Viacom Gets To Find Out What YouTube Videos You Watched
from the not-good dept
In the ongoing trainwreck that is Viacom’s misguided lawsuit against YouTube (the one they would be better off losing) a judge has come out with a ruling on evidence that Google has to hand over to Viacom — and it’s being portrayed in the press as both a win and a loss for Google. On the “win” side, Google does not have to hand over the YouTube source code (or the source code of its filtering system). This makes sense, as the source code is rather meaningless here, and this request was clearly a reach from the start.
However, much more troublesome is the judge’s ruling that Google does need to hand over log files including the IP address and usernames of people who viewed YouTube videos. This represents a huge violation of privacy and a clear violation of the Video Privacy Protection Act (VPPA). This was the law we were just discussing, due to a lawsuit concerning Blockbuster revealing rental info via Facebook’s Beacon program. It was originally passed after the video rental history of Supreme Court nominee Robert Bork was released in the press. The idea is that what movies you rent should be private info not to be shared.
The court pretty much ignored this law, only mentioning it in a footnote, suggesting that it only applies to video tapes. But, as the EFF points out in the link above, the law actually says “prerecorded video cassette tapes or similar audio visual materials.” But, more to the point, it is not at all clear why Viacom should need this specific information. If it wants to show numbers of people who viewed certain videos, it seems that aggregate info should be sufficient. Having Google hand over much more info doesn’t seem to serve any purpose related to the legal questions involved in the case. Update: There are now claims that Viacom will be very limited in how the data can be used — with the threat of a contempt of court charge if anyone other than the lawyers involved in the case and specific experts see the data, but that’s really not sufficient for privacy purposes. There’s no way to make sure the data only stays in those hands, and even so it’s still a violation of the privacy of users.