Path Reaches Settlement with FTC Over Address Book Privacy Concerns

[MacRumors]

Early last year, the popular iOS app Path came under fire for uploading users' entire address books to company servers without alerting users or asking for authorization.

The scandal resulted in Apple locking down user data in iOS 6, requiring explicit permission before apps could access a users location, contacts, calendars, photos, and reminders.

Today, the U.S. Federal Trade Commission announced that it has reached a settlement with Path. The agreement requires Path to establish a new privacy program, obtain independent privacy assessments for 20 years, and pay an $800,000 fine.

Quote:

"Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it's mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers," said FTC Chairman Jon Leibowitz. "This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans."

The FTC alleged that Path's app was misleading and failed to offer the consumer any choice in whether his data was uploaded, and that Path violated the Children's Online Privacy Protection Act by collecting personal information from children without getting parents' consent.

Path has posted a response to the settlement on its blog.

Article Link: Path Reaches Settlement with FTC Over Address Book Privacy Concerns

[designaholic]

Quote:

Originally Posted by MacRumors

$800,000 fine.

Ouch.

[gnasher729]

Very nice result. Now what we would like to know whether that idiot in their marketing department who thought stealing people's complete address book was a good idea got fired.

[bacaramac]

Didn't research the size of this company, but $800k is a ton of cash.

[GoldenJoe]

Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

[Sayer]

Independent privacy assessments for 20 years and an $800k fine. Good thing we have the Government to protect us from ourselves!

[mw360]

Quote:

Originally Posted by GoldenJoe

Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

Didn't Path delete their database shortly after the story broke?

[jonnysods]

Who gets the $800k?

[macsrcool1234]

This punishment is excessive, $800,000? I can think of some crimes far worse that our government has given less for....
I think it was a dumb thing to do but this will probably kill the company.

Quote:

Originally Posted by gnasher729

Very nice result. Now what we would like to know whether that idiot in their marketing department who thought stealing people's complete address book was a good idea got fired.

Ahhh sensationalism at its finest.

Quote:

Originally Posted by mw360

Didn't Path delete their database shortly after the story broke?

Yeah

[aristotle]

Quote:

Originally Posted by GoldenJoe

Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

No, you are not missing anything. The legal system is not about "justice" or setting things right. It is often a way for the state to enrich itself at the expense of others.

Have you heard of the phrase "Don't steal, the government hates competition"?

Governments view the mafia as their competition in areas such as extortion, racketeering and outright theft. When the government does it, it is legal.

[gnasher729]

Quote:

Originally Posted by macsrcool1234

This punishment is excessive, $800,000? I can think of some crimes far worse that our government has given less for....
I think it was a dumb thing to do but this will probably kill the company.

Ahhh sensationalism at its finest.

I develop software for a living.

If my boss told me to write code that uploads a user's address book to our servers, I would politely ask him to contact our legal department. If he refused or said the legal department is Ok with this, I would ask him to give me the order to write this code in writing and signed, and the written response from legal as well.

And in my company, it would be _him_ losing his job over this, not me.

Quote:

Originally Posted by mw360

Didn't Path delete their database shortly after the story broke?

Do thieves stay out of jail if the police recovers the money that was stolen?

Quote:

Originally Posted by Sayer

Independent privacy assessments for 20 years and an $800k fine. Good thing we have the Government to protect us from ourselves!

Path can consider itself well-protected from itself.

[Slow Programmer]

Interesting that the companies response does not say anything about the misuse of user data, but only that a computer issue let underage users sign up. Apparently, they still don't get it. Maybe a larger fine or a class action lawsuit is in order to make them see the error of their ways.

[Westyfield2]

Where does the cash go? To the users affected?

[nepalisherpa]

Quote:

Originally Posted by Westyfield2

Where does the cash go? To the users affected?

It would be nice if all the users, whose data were part of the breach, got some kind of settlement.

[SmileyBlast!]

People were hoping to profit somehow from all of that contact info.
I think the fine is meant to show Path and other Mobile developers that you have to pay a heavy fine for helping yourself to this data without asking permission and havinga EULA.

[macsrcool1234]

Quote:

Originally Posted by gnasher729

I develop software for a living.

If my boss told me to write code that uploads a user's address book to our servers, I would politely ask him to contact our legal department. If he refused or said the legal department is Ok with this, I would ask him to give me the order to write this code in writing and signed, and the written response from legal as well.

And in my company, it would be _him_ losing his job over this, not me.

I develop software for a living too. This is a bit unrelated but If I had an employee tell me something like that, I'd fire them on the spot. It's not your job to play lawyer, as you said "it would be _him_ losing his job over this, not me."

Quote:

Originally Posted by gnasher729

Do thieves stay out of jail if the police recovers the money that was stolen?
Path can consider itself well-protected from itself.

Why are you so convinced this was done with malicious intent?

You sound like Nancy Grace spouting off on something with no facts or knowledge of the situation.

[wjlafrance]

The $.8m fine was for allowing children under 13 to sign up. It was collateral damage to the investigation.

[iphone495]

Quote:

Originally Posted by MacRumors

Image

Image

Early last year, the popular iOS app Path came under fire for uploading users' entire address books to company servers without alerting users or asking for authorization.

The scandal resulted in Apple locking down user data in iOS 6, requiring explicit permission before apps could access a users location, contacts, calendars, photos, and reminders.

Today, the U.S. Federal Trade Commission announced that it has reached a settlement with Path. The agreement requires Path to establish a new privacy program, obtain independent privacy assessments for 20 years, and pay an $800,000 fine.
The FTC alleged that Path's app was misleading and failed to offer the consumer any choice in whether his data was uploaded, and that Path violated the Children's Online Privacy Protection Act by collecting personal information from children without getting parents' consent.

Path has posted a response to the settlement on its blog.

Article Link: Path Reaches Settlement with FTC Over Address Book Privacy Concerns

"$800,000 fine"? Does the users get part of that?

[Me1000]

I'm really disappointed by the quality of the reporting here.
The $800K fine was for allowing 12 year olds the create accounts (a bug which was fixed long before the FTC got involved), but the entire post makes it sound like it's all about addressbook gate.

The FTC conducted an investigation because of the address book scandal, but the $800K had nothing to do with that.

[writingdevil]

[QUOTE=macsrcool1234;16767844]I develop software for a living too. This is a bit unrelated but If I had an employee tell me something like that, I'd fire them on the spot. It's not your job to play lawyer..."


And they'd be lucky to be fired before you dragged them into your web. In your kind of thinking, whistle blowers should be fired before they get in the way of your goals. Path is NOT naive if you study their background and level of expertise. It is possible that your approach might be naive rather than malicious.

[orangebluedevil]

Their response is a total straw man about the children under the age of 13. It doesn't ONCE mention automatically uploading mycontacts to their servers.


EDIT: Apparently, it's Macrumors that should embarrassed, this entire story makes it sound like the problem was the contacts, when in actuality, the FTC fined them only because of underage accounts.

[manu chao]

Quote:

Originally Posted by GoldenJoe

Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

Since government spending is controlled by a budget that is passed by parliament, any extra income should go towards paying back the debt.

----------

Quote:

Originally Posted by orangebluedevil

Their response is a total straw man about the children under the age of 13. It doesn't ONCE mention automatically uploading mycontacts to their servers.


EDIT: Apparently, it's Macrumors that should embarrassed, this entire story makes it sound like the problem was the contacts, when in actuality, the FTC fined them only because of underage accounts.

Yes, but what Path did with these underage accounts (ie, uploading the address book) likely influenced the size of the fine.

[Me1000]

Quote:

Originally Posted by manu chao

Yes, but what Path did with these underage accounts (ie, uploading the address book) likely influenced the size of the fine.

That's entirely unsupported speculation. You don't even know that at the time 12 year olds were allowed to sign up, addressbooks were being uploaded. Path 1.0 and 2.0 are vastly different products.

[macsrcool1234]

Quote:

Originally Posted by writingdevil

And they'd be lucky to be fired before you dragged them into your web. In your kind of thinking, whistle blowers should be fired before they get in the way of your goals.

This makes no sense. You have no idea what you're saying.

Quote:

Originally Posted by writingdevil

Path is NOT naive if you study their background and level of expertise. It is possible that your approach might be naive rather than malicious.

How about enlightening us, Nancy Grace?

[BiigBiscuit]

Quote:

Originally Posted by gnasher729

I develop software for a living.

If my boss told me to write code that uploads a user's address book to our servers, I would politely ask him to contact our legal department. If he refused or said the legal department is Ok with this, I would ask him to give me the order to write this code in writing and signed, and the written response from legal as well.

And in my company, it would be _him_ losing his job over this, not me.

I would think that he'd fire you first.

Quote:

Originally Posted by gnasher729

Do thieves stay out of jail if the police recovers the money that was stolen?

I think you mean: "Do thieves stay out of jail if they return the money that was stolen?"