Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can Blockbuster be Sued Over Facebook/Beacon?

Posted by Zonk on from the facing-the-book dept.

An anonymous reader writes "A professor at the New York Law School is arguing that Blockbuster violated the Video Privacy Protection Act of 1988 when movie choices that Facebook members made on its Web site were made available to other members of the social network via Beacon. The law basically prohibits video rental outfits from disclosing rental choice of their customers to anyone else without specific written consent. Facebook's legal liability in all of this is unclear; with Blockbuster it's a straightforward case of not complying with the VPPA, the law professor says."

19 of 102 comments (clear)

  1. Yes, but... by jo42 · · Score: 2, Interesting

    Didn't Facebook members make their movie choices public in the first place?

    So this public information was then used by someone else.

    What be wrong with this?

    1. Re:Yes, but... by hansamurai · · Score: 3, Interesting

      Yes, the users did give permission to Blockbuster to broadcast their rentals. So this is really an issue between "written consent" that the summary says and electronic consent without a hand-written signature. I would guess there's tons of precedent one way or the other, though I wouldn't know which way this would lean.

      --
      Reviewing just the first hour of video games.
    2. Re:Yes, but... by Tim+C · · Score: 5, Informative

      No, this is about Beacon, the Facebook feature that allowed participating websites to publish stories on your Facebook account about the dealings you had had with them - e.g. items you've bought, or in this case, films you've rented.

      Beacon was particularly controversial because it was not only opt-out, you couldn't opt-out of it altogether, you could only opt-out on a per-participating company basis *after* that company had already published a story. Facebook has since made changes due to the backlash the original version caused.

      This isn't a case of users making information available and someone else using it, this is the Blockbuster website making available information about its users who also use Facebook, apparently in direct contravention of this legislation.

      --
      It's official. Most of you are morons.
    3. Re:Yes, but... by Broken+scope · · Score: 4, Insightful

      The issue is that facebook opts int by default, doesn't fucking tell you, then makes it's it unclear on how you disable the "feature"

      --
      You mad
    4. Re:Yes, but... by IcyNeko · · Score: 5, Informative

      I wrote BBOnline about this, and this was the reply they gave me:

      Thanks for contacting Blockbuster Online Customer Care.

      I'm very sorry for any inconvenience this may have caused. When you log in to your BLOCKBUSTER Online account, the site uses "cookies" to determine if you have ever visited Facebook.com. (Cookies: a collection of information, usually including a username and the current date and time, stored on the local computer of a person using the Internet. It is used by websites to identify users who have previously registered or visited the site.)

      If cookies detect that you have a Facebook account, regardless of whether or not you have installed the Movie Clique(TM) application, then activities on blockbuster.com such as rating movies or adding movies to your Queue will be sent as notifications to your mini-feed and friends' profiles. You will see a "toast" for each action resulting in a notification. If you want to permanently disable the Facebook integration on blockbuster.com, you can easily change these settings on Facebook by clicking on Privacy Settings for External Websites. Under "Allow these websites to send stories to my profile" for Blockbuster, click "Never" and Save.

      You may see a pop-up on blockbuster.com which introduces Movie Clique(TM) encourages you to link your BLOCKBUSTER Online® account to your Facebook profile. If you don't want to see the screen pop anymore, click the "Do Not Show This Again" box and click Save. I hope this information helps, feel free to contact me anytime.

      So basically, they snag your facebook cookie, then they add your rental info on your account without asking permission, forcing itself on your account, and announcing away. It's up to you to then uninstall that shit.

      BBOnline: See you in court!

    5. Re:Yes, but... by anticypher · · Score: 3, Interesting

      Beacon also uses Adobe Flash "stored data" space to write cookie style information, that can be read and written to by any site with a flash bug.

      This was the buzz all this week at a conference on how to make money from internet tracking. Adobe controls the settings on how much information can be written to your local hard drive, and they sell the ability to anyone willing to pay. There is a global setting that users can turn to "off", but Adobe ignores it if they are given enough money. Since Flash tends to be installed system-wide and on all browsers on a machine, it doesn't matter if you clear out browser cookies or try blocking tracking sites. If a partner site sticks a 1x1 pixel flash bug on their site, it has the ability to read tracking info from any other site, and to write back additional information.

      Beacon is clever because it creates a large enough "cookie" that many sites can write into the cookie without changing the size taken on disk. Beacon also defines exactly how to parse the information, and how to write new info without changing the total cookie size.

      Of course, I was just watching a canned demo of this, so the company claiming to be behind Beacon could be making it all up, but the sales pitch was pretty convincing. I haven't the time or inclination to verify this, as I don't ever look at face book, and generally don't allow flash on my machines (which leaves the web looking very poorly these days)

      the AC

      --
      Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
  2. Re:is this by syntaxeater · · Score: 3, Interesting

    Doubt it. If anything, I would guess this will be the case where they decide the term "Specific Written Consent" is synonymous with any EULA or application of your signature to a document.

  3. Re:1988? by spiritraveller · · Score: 4, Insightful

    What exactly has changed since 1988 that should make this law different?

    If the law says that this information must be kept private, the internet and computers don't make it any less private.

    Rather, the newfound popularity of the internet and computers should make privacy even more important, because once information is released, it spreads far more quickly and easily.

  4. Privacy is why I dropped Facebook. by neo · · Score: 5, Interesting

    You can't spend much time on facebook without some third party application asking for personal information. More than that the "viral" content is vicious, asking to check your various mail accounts to send requests for more people to join. This is just friendster with a new twist, but the twist is dangerous. You have no idea who you are giving up your information to. Want Big Brother? Think about how facebook looks to the CIA or NSA and now you entire social network was mapped. Not by them, but by you.

    No, I quit facebook. Deleted as much as I could before I left, but I know they still have it.

    Facebook is dangerous. Period. Go ahead and be a pirate/ninja warrior... but take a look at who wrote that ap. They get your infomation.

    1. Re:Privacy is why I dropped Facebook. by rucs_hack · · Score: 2, Insightful

      Given that the entire point of the site is to share information about yourself, I have a bit of a problem with people complaining that it shares information about them.

      It's a free service, not a charity. They need to turn a profit, like any other company, and the only commodity is the information that you *chose* to give them in the first place. Don't like it? Don't use it, it's ever so simple...

      What's next, people deliberately setting themselves on fire and then suing the company they bought the matches from?

  5. Less ironic than you think. by Anonymous Coward · · Score: 5, Informative
    > People complain that the US's laws aren't keeping up with technology. And yet in this case, a law from 1988 is being applied today. Does anybody else smell the irony?

    The only reason the VPPA exists is because the video records of Supreme Court nominee Robert Bork were leaked. To this day, the act of invading the privacy of a politician for political advantage is called "borking".

    Bork's video rentals were unremarkable, so there were no skeletons in Bork's closet. But from that day on, every Senator and Congressman knew that their video rental histories were also subject to exposure to news agencies, and Washington acted to protect itself. If you've got something to hide, you've got plenty to fear, and Washington was evidently so terrified that they made the VPPA apply to regular citizens, not just politicians.

    The only way we're going to get a pro-privacy law out of the government is for some enterprising hacker to leak the clickstream of everyone in the government about 20 years from now. Today, that won't work -- because 99% of government officials don't even use the "series of tubes", let alone depend on it for their gay hookers and pr0n. 20 years from now, that will have changed, and a similar Bork-style scandal will erupt. Just imagine the kinds of privacy laws we'd have if someone like Sen. Larry "I'm Not Gay" Craig (R-estroom) had been bound for higher office, NSA leaked their logs of his Intertube traffic.

    We know when you've been sleeping,
    We know when you're awake,
    We know if you've been bad or good,
    So be good for goodness' sake!
    Oh, you better not surf!
    And zip up your fly!
    Stop tappin' your toes and trollin' for guys,
    Election season's comin' to town!

  6. Question for any expert... by Anonymous Coward · · Score: 2, Insightful

    This may be a naive question, but I've searched the Facebook developer documents and can't get a straight answer: Do the third-party developers of Facebook apps get access to your profile information?

    For that matter, where does the code for these third-party apps run? Is it uploaded to the Facebook servers (and run from there), or are these third-party developers running code on their own webserver that uses hooks into the Facebook API?

    If I install a Facebook app, does this mean that the developer has access to my profile (even if it is set to "friends only"). Even if the code runs entirely on Facebook's servers, it would seem like it would be easy for a developer to sneak-in code for "phoning home" in some way. Worse, it seems like this proliferation of mini-apps is just begging to create a myriad of security holes that others can exploit to access your restricted profile.

    The very fact that Facebook doesn't clearly define what the flow of information is a problem (beyond useless "we value your privacy" rhetoric and "we can do whatever we want with your data" EULA statements). Does anyone have an understanding of the Facebook infrastructure, and can enlighten us all about what the flow-of-information on Facebook is really like?

    1. Re:Question for any expert... by Skidge · · Score: 3, Informative

      Third-party applications run on third-party servers. They have access to most of your profile information, but aren't allowed to save all but the most basic pieces (user id, network id, etc.) because of the Terms of Service. They aren't supposed to store your friends, even. However, any info that you enter in the app is fair game. For example, if you enter the books you've read in this app, they can store that information.

      The question is, do you trust these 3rd party apps to not store your personal info from your profile?

      For reference, halfway down this page is a decent list of profile information available to developers.

  7. What about Netflix? by Wordplay · · Score: 3, Interesting

    I can see my friends' rental histories on Netflix, and I'm sure they can see mine. I probably checked a box somewhere, but I don't think I consented to this sort of thing "in writing."

  8. Re:is this by faedle · · Score: 4, Insightful

    .. except there is mountains of case law that says otherwise: that EULAs are, in essence, only marginally enforceable.

    This being in some hidden Facebook EULA, or on some 'policy page' for Blockbuster does not mean "the user notifies us in writing". That has specific legal meaning: if they don't have a SIGNED PIECE OF PAPER with the words "I allow you do release my video rental records", they don't have notification in writing of permission.

    All this is irrelevant, anyway: the worst that's likely to happen here is some states' attorney general will file a lawsuit, get it certified as "class action", and Blockbuster will settle out-of-court and pay some piddly fine + attorney's fees and send everybody who asks a $5 for free rentals. Big deal.

  9. Pissed off the wrong guy by stabiesoft · · Score: 2, Insightful

    From what I read, maybe we just need to publish the Supreme court credit card #'s and maybe we can get stronger credit protections too. I don't think this law wouldv'e existed if Justice Bork's video rental habbits had not been published in the newspaper.

    1. Re:Pissed off the wrong guy by KingAdrock · · Score: 4, Informative

      No he isn't.

      From Wikipedia...

      During debate over his nomination, Bork's video rental history was leaked to the press, which led to the enactment of the 1988 Video Privacy Protection Act. His video rental history was unremarkable, and included such harmless titles as A Day at the Races, Ruthless People and The Man Who Knew Too Much. The list of rentals was originally printed by Washington D.C.'s City Paper.[5]

  10. Re:is this by onemorechip · · Score: 3, Insightful

    I don't have a problem with Company X choosing not to produce Movie Y because they don't see commercial potential. Studios have to make those decisions all the time (and bad business decisions are inevitable). After all, they have to put up a lot of resources to get a movie made. But if Movie Y does get made, and Company Z, that is in the mainstream movie rental business, refuses to make that movie available to its customers, only to appease some rabid bunch of loonies, then I have a problem with Company Z. I can also understand it if Movie Y is in some niche market that Company Z doesn't play in. It's the caving in to special interest threats like these that I don't like (this holds, whether or not I had any interest in seeing Movie Y).

    --
    But, I wanted socialized health insurance!
  11. Re:Wrong by Culture20 · · Score: 3, Interesting

    You have a 5 second window to "cancel" the sending of the info, but it's worded in a way that you're forced to think about allow or deny... then it chooses on its own and sends. And... you don't get asked to confirm the post. The post happens whether you want it or not, then you are forced to remove it if you don't want it. Beacon==bad UI from a human user standpoint