Law is contributing to an information security paradox. Consumers are regularly “consenting” to the installation of computer code that makes them more vulnerable to harms such as identity theft. In particular, digital rights management technology accompanying digital music has recently left a wake of compromised user machines. Using the case study of security-invasive digital rights management technology, this article argues that a fundamental tension exists among intellectual property law, computer intrusion law and contract law regarding meaningful consumer consent in digital contexts. This article proposes to ease the noise in consent doctrine through creating an objective “reasonable digital consumer” standard based on empirical testing of real consumers. In a manner similar to the way in which courts empirically assess actual consumer confusion in trademark law, the primary vehicle of digital consent, digital user agreements, can be tested for legal usability. Specifically, a particular digital agreement would be deemed to withstand an unconscionability challenge only to the extent that a drafter can demonstrate that a “reasonable digital consumer” is capable of meaningfully understanding its terms and presentation. The proposed empirical reasonable digital consumer standard strikes a successful balance between customization and standardization by using the real understandings of users; it also allows for evolution of these understandings over time, as users’ familiarity with technology and technology itself advances.


Computer Law | Consumer Protection Law | Contracts | Criminal Law | Criminal Procedure | Intellectual Property Law | Internet Law | Law | Law and Society | Science and Technology Law

Date of this Version

August 2006