Privacy Case May Come Down To Whether It Costs $12k To Uninstall An iPhone App

from the two-swipes dept

For many years, we've noted that courts have been very, very reluctant to allow lawsuits against companies who leak private data, when there's no evidence that the leaked data was used to create harm. The courts have more or less said, no harm, no broken laws. So it seemed likely that the class action lawsuit against software startup Path, for uploading a user's address book, wasn't likely to have much of a chance in court. As you may recall, earlier this year, there was a tremendous hubbub when some people realized that in order to use a "find your friends" feature, it uploaded a user's entire address book to a server. The reality is that many apps did exactly the same thing, because it made the process much easier. However, you can see why people would be quite annoyed and upset about a service grabbing their entire address book, without making it explicit that was about to happen.

Regardless, the lawsuits against Path and others didn't seem likely to have much of a chance -- but in one of the main cases against Path, the plaintiff who is trying to do a class action lawsuit came up with a way to try to show "harm," claiming that it would cost him $12,250 to hire someone to remove the Path app (though he never claimed to have actually paid that). Path responded by noting that deleting its app is "a simple act requiring no more than two swipes of his finger on his phone," and suggesting that the $12,250 is completely and totally bogus. The judge, however, is letting the case proceed, noting that at this stage of the game, it has to accept the $12,250 as true, and Path can push back on the validity of the statement later in the process.

The ruling does dismiss (while leaving open the possibility of amendment) a bunch of the claims, showing that the plaintiff, Oscar Hernandez, really tried to throw the kitchen sink at Path -- with a bunch of claims that made no sense at all. So it throws out the claim of wiretapping (no communications intercepted), the "Stored Communications Act" claim (no communications service or electronic storage as defined in the act is present), "Invasion of Privacy" under California state law (fails again for a lack of interception), "public disclosure of private facts" (nothing was publicly disclosed, so...), and trespass (he failed to show "significant impairment" as required by the law). On other points the motion to dismiss was denied, but on the whole, it seems likely that Path is going to win this case in the end. I'm just amazed at the $12,250 claim as an attempt to show "harm." They may have gotten away with it so far, but would a court really allow such a bogus claim to stand? Eventually, it's going to be shown that removing Path from an iPhone is ridiculously simple.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    :Lobo Santo (profile), Oct 26th, 2012 @ 12:55pm

    Economics

    For those lawyers who may be inept/faithful enough to believe such tripe: I will perform the process in question for the bargain price of only $5000.

    For non-lawyers, $20.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 26th, 2012 @ 1:23pm

    For twelve grand he could buy thirty six brand spankin' new iPhones without ANY apps installed. What a crock.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Oct 26th, 2012 @ 1:29pm

      Re:

      The real crock is that companies are allowed to siphon off and use your personal data wholesale without telling you, and there's not a thing you can do about it.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        :Lobo Santo (profile), Oct 26th, 2012 @ 1:35pm

        Re: Re: Mirrors

        Let's just state that in reverse:

        The real crock is people choose to install an app which has the permissions clearly defined and then they complain/sue about it.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), Oct 26th, 2012 @ 1:45pm

          Re: Re: Re: Mirrors

          It's a good point, but...

          The permission disclosure thing is poorly done and leads people to ignore them. Apps often require permissions for things that imply they do things they don't really do, and so people are encouraged to basically ignore them. It's a bit like EULAs.

          Not saying that's right or wise (I assume that all apps are going to try to access everything, so I firewall them off anyway), but it is understandable.

          So, it seems to me like it's a crock all around.

          It's a tough position. Apps should have an obligation to tell you what data they're accessing and what they're going to do with it, and we should have some sort of recourse when they do other than what they said. But if wishes were ponies...

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            :Lobo Santo (profile), Oct 26th, 2012 @ 1:49pm

            Re: Re: Re: Re: Mirrors

            ...we'd be eating steaks.

            Yeah. I'm not even arguing either side, the blame clearly lay in all directions. It's sad, but likely it's not going to be uncommon.

             

            reply to this | link to this | view in chronology ]

        •  
          icon
          Jesse (profile), Oct 27th, 2012 @ 10:06am

          Re: Re: Re: Mirrors

          I would say the real crock is that you can't sue a company without showing real harm, but the same cannot be said in reverse.

          Take for example copyright lawsuits.

           

          reply to this | link to this | view in chronology ]

  •  
    icon
    Tech42 (profile), Oct 26th, 2012 @ 1:25pm

    Plaintiff estimated the wrong cost

    The real cost item would be in ensuring that once the app had been removed, the address book information was also removed from Path's possession.
    Hiring the people necessary to sift through their electronic and paper storage systems as well as ensuring that no off-site backups contained the information would cost far more than $12,250.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Chargone (profile), Oct 26th, 2012 @ 1:29pm

      Re: Plaintiff estimated the wrong cost

      also: making sure that removing it actually REMOVED it. never really having bothered with Apple's stuff, i don't know how big of a deal this is, but i know Windows is absolutely Terrible about leaving random fragments of things behind when they've supposedly been 'removed' (and they're often in all sorts of strange places, so kind of hard to kill.) ... so, you know, there's that.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    out_of_the_blue, Oct 26th, 2012 @ 1:38pm

    Be interesting to see how he avoids perjury & frivolous.

    I'd bet that's why the judge let it proceed, to hang the fool what makes such claims. As way over cost of replacing entire phone and service contract, it's insupportable.

    However, this is part of MIke's "where's the harm?" series. Where's the harm, of, oh, corporate survey people walking into your house at random hours and just looking around to inventory what products you use? -- It's simply not consistent with privacy and peace of mind, and corporations don't have ANY rights to your personal data, should be required to get explicit permission. (Yeah, maybe not so much here, but Google? You betcha. Even their "opt-out" just marks you as a trouble-maker.)

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Oct 26th, 2012 @ 1:48pm

      Re: Be interesting to see how he avoids perjury & frivolous.

      You do understand that it's the courts, not Mike, who claim there's no harm. I suspect because to a court harm == material or financial damages, but to real people harm means being harmed.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Baldaur Regis (profile), Oct 26th, 2012 @ 1:44pm

    I'm getting pretty tired reading legal documents whose sole purpose is to elicit the question "How much is it going to cost me to make you go away?"

    Know what I like about muggers? They're terse. "Give me your fucking money." Simple, concise and they don't make me read 50 pages of crap before taking my money.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 26th, 2012 @ 2:19pm

    What if they were claiming it would cost them $12k to verify that this company had no remaining copies of their data?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    The Amazing Sammy (profile), Oct 26th, 2012 @ 4:24pm

    Depends...

    The real question is, if an app is installed on your machine, and the creator of the app is crazy enough to do this... how, as a user do you know that the app is really gone? And the answer is... hire a $12,000 consultant to scan your phone and make certain. There's really no other way to know. I would use the word "bogus" with care.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      G Thompson (profile), Oct 26th, 2012 @ 10:12pm

      Re: Depends...

      Actually I can already tell you that if an app is removed (deleted) from an iPhone/Pod/Pad from version 4 onwards the app executable code could be deleted but the underlying links, logs, user specific database, are very very rarely deleted (and logs never).

      In fact some apps NEVER delete themselves instead they disable themselves. Then you have the iTunes backup system where the app you deleted is most likely still residing in your backup (and other places) in your PC so that it is easy to re-install or be installed at the whim of Apple's weird "the user always makes mistakes about what they do or don't want to do" recovery engine.

      For someone to forensically go through all the devices above that this app might have infected..oops been installed on... would be a lot more than $12000US, especially if that analysis was to be for purposes of evidence in a court case.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous C, Oct 27th, 2012 @ 4:06pm

        Re: Re: Depends...

        Yes, because we all know that if the user saves a backup of an app, it's the software developers fault. Get a grip. Shit like this makes me not even want to develop anymore, way too much lawsuits getting in the way of innovation.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 26th, 2012 @ 6:05pm

    How much will it cost to remove the address book from the servers it was uploaded to?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 26th, 2012 @ 6:06pm

    SIGH, nobody cares, at all.. This site blows..

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This