A recent proposed FTC consent judgment sends a warning to avoid default program settings that compromise privacy when setup routines create the impression they do not. The FTC’s underlying complaint against Frostwire LLC, developer of P2P file-sharing applications, alleged that the firm’s software for the Android platform “was likely to cause a significant number of consumers installing and running it to unwittingly share personal files stored on their mobile computing devices with the public.” It’s desktop software allegedly “conveyed a misleading impression to consumers” that certain downloaded files would not be shared, when in fact they were.

The FTC alleged that the Android application was an “unfair design” because the default configuration immediately shared many files already stored on the device with no indication that the files were being transferred. This, the FTC noted, was inconsistent with the way many file sharing applications worked by default, including Frostwire’s desktop client. Moreover, claimed the FTC, if users wanted to share a specific file, they would first have to share a general category (and thus potentially numerous files) and then de-select those that were not to be shared through a “laborious process”–with all of the files available for sharing until the task was complete.

In the case of the desktop software, Frostwire was apparently consistent with many other file sharing applications in making available for sharing files downloaded from other users in the file sharing network. Even though this behavior was arguably expected (as suggested by the discussion of the Android application), the FTC alleged that the default program settings (shown when a user followed a setup wizard) created the opposite impression–effectively representing to the user that downloaded files were not shared by default. Similar issues existed in the user interface for indicating what files were shared (the indicators were alleged to be unclear at best) as well as in program behavior when file sharing was shut off (the choice only applied to files created after the choice was made, a point not at all clear).

Frostwire.pngThe complaint includes numerous screen shots that exhibit the configuration dialogs and status displays that the FTC argued were unfair and misleading. Although far from models of clarity, what is striking is the similarity the interfaces of both applications bear to the operation of other software. While it is not clear from the complaint whether user documentation existed and, if it did, whether it provided a more complete and clear picture of the operation of the software, it appears that even if it did, that would have done little to change the outcome.

Providing adequate explanations of the full consequences of configuration choices in a software interface is an age old (or at least computer age old) problem–and it is exacerbated by the limited screen real estate on mobile devices. The FTC’s complaint and proposed consent judgment send a warning that such ambiguity can be treated as an unfair trade practice if the default result is the unexpected sharing of information. What to do? If your company develops consumer software or web applications, the result here is a reminder of the importance of reviewing more than the license agreement and terms of use. The operation of the software or site should also be part of the review. Does the program interface adequately disclose when configuration choices will expose user data to the others? Do status indicators create confusion. If the configuration changes, is it clear how changes apply. Even if default sharing behavior is disclosed, that choice arguably presents risks because of the potential for debate on the adequacy of the disclosure–especially if the content originated with the user. The FTC’s proposed consent judgment is worth review as it includes fairly extensive disclosure and behavior requirements along with definitions of adequate disclosure and expressions of consent.

In sum, the short lesson is privacy by default–at least as a starting point