On October 12, 2011, the FTC announced that it, along with Frostwire LLC and FrostWire’s managing member, Angel Leon, (collectively, “FrostWire”), agreed to a stipulated final order for permanent injunction resulting from the FTC’s complaint alleging that (a) users of FrostWire’s Android mobile file-sharing application were likely to unwittingly share personal files stored on their mobile devices with other P2P users after installing and running the application, and (b) FrostWire misrepresented to users of FrostWire’s desktop file-sharing application that certain files they downloaded would not be shared with other P2P users.
Specifically, the complaint alleged that the Android application shared, by default, all content on the user’s phone, whether preexisting, downloaded or user-generated (e.g. “intimate pictures,” as characterized by the FTC). If the user wanted to limit the sharing by changing the application’s settings, the user had to “laboriously unshare individual files” by affirmatively deselecting specific files not to share as opposed to affirmatively selecting specific files to share. The FTC also noted that there was no notice that adequately informed users of the consequences of the mobile application’s default settings, which amounted to unfair acts or practices in violation of Section 5 of the FTC Act. With regard to the FrostWire desktop application, the FTC alleged that, by not clearly disclosing that items downloaded and saved by a user would be automatically shared in addition to the items in another folder specifically designated for sharing, FrostWire violated Section 5(a) of the FTC Act which prohibits deceptive acts or practices. According to the FTC, users believed that the default settings would allow only the sharing of content in the shared folder, when, in actuality, the application shared all content the user downloaded.
Pursuant to the settlement, FrostWire:
- is prohibited from misrepresenting its file-sharing settings and must clearly and prominently disclose to the user which user-generated files and which downloaded files will be shared and with whom;
- must modify its applications so that the user must affirmatively select which user-generated and downloaded content to share with other P2P users (as opposed to a default setting which allows for sharing);
- must update older versions of the mobile and desktop applications to reflect the terms of the settlement; and
- is subject to standard compliance monitoring and reporting obligations.
Perhaps if FrostWire implemented a “privacy by design” program, as proposed by the FTC in its December 2010 Preliminary FTC Staff Report, it would not have found itself addressing the FTC’s allegations. One thing is certain: This action demonstrates that, as mobile applications that make sharing content ever easier flood the market, the FTC is keeping a vigilant eye on companies that operate in this space so that users can take “intimate pictures” without having to worry about unwittingly sharing them with other P2P users.