On January 15th 2014, Apple settled a complaint with the FTC and agreed to return at least $32.5 million to consumers for in-app purchases that children made without a parent’s consent [1]. In-app purchase is one of the disruptive innovations introduced by Apple in their search for new revenue streams, and this particular feature allows users to make purchases related to content within the application. For instance, the popular application ‘Dragon Story’ allows users to buy ‘Gold’ within the game using real money. In order to initiate an in-app purchase users are required to enter their password to authenticate the transaction.
This issue before the FTC involved applications targeted towards children which enabled in-app purchases to occur without having to re-enter a password each time (Apple has a practice of caching the passwords for 15 minutes). The result is that following an initial password being entered, children were effectively able to continue using real money for in-app purchases without parental consent. Furthermore, applications identified as suitable for children had in-app purchases designed in such a way that it would be difficult for them to assess whether they were spending real or virtual money. The FTC argued that this practice was a ‘material’ misrepresentation causing injury, that the injury was substantial and not outweighed by any countervailing benefits to consumers or competition. Moreover it was an injury that consumers themselves could not reasonably have avoided and hence unfair [2]. In one event, a child spent over $2,600 dollars on ‘Tap Pet Hotel’, while there was no way a parent could have known those charges could occur [1].
These facts lead one to ask: How did this situation arise? Apple is reputed to be a customer friendly company, and even, admittedly, had full knowledge of all of the features that drew the complaint from the FTC ( all such applications are examined and approved for their content before entering the apple store). So what accounts for such a widespread, unfair, practice occurring for such an extended period of time without interruption?
In our opinion, in-app purchases are just one technological innovation to come along and show that the FTC’s enforcement mechanism is unable to keep up with the pace of technology in the internet era [3].
This week’s readings cover several examples illustrating the incredible lag between an illegal practice and the FTC’s ability to force an end to such practices. (As a procedural note, one should know that when the FTC pursues organizations that violate its policies on ‘deceptive’ or ‘unfair’ practices, a ‘complaint’ is issued by the FTC commission detailing what violations have occurred.)
In its complaint issued against Facebook in July of 2012, the commissioners highlight eight different counts of violation, which include misleading its users on the terms of its privacy policy, falsely representing site features, providing information to third party advertisers despite pledges to the contrary, and verifying facebook applications as secure despite having not performed any such verification. In its complaint against Google’s ‘Buzz’ product in 2010, the FTC cites the company for using registered Gmail users’ information to populate this new social networking service without seeking consumers’ consent to use their information. But in each of these cases, the FTC’s complaint was issued long after the violations had occurred – for instance, in the Facebook complaint, the FTC mentions violations that began as early as 2007.
This delay seems partly due to the rules which direct the FTC’s investigation and enforcement actions. For instance, even after all of the proper steps have been taken – including an investigation, and a consensus by the commissioners that wrongdoing has occurred, the commission’s findings only become binding 60 days after their issuance – that is, unless that order is stayed by a court. Furthermore, even if a respondent ignores an FTC commission order, they aren’t even criminally liable. As the FTC states on its website: “ If a respondent violates a final order, it is liable for a civil penalty of up to $16,000 for each violation. The penalty is assessed by a district court in a suit brought to enforce the Commission’s order.” Even in a situation of clear wrongdoing in which the FTC has ruled, a court must still intervene to provide injunctive relief and acquire damages (keep in mind that each of these actions will take days and possibly years). And what is $16,000 dollars in an era of multi-billion dollar companies, where a day can drive millions of dollars in online purchases?
Setup in 1914, the FTC’s role was to prevent unfair methods of competition in commerce as part of the battle to “bust the trusts.” To protect the consumers from unfair practices and deception, it has been trying to write rules telling businesses how to deal with their customers on an industry-by-industry basis. But, with continuously evolving technologies such as mobile technology, online surveillance systems, automated healthcare systems, networked and connected cars, houses, and locks, come new potential threats to privacy and security of consumers. And today new threats emerge faster than ever, and hence pose a great challenge for the FTC to be able to effectively regulate these industries a timely manner.
Even policies that apply in the case of online services such as Facebook and Google may not be relevant for connected devices and the internet of things. Furthermore, it seems that the delays that have been built into the FTC’s enforcement actions mean even if new rules could be conceived of in time, they would still take months to take effect [3]. Months may not have mattered in the era of television, but in the era of click-commerce, such a delay makes current forms of FTC policing completely ineffective.
As new, connected, technologies integrate more and more into our daily lives, there is an increased threat of attack on consumers, especially in the area of privacy. These threats deserve to be faced with the same rigor and urgency with which the government tackles them in the physical realm. In a technological society, justice must be imbued with the ability to keep pace with new marketplaces and the threats they pose to consumers.
Can the FTC, as it currently exists, possibly keep up with the pace of new kinds of deceptive practices in evolving technologies? Can its enforcement and investigative framework be updated to respond swiftly to illegal practices? Or does another body, operating under a different framework, need to be conceived of to face these challenges? Such are the questions we will need to answer if our society is to be able to buy, trade, and live safely in the internet era.
[1] http://www.theverge.com/2014/1/15/5311364/apple-settles-with-ftc-over-in-app-purchases-tim-cook-says
[2] http://www.ftc.gov/sites/default/files/documents/cases/140115applecmpt.pdf
[3] http://www.ftc.gov/about-ftc/what-we-do/enforcement-authority
Readings:
http://blogs.ischool.berkeley.edu/i205s11/files/2011/04/FTC-POLICY-STATEMENT-ON-UNFAIRNESS-1.pdf
http://blogs.ischool.berkeley.edu/i205s11/files/2011/04/FTC-POLICY-STATEMENT-ON-DECEPTION-1.pdf
http://www.ftc.gov/sites/default/files/documents/cases/2012/08/120810facebookcmpt.pdf
http://www.ftc.gov/sites/default/files/documents/cases/2011/03/110330googlebuzzagreeorder.pdf
http://www.ftc.gov/sites/default/files/documents/cases/2011/03/110330googlebuzzcmpt.pdf
http://www.ftc.gov/sites/default/files/documents/cases/2011/03/110330googlebuzzexhibit.pdf