Netflix silent about ridicule as it discusses punters' viewing habits
Vid biz's admission shows that no data is private
A tweet sent in jest from Netflix's official Twitter account on Sunday evening has called the company's data practices into question.
"To the 53 people who've watched A Christmas Prince every day for the past 18 days: Who hurt you?" a company representative said, via the social media and election-swaying service.
To the general public, the issue can be summarized as no harm, no foul. It was simply humor, at the expense of a few dozen fans of a recent romantic film that Buzzfeed says is "so bad it's good." More than 336,000 Twitter accounts – and presumably some real people among the bots – liked the tweet while more than 85,000 retweeted it.
Marketing mission accomplished.
To privacy advocates and those in the media, the quip set off alarm bells because it's not clear what kind of data is available to Netflix's employees and what kind of rules govern access to that data.
To understand why video privacy is even an issue, rewind several decades to 1987 when reporter Michael Dolan went looking for and found the video rental history of Supreme Court nominee Robert Bork, who had expressed his view that the Constitution does not support privacy protection. Politicians, perceiving that their video viewing habits might come back to haunt them, passed the Video Privacy Protection Act in 1988.
This may seem like a quaint concern in an era when elected officials shrug off charges of pedophilia, sexual assault, and treason, but there was a time when public image mattered.
In any event, this privacy carve-out lasted until 2011, when it was watered down through an amendment supported by Netflix and other data-focused companies. Nowadays, with so much online surveillance and ad tracking, Netflix viewing habits are probably less troubling than browser histories, but even so, the privacy-conscious are not thrilled by Netflix's cavalier attitude.
Netflix, like many online companies, makes clear through its Privacy Statement that it collects a variety of data about customers – name, email address, address or postal code, payment method, and telephone number, along with reviews or ratings, taste preferences, account settings, title selections, viewing history, search queries, customer service interactions, device identifiers, browser technical data, location, and advertising cookies.
The company says it may also augment data with info from brokers of offline data such as demographics, interest-based data, and browsing behavior.
At the same time, Netflix says it cannot guarantee the security of the data it collects: "We use reasonable administrative, logical, physical and managerial measures to safeguard your personal information against loss, theft and unauthorized access, use and modification. Unfortunately, no measures can be guaranteed to provide 100% security. Accordingly, we cannot guarantee the security of your information."
Nor can Netflix stop talking about it. The tweet in question appears to coincide with the company's publication on Monday of its 2017 year-in-review. And the vid biz is shaming without naming others, such as the Canadian user watched the Lord of the Rings films 361 times.
Spotify has indulged in similar snark marketing based on user-data. Who needs ad copywriters when there's long-tail data to be cherry-picked?
It's all innocent fun until lack of data oversight becomes an issue, as it did when a Twitter contractor shut down President Trump's Twitter account for 11 minutes last month. Other companies, like Google, with Street View engineers deciding to collect Wi-Fi data in 2006, and Uber's 2014 scandal about tracking people using "God View," have been caught misusing data that should have been off-limits. And they're hardly outliers.
The Register thrice asked Netflix to explain itself but has yet to receive any response.
In its defense, Netflix might say its data is anonymized. Such data, however, can often be de-anonymized, as University of Texas researches did with a portion of a Netflix data set in 2007.
But that's not really the issue. The problem is more that an offhanded remark by a Netflix employee serves as a reminder of how our data has become our Achilles Heel.
There's a saying attributed to Cardinal Richelieu, "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
Though he may not have said these exact words, the sentiment is true enough: In an adversarial situation – a court hearing, a job interview, or a border crossing – who among us could not be put on the defensive by captured data? ®
Updated to add
After this story was published, Netflix responded to our query: “The privacy of our members’ viewing is important to us. This information represents overall viewing trends, not the personal viewing information of specific, identified individuals,” a spokesperson said via email.
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Trusted Platform Module
- Zero trust