Nick Bilton in the New York Times:
A person’s contacts are so sensitive that Alec Ross, a senior adviser on innovation to Secretary of State Hillary Rodham Clinton, said the State Department was supporting the development of an application that would act as a “panic button” on a smartphone, enabling people to erase all contacts with one click if they are arrested during a protest.
Lawyers I spoke with said that my address book— which contains my reporting sources at companies and in government — is protected under the First Amendment. On Path’s servers, it is frightfully open for anyone to see and use.
Bilton’s wrong in stating that address book data at Path is “frightfully open” and, later, that “Path was mining data and storing users’ address books on its servers, and it was also transmitting the data in ‘plain text.’ This would be like mailing a private letter to someone without the envelope.” Data was transmitted over HTTPS which is relatively secure and a reason that Path probably felt they could get away with not hashing the data.
But Bilton’s main argument stands. We don’t know how Path is storing the data and what their security measures are. It’s a serious concern, and as Bilton points out, bad security and privacy measures in app design could get people killed.