Equifax and Arbitration

by Scott Nelson    

As Jeff noted earlier this morning, Equifax's offer of "complimentary" enrollment in "TrustedID Premier" to people potentially affected (and even people that it doesn't identify as potentially affected) by its data breach came with a catch: The TrustedID Premier terms and conditions include an arbitration clause and class action ban.

The terms require arbitration of claims relating to the agreement for TrustedID services and the products offered under that agreement (which include credit reports, credit monitoring, and identity theft insurance). Just how broadly that provision might extend is uncertain. As Justice Scalia once observed, everything relates to everything else. The provision's potential breadth immediately provoked concern (expressed here by Paul Bland) that Equifax might be intending to use it to squelch not only class actions aimed at the provision of the TrustedID services, but also cases aimed at imposing liability on Equifax for the underlying data breach.

Who knows what Equifax's original motives were, but it has now added to its "FAQ" page for consumers a statement that the arbitration provisions in the TrustedID terms don't apply to claims relating to the underlying data breach: "The arbitration clause and class action wavier included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident."

It would have been outrageous for Equifax to take any other position, but that hasn't stopped other companies from relying on arbitration agreements to squelch legitimate claims (see Wells Fargo). So Equifax's clarification (or perhaps its second thoughts) are at least a step in the right direction.

But the TrustedID terms are still problematic in and of themselves. Not only do they bar arbitration and class actions over the services Equifax is offering to the victims of its data breach, but they also purport to immunize the company against liability if it provides those services negligently. How much faith should consumers place in services offered by the company when the company won't even commit to performing those services competently, and when it insists they waive their right to sue it if it ends up compounding their problems?

The Equifax Data Breach and How Equifax is Stealthily Using Arbitration to Defeat Claims by Injured Consumers

by Jeff Sovern

Scott posted yesterday about the Equifax data breach, which may end up being as significant a consumer scandal as the Wells Fargo unauthorized account fiasco.  As has been pointed out elsewhere, the disclosure of the Equifax announcement is extraordinary, coming on the same day Congress considered a bill to limit damages against credit reporting agencies--like Equifax (Allison posted on the hearing yesterday). Scott's post included a link to the Equifax web site that enables people to determine if they are affected by the Equifax breach. But there' s one problem: the Equifax web site includes an arbitration clause with a class action waiver.  It looks like (as Paul Bland has reported) consumers signing up for the free credit monitoring may unwittingly give up their right to sue Equifax in court or in a class action--which might be the only cost-effective way to bring a claim against Equifax unless your damages from the breach are huge. Clever lawyering--but this could make a public relations fiasco even worse if they try to enforce it. Just ask Wells Fargo.  

Oops: Equifax Cyberbreach Exposes Personal Data

By Scott Nelson

The nation's three big credit-reporting companies have tremendous power over American consumers and collect the most sensitive data about us. With that great power should go great responsibility to protect that information.

Now comes news, via CNN, that one of the big three, Equifax, discovered on July 29 that between May and July of this year, cyber criminals penetrated its systems and accessed extremely sensitive personal information about American consumers (names, social security numbers, birth dates, addresses, and driver's license numbers). The breach also exposed credit card information for about 200,000 U.S. consumers. The breach affected residents of the UK and Canada as well.

According to the company, the breach "potentially" affects "approximately 143 million U.S. consumers." It's not clear from the company's statement how many of those 143 million actually had their information stolen, or even what the company means when it says they were "potentially impacted."

According to Equifax Chairman and CEO Richard Smith, "This is clearly a disappointing event for our company ...."

Not to mention for 143 million Americans.

I should add one thing: Both the CNN story and the company website link to a page where they say consumers can check to see if they're "potentially impacted." I don't have any idea if that link is actually safe. All I can say is that I tried it and it didn't tell me if I'd been "potentially impacted." More disappointment, but I guess we need to get used to that.

 

CSPI's Mike Jacobson stepping down

Center for Science in the Public Interest's longtime president, Mike Jacobson, is stepping down next week. NPR reports: "Michael Jacobson invented a new style of food activism. For four decades, he led the fight against 'junk food.'"

Read NPR's full story, which includes some interesting history about CSPI, here.

Anonymous Users’ Objection to Search Warrant Seeking to Identify Users Who Communicated with Trump Inauguration Protest Site

by Paul Alan Levy

Today we filed our brief on behalf of three anonymous Internet users who object to the breadth of the proposed orders submitted by the Government and by DreamHost, each spelling out their alternative versions of the how Chief Judge Robert Morin had articulated his ruling that enforced a narrowed search warrant commanding disclosure of files pertaining to the Trump inauguration protest web site at DisruptJ20.org. Given the constraints of the process, DreamHost properly limited its own arguments to language in the proposed orders that could be put forward as a fair implementation of decisions that Judge Morin announced at the end of last month's hearing. Our brief, however, being presented on behalf of Doe intervenors whose interests were not represented at the initial hearing, takes a step back to argue that the court should take a closer look at the government’s need to obtain emails sent by members of the public to the DisruptJ20 site. In particular, we question the constitutionality of compelled identification of the senders of such emails, as well as identifying members of the public who joined listservs to receive more information about the protests.

House passes bill exempting driverless cars from current safety standards

The House yesterday passed a bipartisan bill, called the “Self Drive Act,” addressing driverless cars.

Among other things, the bill would allow car companies to introduce as many as 100,000 such vehicles a year -- exempted from safety standards while the technology is developing. At the same time, the bill would bar states from implementing laws and safety standards governing the new technology.

USA Today reports on the bill here. The Hill has this article.

 

House holds hearing on bill to limit consumer remedies against credit reporting agencies

The House of Representatives Financial Services subcommittee is holding a hearing this morning on HR 2359, entitled the "FCRA Liability Harmonization Act," which would reduce consumer remedies for credit reporting abuses. It would impose a $500,000 cap on damages in class actions brought under the Fair Credit Reporting Act and eliminate punitive damages in individual FCRA cases.

The National Association of Consumer Advocates issued this press release opposing the bill.

Another Story About How Class Actions Help and Arbitration Hurts Consumers, Military Families

From Paul Bland in HuffPo, CFPB Rule Fight Forces Senators to Choose: Military Families or Big Banks. Excerpt:

When Gary Childress of Raleigh, North Carolina learned in July 2008 that he was being deployed to Iraq as part of his Army National Guard service, one of the things he did before reporting for duty was to contact Bank of America, where he and his wife Anne had a credit card account. He wanted to let the bank know that he was on active-duty status because under the Servicemembers Civil Relief Act or SCRA, a law passed by Congress in 2003 to reduce burdens on military families, all interest rates on debts that servicemembers owed before going on active status must be reduced to 6%. This interest rate protection was significant to the Childresses, who owed over $5000 on their Bank of America credit card with an interest rate of around 27% when Gary left for Iraq.

Bank of America began sending Anne Childress monthly statements suggesting that the interest rate on the account had been reduced to 6% as the SCRA requires. But according to a lawsuit the bank just settled in federal court in North Carolina, these statements were deceptive. In fact, the bank was actually continuing to charge a much higher interest rate. And the Childresses were not alone; the bank’s own internal audits, as well as an investigation conducted by the Office Of the Comptroller of the Currency, revealed that nearly 130,000 servicemembers and their families were affected * * *

[I]n July of 2017, [the military families] reached a settlement with Bank of America that will award nearly $30 million, after fees and expenses, to the approximately 130,000 military families who were overcharged and deceived by the bank. The cheated servicemembers will not need to file claims in order to receive compensation under the settlement; the amount owed to each class member will be calculated based on Bank of America’s records, and checks will be sent out automatically. * * *

Does the federal courts' PACER system undermine the public's constitutional right of access to court papers?

That's the issue addressed in The Price of Ignorance: The Constitutional Cost of Fees for Access to Electronic Public Court Records by Stephen Schultze. Here's the abstract:

The United States federal judiciary maintains a system called PACER, “Public Access to Court Electronic Records.” PACER is the public gateway into the electronic repository for documents filed in federal court. In lieu of appropriating funds for operating the system, Congress permitted the judiciary to collect fees. Through the web, for a per-page fee, members of the public may access documents that have traditionally been part of the free public record. The fees have persisted for decades, despite the fact that Congress intended for the judiciary to move away from user fees to a “structure in which this information is freely available to the greatest extent possible.” 

This paper argues that the federal judiciary has erected a fee structure that makes public records practically inaccessible for many members of the public and for essential democratic purposes. The per-page fee model inhibits constitutionally protected activities without promoting equally transcendent ends. Through this fee system, the judiciary collects fees at ever-increasing rates and uses much of the revenue for entirely other purposes — in an era in which the actual cost of storing and transmitting digital records asymptotically approaches zero. PACER should be free.

Paper on the Impact of Judicial vs. Nonjudicial Foreclosure on Mortgage Origination

Brian D. Feinstein a Bigelow Fellow at Chicago has written Judging Judicial Foreclosure.  Here is the abstract:

For the third time in the last several decades, policymakers are contemplating an overhaul of mortgage-finance regulations. Despite the considerable attention paid to how ex ante regulations affect the availability of credit and the appropriateness of the mortgage products that lenders offer, our understanding of how the legal framework governing foreclosures — a form of ex post borrower protection — impacts mortgage lending is incomplete. Leveraging data on loan applicants that are geographically proximate and subject to the same federal mortgage-finance regulations and nearly identical state foreclosure regimes — but for the presence or absence of a judicial foreclosure requirement — this analysis enables the identification of the independent effects of judicial-foreclosure requirements on loan approval decisions and the share of approved applicants that are offered subprime loans.

I find that lenders adopt a more conservative posture in evaluating loan applications in jurisdictions where they must haul delinquent borrowers into court. All else equal, loan applications are less likely to be approved and approved borrowers are less likely to be offered subprime loans in judicial-foreclosure states. Further, some models indicate that these results may be amplified for borrowers with lower socio-economic status, suggesting that judicial supervision of foreclosures may have tempered one of the more flagrant practices of the subprime era: providing high-rate mortgages with a greater likelihood of default to lower-income and minority borrowers. These results suggest that, in contemplating changes to the regulation of mortgage lenders, policymakers should consider state foreclosure law to be among the tools in their regulatory toolkit.