Lori Drew Conviction Reflections, Part 2 of 3: Who is Bound by Clickthrough Agreements?

By Eric Goldman

[Note: this is Part 2 of a special 3-part series on the Lori Drew conviction. Part 1 discussed why MySpace, the putative victim of Lori Drew’s crime, might end up regretting the conviction. Part 3 will discuss some lessons for Cyberlawyers who draft online user agreements.]

From everything I’ve seen, Lori Drew apparently never affirmatively manifested assent to the MySpace user agreement. My understanding is that Drew’s babysitter, Ashley Grills, testified that she, not Drew, created the MySpace account and clicked through the MySpace user agreement. (I understand that the jury disbelieved Grills, although I am not aware of any contrary testimony on this point). Furthermore, I am not aware of any testimony that Grills informed Drew that Grills was accepting the MySpace user agreement on Drew’s behalf or that Grills provided any other form of notification to let Drew know that a contract was being formed–let alone educating Drew about the terms of that contract.

If this is true, then how can Drew be legally connected to the contractual restrictions that she was convicted of violating? Principal-agency doctrines would be one way. If Grills was Drew’s agent, then Grills would have actual or implied authority to bind Drew contractually. However, I am skeptical that Grills was Drew’s agent for contract formation purposes. First, I am not clear about whether Grills was Drew’s employee or was an independent contractor. The latter status would cut off most forms of agency liability for Drew. Second, even if Grills was an employee, it is difficult to argue that entering the MySpace user agreement was within the scope of Grills’ employment, even if it was putatively done at Drew’s request.

As a result, I think the only way Grills could bind Drew to the MySpace user agreement was via the apparent authority doctrine. This argument is not completely untenable. For example, in the 2005 Abramson v. AOL case, the plaintiff’s son bound his mother to the AOL user agreement based on his apparent authority to act on her behalf. (The court also said that mom ratified the contract by continuing to use the service knowing of the contract terms). Similarly, an earlier 2004 case, Motise v. AOL (briefly discussed here), held that a stepfather bound his stepson, who shared use of the same computer, to the AOL user agreement.

It should be obvious why the courts have reached these conclusions. After all, if a click on the clickthrough agreement binds only the clicker, but the vendor cannot authenticate the identity of the person who clicked, then online user agreements could be easily defeated by anyone who simply claims someone else using their computer did the clicking. Consider an analogy (I’ve been holding this one as a possible future contracts exam question, but oh well): is a contract formed when a retailer cashier presses the “OK” button on the credit card swiping pad on behalf of a befuddled/distracted customer who is holding up the line? I’ve seen this happen dozens of times, but could the customer renege on the contract because he/she wasn’t the one literally pressing the button?

At the same time, the Abramson and Motise cases both involved family relationships. Although family members don’t automatically have agency authority to bind other family members, judges seeking equitable results would have little discomfort holding family members accountable for their online clicks. In contrast, the Grills-Drew relationship wasn’t familial and therefore not as susceptible to equitable readings.

More importantly, it’s one thing to use apparent authority to uphold a venue selection clause in a civil lawsuit (the only stakes at issue in the Abramson and Motise cases), but it’s quite another to apply that doctrine, or something similar, in the criminal context with the consequences of depriving liberties based on a user agreement the defendant never saw and didn’t affirmatively agree to. Indeed, I am not aware of any evidence that Drew ever learned of any applicable restrictions in the MySpace user agreement or otherwise “ratified” the agreement.

Therefore, based on everything I’ve seen, Grills would have been an appropriate target for criminal enforcement predicated on the MySpace user agreement because she actually clicked through. In contrast, holding someone else legally responsible for that click, especially if they never learned of the contract terms, makes no sense. Convicting them of a crime based on these contract terms is unconscionable.

More generally, the issue of who is bound by a click (other than the clicker, of course) seems like a recurring issue for the future. I’m not sure if we can draw too many insights from Drew’s conviction on this question, but this case—combined with Abramson and Motise—does suggest that courts and juries may take an expansive view of the circle of responsibility for clicks. While this is fantastic news for the sites trying to form these user agreements, in the criminal context, it can be tragic.