
Cool!
Can we apply this loophole to other online "services"....?
A man who blamed his girlfriend's five-year-old son for making loss-making trades in expensive natural resources through his online betting account is not bound by a term he agreed to on the bookmaker's website, the High Court has ruled. The term stated that an accountholder is deemed to have authorised all trading made under …
Doesn't matter. That wouldn't have saved the contract.
One of the tenets of the Unfair Contract Terms rules seems to be that you need to be able to negotiate, in order for it to be a fair contract. So whatever permission hoops they make you jump through don't help them.
To be fair, they have to be fair. This means that they can't use really broad terms, without reasonable exceptions. Or lumber you with unlimited liability, while accepting none themselves. If terms are one-sided, then they're likely to be struck down.
Also they have to be willing to negotiate. So all these Ts&Cs that you're given are likely to be unfair, because they're issued as a 'take-it-or-leave-it'. Whereas when you negotiate a contract between companies, both sides get to change what's in there.
Finally you can't get away with burying shit deep in the contract. If you write it in legalese, and the first ten paragraphs are definitions of terms, then you're pretty much guaranteeing that only lawyers will read it. So at that point, anything obvious will probably stand up in law. But if the court thinks that a term you've stuck in there isn't something the consumer would be expecting, then it's likely to get ruled unfair.
I'm no lawyer, but I've read a few reports of these types of cases from people who are.
One of the tenets of the Unfair Contract Terms rules seems to be that you need to be able to negotiate, in order for it to be a fair contract.
Not always. From the article, the requirement to negotiate apparently only applies to terms which might cause "a significant imbalance in the parties' rights and obligations arising under the contract, to the detriment of the consumer". So these Ts&Cs, for example, may be fine if the organization writing them has accepted a reasonable balance of liability.
I'd say a good rule of thumb is "don't draft a contract you wouldn't sign (as a consumer)."
Entering a password before each trade would make the site unusable.
How long does it take a five year old to get to the computer? Probably a lot less time than it takes to go and make a cup of coffee.
Here's a novel idea. How about making the person who's account it is responsible for that account? If he leaves it logged in at his girlfriends then it is his responsibility.
I'm a member of multiple gambling sites (although not Spreadex) and every single one of them allows you to set a maximum amount you are prepared to lose over a period of time. You can change this but you have to enter your password to do so. This idiot obviously had his limit set to 50k+ or had it set to no limit. I have no sympathy for him. The court should have thrown his claim out.
Ok, that's a fair point. I guess trading is a lot more fast-paced than online banking.
Clearly he didn't take enough care of his computer's security, but also Spreadex allowed an authenticated session to persist for too long. The article suggests he left his machine at his girlfriend's and it was accessed in his absence. The logged-in session should have been dropped by Spreadex, surely?
I think both parties are guilty of lax security really.
From within the gambling industry they are viewed as the lowest of the low, the ones who have already sold their grandmothers and would happily sell yours.
The whole spread betting business model is based upon you being able to lose an infinite amount of money very quickly and so bankrupt their customers.
Gambling industry doesn't pay high wages and have fancy offices in central London because you stand a chance of winning :)
Seems this guy has put a lot of thought and effort into getting away with his stupid choice of betting..
@The Indomitable Gall "In which case Spreadex's business model is bad."
I don't know about spread betting (I'm not that stupid), but your comment suggests that you don't know anything about trading platforms.
The main differentiators between top-line systems and those in lower tiers is speed: how recent are the prices, how low is the latency. Owners of trading platforms typically put in lots of expensive features to enable users to make trades quickly. Entering a password before every trade is out of the question.
> In which case Spreadex's business model is bad...
You obviously do not participate in live gambling. That is betting on a football/tennis/cricket match when it is playing, a horse race after the start or betting on a market during trading hours. In all of these the odds can fluctuate wildly in short time scales. In the couple of seconds it takes to enter your password the odds can change from 100/1 to 2/1 and you thus loose the opportunity.
Gambling sites force you log in before you place any bets. Most will time your session out if there is no activity after an hour or so. None of them will leave your session logged in indefinitely.
You, the customer, are expected to take reasonable precautions to protect your account. Leaving yourself logged in and letting a five year old play with it is unreasonable.
This idiots action might well result in all of us having to enter a password for every bet which will be a real pain. Especially since in the 3 hours between 14:00 and 17:00 I've made somewhere in the region of 200 to 300 bets.. If I have to enter my password every time then it will change from the long complex one it is now to a short simple one that can be easily and quickly entered on a keyboard.
Unusable? For business purposes, perhaps. But given it's a gambling site, consumer law applies - the relevant statute being the Unfair Terms in Consumer Contracts Regulations. This looks at the fairness of key clauses, by assessing if any clauses impose excessively detrimental imbalances of obligations on one or other party. In this case the clause at issue was the one which said one did not have to confirm it was the consumer, who might be attempting to make a new contract each time he placed a trade.
The judges decided the fact they didn't confirm it was the consumer making a contract at each commissioned event, meant there was no contract at the key events in question: the requisite "meeting of minds", i.e. intention to be legally bound, required to make a contract binding, had not occurred. Ergo there was no contract, and he could not be bound.
You write "Here's a novel idea, How about making the person who's account it is responsible for that account? If he leaves it logged in at his girlfriends then it is his responsibility."
Yet that's exactly what the contract stated, and exactly what the judges found fault with.
English legal system 1: Shits 0.
My Rabo account makes you use a hard token to perform any sort of transaction including buying or selling funds. You fill out the transaction detail, then log onto a hard token, stab in some server generated code and then type the resulting number back into the transaction form. Makes it pretty hard for anybody to do anything without possession of a lot of info.
That said, I have an online account with a US trading firm where once you're in you're in. I haven't tried borrowing on margin or whatever to see if extra security is invoked but for regular trade tickets your login is good enough to see it filled. That said, the site throws you out quite quickly from inactivity and has other session checks.
It's a damn sound strategy. And now there's clear legal precedence, so it can't fail, can it? (all my legal knowledge comes from watching Harry's Law and Boston Legal...)
I just need to find someone's five year old to borrow while I make a series of outrageously risky trades and bets.
My two children can be borrowed for a small fee. We will call it reverse baby sitting.
You pay me a small fee and I will supply either a 2YO or a 4YO.
The 4YO is more computer literate but has a tenancy to drift to the cbeebies website. Maybe some pointers could be given to him before you leave the room. Something along the lines of "when I am out of the room don't click the big bid now button" (learned this from eBay - almost bought a drum kit )
Yes, but they will get cheese spread over your remote control.
And TV
And blu-ray player
And Phone
It fact I would go as far to say that even in the absence of cheese spread in your house my little angels would still manage it. Still it's a small price to pay considering they will save you 50K in gambling debts.
For an even more reasonable fee, I will lend you my cat. Never showed much of an aptitude for computers, until I caught him one click away from deleting all my files. I was very disappointed at the breakdown of our relationship (I had always provided a reasonable quantity of food and access to various facilities) and so was he, after I threw him in the pond. I now close the screen over my laptop, and am on the look-out for the signs of him developing opposable thumbs.
Agreed, I kept hearing about people sharing passwords (such as social networking or other type of account) with their current squeeze and then are surprised when after a split in the relationship the partner takes revenge on their account.
Don't share passwords, its more trouble than its worth.
Sorry, but I think he IS liable, not because of any clause, but because he was dumb enough to leave his laptop unlocked, with software open/running/unsecured that would cost him money....
But still I agree with the sentiment that a pass code should be needed to trade... or some other type of confirmation...
while I go and bone your Mum.
Really dumb think to do with gambling sites having 'keep me logged in' automatically ticked.
But without any way to really disable that then these things are gonna happen. Call of nature and the need to distract the little ones.
My 3 year old's pretty good at getting round websites and he can only just read. a 5yo would have no trouble. He's also really good at clicking on wildly random stuff that breaks things - which is why he has his own desktop account and I watch him like a hawk - a couple of close shaves with facebook and ebay taught me that in a real hurry!
It depends on the circumstances. If he usually bet a fiver on the footie, then suddenly made a huge bet on gold, or if the bet was absurd (e.g. he bet the price of gold would double tomorrow) then he probably didn't make it.
But this is moot. Spreadex just said "we don't care who made the bet, give us the money". I guess Spreadex do have a pretty good idea of whether he did actually make the trade based on his history. Maybe that's why they didn't argue the point in court.
From what I make of the judgment it matters not who was alleged to have made the trades, the law says that the catch-all aspect of the contract is unfair, and in finding it unfair the court put the onus on the site owners to prove the account holder made each and every one of the trades, and they can not do it.
The sites business contract is flawed under UK law, the moral aspect of who did, or did not make the trades is a secondary issue, and not for the courts to judge.
Quote: From what I make of the judgment it matters not who was alleged to have made the trades, the law says that the catch-all aspect of the contract is unfair, and in finding it unfair the court put the onus on the site owners to prove the account holder made each and every one of the trades,and they can not do it.
Then they would be equally able to reclaim monies paid out to him on the same basis.
Besides which, if he allows a 5yo access to such accounts, he shouldn't even be allowed to internet access anyway. It's lying cheating scum like him who turned the internet from the sharing of information it was to the dumbed down lowest common denominator it is now.
He should have his laptop confiscated in my opinion.
I'm not sure but I seem to have come across terms that basically states if the court of law find a particular clause to be invalid it would not affect the bindability/legality of other clauses and the contract will remain in effect.
If they have used that clause, would the contract still be valid?
I think that in general courts can strike out one clause of a contract as invalid, without necessarily killing the whole thing. So I think those clauses are only in there to state the obvious. The court will decide, when it rules, how that will effect the rest of the terms.
I ain't Spartacus, and I also ain't a Lawyer.
IIRC it's called the blue pencil test (or doctrine).
If you can strike the offending part and leave the rest of the contract valid, it still stands. if the offending part cannot be struck without destroying the contract, then (subject to another legal remedy) it's voided. But it has been 21 years since I studied this stuff, and I too am not a lawyer.
If the trades had made him money if he'd taken the thing to court to refund it to Spreadex. I do feel some sympathy because kids can be devious destructive bastards but at the end of the day I don't see why it's someone else's fault if you let one of them near a computer running trading software.
Oh, c'mon! A five year-old expertly hitting the right buttons in a supposedly random order to lay high value bets on exotics? Unlikely story! If I screwed up as badly as this I would also look at blaming the young, innocent and defenceless. I bet his girlfriend is pretty nonplussed for her little boy getting the blame.
Why would she really care - nothing happens to the kid and her bf is £50k richer than he should be.
'You know how much I love you both - let Jimmy take the blame - I'll get him an Xbox 360 and when it's all over we can get married - if not I just won't be able to afford the wedding. Ok - thanks love - bugger I've just lost £20k on Ladbrokes - Jimmy, Jimmy... have you been on my computer again - there's a good lad!"
I wonder what the guy's potential maximum liabilities had previously been when he was betting no the site. If they were alwyas at most a few hundred quid then it should have been obvious these bets were suspect. If he usually made bets with potential liabilities in the tens of thousands then it does look as though perhaps the five year old had nothing to do with this.
Isnt the point of the judgement that it was biased/unfair?
Spredex were totally unliable, yet the customer was infinitly liable.
So imagining a bad person gets access to your account and does evil things, you'd potentially be held liable for squillions of squids. Spredex win-win. Infact, that would encorage them NOT to have sufficent security.
If however they'd limited the customer liability to 'something' then Spredex might have won.
TBH IMHO IANAL sounds like a judge with a reasonable answer.
Even better quote.
"It would have come close to a miracle if he had read the second sentence of Clause 10(3), let alone appreciated its purport or implications, and it would have been quite irrational for [Spreadex] to assume that he had."
http://www.ffw.com/publications/all/articles/spreadex-v-cochrane.aspx
In a sense, I can agree with you - the idiot is clearly a habitual gambler (which makes him an idiot twice), and he gambled that no-one would access his computer (an idiot three times) and do something with severe financial implications (four times an idiot).
The only reason I tend towards the idiot over the fraudsters, thieves and habitual liars (any betting organisation would be covered by this description) here is that the court decision has wider implications for the utterly ludicrous and inherently unfair contract found on the internet.
Disclaimer: I regard any form of gambling as so utterly stupid that it is incomprehensible to me. Allowing online gambling just seems like the government giving petrol and matches to an habitual arsonist. No good can come of it.
There’s many similar sites too, last night I looked at booking a flight through a site onthebeach.co.uk – however when I got to the card number input page I was alarmed that it is not https – a quick google of them then found that their conditions, which you have to agree to, allow them to vary the amount they have said they will charge you – how do they get away with that? Natch, didn’t book with them but feel sorry for others who do fall for it.
"I was alarmed that it is not https"
Ideally the form should be SSL but the form handler may have been called via SSL - so when the data was posted it could have been 'secure'.
"allow them to vary the amount they have said they will charge you"
There are cases when this would be reasonable but ideally they should quote a maximum figure - but could charge less. For example you buy some bananas online from Tesco.com - you ask for 2kg but it might be 1.9kg or 2.1kg - they should supply 1.9kg and charge a bit less than stated.
"Ideally the form should be SSL but the form handler may have been called via SSL - so when the data was posted it could have been 'secure'."
The form has to be loaded from a secure location too, or you don't know where it will be posted to.
I.e. if the form was not rendered from an HTTPS connection, it could be modified in transit and a script inserted to redirect the POST to a site controlled the attacker, which proxies it.
The comment above has been down-voted but should not be, the information is correct. It is very important to note that you should ensure the page the contains the form has been downloaded over SSL also and not just the page to which the form will post.
An man in the middle attacker can alter the action value (immediately visible using debugging tools or view source) or inject a script that hijacks the post event of the form (much harder to identify) and send the secure information in the form elsewhere. SSL stops the form from being modified and passed on. A man in the middle attacker can decrypt the form and modify it but will not then be able to re-encrypt the form to relay it to the victim.
Always check that the form you are filling is on a page that is SSL secured with a trusted certificate to prevent eavesdroppers.
> the information is correct
Technically, it's incorrect.
If you have received the form via HTTP, it *might* not be the form you wanted. Nevertheless, you now have the form, and you *can* know where it will be submitting its data.
Having said that, I'm still loath to submit *any* form including personal data that isn't entirely over HTTPS. This site is one of the very few exceptions. And that's primarily because ElReg knows very little about me...
Vic.
If they've cost me 50k, then damn straight I would, given half the chance.
Morals are one thing. Living in the gutter because you left your PC unlocked and didn't use an available way of escaping the situation is another.
It's not like you get bad karma for extracting money from a bookie either; It's not like you're robbing a nun.
This post has been deleted by its author
Checking a box and saying I agree to the terms of use of your website is not a contract is it? After all, nothing has been signed. You could even argue that for most people, checking the box and clicking the button is just a hurdle to jump over to do the thing that you actually wanted to do with the site.
Same goes for EULAs.
It depends on the context. IANAL but I know you don't need a signature to form a contract. Sure it *helps* as it can be used to demonstrate a party was there, but it's not essential. The city of London processes billions of pounds a year on traders words (verbal contracts).
Assuming the transaction is simple, and fair, then checking a box and clicking "proceed" is enough. However, as alluded to earlier, the OFT has ruled that websites can't rely exclusively on the checked-box approach, if a transaction is complex or has complicated T&Cs.
> Is ticking a box and clicking a button signing a contract?
The answer, as ever, is "it depends".
The last time I was in court on a contract dispute, the defendant was quite surprised that his mutterings could be - and were - considered a legal contract.
The plaintiff was even more surprised to find that he couldn't just assert his own terms and definitions onto said contract, and downright stupefied when the judge dismissed his case because he'd already got far more than he'd paid for :-)
Vic.
[I was neither plaintiff not defendant in the above. But I was working for one side...]
In English law at least to form a contract you need an "offer", an "acceptance" and "consideration". Offer and acceptance are what you would expect them to be though acceptance has to be unconditional. Consideration is an item of value to which the other party is not already entitled. Paying the money is what sets your agreement to the terms not scribbling your name anywhere. What's really interesting is that with most software you're agreeing to the EULA (by purchasing) before you have had the opportunity to see the terms, but that's another argument all together...
Verbal contracts (which are not written down anywhere) are common (ever bought bananas off a market stall and not gotten a receipt?) and can be enforced where it is possible to prove a contract exists by other means. It is however difficult to make specific terms stick when they are not written down anywhere.
[This post comes with the condition that it is over simplified to facilitate clarity. The poster accepts no responsibility for the ommision of detail which readers may be interested in or have an opinion on. By reading this comment you accept this condition in full.]
Makes me wonder if the same "you are liable for everything" clause in the Chip and PIN contracts are similarly unfair under the same law. The different being that with C&P you allegedly have to put a PIN in each time, although it has been proved that (a) the criminals have subverted the readers so they can get that information and (b) there is another way where you can use a C&P system and not be asked for a PIN at all, but still be recorded as having been authenticated with a PIN.
Since the banks have no way of proving its you at the merchants terminal, it seems that making you liable for all C&P transactions is unfair.
Dear Online betting company,
Last week I was using your website to play online poker, I won 10 hands, however by the end of the evening my account was £10,000 in the red.
I can only assume that every time I got up to dance around the house celebrating after winning a hand, my mischevious cat would walk across the keyboard of my computer causing it to make outrageous losing bets on subsequent hands until I returned.
Obviously I'm not liable for these losses because the cat was using my account at the time. Therefore if you could remove all the debts owed and credit me for the hands won I would be very grateful.
Yours....
Suppose the price of coffee in Brazil or whatever had moved the other way and this budding e-billionaire had made a £50K PROFIT in a couple of clicks. What would we be thining then? Would they be so anxious to find a loophole then? Certainly the taxman would be interested in him.
What seems to have been omitted so far is the slight detail that Spreadex forces a logout on all users at 4am every day...so for three days that sprog was also managing to log in to the account...navigate to the commodities section only (ignoring Forex and Indices and Shares and so forth) and then made multiple commodity trades on three popular and volatile products.
Boy genius. He'll go far in the City.
Alternatively, he made the whole loss in the first few hours and it was not until the account owner returned three days later and checked his account that he discovered what had happened.
A guess - I haven't seen any details online but would be interested if there is a fuller description somewhere.
Interesting. Might have to look into this aspect of the law myself:
I've just received an email from Interactive Investor, telling me they're introducing a quarterly fee on their shares ISA accounts.
On the FAQs on their website, they state that if you don't accept this and want to transfer your shares out, "The standard transfer charges will apply". The puzzled account holder wondering where charges for transferring out shares have suddenly come from, can find out on the following FAQ:
I didn't agree to any transfer out charges
When we moved your account from our previous supplier, you agreed to the terms and conditions of the service. The charges for the service are part of the terms and conditions and are clearly stated on our website.
Sounds like an equally dishonest bit of contract-based wool-pulling-over of eyes to me.
You ought to have a pretty good chance of winning that. Unless they flagged up that there was a material change to their policies, and allowed you to back out. And that means telling you specifically about the clauses in the new Ts&Cs that disadvantage you, not burying them on page 23.
Also, unless the charges are more than £3k (or has it gone up to £5k now?), you can use small claims court, which means no lawyers, no costs, and only a £10 fee.
I'm not a lawyer. And who knows what an individual magistrate will rule. But liability is limited to the court fee, which you lose automatically. And if they're changing your contract terms to something not in your favour, you're supposed to be able to get out of it penalty-free. Which ought to have applied to the previous change of terms, as well as this one. With clear warnings of what you were signing up for.
You can't put anything you want in a contract get someone to sign it and it becomes binding unless you are living in some libertarian hellhole.
I worked for a company once that put in its contract we are in no way liable for anything if we screw up in anyway, strangely enough this company did screw up cost a clients lots of money tried to use the contract to defend itself and the judge basically ripped it up
This isn't just an online thing.
Many years ago my girlfriends 5 year old got hold of my bank account number, went down to the local branch and took out a loan for £50K. Walked out of the bank with a big bag of cash, straight into the bookies next door and blew the lot on a greyhound because it was named after a cartoon character. Lost it all.
Apparently I was liable because the kid new my mother's maiden name.
Seriously, in the analogue world, is there any conceivable way a 5 year old could lose £50K of somebody else's money? If a company has a system which allows that to happen online, it is entirely their own fault imho.
To those of you who are expressing doubt that it was really the kid, Spreadex shot themselves in the foot somewhat by essentially trying to say the guy was liable anyway. Nobody was denying it was the kid (whether it actually was or not) so the court had no reason to question it, and in part the verdict was based on the undisputed fact that it was the kid. Serves them right.
Punter with the losses only has to pay half to the bookie. The other half goes to the government.
Punter offering the services only has to right of half the losses, but has to pay an equal amount to the government.
Problem sorted.