Privacy Case May Come Down To Whether It Costs $12k To Uninstall An iPhone App

from the two-swipes dept

Fri, Oct 26th 2012 12:43pm — Mike Masnick

For many years, we've noted that courts have been very, very reluctant to allow lawsuits against companies who leak private data, when there's no evidence that the leaked data was used to create harm. The courts have more or less said, no harm, no broken laws. So it seemed likely that the class action lawsuit against software startup Path, for uploading a user's address book, wasn't likely to have much of a chance in court. As you may recall, earlier this year, there was a tremendous hubbub when some people realized that in order to use a "find your friends" feature, it uploaded a user's entire address book to a server. The reality is that many apps did exactly the same thing, because it made the process much easier. However, you can see why people would be quite annoyed and upset about a service grabbing their entire address book, without making it explicit that was about to happen.

Regardless, the lawsuits against Path and others didn't seem likely to have much of a chance -- but in one of the main cases against Path, the plaintiff who is trying to do a class action lawsuit came up with a way to try to show "harm," claiming that it would cost him $12,250 to hire someone to remove the Path app (though he never claimed to have actually paid that). Path responded by noting that deleting its app is "a simple act requiring no more than two swipes of his finger on his phone," and suggesting that the $12,250 is completely and totally bogus. The judge, however, is letting the case proceed, noting that at this stage of the game, it has to accept the $12,250 as true, and Path can push back on the validity of the statement later in the process.

The ruling does dismiss (while leaving open the possibility of amendment) a bunch of the claims, showing that the plaintiff, Oscar Hernandez, really tried to throw the kitchen sink at Path -- with a bunch of claims that made no sense at all. So it throws out the claim of wiretapping (no communications intercepted), the "Stored Communications Act" claim (no communications service or electronic storage as defined in the act is present), "Invasion of Privacy" under California state law (fails again for a lack of interception), "public disclosure of private facts" (nothing was publicly disclosed, so...), and trespass (he failed to show "significant impairment" as required by the law). On other points the motion to dismiss was denied, but on the whole, it seems likely that Path is going to win this case in the end. I'm just amazed at the $12,250 claim as an attempt to show "harm." They may have gotten away with it so far, but would a court really allow such a bogus claim to stand? Eventually, it's going to be shown that removing Path from an iPhone is ridiculously simple.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: addressbook, apps, privacy
Companies: path

21 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

:Lobo Santo (profile), 26 Oct 2012 @ 12:55pm

Economics
For those lawyers who may be inept/faithful enough to believe such tripe: I will perform the process in question for the bargain price of only $5000.

For non-lawyers, $20.
[ link to this | view in chronology ]
- Jesse (profile), 27 Oct 2012 @ 10:05am
  
  Re: Economics
  $20 to uninstall an app?
  [ link to this | view in chronology ]
  - Andrew F (profile), 28 Oct 2012 @ 12:15pm
    
    Re: Re: Economics
    I'll do it for $19! Arbitrage is awesome.
    [ link to this | view in chronology ]
Anonymous Coward, 26 Oct 2012 @ 1:23pm

For twelve grand he could buy thirty six brand spankin' new iPhones without ANY apps installed. What a crock.
[ link to this | view in chronology ]
- John Fenderson (profile), 26 Oct 2012 @ 1:29pm
  
  Re:
  The real crock is that companies are allowed to siphon off and use your personal data wholesale without telling you, and there's not a thing you can do about it.
  [ link to this | view in chronology ]
  - :Lobo Santo (profile), 26 Oct 2012 @ 1:35pm
    
    Re: Re: Mirrors
    Let's just state that in reverse:
    
    The real crock is people choose to install an app which has the permissions clearly defined and then they complain/sue about it.
    [ link to this | view in chronology ]
    - John Fenderson (profile), 26 Oct 2012 @ 1:45pm
      
      Re: Re: Re: Mirrors
      It's a good point, but...
      
      The permission disclosure thing is poorly done and leads people to ignore them. Apps often require permissions for things that imply they do things they don't really do, and so people are encouraged to basically ignore them. It's a bit like EULAs.
      
      Not saying that's right or wise (I assume that all apps are going to try to access everything, so I firewall them off anyway), but it is understandable.
      
      So, it seems to me like it's a crock all around.
      
      It's a tough position. Apps should have an obligation to tell you what data they're accessing and what they're going to do with it, and we should have some sort of recourse when they do other than what they said. But if wishes were ponies...
      [ link to this | view in chronology ]
      - :Lobo Santo (profile), 26 Oct 2012 @ 1:49pm
        
        Re: Re: Re: Re: Mirrors
        ...we'd be eating steaks.
        
        Yeah. I'm not even arguing either side, the blame clearly lay in all directions. It's sad, but likely it's not going to be uncommon.
        [ link to this | view in chronology ]
    - Jesse (profile), 27 Oct 2012 @ 10:06am
      
      Re: Re: Re: Mirrors
      I would say the real crock is that you can't sue a company without showing real harm, but the same cannot be said in reverse.
      
      Take for example copyright lawsuits.
      [ link to this | view in chronology ]
Tech42 (profile), 26 Oct 2012 @ 1:25pm

Plaintiff estimated the wrong cost
The real cost item would be in ensuring that once the app had been removed, the address book information was also removed from Path's possession.
Hiring the people necessary to sift through their electronic and paper storage systems as well as ensuring that no off-site backups contained the information would cost far more than $12,250.
[ link to this | view in chronology ]
- Chargone (profile), 26 Oct 2012 @ 1:29pm
  
  Re: Plaintiff estimated the wrong cost
  also: making sure that removing it actually REMOVED it. never really having bothered with Apple's stuff, i don't know how big of a deal this is, but i know Windows is absolutely Terrible about leaving random fragments of things behind when they've supposedly been 'removed' (and they're often in all sorts of strange places, so kind of hard to kill.) ... so, you know, there's that.
  [ link to this | view in chronology ]
out_of_the_blue, 26 Oct 2012 @ 1:38pm

Be interesting to see how he avoids perjury & frivolous.
I'd bet that's why the judge let it proceed, to hang the fool what makes such claims. As way over cost of replacing entire phone and service contract, it's insupportable.

However, this is part of MIke's "where's the harm?" series. Where's the harm, of, oh, corporate survey people walking into your house at random hours and just looking around to inventory what products you use? -- It's simply not consistent with privacy and peace of mind, and corporations don't have ANY rights to your personal data, should be required to get explicit permission. (Yeah, maybe not so much here, but Google? You betcha. Even their "opt-out" just marks you as a trouble-maker.)
[ link to this | view in chronology ]
- John Fenderson (profile), 26 Oct 2012 @ 1:48pm
  
  Re: Be interesting to see how he avoids perjury & frivolous.
  You do understand that it's the courts, not Mike, who claim there's no harm. I suspect because to a court harm == material or financial damages, but to real people harm means being harmed.
  [ link to this | view in chronology ]
Baldaur Regis (profile), 26 Oct 2012 @ 1:44pm

I'm getting pretty tired reading legal documents whose sole purpose is to elicit the question "How much is it going to cost me to make you go away?"

Know what I like about muggers? They're terse. "Give me your fucking money." Simple, concise and they don't make me read 50 pages of crap before taking my money.
[ link to this | view in chronology ]
- Chargone (profile), 26 Oct 2012 @ 3:39pm
  
  Re:
  slightly more likely to stab and/or shoot you, mind you.
  [ link to this | view in chronology ]
Anonymous Coward, 26 Oct 2012 @ 2:19pm

What if they were claiming it would cost them $12k to verify that this company had no remaining copies of their data?
[ link to this | view in chronology ]
The Amazing Sammy (profile), 26 Oct 2012 @ 4:24pm

Depends...
The real question is, if an app is installed on your machine, and the creator of the app is crazy enough to do this... how, as a user do you know that the app is really gone? And the answer is... hire a $12,000 consultant to scan your phone and make certain. There's really no other way to know. I would use the word "bogus" with care.
[ link to this | view in chronology ]
- G Thompson (profile), 26 Oct 2012 @ 10:12pm
  
  Re: Depends...
  Actually I can already tell you that if an app is removed (deleted) from an iPhone/Pod/Pad from version 4 onwards the app executable code could be deleted but the underlying links, logs, user specific database, are very very rarely deleted (and logs never).
  
  In fact some apps NEVER delete themselves instead they disable themselves. Then you have the iTunes backup system where the app you deleted is most likely still residing in your backup (and other places) in your PC so that it is easy to re-install or be installed at the whim of Apple's weird "the user always makes mistakes about what they do or don't want to do" recovery engine.
  
  For someone to forensically go through all the devices above that this app might have infected..oops been installed on... would be a lot more than $12000US, especially if that analysis was to be for purposes of evidence in a court case.
  [ link to this | view in chronology ]
  - Anonymous C, 27 Oct 2012 @ 4:06pm
    
    Re: Re: Depends...
    Yes, because we all know that if the user saves a backup of an app, it's the software developers fault. Get a grip. Shit like this makes me not even want to develop anymore, way too much lawsuits getting in the way of innovation.
    [ link to this | view in chronology ]
Anonymous Coward, 26 Oct 2012 @ 6:05pm

How much will it cost to remove the address book from the servers it was uploaded to?
[ link to this | view in chronology ]
Anonymous Coward, 26 Oct 2012 @ 6:06pm

SIGH, nobody cares, at all.. This site blows..
[ link to this | view in chronology ]