Lesson 1: Privacy

Who's Watching?

 

Contents

 Background

 Identity-Piercing Tools

 Privacy Protection Under Voluntary Initiatives

 Privacy Protection Technologies

 Privacy Protection Under the Law

 In the News

 Further Reading

BACKGROUND INFORMATION

Explore various definitions and dimensions of privacy in Roger Clarke's Introduction to Dataveillance and Information Privacy, and Definitions of Terms. http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html#DV:

http://www.privacyrights.org/ar/fairinfo.html

http://www.ftc.gov/privacy/index.html

CDT is a non-profit advocacy organization located in Washington, D.C. (U.S.) Its website http://www.cdt.org/privacy/ is a great source of up to date information on pending privacy legislation, challenges to existing legislation, court cases, and administrative action dealing with privacy issues.

This is a non-profit consumer information and advocacy program that focuses on educating consumers about protection of personal privacy. The Clearinghouse's website, http://www.privacyrights.org, offers a wealth of information.

Identity-Piercing Tools:

Social security numbers? http://www.privacyrights.org/fs/lang.html

Credit reports? http://www.privacyrights.org/fs/lang.html

Medical information? http://www.privacyrights.org/fs/lang.html

Who’s watching us on-line? http://www.cnet.com/Content/Features/Dlife/Privacy

Using public records, http://www.knowx.com brings you information about your fellow citizens--maybe more information than we'd like.

See also:

"The Net Never Forgets," http://www.salonmagazine.com/21st/feature/1998/11/25feature.html

Coping with Identity Theft: http://www.privacyrights.org/fs/lang.html:http://www.privacyrights.org/fs/lang.html

See also Michael Higgins, Identity Thieves, ABA Journal, October 1998, p. 42. Mr. Higgins can be reached at higginsm@staff.abanet.org.

Introduction to cookies: How Websites Collect Your Private Information

http://www.w3.org/P3P/P3FAQ.html, section 3.4

http://www.cookiecentral.com/faq (particularly section 2.9)

List of cookie-blocking tools:

http://www.netscapeworld.com/netscapeworld/nw-07-1996/nw-07-cookies.html

Other information on cookies:

http://www.paradise.net.nz/~glineham/cookiemonster.html

The Federal Trade Commission surfed children’s web sites to review privacy practices and found that 86% of sites collected personal data, 30% posted a privacy policy and 4% asked the children to get parental permission. See http://www.ftc.gov/reports/privacy3/toc.htm and http://www.ftc.gov/reports/privacy3/history.htm#Children's Privacy Online

 

PRIVACY PROTECTION UNDER VOLUNTARY INITIATIVES

P3P applications will allow users to be informed about Web site practices and will "enable users to exercise preferences about Web sites’ privacy practices."

Overview with technical specifications: http://www.w3.org/P3P/

Less technical approach: http://www.news.com/News/Item/0,4,11412,00.html

TRUSTe, http://www.truste.org,"seeks to promote the adoption of electronic commerce by providing users with a trusted privacy mark (or brand). TRUSTe can review and audit sites to ensure that they correctly disclose their information practices.

Answer a quick (seven question) survey to analyze the privacy policies on the Web sites you regularly use. Based on the results submitted by Watchdog participants, CDT will begin to build lists of those sites with privacy policies and those without.

The watchdog can be found at http://watchdog.cdt.org

 

PRIVACY PROTECTION TECHNOLOGIES:

 

Encryption is a way of scrambling a message so that unauthorized persons cannot read the message. Encrypting a message is analogous to putting the message in a safe. The "key" that is used to unscramble an encrypted message is analogous to the "combination" used to unlock the safe. The longer the key, or combination, the more secure the message is.

http://www.well.com/user/abacard/remail.html Anonymous Remailer Frequently Asked Questions (FAQ)

http://www.penet.fi/ Anonymous remailer that shut down after the Church of Scientology compelled disclosure of the identity of the sender of a message

http://www.stack.nl/~galactus/remailers/ More information relating to anonymity and privacy on the Internet

 

PRIVACY PROTECTION UNDER THE LAW:

A. UNITED STATES

Search & Seizure:

Katz v. United States, 389 U.S. 347 (1967);

Olmstead v. United States, 277 U.S. 438 (1928)

Privacy in Marriage, Sexual Relations

Griswold v. Connecticut 381 U.S. 479, 484 (1965)

Associational Privacy:

NAACP v. Alabama ex rel. Patterson, 357 U.S. 449 (1958)

Anonymity:

McIntyre v. Ohio Elections Commission, 514 U.S. 334 (1995)

 Title III (requiring a warrant for wiretapping) 1968

 Privacy Act of 1974

 Privacy Protection Act of 1980

 Electronic Communications Privacy Act (ECPA) of 1986

 H.R. 220. Freedom and Privacy Restoration Act of 1999. Limits use of SSN, prohibits creation of gov't IDs. Referred to the Committee on Ways and Means, and in addition to the Committee on Government Reform. Sponsor: Ron Paul (R-TX).

 H.R. 354. Collections of Information Antipiracy Act. Creates new property rights for owners of databases of public information. Sponsor: Howard Coble (R-NC). Referred to the Committee on the Judiciary.

 H.R. 358. Patients' Bill of Rights Act of 1999. Requires health plans and insurers to protect confidentiality of medical records and allow patient access. Sponsor: John Dingell (D-MI). Referred to the Committee on Commerce, and in addition to the Committees on Ways and Means, and Education and the Workforce.

 H.R. 367. Social Security On-line Privacy Protection Act of 1999. Limits disclosure of SSNs by interactive computer services. Sponsor: Rep Franks, Bob (R-NJ). Referred to the Committee on Commerce.

 H.R. 368. Safe Schools Internet Act of 1999. Required schools and libraries to install filters on Internet connected computers. Sponsor Bob Franks (R-NJ). Referred to the Committee on Commerce.

 H.R. 369. Children's Privacy Protection and Parental Empowerment Act of 1999. Prohibits the sale of personal information about children without their parents' consent. Sponsor: Bob Franks (R-NJ). Referred to the Committee on Judiciary.

 S. 6. Patients' Bill of Rights Act of 1999. Requires health plans and insurers to protect confidentiality of medical records and allow patient access. Sponsor: Tom Daschle (D-SD). Referred to the Committee on Health, Education, Labor, and Pensions.

 S. 22. Government Secrecy Reform Act of 1999. Sets new rules on classification. Sponsor: Daniel Patrick Moynihan (D-NY).

 S. 187. Financial Information Privacy Act of 1999. Requires FDIC to set privacy rules. Sponsor: Paul Sarbanes (D-MD).

 S. 300. Patients' Bill of Rights Plus Act. Sets privacy protections. Prohibits genetic discrimination. Sponsor: Trent Lott (R-MS). Referred to the Committee on Finance.

 S. 326. Patients' Bill of Rights Act. Sets privacy protections. Prohibits genetic discrimination. Sponsor: James Jeffords (R-VT). Referred to the Committee on Finance.

Actions for Tortious Invasion of Privacy: (according to Prosser, one of the original draftsmen of the second restatement of Torts)
      1. Intrusion upon the plaintiff's seclusion or solitude, or into his private affairs;
      2. Public disclosure of embarrassing private facts about the plaintiff;
      3. Publicity which places the plaintiff in a false light in the public eyes;
      4. Appropriation of the plaintiff's name or likeness (for the advantage of the defendant)

B. EUROPEAN UNION

Any company that trades personal infomation with any of 15 EU member states will be required to meet the EU’s strict standards for privacy protection. EU members will not be permitted to send personal information to countries that do not maintain "adequate" standards of privacy, where "adequate" has not yet been defined (See Article 25 of the Directive)

Click on http://www.wired.com/wired/archive/privacy/ and read the first article (Europe to U.S.: No Privacy, No Trade)

Formally known as Directive 95/46/EC of the European Parliament and of the Counsel of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

 

IN THE NEWS:

A. Pentium III

  • Intel Pentium Initial Announcement

In order to prevent fraud, Intel planned to have its Pentium III include an individualized number. The number would be transmitted across the Internet without the end user knowing so that e-commerce sites could track the customer to their computer http://www.news.com/News/Item/0,4,31182,00.html?st.ne.ni.rel

http://www.news.com/News/Item/0,4,31309,00.html

http://www.abcnews.go.com/sections/tech/DailyNews/intelprivacy990125.html (Boycott planned)

http://www.news.com/News/Item/0,4,31335,00.html

http://www.abcnews.go.com/sections/tech/DailyNews/intelprivacy990122.html

Intel responds to pressure and changes the configuration of its chip http://www.abcnews.go.com/sections/tech/DailyNews/intelprivacy990125.html

Did privacy advocates win?

Is the new design for better or for worse?

 

FURTHER READING:

Michael Adler, Cyberspace and the Fourth Amendment, 105 Yale L.J. 1093 (1996).

Lawrence Lessig, Reading the Constitution in Cyberspace, 45 Emory L.J. 869 (Summer, 1996).