While policymakers rush write new Net regulations to protect privacy, we keep suggesting the FTC use its existing authority more effectively to punish unfair and deceptive trade practices. The FTC has just sued FrostWire for designing their peer-to-peer software to trick users into oversharing:
FrostWire for Android… was likely to cause a significant number of consumers installing and running it on their mobile computing devices to unwittingly share files stored on those devices. The Defendants had configured the application’s default settings so that, immediately upon installation and set-up, many pre-existing files on the mobile device were designated for sharing. These files could be shared through the Internet, and through any given… WiFi… network… with other FrostWire for Android users… These shared files thus were available to other people in the consumer’s immediate vicinity and throughout the world to download and share further. Nothing in the installation and set-up process… adequately informed consumers of the immediate consequences of installing FrostWire for Android; nor could consumers be expected to know these consequences from any prior experience with other software.
The FTC has made a pretty good case that this qualifies as an unfair practice:
Under Section 5(n) of the FTC Act, an act or practice is “unfair” if it causes or is likely to cause substantial injury to consumers that is not reasonably avoidable by consumers and is not outweighed by countervailing benefits to consumers or to competition
In particular, the FTC notes the potential harms caused by inadvertently sharing all the files on your phone:
Public exposure of the types of user-originated files that FrostWire for Android shared following a default installation and set-up could increase consumers’ vulnerability to identity theft; reduce their ability to control the dissemination of personal or proprietary information (e.g., voice recordings or intimate photographs); and increase their risk of legal liability based on prohibitions against, or limitations on, making any such files publicly available for download.
Tom Sydnor raised similar concerns about the design of P2P software in Congressional testimony on HR 1319, the “Informed P2P User Act” two years ago.
So if the FTC already has the authority to punish such unfair software design, why does it need sweeping new powers, again? Maybe policymakers should focus on ensuring the agency has the eforcement resources it needs to punish such unfair practices. That might start, for instance, with hiring more technologists to monitor such practices.
But one thing’s clear: This case will set a strong precedent to encourage companies to think about “privacy by design” much more effectively than a government mandate that they design their sites in certain ways. That’s thecommon law of privacy at work.