What the Stormy Daniels Lawsuit Means for Clickwrap Contracts

Adult film actress Stephanie Clifford, aka “Stormy Daniels,” aka Penelope Peterson, has filed a lawsuit in Los Angeles Superior Court seeking the court declare that her Nondisclosure Agreement with David Dennison—aka Donald Trump, aka the Commander in Chief—is null and void. While Clifford (through counsel) alleges that the contract is not-binding because (a) it was not signed by Mr. Trump; and (b) Trump’s lawyer has already abrogated the agreement by publicly discussing both the agreement and the underlying matters, Trump’s lawyer apparently sought an injunction from an arbitrator ordering Clifford to continue to honor the agreement in the interim. So instead of following the arbiter’s direction, Clifford filed the lawsuit.

Who cares?

I mean, it’s all interesting in a sort of scandal-mongering sort of way, but from a legal perspective, does it matter that Donald Trump did not personally sign the agreement? I mean, Stephanie Clifford was paid to keep silent and she received the money. Does it matter that one “party” didn’t sign the agreement?

Ordinarily, no. That is, if the only thing Trump was required to do was to pony up the money, he “agreed” to the contract (or at least, fulfilled his obligations under it) by causing or allowing the money to be paid. If he didn’t pay the money, Clifford could argue breach of contract, breach of quasi contract, equitable estoppel, promissory estoppel, detrimental reliance or a bunch of other things dragged from a first-year law school textbook. But he paid (or his lawyer did). Enough said, right?

Not quite.

You see, the agreement called not only for Clifford to be paid, and to keep quiet, but also to arbitrate any disputes that arose out of the contract. Arbitration clauses, made enforceable (usually) under the Federal Arbitration Act, permits parties to, instead of going to court, informally settle their disputes through a non-judicial mechanism called arbitration. The parties select a relatively impartial arbitrator, present facts, witnesses and testimony and ask for a ruling. The parties agree to be bound by whatever the arbitrator says. Faster, cheaper and much more efficient than relying on people in robes appointed for life by the president, or other people in robes elected by or appointed by state representatives.

In a landmark case called ATT Mobility v. Concepcion, the Supreme Court ruled that a person who bought a “free” cell phone from AT&T, but was charged $35 in tax for that phone could not assert that he was deceived in court, but was required to arbitrate the claim under the Federal Arbitration Act because of terms in a website clickwrap agreement he never saw or signed, but which he had the opportunity to review.

Companies love arbitration agreements. First, arbitrators only get paid if they get selected, and a company such as AT&T that may have thousands of arbitrations can effectively blackball any arbitrators they think are likely to rule against them. So, to some extent, you get to pick your judge. Second, in many cases the customer has to pay a fee to get the “right” to arbitrate—a fee they may or may not get back, even if they win. Third, there is very limited right to pretrial discovery in arbitration, and since a plaintiff (complaining person) wants to get information from a defendant, the lack of discovery generally favors entities that are likely to be sued, rather than those who sue. Finally, each individual case has to be separately arbitrated—so if AT&T defrauds 10,000 people out of $35 each, that means that each person has to care enough about the damn 35 bucks to initiate an arbitration and prove fraud. Each arbitration is separate, no one arbitrator is required to follow the rulings of the other arbitrators and if you win (or lose) there’s no public record of the event. They are secret, private rulings.

Come to think of it, maybe that’s another reason that Trumps lawyers insisted on arbitration.

Here’s where things get messy. The Supreme Court said that parties that agree to arbitration can’t get access to the courts. They signed away those rights. And that arbitration agreements are generally enforceable. But there are exceptions. If the underlying contract that contains the arbitration agreement is not enforceable, then the arbitration provision is not enforceable. If, for example, the contract was induced by fraud, undue influence, deception or violated public policy etc., neither the contract nor the arbitration provision would be enforceable. In addition, and here’s the kicker, in many jurisdiction (including California) for an arbitration provision to be enforceable, it has to be mutual—both parties have to agree to arbitration. It would be unfair to require you to submit to arbitration while AT&T can sue your butt. Right?

But Trump didn’t sign. Which means, he could argue that he is not bound to arbitrate. Which means that the arbitration agreement doesn’t bind him. Which means the arbitration agreement doesn’t bind her. Which means she can sue. Are you following me here? It doesn’t mean that the NDA is unenforceable, just possibly that the arbitration agreement isn’t.

Online companies rely on clickwrap arbitration agreements all the time. You buy a widget at Amazon, you agree to arbitration. Use Google Fiber? Arbitrate disputes.  Having problems with your Uber driver (or are an Uber driver having problems with the company?) Arbitrate.

Most of these arbitration agreements require—at least on their face—both parties to arbitrate any disputes that arise out of the agreement. So they look “mutual.” You “sign” the agreement when you visit the website, or when you fail to visit the website. Or when you sign up for the service. Or when you download the software, use the service, view the page or drive by the office. Presumably, they agree to their own arbitration clause cause—well, because they wrote it—although there have been a number of cases where entities have sought to escape liability under their own agreements stating that they aren’t really “contracts” so much as an informal “policy.”

The problem is, if you are hired by a high-tech company that agrees to arbitrate disputes and then fired for slacking, for example, you might be able to force them into arbitration if you assert discrimination for a protected reason. But you are still an at will employee, so they don’t have to do anything (no arbitration) before firing you. If you buy a phone and have a complaint about service, you have to arbitrate that complaint, but if they think you haven’t paid the bill, or are using the phone improperly, they just cut you off without arbitration. If the Software License Agreement has a kill switch, the developer can kill the software (or ensure that it won’t run) even though “disputes” have to be arbitrated. So it looks like a mutual agreement, even though it’s not.

While the lack of mutuality in the Stormy Daniels case arose out of the failure (deliberate or otherwise) of Trump to sign the agreement, lack of true mutuality may arise in other circumstances as well. The U.S. Supreme Court is this term considering a trio of cases about the enforceability of arbitration agreements in various contexts. We will have to see what they do.
Just remember, the law here is unsettled. So buckle yourself in, it’s going to be a bumpy—no, Stormy—ride.

Featured eBook
Securing the Code: DevOps Security and AppSec

Securing the Code: DevOps Security and AppSec

DevSecOps represents a fundamental shift from the status quo by making security a much more collaborative effort. Applications are the business in this digital age. Securing the applications that drive your business is essential to providing safe digital experiences to your entire business ecosystem. With DevSecOps, security is automated and integrated into the development process. Security ... Read More
DevOps.com
Mark Rasch

Mark Rasch

Mark Rasch is a lawyer and computer security and privacy expert in Bethesda, Maryland. where he helps develop strategy and messaging for the Information Security team. Rasch’s career spans more than 25 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. He is trained as a lawyer and was the Chief Security Evangelist for Verizon Enterprise Solutions (VES). He is recognized author of numerous security- and privacy-related articles. Prior to joining Verizon, he taught courses in cybersecurity, law, policy and technology at various colleges and Universities including the University of Maryland, George Mason University, Georgetown University, and the American University School of law and was active with the American Bar Association’s Privacy and Cybersecurity Committees and the Computers, Freedom and Privacy Conference. Rasch had worked as cyberlaw editor for SecurityCurrent.com, as Chief Privacy Officer for SAIC, and as Director or Managing Director at various information security consulting companies, including CSC, FTI Consulting, Solutionary, Predictive Systems, and Global Integrity Corp. Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division. He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris. Prior to joining Verizon, Mark was a frequent commentator in the media on issues related to information security, appearing on BBC, CBC, Fox News, CNN, NBC News, ABC News, the New York Times, the Wall Street Journal and many other outlets.

mark has 27 posts and counting.See all posts by mark