Default Privacy Settings and the FTC

In October, the FTC reached a settlement with peer-to-peer (“P2P”) file sharing developer Frostwire LLC, for what the FTC determined were unfair and deceptive practices with regard to the default settings used in Frostwire’s P2P programs.

The FTC’s complaint alleged that that the default settings on Frostwire Desktop and Frostwire for Android caused consumers who downloaded the program to unknowingly share ALL of the files located on the computer or smart phone where they installed Frostwire.

In addition, Frostwire’s default settings were set up to allow the global community of Frostwire users to download potentially sensitive files off of other users’ computers without providing notice to the user whose files were being downloaded.  According to the FTC, upon installation of Frostwire, a user’s files would automatically be scanned by Frostwire and shared publicly.  The FTC deemed Frostwire LLC’s practices to be misleading, harmful to consumers, and a violation of the Federal Trade Commission Act.Under the settlement agreement, Frostwire LLC and it’s principal, Angel Leon, are barred from using default settings likely to cause consumers to inadvertently share files publicly, and would require Frostwire to provide users with clear and prominent disclosures about its file sharing policy and inform users about how to disable file sharing.  In addition, Frostwire is barred from distributing copies of the unlawful version of the application, and must also provide users with updated version of the program that stops the unwitting file sharing.The settlement between Frostwire and the FTC closely parallels the July 2011 settlementbetween the developers of the P2P program, LimeWire, and the Maryland Attorney General.

In that settlement, LimeWire was accused of unfair business practices and using default settings that exposed LimeWire users’ personal and sensitive files to sharing on the LimeWire network, without providing adequate notice to users.  Similar to Frostwire’s settlement, LimeWire was barred from continuing its unfair business practices, and required to provide all current and future users with notice that sensitive files may have been exposed to the LimeWire network and explain how to remove these files from the network and how to eliminate any future risk of sharing sensitive files.What seems to be developing within the FTC and government in general, is the perspective that any online service that engages in too much sharing will be deemed to be engaging in unfair practices.

The FTC is taking the position that any information shared on networks by users must be shared knowingly and with informed consent.  The FTC is once again acting paternalistically to protect consumers who too often click though user agreements without properly reading and understanding what they are agreeing to.

For online businesses that use P2P file sharing, the message is clear:  too much sharing can risk financial penalties and potentially litigation.  Two options that such businesses can undertake to protect themselves are: 1) to inform users early and often about the P2P’s default settings and 2) offer users an easy way to protect sensitive files and an easier mechanism by which users manually elect which files they wish to share.

Photo: Some rights reserved by USFWS/Southeast