Why Al Franken’s Senate subcommittee should give Netflix a hard time about ‘always-on’ Facebook integration

Al Franken at today's hearing. ()
Tweet Share on Facebook Print

When should the law allow providers of books, periodicals, movies, and music to post information about your media diet in social networks such as Facebook?

Should Netflix ask you about each particular movie? Or would blanket authorization in advance to reveal everything be sufficient?

On Tuesday, a Senate committee led by Sen. Al Franken held a hearing about those questions. A little-known 1988 federal statute, the Video Privacy Protection Act (VPPA), requires case-by-case consent for each disclosure of each movie you rent or watch.

This doesn't sit well with Netflix, a company that needs to gain more traction in social and, I suspect, wants to become the Spotify for movies. They want to change that rule to allow a one-time opt-in, and late last year the company got the House of Representatives to pass a bill giving them that—without holding a hearing. Based on reactions in the Senate session (at which I was a witness), it looks like the company will face tougher scrutiny in the upper body.



In one way, the VPPA is an anomaly. Federal law imposes no similar requirements on any other media besides video. That’s largely because its passage came about from a historical accident.

During the bitter battle over the 1987 nomination of Judge Robert Bork to the U.S. Supreme Court, a freelance reporter for Washington City Paper got a clerk at the Bork family’s neighborhood video store to photocopy his handwritten rental records. The resulting article presented little of interest besides the judge’s middlebrow movie tastes, but widespread horror at this privacy invasion spurred a quick and bipartisan congressional reaction. The VPPA was born. (Wags suggested that the legislators didn’t want their own hometown newspapers getting any ideas.)

Maybe things would have developed differently if that reporter had gone to Judge Bork’s favorite bookstores and record shops too, but as it stands there is no federal legislation concerning privacy in those areas. Librarians have jealously guarded the privacy of their patrons’ borrowing for many decades as a matter of professional ethics, and most states have privacy laws concerning library records. A few scattered state laws cover areas such as book sales or satellite TV as well. And that’s about it.

But traditionally the principal privacy protection in these areas was not legal: There just weren’t many centralized records to worry about. Librarians keep records because they need to know if your books are overdue when you come back. Video rental establishments—still fairly new in the late 1980s—started keeping them for the same reason. If you bought instead of borrowing, however, the seller had little reason to remember who you were. The VPPA responded to an emerging technological and business model that incidentally, because of the way it operated, tracked your entertainment choices.

Fast forward (ahem) 25 years. You buy books and download ebooks from web sites that retain your account history to use in everything from order fulfillment to generating algorithmic recommendations for your future reading pleasure. You often store those books on devices like Kindles that remain wirelessly tethered to their producers. You read most newspapers and magazines online. You download your music too, so that Apple or Amazon holds the index to your whole collection. You watch video through some combination of DVR, streaming services, and old-fashioned rental of tangible media like DVDs (though usually now managed online, as many vacant Blockbuster storefronts can attest).

As a result, a few clicks of a mouse probably reveal most of your reading, listening, and viewing of the past year or more. The increased prevalence of these digital records presents an increased privacy problem. And all these new methods of accessing “content” are growing like gangbusters, while the traditional models wither. It seems to me that, rather than diluting the VPPA, Congress ought to extend it to cover other media besides video.

Surely there are embarrassing items on all these lists that you want to keep to yourself. Maybe you’d prefer not to impede your street cred by revealing how often you listen to Katy Perry. Perhaps you’ve bought certain books or movies would reveal underlying private matters related to sexuality, health, finances, or political views—or would lead to mistaken assumptions about those sensitive areas. And, more broadly, you might think these choices are no one’s business.

The VPPA protects video data from disclosure in a wide range of contexts. It requires special court orders before the information is used by law enforcement or in civil litigation. (Imagine what a gold mine DVR data could become in a nasty divorce proceeding). It requires consent every time a video provider discloses individual titles to third-party marketers—with the result that they don’t bother to try and sell that sort of data—although the law does permit them to offer more general information for data-mining, such as the genres of movies a customer favors. And, with the emergence of social networking, Netflix says it prevents integration with Facebook.

At the hearing, I argued pretty strenuously that the current VPPA does not forbid social media integration, it just requires case-by-case consent. Why not, I asked, put two buttons right beside one another whenever a user chooses to stream a film, clearly marked “play” and “play and post to Facebook”? I don’t think I got a satisfactory response from the pro-Netflix witnesses, amidst some muttering about “frictionless sharing” and “consumer choice.”