Redaction Failure In FTC/Amazon Decision Inadvertently Allows Public To See Stuff It Should Have Been Able To See Anyway
from the not-even-good-enough-for-government-work dept
A court has found that Amazon engaged in deceptive practices by not obtaining “informed consent” about in-app charges, especially with apps targeted at children. The finding is perhaps unsurprising, as the world of microtransactions relies greatly on a minimum number of steps between app makers (and app purveyors like Amazon) and users’ wallets.
What’s more surprising is the opinion itself, which arrived in redacted form. Both the FTC and Amazon obviously wanted to keep parts of the opinion from being made public. The problem is that whoever handled the redaction process blew it.
Coughenor released two rulings — a complete decision, which was marked as “sealed” and a decision for the public, which was marked as “redacted.” That redacted version has large swaths of text covered with black bars, but the opinion can be read in its entirety by cutting and pasting it into another file.
The unintended consequence of this screw-up is that the public can now see what the government and Amazon wanted to prevent the public from knowing — which is exactly the sort of stuff the public should know, as Public Citizen’s Scott Michelman explains.
The redactions included a good deal of information that was central to court’s decision, including the evidence showing what Amazon officials knew and when, the FTC’s estimate of damages, the length of the injunction the FTC was seeking, and more. All of these are of great public importance to understanding what Amazon was doing, what the FTC argued to the court, and why the court ruled as it did.
It’s not as though any sort of trade secrets or confidential government techniques are hiding behind the retractions. Much of what is redacted appears to have been for the benefit of Amazon, which does not come out of this surprise un-redaction looking good.
[I]n developing its Kindle Fire tablet, Amazon identified “soccer parents” as a key target customer base, referring to them as “low-hanging fruit.” (Dkt. No. 121 at 8; see also Dkt. No. 122 at 3.)
[…]
[T]he evidence demonstrates that Amazon was aware that many customers did not understand in-app purchases when they were first implemented. In a confidential document regarding Amazon’s marketing plan for launching in-app purchases, the company acknowledged that “‘IAP’ isn’t a concept widely known by customers.” (Dkt. No. 120 at 5.) And, despite its assertion that “[c]ustomers are not looking for apps based on how much they cost,” the company was aware that customers’ top searches in selecting apps indicate that customers were seeking free apps to use. (Id. at n. 2; five of the top searches included the word “free.”) Amazon was aware that in many instances, the person initiating the in-app purchase was a child: in a document discussing company strategy to promote increases in in-app purchasing, Amazon acknowledged “the disconnect between the account owner (e.g., parent) and the app user (e.g., child).”
[…]
Moreover, regardless of its reputation for customer service, it is Amazon’s stated policy that in-app purchases are final and nonrefundable, likely discouraging much of its customer base from attempting to seek refunds in the first place. (See Dkt. No. 127 at 275.) (“Yeah, that’s the – that’s our official policy, is digital content’s not refundable.”)
[…]
Amazon has received many complaints from adults who were surprised to find themselves charged for in-app purchases made by children. By December 2011, Aaron Rubenson referred to the amount of customer complaints as “near house on fire.” (Dkt. No. 115 at 19.) Rubenson also referred to “accidental purchasing by kids” as one of two issues the company needed to solve. (Id.) Rubenson additionally stated that “we’re clearly causing problems for a large percentage of our customers.”
Also “withheld” is the FTC’s justification of its damages estimate.
Julie Miller, a lead FTC data analyst, calculated the total in-app purchase revenue and refund amounts for seven different categories: (1) orders of $20 or more in High-Risk Non-Casino apps from the earliest date available to March 25, 2012,1 (2) orders of $19.99 and below in High-Risk Non-Casino apps from the earliest date available to February 5, 2013, (3) orders of $19.99 and below in High-Risk NonCasino apps from February 6–April 30, 2013 excluding those on the “Otter” device, (4) orders of $19.99 and below in High-Risk Non-Casino apps from May 1–July 30, 2013 excluding those on the Otter device, (5) orders of $19.98 and below in High-Risk Non-Casino apps from July 31, 2013–June 3, 2014 excluding those on the Otter device, (6) orders of $19.99 and below in High-Risk Non-Casino apps from February 6–October 9, 2013 on the Otter device, and (7) orders of $0.99 and below in High-Risk Non-Casino apps from October 10, 2013 to the latest date available on the Otter device. (Id.) These categories were selected in order to omit authorized charges. This calculation gave Ms. Miller a total of charges made without authorization by password. Ms. Miller calculated $86,575,321.38 in revenue and also found that $10,060,646.48 was provided in refunds. (Dkt. No. 110 at 3.) Ms. Miller then calculated an “unauthorized charge rate,” the rate at which users failed to properly enter a password in initiating an in-app purchase as a percentage of the overall total.
Amazon’s rebuttal of the FTC’s math is redacted…
Amazon argues that Ms. Miller’s estimate is so “fundamentally flawed” as to not be able to support a finding of substantial injury. (Dkt. No. 179 at 18.) In so arguing, Amazon primarily takes issue with Ms. Miller’s calculation of an “Unauthorized charge rate.” (Id.) In dividing the number of password entry “failures” and dividing that by the total number of password prompts presented, the FTC argues that it identified a “reasonable proxy for the rate at which children would incur an in-app charge without consent . . when password entry was not required.” (Dkt. No. 184 at 18.) Amazon asserts that this rate calculation “assumes that every single password failure was an attempt by a child that would otherwise have been a completed in-app purchase.” (Dkt. No. 179 at 18.) This point is well taken: many password “failures” could have occurred because the user got distracted, changed his or her mind, or simply could not remember their password. However, it is reasonable to assume that of the group of users faced with a password prompt who ultimately failed to provide a password, many were children who, absent a password prompt, would have gone on to complete an in-app purchase.
…as is the court’s partial agreement with Amazon’s assessment of the assessment. [redacted portion in bold]
While, as discussed above, the general methods used by the FTC to reasonably approximate the damages to consumers by unauthorized in-app charges serve as a fair starting place, the Court finds that the unauthorized charge rate of 42% is too high. The Court has received Amazon’s “Adjustments to the FTC’s Estimates of Injury and Monetary Relief” (Dkt. No. 221 at 2) and invites further briefing on the issue of the scope of appropriate monetary relief.
Also redacted is the FTC’s declaration of how long it felt Amazon should remain under the government’s supervision.
The injunction sought would subject Amazon to government oversight for twenty years.
While FTC intervention has resulted in better refund policies and better notification about in-app purchases, the fact is that app makers are just as culpable as Amazon — even if it’s Amazon that will be paying the fines. There was no line of app developers at Amazon’s door demanding better protections for app users. And Amazon is hardly alone in its targeting of low-hanging soccer parent fruit. When it comes to monetization of microtransactions, the lack of purchase controls is a feature, not a bug.
Then there’s the question of whether we really want the government to be in the business of designing app store front-ends. While the concerns central to this case are valid, the best solution isn’t necessarily the FTC setting itself up as an additional middleman for in-app purchases — especially not for the next 20 years.
And, as for this opinion, it just goes to show courts are still far too willing to grant ridiculous redaction requests from plaintiffs and defendants — a practice that further separates the public from the government that’s supposed to be serving it.
Filed Under: apps, children, deceptive practices, ftc, redaction
Companies: amazon
Comments on “Redaction Failure In FTC/Amazon Decision Inadvertently Allows Public To See Stuff It Should Have Been Able To See Anyway”
It's about time!
The law ought to require that every system that allows this type of purchase, also enable the device owner to password-protect against ANY purchase. The problem is not just Amazon; it’s Android, iOS, and probably all their competitors and most of the apps on them. I’ve also experienced it with Dish Network. A system set up in the hope of causing accidental purchases is a case of open-and-shut fraud.
Re: It's about time!
Just a quibble, but there’s probably no need for a law per se.
However, it might be prudent for the FTC to issue guidelines for in-app purchases, both for app stores and the apps themselves.
Re: Re: It's about time!
How many companies do you know that are willing to follow guidelines that reduce profits?
Re: Re: Re: It's about time!
And thirdly, the code is more what you’d call “guidelines” than actual rules.
Re: Re: Re:2 It's about time!
do you believe in evil corporations that just want your money and don’t care how they get it?
You’d better…you’re doing business with one!
Re: Re: Re:3 It's about time!
Do you believe in cheap attempts at humor by quoting lines from movies?
You’d better … cause that’s what you responded to.
Re: Re: Re:4 It's about time!
Do you want ants? Because that’s how you get ants.
Re: Re: Re:5 It's about time!
They check in, but they don’t check out.
Re: It's about time!
What should happen to Amazon is ALL accounts new and existing should have IAP immediately disabled.
Then you have to visit a website ON A SEPARATE DEVICE to the one making the purchases, sign in, read and scroll to the bottom of the T&Cs.
Click ACCEPT and enter payment method.
Updating the Payment method should NEVER be on the same device used to purchased IAP to prevent re-adding it easily.
Twenty years would be a lot more appropriate for the Charter–Time Warner Cable merger conditions…
Re: Re:
NO KIDDING
Re: Re:
Charter and Time Warner are already under the government’s thumb. No need for 20 years of monitoring when you can instead quietly refuse to renew contracts and licenses.
Amazon however… Well what better way to get somebody to do what you’d like than through 20 years of arbitrary oversight and the implicit threat that not complying with government requests means they’ll turn your life into a living hell.
All that it takes for evil to triumph is for good men to do nothing.
Sometimes the best that someone can do when something is drifting towards evil is make a mistake.
Rather ironically the “redacted version” linked in the article is hosted on Amazon Web Services.
Anyway who says the person doing the redacting screwed up. Just maybe they didn’t agree with the redactions but had to be seen to be doing the right thing.
setting a precedent to redact anything and everything
Pickpockets
the world of microtransactions relies greatly on a minimum number of steps between app makers (and app purveyors like Amazon) and users’ wallets.
Kind of like pickpockets.
Some are more equal than others.
it just goes to show courts are still far too willing to grant ridiculous redaction requests from plaintiffs and defendants — a practice that further separates the public from the government that’s supposed to be serving it.
It depends on who you are. If you’re a big, rich corporation they’ll try to hide your guilt even after you’ve been found guilty. Regular citizens get put on perp-walks without any trial at all.
Redaction
For the Nth time in the past 15 years,
Whyou does everyone just slide right past there is zero reason or justification or right to have this redacted.
There is no security threat or eminent harm.
Just like with the “bridge gate” thing in jersey a couple years ago where they redacted some documents.
It was complete Bullshit.
There is no legal reason or justification for redaction.
Why does everyone just loOK at this over redaction as mundane.
Re: Redaction
Whyou does everyone just slide right past there is zero reason or justification or right to have this redacted.
Avoiding embarrassment to big business or the government is the most common reason there is. You don’t really expect transparency, do you?
Meeting Expections
Corruption and discrimination are facts of life in the US are business as usual. Prosecutors, judges, police, politiciansn, rich corporations and other plutocrats are rarely held to account. If they are punished it’s always minor and the infraction is kept under wraps to “protect their privacy”. Of course if you aren’t a member of the elite you will be held to account for even the most minor of infractions. Even disobeying a cop can be a capital offense. Tough on crime goes from tough to extremely tough on a sliding scale depending on how dark your skin is. Privacy is not an option even if you’re not guilty. Arrest records are public records. Anyone found guilty will have a life sentence to second class citizenship. The purpose of the constitution was as a shield against runaway government power and tyrrany. That’s why euphemisms are used when one of the privileged does something wrong. For example, when evidence is thrown out for a 4th amendment violation (a crime). They call it a “technicality”. Amazon should be proud of itself. It has become one of the plutocrats. Paying back a fraction of the money they stole and keeping it secret. You wouldn’t want the public to think that Amazon is a dishonest company and taking their business elsewhere.