Did You Agree to Share Your Home Wi-Fi Network?
On June 6, 2021, Amazon launched, and automatically enrolled users with compatible devices into, “Sidewalk,” its new internet-sharing wireless mesh network. Sidewalk crowdsources data and bandwidth from home Wi-Fi connections via Amazon Echo smart speakers and smart displays, Ring devices, and Tile trackers. If you have these devices in your home, your internet bandwidth is likely now being shared to help other Sidewalk devices that are in range—like a neighbor’s Echo—connect to the internet.
Amazon is following the path forged by Comcast’s Xfinity unit with “xfinitywifi.” Since 2014, Xfinity customers have had access to a widespread public Wi-Fi SSID outside of their home. This public Wi-Fi network, named “xfinitywifi,” is made possible by customers accessing routers that other Xfinity customers lease from Comcast.
Despite criticism of the potential security and privacy concerns, customers are automatically enrolled in these programs without a separate contract. Most customers don’t realize they are sharing their Wi-Fi, much less of the need to opt out of it.
Automatic Opt-In Contracts
Amazon binds users of Echo, Ring, and other devices to Sidewalk’s terms with a “sign-in-wrap” agreement when they log into their account. That the consent is buried in their device contracts would surprise most users, not to mention their automatic opt-in to Wi-Fi sharing just by continuing to use their device. Similarly, many Xfinity customers are likely unaware they are sharing the Wi-Fi generated by their leased modem via the public “xfinitywifi” channel.
There is widespread concern about, and proposed legislative limitations on, automatic opt-ins that may affect the privacy of consumers’ personal information. However, there is much less discussion about whether automatic opt-in to unrelated terms in connection with an online purchase of goods or services is (or should be) enforceable.
Most online purchases of goods or services are just as legal and enforceable as traditional paper-and-ink contracts, thanks to the federal Electronic Signatures in Global and National Commerce Act (ESIGN). In addition, most states have adopted either the Uniform Electronics Transactions Act (UETA) or their own e-signature laws that confirm the legal validity of electronic signatures and contracts. (see, e.g., Colo. Rev. Stat. § 24-71.3-103). Online consumers nowadays consent to contractual terms with an electronic signature or, most commonly, by clicking an “I accept” button. Neither UETA nor ESIGN, however, provide specific guidance on the limitations of passive consent and automatic opt-ins so it is left to the courts, applying traditional contractual principles, to determine their validity and enforceability in specific situations.
Courts generally focus on whether the user had reasonable notice of the terms, actual or constructive, and the extent to which there was express assent. Some courts put the responsibility on the consumer to read and understand the terms, and accept the notion that clicking “I agree” or continuing to use the platform is binding acceptance of the terms, whether read or not. Other courts have found it unreasonable to bind a consumer to terms they were never prompted to read or, in some cases, required to read.
In Kemenosh v. Uber Techs., Inc., Uber’s rider registration screens, as viewable from the iPhone application, were not “inconspicuous but rather failed to adequately communicate” the website’s terms:
The Kemenosh court suggested that, if Uber had required the user to check a box, “I read and agree to the Terms of Service,” or even included a pop-up message, “Please read the Terms of Service before continuing,” then that might have been sufficient to form a contract with an iPhone enrollee that included the disputed terms.
Without statutory guidance on the enforceability of passive consent and automatic opt-in terms, courts are left to their own devices (pun intended) in determining whether a buried term causing automatic opt-in to an ancillary service like Sidewalk or xfinitywifi should be enforceable. Companies seeking to create valid and enforceable agreements for meaningful but unnecessary issues or for ancillary services are well advised to require the online consumer to expressly confirm review of such terms, or even to visit the terms page before allowing such consent. Notwithstanding such steps, however, online businesses should not assume the effectiveness of consumer consent to entirely distinct matters from the subject of the contract, like Sidewalk services in a Ring or Echo agreement. An enforceable agreement to such collateral terms may require a specific consent focused on those terms.
By contrast, for important but not necessarily assumed terms, like mandatory arbitration, waiver of jury trial, and limitations on damages, it seems likely that consumer confirmation of having read and accepted the terms will be sufficient in most circumstances. Online businesses should appreciate, however, that evaluating the reasonableness of such consent may consider everything from the hyperlink’s color and placement, the design elements elsewhere on the screen, the size of the print, and the language used to draw the user’s attention. In the absence of federal or uniform legislative action, these subjective standards may continue to foster inconsistency and uncertainty for businesses and consumers as to the binding effect of nonessential contractual terms in online transactions.
 Even the Washington Post, owned by Amazon Chairman and Founder Jeff Bezos, has expressed alarm about the privacy and security issues inherent in Sidewalk. https://www.washingtonpost.com/technology/2021/06/07/amazon-sidewalk-network/.
 Instructions to disable Sidewalk on Echo devices, https://www.amazon.com/gp/help/customer/display.html?nodeId=GZ4VSNFMBDHLRJUK, and Ring devices, https://support.ring.com/hc/en-us/articles/360032524592-Opting-In-and-Out-of-Sidewalk. Instructions for disabling xfinitywifi sharing, https://www.xfinity.com/support/articles/disable-xfinity-wifi-home-hotspot?view=app.
 See, e.g., https://arstechnica.com/tech-policy/2021/05/privacy-bill-would-force-big-tech-to-offer-tracking-opt-out-breach-notices/.
 15 U.S.C.S. § 7001 et seq.
 Cullinane v. Uber Techs., Inc., 893 F.3d 53 (1st Cir. 2018) (does the online agreement provide “reasonably conspicuous notice of the existence of contract terms and unambiguous manifestation of assent to those terms”); Schnabel v. Trilegiant Corp., 697 F.3d 110, 120 (2d Cir. 2012) (“where the purported assent is largely passive, the contract-formation question will often turn on whether a reasonably prudent offeree would be on notice of the term at issue”); Specht v. Netscape Communs. Corp., 306 F.3d 17, 29-30 (2d Cir. 2002) (“clicking on a download button does not communicate assent to contractual terms if the offer did not make clear to the consumer that clicking on the download button would signify assent to those terms”).
 See, e.g., Vernon v. Qwest Commc’ns Int’l, Inc., 925 F. Supp. 2d 1185, 1191 (D. Colo. 2013) (users chose to agree to the conditions, even without reading them and must “accept the consequences” of being bound); Fteja v. Facebook, Inc., 841 F. Supp. 2d 829, 839-40 (S.D.N.Y. 2012) (user had ample opportunity to review via provided hyperlink and thus assented to terms by clicking “sign in” button); Swift v. Zynga Game Network, Inc., 805 F. Supp. 2d 904, 911-12 (N.D. Cal. 2011) (user with opportunity to review terms, chose not to, and clicked “I agree” anyway had sufficient notice).
 97 F. Supp. 3d 359 (E.D.N.Y. 2015).
 No. 181102703, 2020 WL 254634 (Pa. Ct. Common Pl. Jan. 3, 2020).