Techdirt. Stories about "path"

Techdirt. Stories about "path" Easily digestible tech news... http://www.techdirt.com/ en-us Techdirt. Stories about "path"http://www.techdirt.com/images/td-88x31.gifhttp://www.techdirt.com/ Fri, 1 Feb 2013 16:22:31 PST FTC Still Seems More Interested In Making Headlines Than Really Protecting Privacy Mike Masnick http://www.techdirt.com/articles/20130201/13143921857/ftc-still-seems-more-interested-making-headlines-than-really-protecting-privacy.shtml http://www.techdirt.com/articles/20130201/13143921857/ftc-still-seems-more-interested-making-headlines-than-really-protecting-privacy.shtml announcing a high profile "settlement" with social networking startup Path. You might think that this is entirely about the news that came out a year ago, about Path uploading entire user address books to its server. If you don't recall, that story got a lot of press coverage. Basically, Path, like tons of social networks and mobile apps, had a feature which was "see if your existing friends already use this app and connect to them." But, to do that, it needed to know who your friends are. The process it used to do this was to upload your address book in the background and then compare it to their user base. This was, certainly, a somewhat questionable practice on privacy grounds, but it was something that lots of companies did, because it was a simple way to use the "find your friends" feature.

Of course, as soon as the story about Path went viral, most companies who were doing this very, very quickly dropped the practice, and figured out other, less privacy-invasive ways to connect you to your friends. That's a good thing. So, does the company need to be punished? It seems like negative publicity and the market took care of everything.

Well... if you look at the details of the Path "settlement," it wasn't even really about that issue at all. Yes, Path agreed to have outside privacy audits for the next 20 years (which is the FTC's go to "punishment" plan), but the hyped up $800,000 payment actually had nothing whatsoever to do with the uploading address books. Instead, it dealt with a different issue. During the investigation, the FTC also found that Path likely violated COPPA, the silly and misguided law that basically means most sites put in their terms that they don't allow anyone under 13 to use it. Of course, in practice this has significant unintended consequences, including not letting perfectly reasonable services be available to kids and (more likely) parents teaching their kids to lie about their age.

It turned out that for a brief period of time, Path did not exactly follow the COPPA rules, and actually let a few thousand kids under the age of 13 sign up. So, they may have violated the rule. But... Path had discovered and fixed this well before the FTC investigation began. The company claims it was just an oversight that their system did not automatically reject users under the age of 13.

So... the company made a mistake, caught it and fixed it, without having the FTC get involved at all. And there's no evidence, at all, that it misused the data it collected here. And yet it needs to pay $800,000? Why? For a big company, $800,000 may be small beans, but for a startup, that's significant money.

Oh, and even more bizarre: as noted earlier, lots of companies did similar things to Path, but the FTC only went after Path. When asked why they only went after Path, outgoing FTC boss Jon Leibowitz gave a non-answer, saying that they're just a small agency and so they have to "pick and choose which malefactors you want to go after." So they chose the one most likely to create headlines -- and forced them to cough up $800,000 over a "violation" that was the result of an accident, which the company had already discovered and fixed, and for which no abuse was found. That doesn't seem like good policy. It seems like vindictive choices by the FTC focused on the maximum potential to create headlines, rather than actually protect people's privacy.

Permalink | Comments | Email This Story
]]> picking-on-the-headline-winners http://www.techdirt.com/comment_rss.php?sid=20130201/13143921857 Fri, 26 Oct 2012 12:43:31 PDT Privacy Case May Come Down To Whether It Costs $12k To Uninstall An iPhone App Mike Masnick http://www.techdirt.com/blog/wireless/articles/20121023/17263220804/privacy-case-may-come-down-to-whether-it-costs-12k-to-uninstall-iphone-app.shtml http://www.techdirt.com/blog/wireless/articles/20121023/17263220804/privacy-case-may-come-down-to-whether-it-costs-12k-to-uninstall-iphone-app.shtml reluctant to allow lawsuits against companies who leak private data, when there's no evidence that the leaked data was used to create harm. The courts have more or less said, no harm, no broken laws. So it seemed likely that the class action lawsuit against software startup Path, for uploading a user's address book, wasn't likely to have much of a chance in court. As you may recall, earlier this year, there was a tremendous hubbub when some people realized that in order to use a "find your friends" feature, it uploaded a user's entire address book to a server. The reality is that many apps did exactly the same thing, because it made the process much easier. However, you can see why people would be quite annoyed and upset about a service grabbing their entire address book, without making it explicit that was about to happen.

Regardless, the lawsuits against Path and others didn't seem likely to have much of a chance -- but in one of the main cases against Path, the plaintiff who is trying to do a class action lawsuit came up with a way to try to show "harm," claiming that it would cost him $12,250 to hire someone to remove the Path app (though he never claimed to have actually paid that). Path responded by noting that deleting its app is "a simple act requiring no more than two swipes of his finger on his phone," and suggesting that the $12,250 is completely and totally bogus. The judge, however, is letting the case proceed, noting that at this stage of the game, it has to accept the $12,250 as true, and Path can push back on the validity of the statement later in the process.

The ruling does dismiss (while leaving open the possibility of amendment) a bunch of the claims, showing that the plaintiff, Oscar Hernandez, really tried to throw the kitchen sink at Path -- with a bunch of claims that made no sense at all. So it throws out the claim of wiretapping (no communications intercepted), the "Stored Communications Act" claim (no communications service or electronic storage as defined in the act is present), "Invasion of Privacy" under California state law (fails again for a lack of interception), "public disclosure of private facts" (nothing was publicly disclosed, so...), and trespass (he failed to show "significant impairment" as required by the law). On other points the motion to dismiss was denied, but on the whole, it seems likely that Path is going to win this case in the end. I'm just amazed at the $12,250 claim as an attempt to show "harm." They may have gotten away with it so far, but would a court really allow such a bogus claim to stand? Eventually, it's going to be shown that removing Path from an iPhone is ridiculously simple.

Permalink | Comments | Email This Story
]]> two-swipes http://www.techdirt.com/comment_rss.php?sid=20121023/17263220804 Tue, 20 Mar 2012 15:46:34 PDT Tons Of Companies Sued In Class Action Lawsuit Over Uploading Phone Addressbooks Mike Masnick http://www.techdirt.com/articles/20120316/00561518126/tons-companies-sued-class-action-lawsuit-over-uploading-phone-addressbooks.shtml http://www.techdirt.com/articles/20120316/00561518126/tons-companies-sued-class-action-lawsuit-over-uploading-phone-addressbooks.shtml uploading your entire address book to its servers. The company apologized and deleted all the data. Of course, pretty quickly, people realized that lots of apps do this, if you allow the app to search your address book to see who else you know is already using the service. The way they do this is to upload your address book. I would have thought this was, well, obvious, but not everyone seemed to think so (it's also why I never use that feature). Either way, lots of apps quickly changed either how they work or how they explain what happens with that feature.

But, of course, in our litigious society, that's not going to stop the class action lawsuits from being filed. In a 152 page document, a class action lawsuit has been filed against pretty much every big name company in the space:

Path, Inc., Twitter, Inc., Apple, Inc., Facebook, Inc., Beluga, Inc. ., Yelp! Inc., Burbn, Inc., Instagram, Inc., Foursquare Labs, Inc., Gowalla Incorporated, Foodspotting, Inc., Hipster, Inc., LinkedIn Corporation, Rovio Mobile Oy, ZeptoLab UK Limited aka ZeptoLab, Chillingo Ltd., Electronic Arts Inc., and Kik Interactive, Inc.,

The lawsuit kicks off by quoting Robert Fulghum's "All I really Need to Know I Learned In Kindergarten," saying, "Don't take things that aren't yours." Of course, as with many such class actions, this one is all about getting the lawyers paid. This isn't to say that I think the actions in uploading the address books were ok, but worth a lawsuit? Seems a bit extreme. It seems that the public pressure about all of this has caused pretty much all of these companies to change how they work, and it's unlikely any real significant "harm" came from this.

Permalink | Comments | Email This Story
]]> class-actions-in-action http://www.techdirt.com/comment_rss.php?sid=20120316/00561518126