Could a new Netflix contest put private customer data at risk?

By

Back in 2006, Netflix announced it would give $1 million to the first team that could develop a predictive recommendations algorithm more accurate than the one currently used by Netflix. (Long story, short: the algorithm is the thing that suggests new DVDs for you to order, based on your past viewing preferences.) On Monday, the rental company dished out the cash to a multinational team of engineers calling themselves BellKor’s Pragmatic Chaos.

The contest was seen by many web analysts to be a true test of crowd-sourcing – just about anyone could enter, and many hundreds of people did. The Netflix Prize has also been a publicity coup for Netflix, which got plenty of newspaper and blog coverage. (And a shiny new algorithm to boot.) Now, a second contest proposed by Netflix has drawn fire from Paul Ohm, an Associate Professor of Law at the University of Colorado Law School who writes frequently on privacy issues.

The New York Times describes the competition thusly:

Recommended: Innovation
The new contest is going to present the contestants with demographic and behavioral data, and they will be asked to model individuals’ “taste profiles,” the company said. The data set of more than 100 million entries will include information about renters’ ages, gender, ZIP codes, genre ratings and previously chosen movies. Unlike the first challenge, the contest will have no specific accuracy target. Instead, $500,000 will be awarded to the team in the lead after six months, and $500,000 to the leader after 18 months.

All well and good. But the contest, Ohm writes in a blog post today, is "irresponsible." He cites research showing that three of the variables cited by the Times – gender, birth dates, and ZIP code – could together be used to identify 87 percent of the population. Netflix has pledged not to release customer birth dates. Still, Ohm argues, it would only take a little rudimentary math for someone to make a positive ID from the data Netflix will provide for Netflix Prize 2. Ohm continues:

[I]f it releases the data, Netflix might be breaking the law. The Video Privacy Protection Act (VPPA), 18 USC 2710 prohibits a "video tape service provider" (a broadly defined term) from revealing "personally identifiable information" about its customers. Aggrieved customers can sue providers under the VPPA and courts can order "not less than $2500" in damages for each violation. If somebody brings a class action lawsuit under this statute, Netflix might face millions of dollars in damages. Additionally, the FTC might also decide to fine Netflix for violating its privacy policy as an unfair business practice.

––

The autumnal equinox: Myths and reality

It’s often said that the autumnal equinox is a day of perfect equilibrium – a 24-hour cycle split neatly into 12 hours of light, and 12 hours of dark. That’s not exactly true. Read more.

––

Apple? Microsoft? Who would you rather work for? Tell us on Twitter.

Share this story:

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...