Slashdot Mirror
Let Consumers Sue Companies (nytimes.com)
Richard Cordray, the director of the Consumer Financial Protection Bureau, writes: When a data breach at Home Depot in 2014 led to losses for banks nationwide, a group of banks filed a class-action lawsuit seeking compensation. Companies have the choice of taking legal action together. Yet consumers are frequently blocked from exercising the same legal right when they believe that companies have wronged them. That's because many contracts for products like credit cards and bank accounts have mandatory arbitration clauses that prevent consumers from joining group lawsuits, forcing them to go it alone. For example, a group lawsuit against Wells Fargo for secretly opening phony bank accounts was blocked by arbitration clauses that pushed individual consumers into closed-door proceedings. In 2010, the Consumer Financial Protection Bureau was authorized to study mandatory arbitration and write rules consistent with the study. After five years of work, we recently finalized a rule to stop companies from denying groups of consumers the option of going to court when they are treated unfairly. Opponents have unleashed attacks to overturn the rule, and the House just passed legislation to that end. Before the Senate decides whether to protect companies or consumers, it's worth correcting the record. First, opponents claim that plaintiffs are better served by acting individually than by joining a group lawsuit. This claim is not supported by facts or common sense. Our study contained revealing data on the results of group lawsuits and individual actions. We found that group lawsuits get more money back to more people. In five years of group lawsuits, we tallied an average of $220 million paid to 6.8 million consumers per year. Yet in the arbitration cases we studied, on average, 16 people per year recovered less than $100,000 total. It is true that the average payouts are higher in individual suits. But that is because very few people go through arbitration, and they generally do so only when thousands of dollars are at stake, whereas the typical group lawsuit seeks to recover small amounts for many people. Almost nobody spends time or money fighting a small fee on their own. As one judge noted, "only a lunatic or a fanatic sues for $30."
I've been a knowing or unknowing party to many consumer class action lawsuits and I usually get coupons, rebates, and the occasional $5 payout. The only ones making millions off this are the attorneys filing the lawsuits.
Contracts should never be allowed to waive legal rights.
Corporations can screw customers out of "small" amounts and maybe end up with a small fine, no jail time and zero incentive to prevent it from happening again. It may not feel like much when they steal pennies or dollars from each customer but multiply that by millions of customers and they have plenty of motive with no significant consequences. The only way to deal with it is with highly motivated lawyers with a group of customers-- even the criminal court system is too busy to deal with all the cases of small time organized criminal activity; again, the punishments even it even goes that far are rarely ever amount to a deterrent.
In the EU / australia / etc Consumers have rights that we don't get in the usa.
I got an email yesterday about class-action lawsuit against Apple for third-party auto-renewing apps purchased through iTunes. What is it about? Beats me. I'll probably get a $5 gift card to spend at the iTunes Store sometimes next year.
The difference seems to be that a class action you just sign up and don't do anything, but in arbitration you have to take time to collect evidence.
Which they won't do. When was the last time Congress passed a law that didn't benefit the rich and powerful? The problem with poor(er) people is they don't give very many bribes to the politicians. Corporations do. A lot. And corporations don't want to deal with the expense of court. Hence...no-sue clauses on contracts. This won't change. It's all about cash.
that Congress passed recently making arbitration legally binding. I'm sure Congress will get right on that right after they're done ending the 7 wars we're fighting in, reforming our healthcare system for the better, solving our student loan crisis and working out that pesky cold fusion problem.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
We could really lower our health insurance costs if patients could never sue for malpractice and had to work through an arbitration process instead.
Consumers should be able to sue, without lawyers on either side, for unlimited amount for a nominal fee. The impartial court should decide the law.
While the legal system cost so much, to go through it will never be fair. Even with class action suits you have to organize it and the lawyer gets a significant portion of any reward.
People should have the right to justice no matter how wealthy they are.
Let's say Home Depot used point-of-sale software from Vendor X, which uses a Linux distribution and relied upon a network driver from Manufacturer Y.
A hacker is able to penetrate their network by exploiting the combination of driver and linux, which was also misconfigured by Vendor X.
Who is to blame here? Home Depot for not completely investigating their entire stack ? Vendor X for sloppy configuration? Manufacturer Y for having a bug in their software?
It's so hard to ascribe blame in these situations. Data security is incredibly hard (and in fact, to date, nearly all software in the past 20 years has been exploited in one way or another). Would it be fair to hit Home Depot with a $50 billion settlement? So many companies have been hacked (Verizon, Gawker, voter registration systems, credit card companies, Target, etc). Would fining each of them tens of billions really make things better if data security is so hard that no one has pulled it off?
The flip answer would be: "Hey, once that first company gets hit with a $50 billion settlement, everyone else will start taking this seriously!" That might be true: It might also be true that you end up destroying businesses with nothing to show for it because Home Depot / Target / Verizon / etc are at the mercy of their vendors and 3rd party systems with vulnerabilities out of their control.
How can the court hold that these people who never authorized, let alone agreed to the terms, of the credit card or account should have to follow the rest of the contract they never agreed to? That doesn't make any sense, legally or otherwise!
Bring it.
All you "Ruby coders" will be out of work if companies - and therefore the people who write the applications, eventually - are actually held accountable for fuckups the way bridge and building designers, engineers, and builders are.
So you're a not-smart-enough-to-know-how-stupid-you-are "artist" who can't spell CM, likes to test your code on the operational box, and thinks code reviews would just insult your beautiful, artsy code that uses all the weird corner cases of your chosen language just to show to all the others just how smart you are?
You'd be unemployable.
... except revolution.
Before doing so, you need an ideology and you got none.
You know who got ideology? Muslims.
Either eat shit from the real power: degenerate bankers or accept Islamic State, where capitalists will be subordinate to people, not vice versa.
No "Free market" bullshit. There is no free market. There are monopolies and there are piece of shit scumbags who exploit human sweat, tears and blood - legalized organized crime in the form tobacco companies, alcohol production, and newly allowed by piece of shit liberals ganja industry.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
It's super simple. Print out the contract. Cross out the part that gives up your rights. Sign and send back. The big companies always accept.
I don't respond to AC's.
That's because many contracts for products like credit cards and bank accounts have mandatory arbitration clauses that prevent consumers from joining group lawsuits, forcing them to go it alone.
My guess - IANAL - is that if someone had the cash-ola and lawyers *cough* EFF *cough* perhaps they could invalidate these types of arbitration clauses who's sole purpose is to restrict the rights of consumers...
If you want news from today, you have to come back tomorrow.
And amen. Forced arbitration clauses should not be legal in lieu of class-action lawsuits.
It is despicable that companies can and do get you to sign away your right to legal redress in the courts if you want to do business with them. I can't think of even one single good reason why that should be a thing that is allowed.
It's not fair to allow consumers to sue merchants for payment card data breaches who, due to market forces, are forced to accept payments via the deeply flawed, archaic payment card processing paradigm we have today. Merchants should never have to possess cardholder data, but in most cases, they are required to. Even merchants who use tokenization are required to pass cardholder data to a payment gateway to get back a token. P2PE is not an end-all solution, either. You can't hide from the future with math. The oligopoly that controls that payment card processing paradigm essentially doesn't have any incentive to make it more secure, so they won't.
The way this should work is pretty obvious.
Home Depot would be the party responsible from the customer's point of view -- in other words, Home Depot would be on the hook for making things right (or as right as possible).
If the underlying cause was because a company Home Depot uses messed up, then Home Depot sues them to recover their losses (including whatever they had to pay to customers). And so on and so forth.
In the EU / australia / etc Consumers have rights that we don't get in the usa.
Not only that, but some European countries (some prominent examples: Germany and Switzerland) even have consumer protection groups which can help coordinating and engaging such actions on the behalf of consumers, who regularly scan products for fraud, etc.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
In this day and age, it should be hard for a company to bury some really unfair wording into a contract used by a lot of people. If people with a lot of legal expertise would go through the contract; find all the devious stuff the company tries to hide in the fine print; and then broadcast their findings to the world; then those companies would be shamed into changing it. Otherwise, their competition would exploit it and customers would leave in droves. The best way to scatter the cockroaches is to turn on a light.
And if the Linux kernel has a vulnerability that was exploited, Home Depot would be on the hook for billions of dollars? Or if the software from a vendor included a unpatched 3rd party library (such as OpenSSL?) It just wouldn't work, and it would be a nightmare of responsibilities and dependencies. The only winners would be lawyers.
Lawsuits should proceed if (and only if) the company responsible was negligent in things under their control: If they used MD5 hashes for passwords, or left default system passwords unchanged, or they were using Windows XP SP1 or if they lost a laptop with critical information. But that's not the case with many of these hacks (like with Target, where the hackers used VPN credentials from a contractor to install hacked firmware on point of sale systems. What could Target have done differently that they weren't already doing?)
Which spent 8 years forcing businesses to kowtow to the political groups that generally support the DNC and only NOW get around to making generalized commentary... and badly at that.
The credit card issuers have the right to sue because, legally, they have to cover any costs loss from the credit card thefts.
Theft of personal information(outside of credit card numbers) ISNT COVERED by the credit card waiver for arbitration.
Now service agreements (like with ISPs) can require you to go to arbitration FIRST but that does not waive your right to go to court if arbitration fails.
Arbitration is also good for the court system because the court system is already overloaded and the great bulk of disputes can be handled properly through arbitration.
To wit - this whole thing is a nothing burger written to justify the existence of the board.
Not true. Try not paying a $30 bill and see what happens. Or is he saying that all those companies are lunatics or fanatics?
Answer: It was Home Depot's responsibility to ensure their data was secure regardless as to the system used to manage it. They failed to do so, therefore they are at fault.
Just because a computer or the internet is involved does NOT absolve you of your responsibilities under the law, nor should it. To look at it another way, Home Depot was hacked, even if the courts said "Oh, a computer got hacked? You're off the hook then, case dismissed." They would still face the financial / public relations repercussions from failing to secure that data. The people that hacked Home Depot would still sell that data on the black market, or use it internally for their own gain. The public would still feel wary about using credit cards at Home Depot, or sharing their personal information with Home Depot due to the hack. Even if there is no legal consequence, there would still be others. Further, the lack of a legal consequence would also encourage them not do change that situation to the best of their ability. (Because doing so requires spending time / money.) Plus, the lack of a legal consequence would also help bad actors use that void as a loophole for getting around data / consumer protection laws and the like. ("Oh, I'm sorry we got hacked. No, the fact that a bunch of insider info just got leaked and our stock price has jumped up is completely a coincidence. As is the sudden increase in our revenue from advertisers.")
And if the Linux kernel has a vulnerability that was exploited, Home Depot would be on the hook for billions of dollars? Or if the software from a vendor included a unpatched 3rd party library (such as OpenSSL?)
Yes. Home Depot is the one representing that their systems are safe. If that turns out to be untrue, then Home Depot is the one responsible. They can turn around and reclaim damages from whoever it was that put them in that situation.
It may seem unworkable, but it isn't really. It's as close to fair as we can get. What's more fair than holding the party that damaged you responsible for that damage? Otherwise, the situation is that nobody is effectively responsible and these sorts of things will only continue and get worse as time goes on. Nothing will change unless companies are at risk of losing serious money unless they change things.
In five years of group lawsuits, we tallied an average of $220 million paid to 6.8 million consumers per year. Yet in the arbitration cases we studied, on average, 16 people per year recovered less than $100,000 total.
Sooo... for lawsuits, 6.8 consumers recovered $220 million -- that's $32.35 per consumer. Lawyers probably get around $100 million.
For arbitration, 16 consumers recovered around $100,000 -- that's over $6,000 per consumer. Lawyers get little to nothing.
Let's not be naive -- this is a push by a long-time, high-flying lawyer to increase the volume of class action lawsuits that are generally easy money for law firms and, as shown by his very own data, don't award meaningful money to consumers.
TINSTAAFL
Yes, consumers in Europe and Australia get consumer protections. But do you know what their biggest complaint is? Everything costs more! Everyone complains how a $500 item in s the US costs around $750US after conversion or more in Europe or Australia. Hell, Australia even encouraged consumers to bypass their local distributors and import stuff from the US.
Of course, part of it is gouging, but another part of it is the law. When the law says you must give 3 years of warranty to a product, that's the same as buying an extended warranty. So your $500 item will probably be dinged another $100 for the extended warranty, just like you could choose to pay Best Buy $100 to purchase the same extended warranty. Other sources include taxes (EU/AU prices include sales tax in the price itself, while US prices do not, which in our example can be another 20%)'
The good news is that most companies have not priced in the cost of arbitration versus a lawsuit so that has little to no impact on price of a product. This is especially true in a country like Canada, where the courts have ruled that despite arbitration clauses, you never give up your right to seek redress through the judicial system. So you may go through the process, and if you are unhappy, you are free to file a lawsuit and a company cannot hide behind arbitration clauses. You are also free to appeal your arbitration ruling in court
And if corporations happen to violate those rights AND get convicted in court we get a big fat "Ooops, our bad. We'll probably fix that.". Best thing we can hope for is getting out of long running contracts early. If they're real bad they get a fine that's pocket change (and pocket by the government) compared to what they have to pay in class action lawsuits in the US.
Not to mention that all these rights cost money and as consumers we're the ones stuck footing the bill.
The grass is always greener on the other side and all that.
People who have to live in nursing homes should also not be required to submit to so-called 'binding arbitration', they too should have the right to sue a nursing home. #THANKSTRUMP
If you wish to claim consumer protection agencies and regulation for consumer protection is a major contributor to higher prices in the EU, you'll need to cite sources for that?
:)
EU has a lot less litigation than the US, this makes it easier to be a business and to be a consumers... Unless you want to claim that litigation is efficient
It was frivolous. I want my fucking coffee HOT! This case fucked it up because someone was too stupid to handle a hot cup of coffee properly. Because she was old, people felt sorry for her. Bullshit!
There is an easy solution to this..... Don't keep sensitive information on internet-facing systems! A layered approach is much nicer where each internet-facing server can query for more details based on what the user entered in some form...
Thing is they can get away your example they can get away with anything... If they would not be liable for a incorrectly configured driver they would not be liable for a incorrectly configured firewall.
I always wonder what they thought when you hear about company X got hacked and every single CC used on their web-shop during the last 5 years leaked... Why ever keeping the CC information on the actual web-shop system?? In a sane world you move that data out to a separate system as soon as possible.. Preferably within 5 seconds of the purchase being completed.
If you really need to keep the data, but need to keep it secure just encrypt the chunks with a public key and if needed in the future you can use your private, offline-stored, key to decrypt that chunk of data....
This is identity theft; not a consumer complaint. It's a crime in the legal statutes, yet the criminals can demand arbitration? I should be saying 'corporations don't choose what laws they obey' but obviously, in neo-liberal USA, they can.
You wish. No class action suit possible re Dieselgate in Germany.
And if the Linux kernel has a vulnerability that was exploited, Home Depot would be on the hook for billions of dollars? Or if the software from a vendor included a unpatched 3rd party library (such as OpenSSL?) It just wouldn't work, and it would be a nightmare of responsibilities and dependencies. The only winners would be lawyers.
Lawsuits should proceed if (and only if) the company responsible was negligent in things under their control:
Then you'd have the case that companies outsource everything to a sister company with no assets purely to ensure that they cannot be sued.
They way it is now is fine, thanks - the company is responsible for ensuring that its vendors are diligent. No one else can be responsible for that except the company who made the decision to go with a negligent vendor.
I'm a minority race. Save your vitriol for white people.
Corporations wanted to be considered people and that means they can sue or be sued.
We'll make great pets
You know who spreads bullshit on the internet? mapkinase.
as everyone else.
Damping absorbs vibrations. Dampening is caused by moisture.
Maybe you could try this site for price comparison. Or maybe you could check this one for another overall comparison. To me, price of goods only doesn't mean anything much if it doesn't affect the local "cost of living".