Recently a large part of a lawsuit brought against Sony was thrown out because they had stated that their security is 100% when it comes to protecting data.
*blink*
Here is the first iteration I’ve seen so far where another company has adopted this approach. Not sure if this is entirely new but, I noticed it this morning when prompted to accept the update.
From the Netflix privacy policy:
Netflix takes information security very seriously and uses reasonable administrative, technical, physical and managerial measures to protect your personal information from unauthorized access. For example, we utilize Secure Sockets Layering, an industry-standard protocol for certain of your transmissions to us, in order to encrypt certain personal information that you send to us through the registration and sign up process.
Unfortunately, no security system can be guaranteed to be 100% secure. Accordingly, we cannot guarantee the security of your information and cannot assume liability for improper access to it. By using our service, including our website and user interfaces, or providing information to us through any means, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Netflix service.
So, yeah, ./throw-hands-in-the-air
Has anyone else seen this in other privacy policies?
UPDATE: I stand corrected. Thanks to Scotty Muse, I now know that this little nugget has been in their policy since 2010 at least. Link
Source: Article Link
(Image used under CC from cheesy42)
I’m not sure I’m catching the point. Are you saying that they’re trying to weasel their way out of accountability? I personally don’t see it that way– there are ways to intercept data that are outside of Netflix’s control. How can they guarantee that someone hasn’t created a man-in-the-middle scenario due to your own lack of knowledge in protecting your own information, for example?
Yes, it seems like some butt-covering, but I didn’t take it as “we’re not concerned with your security,” I took it as “here’s what we do for security, and it’s about the best anyone can do. The rest is up to you.”
@Greg I read that as being a follow on from the Sony case. Thanks to a quick eye from one of our readers I now know that has been in the policy since 2010. It is a rather convenient line that, while true, got Sony out of a lot of hot water in court.
I find this quote particularly interesting:
“For example, we utilize Secure Sockets Layering, an industry-standard protocol for certain of your transmissions to us, in order to encrypt certain personal information that you send to us through the registration and sign up process.”
Try visiting https://ca.movies.netflix.com/ in Firefox. You’ll get a message something like this:
———8<———
ca.movies.netflix.com uses an invalid security certificate.
The certificate is only valid for the following names:
movies1.netflix.com , movies2.netflix.com , movies3.netflix.com , movies.netflix.com
(Error code: ssl_error_bad_cert_domain)
———8<———
This does not inspire confidence that Netflix "uses reasonable administrative, technical, physical and managerial measures to protect your personal information from unauthorized access". Not least of all because I reported this to them on 12th of September and it's still broken 🙂
@leE LOL! Nice one.