Congress mulls allowing Netflix movie-pick sharing on Facebook

Netflix (Nasdaq: NFLX) subscribers in the United States would be able to join the online-video company's customers abroad in sharing their movie-rental picks on Facebook, under a Senate proposal tied to controversial federal cybersecurity legislation.

The Netflix fix offered by Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) would allow the company's U.S. users to opt-in to connect their Netflix subscriptions to their Facebook accounts so they may post their video-viewing information on the social-networking site.

Enactment of Leahy's proposed VPPA revision would pave the way for Netflix and Facebook Inc. (Nasdaq: FB) to integrate in the United States, as they have Canada and Latin America.

Regulatory uncertanty

Netflix chose not to implement its Facebook app domestically amid legal and regulatory worries related to Video Privacy Protection Act (VPPA; Pub.L.100-618) compliance.

"Under the VPPA, it is ambiguous when and how a user can give permission for his or her video viewing data to be shared," Netflix CEO Reed Hastings and company CFO David Wells wrote in a third-quarter 2011 letter to shareholders.

VPPA, signed into law by President Ronald Reagan in 1988, the federal video-privacy law--codified at 18 USC § 2710--bars video-service providers from sharing video rental information without informed, written consent or a search warrant.

Leahy, who sponsored the VPPA some 24 years ago, floated his proposal to retool the statute, as an amendment to the Cybersecurity Act of 2012. 

House rebuffed

The proposed amendment is similar to bipartisan-supported legislation to overhaul the VPPA consent provision--H.R. 2471 by Rep. Robert Goodlatte (R-Va.) and 34 co-sponsors--that passed the House of Representatives in December. 

The House-backed effort to amend the video-privacy law, however, stalled in the Senate Judiciary Committee. After holding a hearing on the legislation Jan. 31, the Senate Judiciary Subcommittee on Privacy, Technology and the Law didn't act further on the matter.

In the wake of ill-fated H.R. 2471, Netflix hired the Washington law and government affairs firm Greenberg Traurig to lobby Congress to amend the VPPA consent provision, the Los Gatos, Calif.-based company disclosed in a congressional filing this spring.

Privacy arguments

Goodlatte's ill-fated bill was decried by consumer groups, many of which hail VPPA a landmark consumer-protection statute. Privacy-rights advocates are expected to similarly oppose the Leahy amendment.

Ahead of the H.R. 2471 vote in December, the national Electronic Privacy Information Center (EPIC) urged House lawmakers to preserve VPPA consent provisions, so not to erode Internet consumer-privacy protections.

EPIC President Marc Rotenberg, at the time, said the bill would "undermine the key provision in the VPPA, which is the right of users to give meaningful consent to the disclosure of their personal information. Such blanket consent provisions transfer control from the individual user to the company in possession of the data and diminish the control of Netflix customers would have in the use and disclosure of their personal information."

The Center for Democracy & Technology, meanwhile, said while it is not opposed to Netflix users opting into an app to post on Facebook video-viewing records, VPPA should remain as written. The law, they say, ensures consumers don't unwittingly consent in advance without realizing their movie selections were made public.

The VPPA amendment--which would be attached to the hotly-debated cybersecurity bill--faces an uncertain future. Leahy's VPPA measure is one of 47 proposed changes to the Cybersecurity Act senators introduced under an open-amendment process instituted by Majority Leader Harry Reid (D-Nev.).

Cybersecurity bill

Sponsored by Senate Homeland Security and Governmental Affairs Committee Chairman Joseph Lieberman (I-Conn.) and a bipartisan group of four senators, the cybersecurity bill has drawn vehement opposition from industry groups, including the U.S. Chamber of Commerce, the nation's largest business lobby.

On its website, the Chamber of Commerce argues the Cybersecurity Act "aims to regulate a range of U.S. infrastructure cyber networks at the expense of innovative approaches to address constantly changing cyber threats."

Lieberman, seeking to quell industry criticism, has highlighted S.3414 support from Silicon Valley-headquartered IT behemoths Cisco Systems (NYSE: CSCO) and Oracle Corp. (Nasdaq: ORCL), and New York-based enterprise software company CA Technologies (Nasdaq: CA).

In letters dated July 26, the companies expressed their support for the retooled S.3414, which they say protects innovation and development in the IT sector.

"We need a policy framework that both safeguards our nation and preserves opportunities for companies to innovate and bring new security solutions to market," CA Technologies SVP Stephen Savage wrote. "To this end, we believe the reintroduced Cybersecurity Act of 2012 is an important step."

In their joint letter, Cisco Systems SVP Blair Christie and Oracle Corp. SVP Kenneth Glueck said the legislation should, as currently drafted, should focus on designation of critical infrastructure, the specifics of cyber security practices, and the treatment of the security of the supply chain.

"Wherever the important cyber debate takes this legislation, these core principles should be promoted and preserved. We believe these provisions as written capture that principle and believe it is in the interest of cybersecurity and critical infrastructure that they remain explicit," the letter reads.

The Cybersecurity Act, dubbed CSA2012, among other provisions, would have the Department of Homeland Security set cybersecurity requirements for critical-infrastructure facilities such as telecommunication facilities, water-treatment plants, energy-grid facilities and chemical plants.

On Thursday, the cybersecurity bill handily mustered a procedural hurdle--by an 84-11 vote--allowing the measure to move to the Senate floor for consideration.

For more:
 - see proposed VPPA amendment
 - read the U.S. Chamber statement
 - read the CA Technologies letter (.pdf, opens new document)
 - read the Cisco-Oracle letter (.pdf)
 - read the EPIC letter (.pdf)

Related articles:
Judge approves $9M Netflix privacy class-action settlement
Hulu privacy suit deferred; industry awaits Supreme Court decision
Netflix readies for Senate fight to implement Facebook connection
Netflix integration with Facebook coming soon, but not to U.S. users