scrollbox is used, must the user be forced to scroll through the scrollbox?

* the user is asked to check an additional box, such as a certification that the user has read the agreement?

In all of these cases, I believe the contract should be properly formed whether the answer to these questions is yes or no. However, I’m now a fan of adding a bonus mandatory checkbox as part of the formation process after reading today’s opinion. A user mounts a sophisticated challenge to a mandatory non-leaky clickthrough process, and the bonus mandatory checkbox helps squelch the challenge. I think the court would have enforced it without the checkbox, but it sure put the user in an awkward/untenable position.

Scherillo bought a financial report about a company from Dun & Bradstreet’s Small Business Solutions website. Scherillo alleges that the report painted an overly rosy picture of the company, leading him to make bad investment decisions that cost him money when the company tanked. Scherillo wants D&B to cover his investment losses.

Scherillo is almost certain to lose on the merits. Indeed, this case brought to mind one of the earliest cyberlaw cases, Daniel v. Dow Jones, 520 N.Y.S. 2d 334 (N.Y.C. Civ. Ct. Spec. Term 1987). (This case is a fun read–see how the court discusses electronic networked communications almost a quarter-century ago). That case involved Dow Jones’ publication of an ambiguous report via a dial-up online service that led the plaintiff to make a bad investment decision. The court said that any tort claim for publishing inaccurate information required the plaintiff to show that it had a “special relationship” (analogous to a fiduciary relationship) with the information vendor, and an ordinary customer-vendor relationship did not qualify as a special relationship.

Interestingly, D&B would rather hear the case in NJ rather than keep it in NY and hope to benefit from substantive NY law that surely would doom Scherillo’s case. (Perhaps NJ has a similar law). To move the case to NJ, D&B invoked the venue selection clause in its user agreement. Let’s look at the online contract formation process. The court says:

“since 2007, the SBS website has included a page that requires users to register before purchasing a Dun and Bradstreet product (“the registration page”). On the registration page, users input information, including their e-mail address and name. The bottom quarter to third of the page contains a scrollable text box with the title “Terms and Conditions” [which contained a mandatory venue selection clause designating NJ]. Directly below this text box there is more text that reads: “I have read and AGREE to the terms and conditions shown above.” Immediately adjacent to this text is a much smaller, empty box (“the terms and conditions check box”). Also at the bottom of the page is another box containing the phrase “Complete Registration” (“the Complete Registration box”). Clicking on this box completes the user’s registration. McDonald testified that if a user clicks on the Complete Registration box without checking the terms and conditions check box, the user is unable to complete registration and is returned to the registration page.”

Check out the page yourself as I saw it in Google Chrome on Feb. 18 (with cropping). The formation process looks pretty standard to me.

Scherillo attacked the formation process by saying he never consented to the agreement because “it was possible for him to unknowingly and involuntarily ‘check’ the terms and conditions check box.” Not only that, he lined up Sean Chumura, “a cyberwarfare and computer forensics expert” who is also [LINK NSFW] helping Perfect 10 in its lawsuit against Google, to testify that “it was possible for plaintiff, while ‘tabbing’ through the registration page, to inadvertently hit the space bar and thereby ‘check’ the terms and conditions box.”

[Snarky paragraph alert] First, this may prove the adage that you can find an expert to testify about ANYTHING. Second, Scherillo alleged $75k of investment losses. For a low-value lawsuit like that, he needs a cyberwarfare expert??? Third, I believe Chumura has a MySpace page. Really…? I wonder if he uses an email address too. The MySpace page also reveals that its author appeared to attend the Dan Quayle school of spelling.

OK, back to the case. The judge was no more tolerant of this nonsense than I am. He resolves the factual dispute by saying:

even under plaintiff’s theory–that, while “tabbing” through the fields on the registration page, he accidentally hit the space bar key and thereby “checked” the terms and conditions box–plaintiff would have seen the check mark appear in the box and then still would have had to hit the “return” key (or clicked the “complete registration” box with the mouse) to complete the registration and advance to the next screen. Plaintiff would have had an opportunity to see that he checked the box inadvertently before he then hit the return key on the “complete registration” box. Thus, to accept plaintiff’s theory, the Court would have to find that plaintiff hit two keys accidentally-the space bar and the return key-and that he was then involuntarily and unexpectedly sent to the next screen where he nonetheless proceeded to enter his credit card information and complete the purchase of the report. This alleged chain of events is simply not credible.

Therefore, Scherillo’s click on the “Complete Registration” box manifested Scherillo’s assent to the terms, even if Scherillo chose not to review them. The court says that the fact that the terms were in a scrollbox is immaterial, and the fact that some sites require the user to scroll through the scrollbox before proceeding doesn’t affect the effectiveness of D&B’s implementation.

I believe this court would have upheld the formation process even without the bonus checkbox, but you can see how the checkbox defused the withering assault of a cyberwarfare expert. Thus, you might consider implementing the bonus checkbox to discourage similar silly attacks against your contract formation process in the future.