November 2017,  OneVoice CSDA Newsletter

EULA – It’s Time to Read Them

By Michael Menz, Director, Hewlett Packard Enterprise, eDiscovery, Investigations & Forensic

Let’s talk about EULAs, clicking agreements without reading them, and what to do when you become a victim.  EULA—it’s not a foreign name—it means End User License Agreement. This is the contract between you and the owner of the service, program, or app you are about to use. An example of this is the Equifax hack that occurred and their 7200-word EULA you must agree to if you want the free credit monitoring. When I looked at the agreement, it included that you agree to arbitration, you cannot take part in a lawsuit or receive payment in a class action lawsuit, and the monitoring is only for one year. Do you really want to give up your rights just for a year of monitoring?

Another example is downloading an iPhone app where the EULA states that you agree to let them monitor your cell phone text messages, GPS tracking, and calling record forever, even if you stop using the app! We must read these EULAs. Most people just keep clicking “Agree” out of habit without even reading them.

Here’s another example of which most of us were probably not even aware—you plug your cell phone to charge in a rented vehicle and the screen displays an agreement window as it starts playing the music from your cell phone storage. Most people click it thinking it’s about the music when it may also include permission to download your call lists, contacts, and text messages—YIKES! (I will explain more about that in a future article.) Always read the language in the EULA—don’t just agree.

Time now to talk Equifax. You do not have to pay for credit monitoring. There are free services like If you want to have help keeping track of your credit card accounts and finances, there are other free services like Remember, after a major breach like the Equifax incident, change all of your passwords on all the sites you use. Change the challenge questions answers also. Sometimes the bad guys will wait 6 months to a year before using the information they have obtained. They will research you and try banking and finance sites to see if you had similar names for other accounts. They’ll try your password and then request a new one using the challenge question from the hacked site because they know people normally use the same answers.

If you want to avoid being taken advantage of, read the EULA before agreeing. Once there is a breach, change ALL your passwords and challenge questions/answers. This is the best way to avoid becoming a victim. In the next article, we will further discuss rental cars, cell phone charging stations, and your cellular phone.

Return to Newsletter