Recently, mobile startup Path was caught 'stealing' its users' address books without their permission. Not surprisingly, this created a firestorm in the tech blogosphere.
In response, Path CEO Dave Morin, a former Facebook employee, issued an apology.
"We made a mistake," he wrote. "We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path."
This sounded good, and for some, Morin's note was a case study in how to issue an effective apology.
But others weren't as impressed. Path had to have known what it was doing, they argued, and its theft of users' address books was a clear violation of Apple's policies. The apology was too little, too late for the detractors.
Unfortunately, the debate over Path's actions has devolved into a childish argument between conflicted Path 'investors' who also fashion themselves 'journalists' and 'journalists' who are angry that they haven't been able to cash in on their supposed influence. This junior high school-style argument, complete with cursing and name-calling, distracts from the real issue: the fact that Path was engaging in behavior that is described, at best, as highly-questionable.
When it comes to the matter of whether the company's apology was enough, Path's supporters (conflicted and otherwise) suggest that when a company acts opaquely and unethically, all can be made well by pretending to be transparent and ethical after the fact. The truth, however, is that it's not that easy.
Not all apologies are created equal, and the difference between them starts at what you're apologizing for. Path investor and self-described 'unpaid blogger' Michael Arrington says "The truth is that startups are always in a hurry and always make mistakes," but let's be honest here: deciding to build functionality that uploads your users' address books to your server without their permission is not a mistake resulting from haste; it's a mistake resulting from a lack of integrity.
If your ethical IQ is too low to immediately recognize that uploading and storing your users' address book without their permission isn't an ethical business practice, chances are you have bigger problems than writing an apology that sounds authentic. The same applies to startups whose founders haven't figured out that stealing designs (and hotlinking no less) is not adult behavior.
There lesson here for startups is not "apologize quickly when you make mistakes", but rather "try not to make mistakes for which apologies are demanded." Yes, that's a high standard, but the reality is that for most companies, the path to success is not paved with high-profile apologies. Sure, there are some exceptions, like Facebook, and perhaps Path will manage to find a moral compass before the VC well runs dry and it has to become a self-sustaining business (I personally won't be holding my breath), but companies hoping to build something that's viable over the long haul should do everything possible to ensure that well-written apologies don't become a product line.