Path Reaches Settlement with FTC Over Address Book Privacy Concerns

MacRumors · Feb 1, 2013

Early last year, the popular iOS app Path came under fire for uploading users' entire address books to company servers without alerting users or asking for authorization.

The scandal resulted in Apple locking down user data in iOS 6, requiring explicit permission before apps could access a users location, contacts, calendars, photos, and reminders.

Today, the U.S. Federal Trade Commission announced that it has reached a settlement with Path. The agreement requires Path to establish a new privacy program, obtain independent privacy assessments for 20 years, and pay an $800,000 fine.

"Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it's mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers," said FTC Chairman Jon Leibowitz. "This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans."

The FTC alleged that Path's app was misleading and failed to offer the consumer any choice in whether his data was uploaded, and that Path violated the Children's Online Privacy Protection Act by collecting personal information from children without getting parents' consent.

Path has posted a response to the settlement on its blog.

Article Link: Path Reaches Settlement with FTC Over Address Book Privacy Concerns

designaholic · Feb 1, 2013

MacRumors said:
$800,000 fine.

Ouch.

gnasher729 · Feb 1, 2013

Very nice result. Now what we would like to know whether that idiot in their marketing department who thought stealing people's complete address book was a good idea got fired.

bacaramac · Feb 1, 2013

Didn't research the size of this company, but $800k is a ton of cash.

GoldenJoe · Feb 1, 2013

Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

Sayer · Feb 1, 2013

Independent privacy assessments for 20 years and an $800k fine. Good thing we have the Government to protect us from ourselves!

mw360 · Feb 1, 2013

GoldenJoe said:
Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

Didn't Path delete their database shortly after the story broke?

jonnysods · Feb 1, 2013

Who gets the $800k?

macsrcool1234 · Feb 1, 2013

This punishment is excessive, $800,000? I can think of some crimes far worse that our government has given less for....
I think it was a dumb thing to do but this will probably kill the company.

gnasher729 said:
Very nice result. Now what we would like to know whether that idiot in their marketing department who thought stealing people's complete address book was a good idea got fired.

Ahhh sensationalism at its finest.

mw360 said:
Didn't Path delete their database shortly after the story broke?

Yeah

aristotle · Feb 1, 2013

GoldenJoe said:
Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

No, you are not missing anything. The legal system is not about "justice" or setting things right. It is often a way for the state to enrich itself at the expense of others.

Have you heard of the phrase "Don't steal, the government hates competition"?

Governments view the mafia as their competition in areas such as extortion, racketeering and outright theft. When the government does it, it is legal.

gnasher729 · Feb 1, 2013

macsrcool1234 said:
This punishment is excessive, $800,000? I can think of some crimes far worse that our government has given less for....
I think it was a dumb thing to do but this will probably kill the company.

Ahhh sensationalism at its finest.

I develop software for a living.

If my boss told me to write code that uploads a user's address book to our servers, I would politely ask him to contact our legal department. If he refused or said the legal department is Ok with this, I would ask him to give me the order to write this code in writing and signed, and the written response from legal as well.

And in my company, it would be _him_ losing his job over this, not me.

mw360 said:
Didn't Path delete their database shortly after the story broke?

Do thieves stay out of jail if the police recovers the money that was stolen?

Sayer said:
Independent privacy assessments for 20 years and an $800k fine. Good thing we have the Government to protect us from ourselves!

Path can consider itself well-protected from itself.

Slow Programmer · Feb 1, 2013

Interesting that the companies response does not say anything about the misuse of user data, but only that a computer issue let underage users sign up. Apparently, they still don't get it. Maybe a larger fine or a class action lawsuit is in order to make them see the error of their ways.

Westyfield2 · Feb 1, 2013

Where does the cash go? To the users affected?

nepalisherpa · Feb 1, 2013

Westyfield2 said:
Where does the cash go? To the users affected?

It would be nice if all the users, whose data were part of the breach, got some kind of settlement.

SmileyBlast! · Feb 1, 2013

People were hoping to profit somehow from all of that contact info.
I think the fine is meant to show Path and other Mobile developers that you have to pay a heavy fine for helping yourself to this data without asking permission and havinga EULA.

macsrcool1234 · Feb 1, 2013

gnasher729 said:
I develop software for a living.

If my boss told me to write code that uploads a user's address book to our servers, I would politely ask him to contact our legal department. If he refused or said the legal department is Ok with this, I would ask him to give me the order to write this code in writing and signed, and the written response from legal as well.

And in my company, it would be _him_ losing his job over this, not me.

I develop software for a living too. This is a bit unrelated but If I had an employee tell me something like that, I'd fire them on the spot. It's not your job to play lawyer, as you said "it would be _him_ losing his job over this, not me."

gnasher729 said:
Do thieves stay out of jail if the police recovers the money that was stolen?
Path can consider itself well-protected from itself.

Why are you so convinced this was done with malicious intent?

You sound like Nancy Grace spouting off on something with no facts or knowledge of the situation.

wjlafrance · Feb 1, 2013

The $.8m fine was for allowing children under 13 to sign up. It was collateral damage to the investigation.

iphone495 · Feb 1, 2013

MacRumors said:
[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]

Image
Early last year, the popular iOS app Path came under fire for uploading users' entire address books to company servers without alerting users or asking for authorization.

The scandal resulted in Apple locking down user data in iOS 6, requiring explicit permission before apps could access a users location, contacts, calendars, photos, and reminders.

Today, the U.S. Federal Trade Commission announced that it has reached a settlement with Path. The agreement requires Path to establish a new privacy program, obtain independent privacy assessments for 20 years, and pay an $800,000 fine.
The FTC alleged that Path's app was misleading and failed to offer the consumer any choice in whether his data was uploaded, and that Path violated the Children's Online Privacy Protection Act by collecting personal information from children without getting parents' consent.

Path has posted a response to the settlement on its blog.

Article Link: Path Reaches Settlement with FTC Over Address Book Privacy Concerns

"$800,000 fine"? Does the users get part of that?

Me1000 · Feb 1, 2013

I'm really disappointed by the quality of the reporting here.
The $800K fine was for allowing 12 year olds the create accounts (a bug which was fixed long before the FTC got involved), but the entire post makes it sound like it's all about addressbook gate.

The FTC conducted an investigation because of the address book scandal, but the $800K had nothing to do with that.

writingdevil · Feb 1, 2013

macsrcool1234 said:
I develop software for a living too. This is a bit unrelated but If I had an employee tell me something like that, I'd fire them on the spot. It's not your job to play lawyer..."

And they'd be lucky to be fired before you dragged them into your web. In your kind of thinking, whistle blowers should be fired before they get in the way of your goals. Path is NOT naive if you study their background and level of expertise. It is possible that your approach might be naive rather than malicious.

orangebluedevil · Feb 1, 2013

Path's response is embarrassing

Their response is a total straw man about the children under the age of 13. It doesn't ONCE mention automatically uploading mycontacts to their servers.

EDIT: Apparently, it's Macrumors that should embarrassed, this entire story makes it sound like the problem was the contacts, when in actuality, the FTC fined them only because of underage accounts.

manu chao · Feb 1, 2013

GoldenJoe said:
Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

Since government spending is controlled by a budget that is passed by parliament, any extra income should go towards paying back the debt.

----------

orangebluedevil said:
Their response is a total straw man about the children under the age of 13. It doesn't ONCE mention automatically uploading mycontacts to their servers.

EDIT: Apparently, it's Macrumors that should embarrassed, this entire story makes it sound like the problem was the contacts, when in actuality, the FTC fined them only because of underage accounts.

Yes, but what Path did with these underage accounts (ie, uploading the address book) likely influenced the size of the fine.

Me1000 · Feb 1, 2013

manu chao said:
Yes, but what Path did with these underage accounts (ie, uploading the address book) likely influenced the size of the fine.

That's entirely unsupported speculation. You don't even know that at the time 12 year olds were allowed to sign up, addressbooks were being uploaded. Path 1.0 and 2.0 are vastly different products.

macsrcool1234 · Feb 1, 2013

writingdevil said:
And they'd be lucky to be fired before you dragged them into your web. In your kind of thinking, whistle blowers should be fired before they get in the way of your goals.

This makes no sense. You have no idea what you're saying.

writingdevil said:
Path is NOT naive if you study their background and level of expertise. It is possible that your approach might be naive rather than malicious.

How about enlightening us, Nancy Grace?

BiigBiscuit · Feb 1, 2013

gnasher729 said:
I develop software for a living.

If my boss told me to write code that uploads a user's address book to our servers, I would politely ask him to contact our legal department. If he refused or said the legal department is Ok with this, I would ask him to give me the order to write this code in writing and signed, and the written response from legal as well.

And in my company, it would be _him_ losing his job over this, not me.

I would think that he'd fire you first.

gnasher729 said:
Do thieves stay out of jail if the police recovers the money that was stolen?

I think you mean: "Do thieves stay out of jail if they return the money that was stolen?"

Path Reaches Settlement with FTC Over Address Book Privacy Concerns

macrumors bot

macrumors regular

Suspended

macrumors 65816

macrumors 6502

macrumors 6502a

macrumors 68020

macrumors G3

Suspended

macrumors 68000

Suspended

macrumors regular

macrumors 6502a

macrumors 68020

macrumors 6502a

Suspended

macrumors 6502

macrumors member

macrumors 68000

macrumors 6502

macrumors 6502

macrumors 604

macrumors 68000

Suspended

macrumors member

Our Staff