Netflix Sued For Privacy Invasion

We've discussed the Netflix Prize numerous times as the contest ran, including the news two years ago that the anonymity of the dataset had been broken. Now reader azoblue sends in this excerpt from Wired: "An in-the-closet lesbian mother is suing Netflix for privacy invasion, alleging the movie rental company made it possible for her to be outed when it disclosed insufficiently anonymous information about nearly half-a-million customers as part of its $1 million contest to improve its recommendation system. ... The lead attorney on the new suit, Joseph Malley, recently reached a multimillion-dollar settlement with Facebook over its failed Beacon program, which drew fire in part for sharing users’ Blockbuster rentals with their friends. ... If a data set reveals a person's ZIP code, birthdate and gender, there's an 87 percent chance that the person can be uniquely identified." The suit turns on the question of whether Netflix should have known that their dataset's anonymity could be broken, two years before researchers demonstrated that.

Yes

[RichardJenkins]

How large an area is a zip code in the states? I think in the UK if a company publicly released sensitive data about a people with their birthday and postcode attached there'd be outrage. Muppets.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Diss Champ]

It depends on whether it is the long zip or the short zip. The short zip is 5 digits, and that's what most people use when sending personal letters and such; the shorter zip adds additional digits and narrows things considerably.

Some quick back of the envelope says that 5 digits has 100,000 combinations, meaning that you only have thousands of people (~3k) per zip (some zips more, some less, they assigned them before some population movement). With 366 possible birth days across a number of years (I'm assum

Re:

[mcgrew]

Springfield, Il (Where Alderman Simpson lives) has a population of 110,000 and roughly five zip codes.

Re:

[AnotherUsername]

My zip code has around 4,000 people in it. This includes a town, several townships, and the countryside in a 10 mile diameter circle around the town. A person wouldn't have to do much digging to find out who so and so is based on a zip code and a birthday.

Re:

[oldspewey]

300000 people in a single ZIP code? In Canada, a unique Postal Code covers maybe 50-80 houses along a street or two, or at most one large condo building with 2000 residents or so.

Within a pool of 2000 (or fewer) people, I can see how gender and DOB could provide unique identification with 87% accuracy. Within a pool of 300000? Not so much.

Re:Yes

[E IS mC(Square)]

There is a difference between US zip code system and Canadian one.

In the US, there is zip5 + zip4 (total 9 digits). If you use both, you are talking about 2-3 houses on a street. This is equivalent to Canadian 3+3 system. But a five digit US zip code may mean anything from one business building to very large number depending on the density.

Re:

[E IS mC(Square)]

Hey, I was not pulling that out of my ass. I work on similar system right now and know something about zip codes :-)

Now about your theory, here is a better explanation (from http://en.wikipedia.org/wiki/ZIP_code#ZIP_.2B_4 [wikipedia.org])

"A ZIP + 4 code uses the basic five-digit code plus four additional digits to identify a geographic segment within the five-digit delivery area, such as a city block, a group of apartments, an individual high-volume receiver of mail or any other unit that could use an extra identifie

Re:

[akcpe]

There's really two different ways of listing the code actually, one of which would probably get you down to that level. Zip code is 5 digits + 4 additional digits. When mailing something only the first 5 are required. the additional 4 would likely identify you down to the street level. 12345-XXXX would get you there, but there may be a hundred thousand people in all of 12345. Its unclear to me which Netflix released. Generally the mail I receive with an automatically generated address label (such as from

Re:Yes

[MBGMorden]

Generally the mail I receive with an automatically generated address label (such as from Netflix) includes the -XXXX

Just a note, but the reasoning for that is that bulk mailings have a series of steps they can perform to get postage discounts. CASS certification of the address is one of those. It requires lots of things be done to addresses - St. in a city name for example must be spelled out as "Saint" since St is used as the abbreviation for "street". you also have to consistently abbreviate the street names. You can't write out "Street" in the street name unless it's part of the actual name (ie, "Market Street Rd" would be fine, but not "Market Street"). Among the restrictions though is also a requirement that you use the full Zip+4 zip code.

I can't remember the exact discount but IIRC it's around $0.08 per letter. Not a lot, but where I'm at for example we do several large mailings per year that end up between 70,000 and 90,000 letters in volume. With postage bills for those things being tens of thousands for dollars, that $0.08 per letter adds up fast.

Re:

[E IS mC(Square)]

>> Its unclear to me which Netflix released.

At the most, the zip5 (and not full).

The address you see on the envelop can be (slightly) different than the one stored as part of your profile, because, most likely, as part of their mass-mailing program, they would do address standardization/correction and generate a more accurate address.

Re:Yes

[TheSeventh]

Was it necessary to release the birth date of the users? As if the day of the month you were born in would matter in which movies you liked? No more than month and year should have been included, probably no more than the year.

The problem is most people don't think, and those that do, don't think about what they're doing from a security standpoint. "Will this work?" or "Will this be safe?" is vastly different from "Can this be abused?" or even "Is all of this really necessary?"

Re:

[Faux_Pseudo]

This way the practitioners of astrology could finally offer up proof that the planets have an influence on our lives. Then they could have gotten not just the Netflix money but the JREF money too.

Or maybe they were just not thinking? Naa.

Re:

[AusIV]

In some less dense areas the +4 will be specific to a house. I can't imagine netflix would have released that and claimed their data was anonymous.

Re:

[tenton]

I'd better go change the code on my luggage.

Re:

[kent_eh]

300000 people in a single ZIP code? In Canada, a unique Postal Code covers maybe 50-80 houses along a street or two, or at most one large condo building with 2000 residents or so.

Or an entire small town, and all the farms surrounding it.

For instance, Minnedosa, Manitoba [wikipedia.org] has one postal code, which is for the post office building and all the mail boxes located there. The town and surrounding farms are all postal code R0J 1E0. Current population is a bit over 2500, probably closer to 3500 mailboxes when you count in businesses and farmers.

But in the cities, you are right. One postal code can be as few as one side of a street for one block.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:netflix tracks birthdates?

[fwice]

I just signed up for an account. It asked for your birthday on the page with your address. However, it _was not_ mandatory.

I conveniently skipped the 'birthdate', 'gender', and 'your opinion of these genre' sections.

Re:

[hrieke]

But, now depending on your movie selections a good system will be able to defer those bits of information.
Data leakage happens; just computers made it easier to do the grunt work.

Re:

[hrieke]

Thanks for the correction.

On your line to a for film school- NF would notice a group in a zip code or a short distance from one another all selecting the same films- adding external data sources to this should be able to determine if someone is in school and if so what classes they are taking (see the ability to tie movie reviews to facebook data sets).
Further, the longer someone rents from NF the larger the dataset is, so a more complete idea of what the person likes and dislikes should pop out, and someth

Re:

[mrisaacs]

Actually the film student model would not necessarily create a cluster.
The student might be taking a class via a distance, on-line or weekend program, and the school may not be local. The other students could be scattered over a large area, even distributed across the country.

Re:

[hrieke]

Strong correlation between the time window and sequence of films in the queue would ID the students.

Re:

[bmearns]

I'm guessing they probably ask if you're renting adult material. If the mother was outed by the movies she rented, she was probably renting adult material.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Belial6]

That depends on what you consider adult content. While Netflix claims that Alice In Wonderland: An Adult Musical [netflix.com] is rated R, the movie it self has an X rating notice at the beginning. And, while they did cut out the actual close ups of insertion, Pirates [netflix.com] was filmed as a full on porno.

So, while they many not have much, and it may not be hard core by today's standards, they do have adult content.

Re:

[Neon Spiral Injector]

Netflix has no "adult" material. Sure, a few NC-17 films (many of them for violence as much as sex), and some unrated titles, which may get a little blue. But nothing like the backroom of local rental stores.

They don't require an age to be specified because they assume if you have a credit card (which is required) then you can rent anything they have.

Re:

[Neon Spiral Injector]

They do have a "Gay & Lesbian" genre, which includes such films as (from the first page):

Milk
The L Word
Angels in America
Midnight in the Garden of Good and Evil
Fried Green Tomatoes

Re:netflix tracks birthdates?

[Verdatum]

And the crux of the lawsuit is the presumption that straight people are not allowed to like these movies...wait...I liked Milk quite a bit, and Angels in America was one of the most incredible things I've ever seen. Damnit, my girlfriend is gonna kill me when I tell her I found out I was gay...via Slashdot no less.

Re:

[flabordec]

Don't worry! You're not gay. My system says you are a lesbian mom!

Re:

[Sloppy]

I haven't seen any of those movies, but damn did I laugh hard in Victor/Victoria so I guess that means I'm gay, or at least a cross-dresser.

I also liked Robocop, so I'm outed as a cyborg (goes well with my transvestism). And since I'm a Star Trek fan too, now everyone knows where I got my cyborg technology, and they know the perverted details of my transvestism, which is that it's not so much about putting on dresses, as it means that I use a lot of green body paint. Nothing turns me on so much as "going

Re:

[MikeBabcock]

You mean straights don't like lesbian content now? When did this happen?

Re:

[T Murphy]

If the birthdate is just for adult material, they may as well just ask for the month and year- or only let the month and year be used in algorithms.

Birthdate?

[chill]

The entire birthday? Holy crap! What did they expect?! Even just narrowing it down to birth year gives you a way to narrow the set considerably when combined with the other two items. What was wrong with the traditional "18-24, 25-40, etc." age ranges?

So lemme get this straight...

[Carik]

... this woman is a closeted lesbian. She came to the realization that, if someone hypothetical person were to come along and get into the NetFlix user data system, he could find out she's a lesbian. In order to protect herself from being potentially exposed, she decided to join a high-profile national lawsuit, charging that they had created a potential for people to find out her sexual preferences. How many days do you think it'll be before her picture is all over the web, sitting right next to the headline "formerly closeted lesbian pulled out of closet by attaching her name and face to a privacy lawsuit"?

Re:So lemme get this straight...

[Registered Coward v2]

In order to protect herself from being potentially exposed, she decided to join a high-profile national lawsuit, charging that they had created a potential for people to find out her sexual preferences. How many days do you think it'll be before her picture is all over the web, sitting right next to the headline "formerly closeted lesbian pulled out of closet by attaching her name and face to a privacy lawsuit"?

She filed as a Jane Doe to protect her privacy.

Re:So lemme get this straight...

[Carik]

Right. And of course the real names of people who file anonymously NEVER get out.

Re:

[Registered Coward v2]

Right. And of course the real names of people who file anonymously NEVER get out.

To me that's a separate issue - anyone filling a Jane/John Doe lawsuit has to expect their name would eventually become public information.

Re:

[Carik]

anyone filling a Jane/John Doe lawsuit has to expect their name would eventually become public information.

Exactly. So she's just come out on her own... in order to sue someone for the potential that someone going through their data MIGHT be able to figure out that she's a lesbian.

My point is still the same... she's given up on her privacy in order to sue someone for a potential (but not yet real) breach of privacy.

Re:

[rhsanborn]

While she may be suing for money, it's not unreasonable that she is willing to accept some backlash and her outing for the sake of justice. Companies would be able to get away with gross privacy breaches if there weren't people to keep them in check like this.

Re:So lemme get this straight...

[Bakkster]

My point is still the same... she's given up on her privacy in order to sue someone for a potential (but not yet real) breach of privacy.

It's a catch-22, no doubt, but at least this way she can possibly force Netflix to fix the initial problem.

She chose to be proactive, rather than sit and worry. Can't fault her for that. Besides, it is hardly a forgone conclusion that she will be revealed as the Jane Doe in a reasonable time frame.

Re:

[Carik]

True. And it's hardly a forgone conclusion that anyone she would ever meet would be involved in analyzing the data from NetFlix. Yes, there's an 87% success rate (according to the article), but how many people are actually doing that analysis? And how likely is it that they would publish the results in her town? Or than anyone in her town would READ the results if they were there?

Drawing attention to herself just ensures that anyone who does look will try to figure out who she is.

If she's consciously ma

Re:

[Bakkster]

Isn't the point of privacy protections to prevent these unlikely circumstances from ever needing to be considered? Add the fact that the dataset is publicly available and it's even more severe. It's a breach of privacy, regardless of whether it is exploited or not.

Besides, I'm sure there are trolls out there who would get their jollies purely by skimming the dataset to find people with embarrasing movie habits purely to expose them. Why wait until that happens when you can file as a Jane Doe to prevent i

Re:

[kent_eh]

Or she figured that she's already been outed, so she might as well do something so it soesen't happen to someone else in the future.

And , of course, there's the money.

Re:So lemme get this straight...

[Verdatum]

Because first you get the money, then you get the power, then you get the women. That's one clever lesbian!

Re:

[Hijacked Public]

Above is the most brilliant thing ever posted to Slashdot.

Re:

[Carik]

But if I get used to it, it will stop being so funny!

Honestly, I find the whole concept amusing. "You made it theoretically possible for some small number of people I don't know and will probably never meet to find out something about me I'd rather keep private. Therefore, I will do something much more likely to make that public among LOTS of people! THAT will show you!"

Re:

[nomadic]

To me that's a separate issue - anyone filling a Jane/John Doe lawsuit has to expect their name would eventually become public information.

I don't know if that's true, there are plenty of lawsuits where anonymity is maintained. I'd guess most of them.

Re:

[Beezlebub33]

Probably. But her reasoning for doing so is not entirely clear. Possibilities include:
o Money
o Honest outrage
o Conscious or subconscious desire to out herself
o Honest desire to prevent the outing of other people

Re:

[Xtravar]

And if she wins, how exactly does she explain the influx of money to her family?

Re:

[nomadic]

She's asking for injunctive relief. None of the plaintiffs will get money if they win.

Re:So lemme get this straight...

[Rogerborg]

I bet if she got more injunctive relief, she wouldn't be a lesbian.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

Netflix shows what you watch to others that are your "Netflix friends". It's a minor social network that allows you to pass recommendations to others. If they're really snoopy they can see what you watch...but there's also an option to cut that off that's about five clicks deep in the settings.

So, if all you do is rent skinimax flicks. Yeah, I could see feeling exposed...but honestly, I don't think it's a big deal.

If privacy is such a big deal to people, they need to get informed. End of story. You can't ha

Re:So lemme get this straight...

[corbettw]

It's all the Rosie O'Donnell and Margaret Cho comedy specials in her queue.

Re:

[Yo Grark]

You're right, that was TIVO:

http://snarkiness.typepad.com/snarkattack/2002/11/my_tivo_thinks_.html [typepad.com]

Yo Grark

Re:

[hansamurai]

IANAL, but she's filed the suit as Jane Doe. Whether this actually protects her or not someone who is a lawyer may be able to chime in.

Re:

[multisync]

In order to protect herself from being potentially exposed, she decided to join a high-profile national lawsuit ... How many days do you think it'll be before her picture is all over the web

From TFA:

That's why the lesbian mom joined the lawsuit as a Jane Doe [wired.com], according to the complaint

But bonus points for "lemme get this straight"

Re:

[TheSeventh]

However, this is a good response to Google's stance on privacy issues that "if you're doing something on the internet you don't want anyone to know about, maybe you shouldn't be doing it."

I don't see how renting whatever mainstream movies she wanted and wanting to keep her orientation a private matter equates to "something she shouldn't be doing."

Filing as Jane Doe?

[whoda]

How can a legal-aged adult file as Jane Doe just because of her secret of being 'in the closet'?

Re:Filing as Jane Doe?

[Registered Coward v2]

How can a legal-aged adult file as Jane Doe just because of her secret of being 'in the closet'?

Simple - the judge gets to decide if her privacy rights outweigh the public interest in keeping lawsuit information available to the public. for more information see: http://www.legalmatch.com/law-library/article/filing-a-lawsuit-anonymously.html [legalmatch.com]

To me allowing a Jane Doe suit in such cases is not unreasonable; whether or not her name wil eventually become public is another matter.

Re:

[Rogerborg]

Perhaps pecause being a lesbian in Los Angeles, CA (pop. 9,862,049 [census.gov]) is very different from being a lesbian in Moss Landing, CA (pop. 304 [city-data.com])? Not everyone is as broad minded as big city folks.

Re:

[Rogerborg]

Not everyone is as broad minded as big city folks.

The ignorance! It burns!

Us big city folk with our fancy book-learnin' call that gasoline.

Re:Filing as Jane Doe?

[Nadaka]

no. Being a lesbian does not mean she cheated on her husband, even if she is still married. For example, this is slashdot, I believe there are a lot of heterosexual men here who have never even touched a woman.

Re:

[Anonymous Coward]

For example, this is slashdot, I believe there are a lot of heterosexual men here who have never even touched a woman.

They don't want to cheat on themselves

Re:

[Verdatum]

Infidelity? WTF? That's a major leap of logic. Because she prefers chicks, she obviously cheated on her husband? Who modded this up?

Re:

[CoderJoe]

While I don't agree with the leap, I think I can kinda see where they got the idea. She prefers chicks and doesn't want anyone to know. Because she doesn't want anyone to know, she obviously has done something wrong, etc.

It is all a load of hogwash. That's the same logic that comes to the conclusion that if you use an envelope to mail something, you must be doing something wrong.

Re:

[chrysrobyn]

Throw in a good chance that if her id is revealed her husband may be able to divorce on grounds of infidelity.

I'm not familiar with the odds, but there are a whole wide range of other possibilities. I went to college with a girl whose mom was a lesbian. She had married young to the guy who made all the sense in the world, who loved her and who treated her like a princess, assuming she'd fall in love eventually. Their marriage was consummated, producing a daughter. Mom figured things out, they divorced a

Re:

[AnotherUsername]

Throw in a good chance that if her id is revealed her husband may be able to divorce on grounds of infidelity. Realistically, for her to declare that she is "in closet" and that Netflix did something to jeopardize her status she is effectively stating she is or has committed adultery. Needless to say that would put her on weaker footing should a divorce case come along.

So, protection from self incrimination?

• Or she is just trying to avoid the backlash of being a lesbian in a morally conservative area where people talk about homosexuals burning in a pit of fire for eternity.
• Maybe she wants to protect her children from the ridicule that comes with having a homosexual parent(kids are cruel).
• Perhaps her beliefs don't include divorce
• Maybe she loves the person she is married to, but she is just not sexually attracted to them, but she doesn't want to hurt them because of this.
• Or maybe she just wants to come out on he

Outed by movie rentals?

[grapeape]

"The member’s movie data exposes a Netflix member’s personal interest and/or struggles with various highly personal issues, including sexuality, mental illness, recovery from alcoholism, and victimization from incest, physical abuse, domestic violence, adultery, and rape."

Isn't this a bit of a stretch. I've rented a rather broad range of films, over the past year some of the films I have watched include Apt Pupil, Lords of Dogtown, Girl Interrupted, A History of violence, A Beautiful Mind, Brokeback Mountain and Super High Me. Evidently I'm a mentally disturbed,abusive, homosexual, drug abusing, skateboarding, autistic nazi and didn't know it.

The woman who was outed wasn't outed by her movie choices but by her paranoia leading to her own disclosure.

Re:Outed by movie rentals?

[ViViDboarder]

Exactly what I was going to post! This is crazy. Also, I'd really like to know how someone drew the conclusion that she was a Closet Lesbian from her movie rentals AND that someone randomly picked her out of the huge database AND then took the time to find out who she was and then took the time to notify all her friends... All this for the interest of being malicious towards a stranger they will probably never see...

Seems a little far-fetched.

Also, the summary is poorly written because it makes it seem like the Zipcodes and Birthdays have been released when they haven't. http://www.wired.com/images_blogs/threatlevel/2009/12/doe-v-netflix.pdf [wired.com]

http://it.slashdot.org/story/07/11/27/1334244/Anonymity-of-Netflix-Prize-Dataset-Broken [slashdot.org] Shows that it's possible, but it's not like anyone could draw a conclusion on Sexuality with any certainty by those means.

Also, after reading the article it seems like they HAVEN'T released Birthdays and Zip Codes but that this is only planned for the second iteration. They only had unique ids for users and ratings... The privacy was breached by people datamining other resources. From what I gathered... the people got the identities of people by matching ratings with IMDB ratings... Which in that case I don't think Netflix really provides any more information about someone than they have already made public via IMDB.

Re:

[kabloom]

Either it's a privacy violation, or it's not. It shouldn't have anything to do with whether the woman is a Lesbian, or whether that particular fact can be inferred from the data. (Certainly there are easier facts to infer that would be equally if not more compromising to privacy, such as so-and-so rented pornos.)

Re:

[Spazztastic]

Isn't this a bit of a stretch. I've rented a rather broad range of films [snip]

I share a Netflix account with my mom. I have the movies go to her address and I use the streaming to my 360 at my apartment. Going by what you mentioned, they must think I'm a menopausal woman who has an infatuation with James Bond.

Re:

[willworkforbeer]

Honey, is that you?

Um...

[fredklein]

If a data set reveals a person's ZIP code, birthdate and gender, there's an 87 percent chance that the person can be uniquely identified

What idiot answers all those questions correctly?

Re:

[Bakkster]

Yeah, only people who want deliveries to their actual house give their correct ZIP code!

Re:

[fredklein]

Do you also give your Gender and Birthdate in order to get stuff delivered?

So...yeah.

Re:

[Bakkster]

Do you also give your Gender and Birthdate in order to get stuff delivered?

Only when I'm being facetious ;)

Congratulations! Now the world _knows_.

[Golddess]

So while before all that was available was a list of rented films which she seems to think indicates that whoever rents them can indicate that the watcher is gay (which I'm having a hard time making the leap from "if someone watches movie X, Y, and Z, that means they are gay), now the whole world knows she is gay.

Where are the photos?

[Vinegar Joe]

Is she hot?

Re:

[Anonymous Coward]

No, this is a real-life lesbian, not a "lesiban" from porn. She probably looks like Rosie O'Donnell.

Re:

[LoverOfJoy]

Do a google image search on Jane Doe. It looks like she's had plastic surgery numerous times but most if not all of her images are not particularly attractive.

Re:

[mrs clear plastic]

Are you also a lesbian? If not, then you are irrelevant.

Don't you need to have actual damages?

[joeflies]

The way that I thought that it worked was that you sue in civil court when you actuall suffer damages even when the other party was doing something illegal.

For instance, you can't sue a drunk driver for almost hitting your car. You could press that they did something illegal and have him charged in criminal court, but there's no payday in that. Given that these types of cases seem to be this lawyer's modus operandi, I'm thinking that this case is more about the payday and not about building stronger standards for privacy.

Re:Don't you need to have actual damages?

[nomadic]

The way that I thought that it worked was that you sue in civil court when you actuall suffer damages even when the other party was doing something illegal.

In cases at law, for example tort or contract cases, you generally do. This is a case at equity, so the plaintiffs are trying to get injunctive relief (also attorneys fees, but that's considered ancillary to the injunction).

Stop giving out personal info that isn't needed

[harmonise]

if a data set reveals a person's ZIP code, birthdate and gender, there's an 87 percent chance that the person can be uniquely identified.

Why are you giving Netflix your birthdate and gender in the first place? I never give those things to companies, and if I can't avoid it (forced to enter something when signing up) I give bogus information. Neither of those are any of Netflix's business.

Re:

[aicrules]

Certainly if you think some important secret of yours will be revealed by giving Netflix that information, you shouldn't give it. However, for me, I like giving them that information because they have used it to recommend movies quite successfully. I don't care if anybody knows I watched Kate & Leopold three times in a row. I'm not going to go out of my way to post what I watch on my FB profile, but if it was there, I wouldn't care.

Re:

[KraftDinner]

The issue I have sometimes with giving a fake birthday is that it's usually a security question when you go to try the "forgot password" function. If I were to give a different birthday every time, I wouldn't remember which is for which. I suppose I could just give the same fake birthday every time, though.

Re:

[harmonise]

I wasn't blaming the victim and I never mentioned the victim. You put that connection together yourself so you should think about why YOU are blaming the victim. And "irregardless" isn't a word.

Jane Doe - If we don't know who the mom is..

[log0n]

then how was she outed?

The closet can be a scary, stupid place

[name_already_taken]

Speaking as a gay guy with a lot of gay and lesbian friends, I can tell you that some people get really worked up over being "in the closet". They can start to worry about really stupid things that are outside of the bounds of possibility, and work themselves into all kinds of trouble.

Case in point: a friend of mine got herself fired over this. She knew that her supervisor didn't like gay people and so she was in the closet, as far as work was concerned. She got called up for jury duty. The court case didn't last long at all, but in the meantime, one of our mutual friends' father passed away. So, my friend was invited to the funeral which happened to fall on the day after her jury duty ended. She was so worked up over the idea that her boss would figure out that she's a lesbian if she took a personal day to go to her gay friend's dad's funeral that she lied and told her boss that she was still on jury duty for the day of the funeral. Well, the boss didn't like her and he called the court clerk to confirm that she was still on jury duty - and then fired her for lying about it.

Had she just took a personal day and said "I'm going to the funeral of a friend's dad" nothing would have happened. As far as I know, there's no mechanism by which you can figure out if the relatives of a dead person (whose name you don't have) are gay or not.

Maybe this lawsuit lady should read up on the Streisand Effect (you know her name's going to come out eventually), stop worrying so much about what other people think about her sexual orientation, and concentrate on living her life. Can she truly be deluded enough to think that anyone in her life (work, social, government or otherwise) is going to trawl netflix's database to figure out if she's a lesbian and then use that information against her?

Seriously, this is like when my boss didn't want to have his pay directly deposited because he thought the payroll company could snoop in his bank account. It's just not grounded in reality.

Re:

[forand]

Seriously, this is like when my boss didn't want to have his pay directly deposited because he thought the payroll company could snoop in his bank account. It's just not grounded in reality.

While they may not be able to see your transactions any company authorized to direct deposit is authorized to deduct money from your account.

Re:

[mrs clear plastic]

May I please fully agree with your essay.

I can further suggest, however, that the woman who's the subject of this article take a look at organizations such as Out and Equal, who make it their mission to support a safe working environment for GLBT community (gay lesbian bisexual, and transgender) members.

Ridiculous privacy revealed. We should say NO

[Kohath]

This case shows the ridiculous extremes that "privacy" has come to. Netflix, apparently, has some sort of affirmative obligation to help this woman hide her illicit sexual escapades. The government is going to require Netflix to help cover up for her proclivities.

Lesbian romps are voluntary. Using Netflix is voluntary. Telling Netflix about yourself is voluntary. Netflix voluntarily rents you videos. Every aspect of this case involves people freely engaging in voluntary action. And now we're being as

Re:

[tilandal]

Video rental records are protected information under existing federal law. Netflix released rental information to the public. Therefore they are liable for damages if the information was personally identifiable. End of story.

Re:

[Kohath]

Lots of things are against the law in totalitarian states. Injustice prevails where force dictates action. This case is unjust. If the law supports this case, then the law is unjust.

"state-of-the-art defense" and strict liability.

[gandhi_2]

The suit turns on the question of whether Netflix should have known that their dataset's anonymity could be broken, two years before researchers demonstrated that.

This is called a "state-of-the-art" defense, and generally doesn't work.

State of the art defense is the defense that permits a manufacturer to avoid liability in a design defect case if at the time of manufacture there was no safer design available, or in a failure to warn case if at the time of manufacture there was no way the manufacturer could have known of the danger he/she failed to warn against.

Lets say I was making Asbestos oven mitts, no one knew it was dangerous. The state of the oven mitt industry and materials science (the art) was that Asbestos was fine. Then, 50 years later we find out it's dangerous. The lawsuits will probably prevail because the "state of the art" defense doesn't stand up to strict liability [wikipedia.org].

On the upside, she'll probably make some new friends in PTA. And who doesn't love hot buttered soccer moms?

This is really cool.

[v(*_*)vvvv]

So anonymity in this case was simply a type of encryption. Making information less obvious doesn't mean the information is lost. True anonymity can only be achieved by purging information, and hence only no information is truly anonymous. Or is it?

Cracking google's anonymity code is another related topic. It is good that these companies anonymity cards are being challenged.

Zipcodes known to help uniquely identify

[realsilly]

I've done enough work for companies in my years to know that zipcodes can be used to uniquely identify individuals. Since there are still parts of this country in which a person may own a very large piece of land and Zipcodes use the +4 to determine specific blocks within a zip code range, then all one needs is a name or the other info mentioned above to uniquely identify a person. This has been known by banks and the post office for as long as the +4 has been around. Banks have strict guidelines around uniquely identified people and what they must do if they are identified when dealing with offers of credit.

Netflix works with the post office for mass mailing, they would be aware of the ways to uniquely identify people.

Re:

[Yvan256]

99.999% chance of AC being Bart Simpson.

Re:

[Sancho]

Movies are sent in a red Netflix envelope. There is a perforated piece of paper with your address which covers one side of the envelope (it covers the side with Netflix's return shipping address--the envelope you receive is the envelope you ship it back in.)

The movie itself is in a sleeve inside the envelope. The sleeve contains the movie, a description, and a barcode. A correctly inserted movie will only have the barcode revealed through a little window, presumably to make processing easier at the shipm