Federal Law Blocks Netflix, Facebook Integration — But Should It?

Facebook announced a slew of updates Thursday making it easier for millions of U.S. customers to effortlessly share their lives via a new timeline — except for details of the movies they’re renting.

For instance, Spotify customers may now consent to the automatic publication on Facebook of the songs they’re listening to. Netflix customers can do the same with the movies they watch — so long as they are in Canada or Latin America.

However, Netflix’s U.S. customers are left in the automatic sharing dark. That’s because federal law bars Netflix from offering the same type of effortless sharing in the United States.

The Video Privacy Protection Act is nearly a quarter century old. Congress adopted the measure in 1988 after failed Supreme Court nominee Robert Bork’s video rental history was published by the Washington City Paper during confirmation hearings. The act outlaws the disclosure of video rentals unless the consumer gives consent, on a rental-by-rental basis.

So now, Netflix and members of Congress are teaming up to update the law for the Facebook generation.

Whether there’s too much information being shared on social networking sites is not the issue. People seem increasingly obsessed with sharing every tidbit of their lives on electronic social networks like Facebook — from who is dating whom to what’s for breakfast.

The real issue is whether we should be alarmed by the proposed Netflix legislation (which some say was purchased with $200,000 in Netflix lobbying).

The privacy community is mixed, and Facebook has already been sued for posting Blockbuster rental information.

Here’s what the proposed H.R. 2471 does: It allows consumers to opt-in and grant ongoing consent to Netflix or other video services so video rental choices will automatically be shared via social networking tools such as Facebook’s new feeds. The Video Privacy Protection Act, as written, requires rental-by-rental consent.

“That’s a logical change,” said Jim Dempsey, vice president for public policy at the Center for Democracy and Technology.

“We would want to make sure it is implemented in a way that the consent is not buried on page 17 of the terms of service,” he said. “If users are given sufficient notice, and they have the right to revoke their consent at any time, they should be able to consent to sharing of their data.”

Marc Rotenberg, executive director of the Electronic Privacy Information Center, said H.R. 2471 is not a good idea. He said Facebook users, if they choose, can already update their timelines manually with the movies that they are watching.

“There should be more privacy protections for users,” he said. “This is ultimately about control, about whether the user decides when to disclose what’s going on in their private life. Or do the companies get to decide?”

EPIC says on its website that the law “stands as one of the strongest protections of consumer privacy against a specific form of data collection.”

Jonathan Strickland at howstuffworks.com said Netflix chief Reed Hastings went too far when on Thursday he called the Video Privacy Protection Act “outdated.”

“While I’m sure Hastings simply meant that the law is out of date because of developments in the digital age, it felt like he was just shrugging off what has been a cornerstone of consumer privacy protection in this country. I find that sort of dismissal chilling,” Strickland wrote.

But should the Video Privacy Protection Act be altered to allow Netflix or other rental services to integrate with Facebook or other social networks automatically, without the need for a user to hit a share button? Clearly that would make Facebook users even bigger advertising pawns than they already are, and it could end up causing some embarrassing moments for those who forget the feature is turned on before they start watching a tear-jerker or a steamy foreign flick.

But regardless of that possibility, Congress should give the people what they want.

And while lawmakers are busy revising laws outdated by the march of the internet, they should reform the 1986 statute that says the government does not need a probable-cause warrant to seize your data stored in the cloud if it’s older than six months.

The Electronic Privacy Communications Act of 1986 allows that — based on the outdated theory that data left on a third-party server for a long period of time could be considered abandoned. Legislation to change that was introduced in May.

However, Senate Judiciary Committee Chairman Patrick Leahy (D-Vermont), the measure’s sponsor, has not granted his proposal a committee hearing. If he did, that’s a hearing we wouldn’t mind automatically sharing with our Facebook friends.

Photo: rachellynnae/Flickr

Phish Tastes Better Than Spam

Thanks to Shravan Shashikant and the Norton Confidential Online team for providing the data, and to Christopher Mendes for compiling it.

Does phish taste better than spam? Yes, perhaps it does. Allow me to explain.

The recent past has been one of the most volatile financial periods in history. World economies have reached a very critical stage—sovereign debt crises, bailouts, loan defaulters causing banks to shiver, sales shrinkages causing trade surplus, and bankruptcies. Add to all of this the fears of a double-dip economic recession theory making the rounds and it looks like a really dreadful picture.

But how does this affect the consumer from the point of view of email security? The consumer is the fulcrum point, the hinge of the story! All these negatives hits consumer spending in a very big way. The first wave of recession had definitely dented consumer confidence, and with the “Double Dip” theory lurking on the horizon it could be anybody’s guess. Logically, then, consumers felt their money was safer in the bank rather than in their wallet. The pangs of recession have definitely affected world economy and consumer spending.

This volatile economic state has perhaps impacted the strategy of email spammers in a very defining way as well, especially from the point of view of pushing additional spam mails. A paradigm shift is being observed from spam to phishing. Therefore, it is worth lending some thought to the modus operandi of spammers.

A major source of survival for spammers is consumer spending. With the recession eroding world economies, consumer spending has taken a major hit. Spammers, who thrived on luring consumers to spend money, have definitely been dealt a severe blow. After all, who is going to be lured by spammed products during tough financial circumstances? What logically follows in the worldview of a spammer is the money in your bank account rather than that in your purse. Or, in other words, spammers will shift to baiting consumers with phishing emails to try and steal banking credentials when they know their spam campaigns aren’t working.

To see if this argument holds weight, let’s look at the graph below, which explains how spamming and phishing have panned out from the time the last recession hit us. Perhaps the world economic scenario itself is reflected:

The spam trend lines show a gradual but decisive move from the time the last recession struck. There was a recovery that was not sustainable and then there was a gradual decline. But, the last twelve months have been decisive, during which world economies struggled to remain buoyant. This is also reflected in the spam and phish demography.

There is a clear divergence visible in the chart during this time: a steady fall in the volume of spam and a steady rise in the phishing volume. Of course, the spam volume is definitely huge as compared to the phishing volume. But, the movements are noteworthy, keeping the global financial status in mind.

Coincidentally, another major event that took place during this time (around mid-March 2011) was the forced shutdown of Rustock. This event also was a trigger for a drop in global spam volumes by one-third. However, the overall declining spam trend was seen way before this shutdown took place and can be traced from August 2010:

The average volume of phishing increased exponentially—by a whopping 49%—between August 2010 and August 2011, compared to the average phishing URL volume seen between February 2009 and July 2010. On the other hand, during the same time frame, the volume of spam fell drastically—by 42%. In other words, the point at which phishing began to rise is near to when financial jitters raised their ugly head and spam volumes dropped off.

Therefore, what people need to focus on during difficult financial times is not only protecting their wallets and purses, but also their credit cards and any money in the bank. Remember, in difficult times, phish tastes better than spam! We at Symantec are closely monitoring these ripple effects. We would like to remind you to keep your security products updated to stave off all such malicious advances from spammers who will just as easily don a phishing hat and try their luck hooking into your bank account.

Net Neutrality Rules Published, Lawsuits Soon to Follow

The FCC has finally officially published long-delayed rules prohibiting cable, DSL and wireless internet companies from blocking websites and requiring them to disclose how they slow down or throttle their networks.

The so-called Net Neutrality rules (.pdf), passed along party lines in late December last year in a 3-2 vote, were published in the Federal Register Friday and will go into effect on November 20.

The basic outlines of the rules, which differentiate between fixed broadband (e.g. cable, fiber and DSL) and mobile broadband (the connection to smartphones and mobile hotspot devices):

The Commission adopts three basic protections that are grounded in broadly accepted Internet norms, as well as our own prior decisions.

First, transparency: fixed and mobile broadband providers must disclose the network management practices, performance characteristics, and commercial terms of their broadband services.
Second, no blocking: fixed broadband providers may not block lawful content, applications, services, or non-harmful devices; mobile broadband providers may not block lawful websites, or block applications that compete with their voice or video telephony services.
Third, no unreasonable discrimination: fixed broadband providers may not unreasonably discriminate in transmitting lawful network traffic.

One of the more contentious debates, left unresolved to either side’s liking, is whether wireless companies should be forced to play by the same fairness rules as cable and DSL internet providers do. Online activists argue that in absence of such rules, wireless carriers will throttle innovative services — while the carriers maintain that their networks are more congested and that competition will prevent any unfair behavior on their part.

Verizon and MetroPCS filed suit in January to block the rules, but the suits were dismissed as being too early. Now that the rules have been officially published in the publication of the government’s business, telecoms are free to challenge the rules — which they almost certainly will do.

The Obama FCC, making good on Obama’s campaign promises, set out to strengthen rules established by the Bush FCC that guaranteed Americans the right to use the devices and online services of their choice online. But those “rules” were set up as the FCC chose to deregulate cable and DSL internet service providers — and were thrown out in court when the FCC tried to order Comcast to not block peer-to-peer file sharing.

The court found that by choosing to deregulate ISPs, the FCC lost the right to regulate ISPs.

The FCC then faced the choice of re-regulating ISPs by putting them back in the same regulatory bucket as phone service, which gives the FCC clear authority to require ISPs not to block services like Skype and to require them to let users connect to any website they like — the same as phone companies must let users call any number they like.

But that avenue turned out to be politically poisonous, with Republicans clamoring nonsensically that amounted to regulation of Internet content.

So instead the FCC says it found new authority to regulate ISPs that it has deregulated, though it’s not clear that the new authorities, which look cobbled together with Legos and Lincoln Logs, will hold up under scrutiny, especially if the telecoms get their way and have the suits heard by the same federal court that demolished the old rules.

In that case, the fights, lobbying and political posturing will start all over again.

Photo: Cables running to and from servers. Camknows/Flickr