Redaction Failure In FTC/Amazon Decision Inadvertently Allows Public To See Stuff It Should Have Been Able To See Anyway

from the not-even-good-enough-for-government-work dept

A court has found that Amazon engaged in deceptive practices by not obtaining "informed consent" about in-app charges, especially with apps targeted at children. The finding is perhaps unsurprising, as the world of microtransactions relies greatly on a minimum number of steps between app makers (and app purveyors like Amazon) and users' wallets.

What's more surprising is the opinion itself, which arrived in redacted form. Both the FTC and Amazon obviously wanted to keep parts of the opinion from being made public. The problem is that whoever handled the redaction process blew it.

Coughenor released two rulings -- a complete decision, which was marked as "sealed" and a decision for the public, which was marked as "redacted." That redacted version has large swaths of text covered with black bars, but the opinion can be read in its entirety by cutting and pasting it into another file.

The unintended consequence of this screw-up is that the public can now see what the government and Amazon wanted to prevent the public from knowing -- which is exactly the sort of stuff the public should know, as Public Citizen's Scott Michelman explains.

The redactions included a good deal of information that was central to court's decision, including the evidence showing what Amazon officials knew and when, the FTC's estimate of damages, the length of the injunction the FTC was seeking, and more. All of these are of great public importance to understanding what Amazon was doing, what the FTC argued to the court, and why the court ruled as it did.

It's not as though any sort of trade secrets or confidential government techniques are hiding behind the retractions. Much of what is redacted appears to have been for the benefit of Amazon, which does not come out of this surprise un-redaction looking good.

[I]n developing its Kindle Fire tablet, Amazon identified "soccer parents" as a key target customer base, referring to them as "low-hanging fruit." (Dkt. No. 121 at 8; see also Dkt. No. 122 at 3.)

[...]

[T]he evidence demonstrates that Amazon was aware that many customers did not understand in-app purchases when they were first implemented. In a confidential document regarding Amazon's marketing plan for launching in-app purchases, the company acknowledged that "'IAP' isn't a concept widely known by customers." (Dkt. No. 120 at 5.) And, despite its assertion that "[c]ustomers are not looking for apps based on how much they cost," the company was aware that customers' top searches in selecting apps indicate that customers were seeking free apps to use. (Id. at n. 2; five of the top searches included the word "free.") Amazon was aware that in many instances, the person initiating the in-app purchase was a child: in a document discussing company strategy to promote increases in in-app purchasing, Amazon acknowledged "the disconnect between the account owner (e.g., parent) and the app user (e.g., child)."

[...]

Moreover, regardless of its reputation for customer service, it is Amazon's stated policy that in-app purchases are final and nonrefundable, likely discouraging much of its customer base from attempting to seek refunds in the first place. (See Dkt. No. 127 at 275.) ("Yeah, that's the – that's our official policy, is digital content's not refundable.")

[...]

Amazon has received many complaints from adults who were surprised to find themselves charged for in-app purchases made by children. By December 2011, Aaron Rubenson referred to the amount of customer complaints as "near house on fire." (Dkt. No. 115 at 19.) Rubenson also referred to "accidental purchasing by kids" as one of two issues the company needed to solve. (Id.) Rubenson additionally stated that "we're clearly causing problems for a large percentage of our customers."

Also "withheld" is the FTC's justification of its damages estimate.

Julie Miller, a lead FTC data analyst, calculated the total in-app purchase revenue and refund amounts for seven different categories: (1) orders of $20 or more in High-Risk Non-Casino apps from the earliest date available to March 25, 2012,1 (2) orders of $19.99 and below in High-Risk Non-Casino apps from the earliest date available to February 5, 2013, (3) orders of $19.99 and below in High-Risk NonCasino apps from February 6–April 30, 2013 excluding those on the “Otter” device, (4) orders of $19.99 and below in High-Risk Non-Casino apps from May 1–July 30, 2013 excluding those on the Otter device, (5) orders of $19.98 and below in High-Risk Non-Casino apps from July 31, 2013–June 3, 2014 excluding those on the Otter device, (6) orders of $19.99 and below in High-Risk Non-Casino apps from February 6–October 9, 2013 on the Otter device, and (7) orders of $0.99 and below in High-Risk Non-Casino apps from October 10, 2013 to the latest date available on the Otter device. (Id.) These categories were selected in order to omit authorized charges. This calculation gave Ms. Miller a total of charges made without authorization by password. Ms. Miller calculated $86,575,321.38 in revenue and also found that $10,060,646.48 was provided in refunds. (Dkt. No. 110 at 3.) Ms. Miller then calculated an “unauthorized charge rate,” the rate at which users failed to properly enter a password in initiating an in-app purchase as a percentage of the overall total.

Amazon's rebuttal of the FTC's math is redacted...

Amazon argues that Ms. Miller’s estimate is so “fundamentally flawed” as to not be able to support a finding of substantial injury. (Dkt. No. 179 at 18.) In so arguing, Amazon primarily takes issue with Ms. Miller’s calculation of an “Unauthorized charge rate.” (Id.) In dividing the number of password entry “failures” and dividing that by the total number of password prompts presented, the FTC argues that it identified a “reasonable proxy for the rate at which children would incur an in-app charge without consent . . when password entry was not required.” (Dkt. No. 184 at 18.) Amazon asserts that this rate calculation “assumes that every single password failure was an attempt by a child that would otherwise have been a completed in-app purchase.” (Dkt. No. 179 at 18.) This point is well taken: many password “failures” could have occurred because the user got distracted, changed his or her mind, or simply could not remember their password. However, it is reasonable to assume that of the group of users faced with a password prompt who ultimately failed to provide a password, many were children who, absent a password prompt, would have gone on to complete an in-app purchase.

...as is the court's partial agreement with Amazon's assessment of the assessment. [redacted portion in bold]

While, as discussed above, the general methods used by the FTC to reasonably approximate the damages to consumers by unauthorized in-app charges serve as a fair starting place, the Court finds that the unauthorized charge rate of 42% is too high. The Court has received Amazon’s “Adjustments to the FTC’s Estimates of Injury and Monetary Relief” (Dkt. No. 221 at 2) and invites further briefing on the issue of the scope of appropriate monetary relief.

Also redacted is the FTC's declaration of how long it felt Amazon should remain under the government's supervision.

The injunction sought would subject Amazon to government oversight for twenty years.

While FTC intervention has resulted in better refund policies and better notification about in-app purchases, the fact is that app makers are just as culpable as Amazon -- even if it's Amazon that will be paying the fines. There was no line of app developers at Amazon's door demanding better protections for app users. And Amazon is hardly alone in its targeting of low-hanging soccer parent fruit. When it comes to monetization of microtransactions, the lack of purchase controls is a feature, not a bug.

Then there's the question of whether we really want the government to be in the business of designing app store front-ends. While the concerns central to this case are valid, the best solution isn't necessarily the FTC setting itself up as an additional middleman for in-app purchases -- especially not for the next 20 years.

And, as for this opinion, it just goes to show courts are still far too willing to grant ridiculous redaction requests from plaintiffs and defendants -- a practice that further separates the public from the government that's supposed to be serving it.

Filed Under: apps, children, deceptive practices, ftc, redaction
Companies: amazon