Full Disclosure vs Cover Up vs Sneaking

http://orig06.deviantart.net/c107/f/2013/364/3/5/pizap_com10_60045816423371431388423668218_by_mikamilacat-d70116x.jpg

Netflix hasn’t had a good Public Relations (PR) week.

The company admitted to throttling the bandwidth of users coming from Verizon and AT&T mobile in the US. Netflix claimed it was for the good of those users so they would less likely exceed their data allotment. Netflix also said they were doing such throttling for years.

I get why Netflix did what they did. As a former network manager I made similar decisions.

I did not, however, do so without the informed consent of my customer. Netflix seems to have missed that part.

There’s a saying in the US: The coverup is often worse than the crime.

As far as I know, Netflix didn’t retroactively try to bury references to what they were doing.

They did perpetrate perhaps a more egregious sin – sneaking it in without telling anyone.

By failing to “get in front” and “come clean”, Netflix engendered ill will from users. They got bad press.

It was easily avoidable, and Netflix probably would’ve received kudos for their actions.

Had Netflix simply let users on those networks know that throttling was taking place, either for performance or to save user’s data allotments, I doubt any concern would be raised.

By not coming out, being clear, and informing users of their practices, Netflix will live under a shadow of doubt for years.

As security professionals, if we want the Business and users to take us seriously, we need “upfront and transparent” as our mantra as much as possible. Take the lesson here and apply it in your environment.

What are your thoughts?