Judge rules that Path users can seek damages over... wait... remember Path?
Let’s think way back to 2012.
Donald Trump was still just a reality TV star.
Uber was valued at some $50 million. (With an “M”)
Pando was less than a year old.
And the tech press was aflame over... Path.
Remember Path? The company that aimed to be a more intimate version of Instagram, it aimed to cut against the hegemony of Facebook, but did it without the innovation of Snapchat.
It pissed everyone off by automatically uploading contacts. Perhaps we have forgotten, but the courts haven’t. On Friday, a federal judge ruled that a nationwide class of nearly 500,000 Path users can seek damages over the case.
A nationwide class of Apple device users can seek damages over claims that Apple let a social networking app download users' personal data without consent, a federal judge ruled Friday.
The decision comes four years after lead plaintiff Mark Opperman sued Apple and the social networking app Path Inc. in one of four consolidated class actions filed in California and Texas.
Opperman claims Apple distributed "invasive versions" of the Path app, which downloaded details from each user's contact list without their knowledge or consent. Path stored the data, which included email addresses and birthdays, and mined it to create social graphing maps, the plaintiffs claim.
The class lobbed similar claims at other app developers — including Yelp, Twitter, Instagram and "Angry Birds" maker Rovio — but the ruling issued on July 15 only applies to claims against Apple and Path.
In that ruling, U.S. District Judge Jon Tigar certified a class of 480,000 Apple device users whose contact data was downloaded by Path between Nov. 9, 2011, and Feb. 7, 2012….
... Tigar found the class could not pursue monetary damages for invasion of privacy or unjust enrichment, but that it could seek nominal and punitive damages.
The fact that each class member can recover only a modest amount in damages makes pursuing the litigation as a class, rather than individually, "clearly superior to the alternatives," the judge concluded.
Path has since been sold to South Korea’s Kakao, so this isn’t really a startup story any more. But it was a striking reminder of a canary in the disruption coal mine. One of the first wave of mobile first companies to take liberties with the power that being on someone’s phone could afford-- tracking your every move, finding out your most intimate connections.
What Path was doing that sparked the outrage was gross: Automatically uploading your addressbook, an invasion of privacy, by a lot of people’s definition. Still, I’d argue not as bad as Uber using its data to track journalists or “rides of glory” (for which Uber got a tiny $20,000 wrist slap) or other scandals we’ve seen since.
Of course Path wasn’t worth as much as Uber, and Dave Morin was far less pugnacious so it was an easier to beat up on.
At the time Nick Bilton, then of the New York Times, was particularly inflamed. But he made some decent points about “what’s so wrong?” about the invasion of privacy:
Mr. Morin seemed unconcerned about how people could be harmed by his company’s carelessness. Consider this: Amira El Ahl, a foreign journalist covering the Middle East, said bloggers in Egypt and Tunisia are often approached online by people who are state security in disguise.
The most sought-after bounty for state officials: dissidents’ address books, to figure out who they are in cahoots with, where they live and information about their family. In some cases, this information leads to roundups and arrests.
A person’s contacts are so sensitive that Alec Ross, a senior adviser on innovation to Secretary of State Hillary Rodham Clinton, said the State Department was supporting the development of an application that would act as a “panic button” on a smartphone, enabling people to erase all contacts with one click if they are arrested during a protest.
Morin quelled a lot of the outrage with an apology and, just as he’d done with Uber, Chris Sacca applauded him on Twitter. This made Bilton apoplectic:
The big deal is that privacy and security is not a big deal in Silicon Valley. While technorati tripped over themselves to congratulate Mr. Morin on finessing the bad publicity, a number of concerned engineers e-mailed me noting that the data collection was not an accident. It would have taken programmers weeks to write the code necessary to copy and organize someone’s address book. Many said Apple was at fault, too, for approving Path for its App Store when it appears to violate its rules.
David Jacobs, a fellow with the Electronic Privacy Information Center, noted that, once again, an Internet company showed a lack of understanding about the consequences of taking data.
Lawyers I spoke with said that my address book — which contains my reporting sources at companies and in government — is protected under the First Amendment. On Path’s servers, it is frightfully open for anyone to see and use, because the company did not encrypt the data.
I remember being at a dinner party back then and asking Bilton why he was so angry about Path. He said he’d felt lied to, and he took that seriously. At the time Bilton was convinced the government might take some major action. It was minimal: Path paid some $800,000 to the FTC and moved on.
The press forgot about it quickly too, even Bilton. And users didn’t care, because sadly they didn’t hugely care about Path en masse. If Path had been a hit, they likely would have cared less.
This scandal wasn’t Path’s downfall. The company’s lack of traction and overspending was its downfall.
The only place that seems to remember and care still are the courts. And even the ruling last week said users couldn’t put a monetary value on privacy.
My point isn’t to beat up on Path. I think Morin’s intentions with the app-- the desire for a social network not so huge and impersonal as Facebook-- was right on just the timing and execution was just off. Morin put up a valiant fight to make Path mainstream, way after much of the Valley elite had written it off. He could have taken a huge payday early on selling to Google, but he turned it down.
But looking back this was a line in the sand that we all just whistled and looked the other way as the industry crossed over with a simple apology.
You can argue whether or not Path actually did anything that egregious here. There was way more scrutiny than a lot of scandals we’ve seen in the tech world since. And still absolutely no repercussions. Sadly, Path’s legacy may be sending a message to other mobile startups that abusing the privilege of being on someone’s phone is just fine if you don’t get caught or apologize quickly.
Few founders in Silicon Valley are unabashed fans of the legal system. Patent trolls. The Winklevosses. Peter Thiel’s secret campaign against Nick Denton. There’s a lot to hate. Still, it’s sad when the courts are the only ones who don’t forget about something the tech world was once so angry and appalled about.