Caveat emptor ("let the buyer beware") in Internet online purchasing

[IainB]

Why caveat emptor? Well, based on the two slashdot.org posts below, and assuming that they are true/factual, look at this interesting and alleged example of what some people (not me, you understand) might say seems like a potential case of fraudulent B2C (business to customer) e-commerce on the Internet, followed up by what seems to be a malicious attempt at a manufactured/dishonest punitive revenge for a bad (but apparently justifiable) review by the purchaser on ripoffreport.com.

If we make the reasonable assumption that the supplier kleargear.com would, in general, tend to treat all customers/victims relatively consistently - i.e., in the same manner - then we could ask what sort of consumer protection laws there were/are - if any - against this sort of thing.
I presume the prevailing laws would be as per the state of domicile of the business entity involved (in this case kleargear.com's state), but whatever those laws are, they apparently do not seem to in any event prevent a predatory supplier from seemingly ripping-off and then victimising a "protesting customer" in this manner (QED).

Woman Facing $3,500 Fine For Posting Online Review
Posted by Soulskill on Friday November 15, 2013 @03:13PM
from the hidden-so-well-it-didn't-exist dept.

sabri writes "Jen Palmer tried to order something from kleargear.com, some sort of cheap ThinkGeek clone. The merchandise never arrived and she wrote a review on ripoffreport.com. Now, kleargear.com is reporting her to credit agencies and sending collectors to fetch $3,500 as part of a clause which did not exist at the alleged time of purchase. 'By email, a person who did not identify him or herself defended the $3500 charge referring again to Kleargear.com's terms of sale. As for Jen being threatened — remove the post or face a fine — the company said that was not blackmail but rather a, "diligent effort to help them avoid [the fine]."' The terms and conditions shouldn't even apply, since the sales transaction was never completed."

The point about "...the sales transaction was never completed" is actually irrelevant, since, in contract law, a contract exists at the point when these 3 things have occurred:
1. Offer. (e.g., I offer to sell you something at a price of $X.)
2. Acceptance.  (e.g., you accept my offer at that price.)
3. Consideration. (e.g., you pay me the money $X.)

So, if I then fail to deliver (this is called "non-performance") the thing purchased under this contract - and for whatever reason - then I would be in breach of contract, and obliged (in law) to refund the monies paid, plus any penalties for non-performance that may have been stipulated under the terms and conditions of sale (which would have formed part of the contract at the time).
If it is indeed true that kleargear.com subsequently cited "a clause which did not exist at the alleged time of purchase" (i.e., it was not one of the terms and conditions of sale), then this would presumably be either a mistake or a knowingly deceitful/dishonest) statement.

So it is no surprise that we get the report:

Woman Fined For Bad Review Striking Back In Court
Posted by Soulskill on Friday November 29, 2013 @05:07PM
from the jury-to-be-fined-for-unfavorable-verdict dept.

An anonymous reader writes "Here's an update to the earlier Slashdot story about KlearGear.com 'fining' a couple for a bad review left four years earlier on RipoffReport: Not only did KlearGear report this as a bad debt to credit reporting agencies, but KlearGear is hiding behind a DomainsByProxy domain name to making finding their real identities harder. Now Public Citizen is representing the couple and is going after KlearGear for $75,000. The TV station that broke this story, KUTV, now reports that RipoffReport will likely be on the couple's side. The BBB and TRUSTe say their logos were used by KlearGear.com without permission, and credit reporting agency Experian is also investigating."

What I find disconcerting, and why I warn "caveat emptor" is that:

• Assuming that it is true that kleargear.com are attempting " 'fining' a couple for a bad review left four years earlier on RipoffReport".
• Assuming that the alleged rippoff (non-performance) by kleargear.com occurred after the point when the contract was agreed to.
• Assuming it is true that kleargear.com cited "...clause which did not exist at the alleged time of purchase" - and which thus was not part of the contract.
• Assuming that it is true that "KlearGear is hiding behind a DomainsByProxy domain name to making finding their real identities harder."
• Assuming that it is true that KlearGear did "report this ["fine"] as a bad debt to credit reporting agencies".
• Assuming it is true that "Public Citizen is representing the couple and is going after KlearGear for $75,000."
• Assuming that it is true that "RipoffReport will likely be on the couple's side. The BBB and TRUSTe say their logos were used by KlearGear.com without permission, and credit reporting agency Experian is also investigating."

- then the whole thing rather begins to look like the unravelling of an apparently dubious/fraudulent operation which may have been deliberately set up at the outset to operate in an unscrupulous manner.

Therefore: The question arguably becomes not "what sort of consumer protection laws there were/are" but "How is it that apparently fraudulent organisations are/have been enabled to set up and operate undetected in this manner for years under prevailing state commercial and consumer protection laws?"

Some people (not me you understand) might say that this shows a serious failing of whatever passes for the state legislature to have in place proper and adequate commercial and consumer protection laws.
These people could be wrong, of course, and it might be that there are in place proper and adequate commercial and consumer protection laws, and that kleargear.com and others perhaps yet to be revealed have been successful in operating just below the legislated radar, for a number of years. However, if that were the case, then there could be a potentially very large population of consumers who may have been ripped of without recourse by kleargear.com and others yet to be revealed.

Whatever the case, if it becomes apparent that the consumer who filed the "RipoffReport" might have been unable to stand up for their contractual rights as a consumer, without recourse, and without being subsequently maliciously and deceitfully attacked in a punitive manner by the perpetrator, and only gained recourse and defence after being given assistance by the Public Citizen organisation, then all consumers had better beware, because sure as heck there would seem to be grossly inadequate protection for them under prevailing state commercial/consumer law (QED), with all the advantage apparently being on the side of fraudulent companies who are even protected by being able to be effectively and legally anonymous.
I think it stinks.

Suggested action:
If you do not do so already, then what you probably need to always do as a matter of course, as a consumer, in any B2C transaction is thus protect yourself by:

• (a) Taking and retaining a copy of details of all online transactions/receipts and related emails and file attachments.
• (b) Taking and retaining a copy of the Terms & Conditions of the transaction as they are at that point in time. (You have to agree to these Ts&Cs by default at the time of the transaction, agreement is not assumed.)

It also helps to educate yourself by reading the Ts&Cs anyway.
Just as a case in point: Around a week ago I purchased a Spinrite software licence for US$89.00, wanting to see if it could restore my failing hard drive. I was aware that there was a possibility that it might not work - and so is/was the supplier, because they have a "30-day unconditional money back if not completely satisfied" refund policy.
The software was unable to run on my hardware (disk drive) - for the simple technical reason that it was not possible to effect a BIOS switch change to enable it.
So I wrote to GRC.com (the suppliers) and asked for my money back under their refund policy. I got an email in quick response saying that I would be credited via the credit card account I used to make the purchase, no problems. The suppliers GRC.com would seem to show themselves to be an ethical and honest supplier, and I would buy from them again.
The thing is, I would almost certainly not have bought the software licence if I had not read and learned about their refund policy.

[TaoPhoenix]

Heh IainB is my hero for Non-Brief-Posts.

No "The proof is wonderful, but too long for the margins" for this fellow! (Fermat reference. The fella couldn't be bothered to attach any 12 pages of his key proofs?!)

In another post I'll actually look at this note. This one is just cheerleading.

[TaoPhoenix]

Very broadly I want to react to "customer/victim" because I think that is at least part of the discussion. We're a bit cynical here at DC but many businesses would ... uh ... commit-Non-CSI-Compatible acts to generate market share and all that.

[mouser]

I think one concise piece of advise worth heeding from Iain's post is:

(b) Taking and retaining a copy of the Terms & Conditions of the transaction as they are at that point in time.

Websites change all the time -- you need to have a copy of what the website said at the time of purchase should you ever run into trouble.  It's no guarantee they will live up to it, but it will help if you have to argue that they've changed terms on you since your purcahse.

[IainB]

It's not just stuff you buy on the Inetrnet either - it could also be stuff you get for free.
For example, I just recalled my earlier posts about Norton Identity Safe (freeware):

• Norton Identity Safe -- Free Download
• Re: The feds pay for 60 percent of Tor’s development. Can users trust it?

On Norton Identity Safe (freeware), the Ts&Cs were in a pop-up that only appeared at installation time, and you could not seem to print them off or copy them. I thought they were very interesting - and somewhat revealing. If you accepted them (you had to do that for the install to complete), you basically gave Norton/Symantec carte blanche to access/collect pretty much all and any of your data that they felt like taking. Subsequently, in the light of the SnowdenGate revelations, it made a lot of sense, as that was just the sort of data that the NSA could likely be after. So, the freeware could have been (say) an NSA "plant" delivered via Norton/Symantec as a compliant/collaborative third party "security organisation" - who could presumably have been paid for the deal.
Here's the post, with the text from just section 10 of the Ts&Cs, in a spoiler (I had to take screen clips and OCR them to capture the text). I think it looks very sneaky on the part of Norton/Symantec/[NSA].

...With that thought in mind, and getting back on topic: I installed and then uninstalled Norton Identity Safe, in a controlled environment with no Internet connection enabled, and monitored the install and the program's attempts to communication outwards. I also studied the agreement (it's an image) that you make with Norton when installing the NIS software. I shall post the agreement up here - cannot find it published on their site, so shall screen capture the details from the image at install.
It is all quite thought-provoking.
Copied here is section 10 of the agreement (from OCR of image):

Spoiler

10 Privacy; Data Protection:
From time to time, the Software may collect certain information from the Device on which it is installed, which may include:
 
— Information on potential security risks as well as URLs of websites visited that the Software deems potentially fraudulent The URLs could contain personally identifiable information that a potentially fraudulent website is attempting to obtain without Your permission. This information is collected by Symantec for the purpose of delivering the functionalities of the software, and also for evaluating and improving the ability of Symantec’s products to detect malicious behavior, potentially fraudulent websites and other Internet security risks.

— URLs of websites visited as well as search keywords and search results only if the Norton Safe Web feature is enabled This information is collected by Symantec for the purpose of providing protection and of evaluating and advising You regarding potential threats and risks that may be associated with a particular Web site before You view it.
— Executable files and files that contain executable content that are identified as potential malware. including information on the actions taken by such files at the time of installation These files are submitted to Symantec using the Software’s automatic submission function The collected files could contain personally identifiable information that has been obtained by the malware without Your permission Files of this type are being collected by Symantec only for the purpose of improving the ability of Symantec’s products to detect malicious behavior Such automatic submission function may be deactivated after installation by following the instructions in the Documentation for applicable products.

— The name given to the Device during the initial setup of such Device. If collected, the name will be used by Symantec as an account name for the Device under which You may elect to receive additional services and/or under which You may use certain features of the Software. You may change such account name at any time after installation of the Software (recommended).
— Status information regarding installation and operation of the Software This information indicates to Symantec whether installation of the Software was successfully completed as well as whether the Software has encountered an error- The status information could contain personally identifiable information only if such information is included in the name of the file or folder encountered by the Software at the time of installation or error- The status information is collected by Symantec for the purpose of evaluating and improving Symantec’s product performance and installation success rate Symantec may also use this information to optimize its web-pages .

— Information contained in email messages that you send through the Software to Symantec to report as spam or as incorrectly identified as spam These email messages may contain personally identifiable information and will be sent to Symantec only with your permission. and will not be sent automatically If you send such messages to Symantec. Symantec will use them only for the purpose of improving the detection ability of Symantec’s antispam technology. Symantec will not correlate these files with any other personally identifiable information.
— Information contained in a report that You may choose to send through the Software to Symantec when the Software encounters a problem The report includes information regarding the status of both the Software and Your Device at the time that the Software encountered the problem The status information about Your Device may include the system language, country locale, and the operating system version for Your Device, as well as the processes running. their status and performance information, and data from files or folders that were open at the time the Software encountered the problem. The information could contain personally identifiable information if such information is included in, or is a part of the name of the files or folders open at the time the Software encountered the problem This information will be sent to Symantec only with Your permission. and will not be sent automatically. The information is collected by Symantec for the purpose of correcting the encountered problem and improving Symantec’s product performance. This information will not be correlated with any personally identifiable information.

— The Internet Protocol (lP) address and/or Media Access Control (MAC) address and the Machine ID of the computer on which the Software is installed to enable the Software to function and for license administration purposes .

— Other general, statistical information used for product analysis, and for improving product functionality.
In additon to the terms and conditions above, the following terms and conditions will also apply to Your use of the Software on mobile Devices :

— The Software may access the International Mobile Equipment Identity (IMEI) in order to generate a hash that ensures anonymity The hash is used to analyze and aggregate equipment data for statistical purposes. The IMEI is not collected or stored by Symantec. This information is used for the purpose of identifying the telecommunications device eligible to receive Content Updates for the Prerelease Software This information will not be correlated with any other personally identifiable information, such as Your account information. Alter the service has terminated the data is retained in statistical form exclusively for internal research.

Unless it is expressly defined as optional. the collected information as set out above is necessary for the purpose of the functionality of Symantec’s products
Information may be transferred to the Symantec group in the United States or other countries that may have less protective data protection laws than the region in which You are situated (including the European Union) and may be accessible by Symantec employees or contractors exclusively to be used in accordance with the purposes described above For the same purposes the information may be shared with partners and vendors that process information on behalf of Symantec Symantec has taken steps so that the collected information. if transferred. receives an adequate level of protection
Subject to applicable laws, Symantec reserves the right to cooperate with any legal process and any law enforcement or other government inquiry related to your use of this Software This means that Symantec may provide documents and information relevant to a court subpoena or to a law enforcement or other government investigation. In order to promote awareness, detection and prevention of Internet security risks. Symantec may share certain information with research organizations and other security software vendors. Symantec may also use statistics derived from the information to track and publish reports on security risk trends by using the Software. You acknowledge and agree that Symantec may collect, transmit, store, disclose and analyze such information for these purposes.
CPS / IDS 1.0 / IE

In the doco somewhere it also says that it uses your unique CPU ID, or something, to hash/encrypt data.
NIS is your Friend...    

-IainB (May 30, 2012, 06:19 PM)

Therefore, I would recommend that you don't even touch it with a bargepole.

[40hz]

Buyer beware for sure.

But the Kleargear story is a bit more nuanced. You can put anything you like in your 'terms and conditions of sale'. But that doesn't mean that such terms are either enforceable - or legal - depending on the jurisdiction your customer lives in.

Kleargear's move looks very much like it was motivated primarily by petty spitefulness if the reports I've read (Popehat and Techdirt have both covered this story) are anything to go by.

Public Citizen has since elected to provide legal representation for the Palmers. A copy of the demand letter their attorneys have since sent to Kleargear can be found here.

Of interest are the relevant paragraphs that call attention to the fact that Kleargear's terms are illegal or unenforceable and their subsequent actions have likely violated several laws including the Fair Credit Reporting Act.

That's why it's so important to remember that there are genuine and very real protections for the consumer under US law. And it's equally important not to let yourself get into the habit of thinking you're absolutely powerless in the face of an abusive contract or company. Don't assume there's nothing that can be done. Ceding the battle without a fight is the first step towards serfdom.

So yes, Caveat and all that. But also: In Ius Voco Spurius

 

[IainB]

@40hz: Thanks for the info and links. That's a great lawyers letter from Public Citizen!

"Sue the bastards", yes, by all means, but look at the wrongs and damage apparently done by Kleargear. Malicious/spiteful and illegal, deliberately and intentionally distressing and financially disruptive to their victims over an extended period of time.
Where are the checks and balances to protect the consumer from such deliberately false/erroneous posting of indebtedness to credit agencies? How did that happen?
Having a legal remedy is all well and good, but how did it happen in the first place? That it can (a) happen at all, and (b) continue and be aggravated over a period of time must surely indicate that something is seriously amiss regarding adequacy of consumer protection.

The victims should not have been subjected to such an extended onslaught until the lucky event of a white night - in the shape of Public Citizen - coming into the picture.

I would suggest that the thing to do to protect consumers from psychopathic predators - e.g., such as Kleargear seem to be - would be to give wide publicity to the case and for consumers to boycott the company, cancelling all existing orders in progress. Shut them down for unacceptable behaviour.
It looks like Kleargear are getting the publicity now - the Streisand Effect. The people who run the company and who are responsible for the sustained attack on the victims in this case should equally be given some publicity.
Let there be light...

[40hz]

Shedding light may take a little more time since Kleargear is apparently a big believer in the "untouched by human hands" notion of product delivery. At least if the inability of anybody to actually reach a human sentient at Kleargear is anything to go by.  

The company also went to somewhat unusual (albeit completely legal) lengths to shield the ownership's name(s) from public view. Not unheard since 'silent partners' and 'hidden shareholders' have existed as long as corporations have. But it certainly becomes questionable for Klearger's ownership in light of this debacle.

No matter. It goes to the courts now. And those wheels "grind slow but exceeding fine" as even Prenda Law is discovering.
 

[J-Mac]

Here's a link to the Wayback Machine's copy of the KlearGear.com Terms of Use with the so-called Non-Disparagement Clause in it. They admittedly added this clause after the purchase in question was made and then took it down a day or two after this story broke on KUTV2. The clause itself is quoted below.

Link to Terms with Non-Disparagement Clause:  http://web.archive.org/web/20120627211945/http://www.kleargear.com/termsofuse.html

Non-Disparagement Clause

In an effort to ensure fair and honest public feedback, and to prevent the publishing of libelous content in any form, your acceptance of this sales contract prohibits you from taking any action that negatively impacts KlearGear.com, its reputation, products, services, management or employees.

Should you violate this clause, as determined by KlearGear.com in its sole discretion, you will be provided a seventy-two (72) hour opportunity to retract the content in question. If the content remains, in whole or in part, you will immediately be billed $3,500.00 USD for legal fees and court costs until such complete costs are determined in litigation. Should these charges remain unpaid for 30 calendar days from the billing date, your unpaid invoice will be forwarded to our third party collection firm and will be reported to consumer credit reporting agencies until paid.

Wow! What a complete bonehead move! And to think that we old farts always thought it was the used car salesmen who were the real experts in fleecing folks.

And if KlearGear.com wants to come after me for posting this.......  Nyah nyah nyah!   

Jim

[IainB]

@J-Mac: Thanks for the Wayback link. Good find.
If I saw Ts&Cs like that in a company, I'd never do business with them in the first place.
In the UK, under the Unfair Contracts Act, that would probably be an unfair contract, by definition, and therefore illegal/unenforceable.

Amazing that they can even think they could get away with it in the US.
To draw up Ts&Cs like that - even without the "Non-Disparagement Clause" - they presumably would have to have had a lot of trouble from unsatisfied customers.
I wonder why that could be?