

Path fined $800,000 by FTC - tzm
http://www.ftc.gov/opa/2013/02/path.shtm

======
DannyBee
This is from february. The money is almost immaterial, the rest of the consent
decree is interesting, since Path is now stuck doing stuff for 20 years. It
can be found here:

<http://www.ftc.gov/os/caselist/1223158/130201pathincdo.pdf>

The real stuff starts on page 12

There are always little idiosyncrasies in these things, like, for example
"Defendant shall provide the initial Assessment by overnight courier (not the
U.S. Postal Service) to the Associate Director for Enforcement".

I'm not sure what triggered them to add that, but google searching '"not the
U.S. Postal Service" ftc' pulls up a crap load of consent decrees.

~~~
anigbrowl
People use the argument 'it's in the mail' as an excuse to temporize or avoid
their obligations. Requiring overnight courier delivery creates a paper trail
(via the tracking #) and also says 'we really mean it.'

~~~
chrischen
But the USPS offers tracking as well...

~~~
timjahn
Have you ever used it? Their tracking consists of a notification when the
package has shipped and a notification when it is delivered. If you're
wondering where your package is between those two, too bad. You just hope you
get that delivery confirmation sometime this decade.

~~~
artursapek
What are you talking about? How long does it take to ship something coast-to-
coast with USPS? A week? Why does it matter that it's in Aurora, Ohio on day
3? What calls for the hyperbole?

The USPS is not that slow for how cheap they are. In fact I feel bad for them.
The post office in Redmond just had to close and I think it was because of
budget. It doesn't seem like they're doing too well against their private
competition. But I doubt it's because their tracking system is inferior.

~~~
pc86
All the USPS locations in my area open after most people are at work and close
before they leave.

In a nutshell, that is why they are failing: an antiquated product with
horrible service and little to no accountability.

~~~
esrauch
Banks have similar hours and generally aren't failing, I don't think that part
is relevant. I agree with the rest though.

~~~
pc86
Hours of operation alone isn't killing the USPS but it's a symptom of the
larger, some would say terminal, disease.

Like most people who work in cubicles, I work 8-5. The nearest PO to my home
is open M-F 8-4:30. The next closest is open M-F 8-5 and Saturday 9-12. That
means I've got a single 3-hour window if I need to pick up a package or do
something that requires human interaction. If I happen to be out of town or
busy during that short window, I have to wait until the next weekend.

As has been discussed before, the majority of a bank's income is not on
personal checking and savings accounts. For most larger banks, it's an
ancillary service that they really don't try that hard to compete for most of
the time. The real money is in business accounts and lines of credit (both
personal and business). Even so, my local bank is open 10-7 every weekday as
well as Saturday mornings and Sunday afternoons.

They've come a long way with online address forwarding, usps.com/redelivery,
and other online features, but the window hours are terrible and it's endemic
of the USPS' apathy with regard to customer service.

------
dkulchenko
Good. But why does Facebook get off scot-free? I feel like their contact-
uploading behavior was even more egregious than Path's.

EDIT: I missed when originally reading the post that the fine was for
violating COPPA, while the other provisions (privacy assessment every 2 years)
are for their privacy violations.

~~~
jnorthrop
They don't. The FTC settled with Facebook in February of 2012 with similar
terms.[1] Regardless, however you feel about Facebook, they do have robust
privacy controls if users choose to learn them and are transparent about what
they do with personal data. While they do quite a bit with users' data they do
comply with current laws and regulations.

<http://ftc.gov/opa/2012/08/facebook.shtm>

~~~
fakeer
Agreed.

If you really choose to control your Facebook privacy, you can do it but then
the engagement experience becomes very limited. Facebook gives you controls
but then it's given in a manner that it becomes a choice between _use it_ or
_not use it_.

------
duey
Curious, if Path is acquired does the purchaser also acquire the 20 year
privacy assessment requirements? Does this make acquisition unlikely?

~~~
fizx
All of the big players have already gotten similar consent decrees. Twitter
got one over a password leak. Google got one over Buzz. Microsoft got one over
Passport/Wallet (though that has perhaps expired). Facebook got one over
Beacon.

Everyone gets one sooner or later, it seems. It's a giant PITA, but everyone
has the audit infrastructure in place by now, so I wouldn't expect it to
matter too much.

~~~
hexis
It's a convenient way to regulate an industry without having to pass any
additional laws.

------
yefim323
Despite how odd it is that they chose to specifically fine Path, I'm rather
stunned to see the U.S. government even somewhat reacting to the startup
culture.

~~~
mehwoot
_I'm rather stunned to see the U.S. government even somewhat reacting to the
startup culture._

Huh? Path is a company, they broke the law, and were investigated and fined as
a result. How is that "stunning"? It happens all the time.

It's got almost nothing to do with "startup culture", it is just a business
that didn't play by the rules.

~~~
ronilan
> company, they broke the law, and were investigated and fined as a result.
> How is that "stunning"?

I believe the answer is somewhere in the question.

------
niggler
Can someone more familiar with COPPA give a summary of the requirements?

~~~
mvelie
Simple answer: Don't get information from kids under 13 unless you have
parents permission. You must also have a privacy policy.

Complex answer: How you determine if the person is under 13 and how you get
the parents permission can be done a lot of different ways. Some of the most
popular is doing a test charge against a credit card number, assuming kids
won't have those.

~~~
citricsquid
wait wait wait, surely putting "You cannot use this website if you are under
13" in their terms of service is enough? I know COPPA is pretty ridiculous but
if they require actual proactive enforcement of no under 13s they would
literally break the internet.

I thought that there were 2 options with COPPA compliance: Allow <13s to
register and have an email sent to their parents IF they select that they are
under 13 OR disallow under 13s through a terms of service "Do not register if
you are under 13" type clause. Is that not compliant?

~~~
BoyWizard
I'm not an expert, but I imagine there's something in there about if you
_know_ people under 13 are using your product and they shouldn't be, you have
to proactively do something about it. Facebook delete accounts belonging to
minors, perhaps Path weren't and this played into it?

------
sidcool
This is very unethical. None of these companies who blow the trumpet of
innovation and user experience care about privacy. No one. Neither Google nor
Facebook. I can count on Mozilla. But rest all are prowling for info to show
us targeted ads. Period.

~~~
ameen
The problems is the millennials aren't as focussed on privacy as the
generations before. They're open to participating in targeted content whether
it be ads, stories, offers, etc.

But this isn't to discredit privacy concerns at all. Google anonymizes its
users so that individuals aren't identified. This is a better approach
compared to other questionable "targeting methods".

~~~
rayiner
I think it's overstated to say that millennials are properly perceiving the
privacy issues in play and making a reasoned judgment to participate anyway.
None of my friends (not millennials, but 20-somethings) really understand all
the things Facebook allows themselves to do with your information via their
ToS (and many of them are lawyers!) They just assume that it wouldn't be legal
to do anything really egregious (which is how most people view most things,
actually).

~~~
wes-exp
Furthermore, you can't point to a group consisting entirely of _young people_
and just write off their behavior as "generational". A lot of youth behavior
is simply driven by... youth. Youths are known to take greater risks even when
fully informed of the potential consequences.

------
tjbiddle
Should this really have been posted _now_? It's from February and may cause
confusion over the current kerfuffle on the front page.

------
taigeair
why were they collecting it anyways? to notify you if someone you knew joined?

------
ldn_tech_exec1
How does a startup with no revenue expect to pay an $800k debt?

~~~
Tyrannosaurs
The same way it's paying for everything else - out of VC money.

