"PRIVACY ON THE INTERNET"
with Professor Andreas Teuber
Department of Philosophy
Brandeis University


COMPUTER SCIENCE 33B:
INTERNET AND SOCIETY
April 17 and April 20, 2001


Back to CS 33b: Internet and Society



   Do We Have A Constitutional Right of Privacy? from Philosophy of Law (PHIL 22B -Teuber) -- In Griswold v. Connecticut Justice Douglas, arguing for the majority, found that the Connecticut law violated the general right to privacy recognized by the Constitution as a right of all citizens. Justice Douglas was aware that "privacy" was not mentioned anywhere in the Constitution; nonetheless he found a "right to privacy" embedded in the "penumbras," in the shadows and implications of several amendments to the Constitution. Griswold, the director of the Planned Parenthood League of Connecticut, was arrested in 1961 for violating a state law forbidding the distribution of contraceptive devices and information. The Planned Parenthood League provided contraceptives and information to married couples. The law forbid the distribution of contraceptives and information to any person, whether he or she was under-age, over-age, married or unmarried. Griswold argued that the law violated the Constitution and the Supreme Court agreed."

   "The Eroded Self," by Jeffrey Rosen, New York Times Sunday Magazine April 30, 2000 -- In cyberspace, there is no real wall between public and private and the version of you constructed out there - from bits and pieces of stray data - is probably not who you think you are.

   "Cyberprivacy catches eye of Congress," The Boston Globe, June 19, 2000 -- After years of piecemeal proposals to safeguard personal information on the Internet, Congress is beginning to seriously address the concept of ''online privacy.'' It is considering an array of legislation that could dramatically increase the rights of consumers who release personal details into cyberspace.

   Join the DISCUSSION -- CLICK here and you'll be directed to a welcome page to create your own account for the Online Forum on "Privacy on the Internet." When you're ready, click on the button that says "Create Account" and you'll be led through the process of choosing an ID and a password. In order to participate in the online forum or just to read what others have to say, you have to register first. It is very simple. Just follow the directions for "New Users," choosing a username and password.


Click on any of the following and you will be linked directly to the course materials for Professor Arthur Miller's Online Course on Privacy and the Internet. Professor Miller's online initiative from the Berkman Center at Harvard Law School, debuted in spring 1998, and was offered free to the public via the Internet. Featured in stories in Wired magazine, The Boston Globe, and The New York Times on the Web, the project drew over 1,500 participants from around the world. This diverse group of participants included Harvard Law School alumni, computer professionals, high school and college students, educators, and retirees. Students were able to view course materials (cases, statutes, articles, video clips) online, discuss these materials with their professors and classmates in online discussion groups, and interact during real-time sessions in which Professor Miller attempted to replicate the type of Socratic exchange that occurs in Harvard Law School classrooms.


Table of Contents:

   (1) Who's Watching and Why?
      Privacy and Identity
   (2) Who's Watching the Watchers?
      Privacy Standards
   (3) It's a world-Wide Web:
      Cross-Border Issues
   (4) E-mail Tapping, Digital Signatures, and Encryption:
      Protection for Your Electronic Communications
   (5) Cookies and Clickstreams:
      Madison Avenue is Watching You
   (6) Free Speech, Journalism, and Filtering:
      When one person's privacy is another person's speech.
   (7) Workplace Privacy:
      In the Workplace, Everybody Knows If You're a Dog
   (8) Medical Records



1. Who's Watching and Why?: Privacy and Identity

    Lesson One asks several fundamental questions first: What is privacy? Where does it stand in the firmament of human values? Who wants to violate it, and what might their reasons be? What does "cyberspace" do to privacy that "meatspace" does not?

    Privacy is an intensely, perhaps uniquely, personal value. The word stems from a Latin root, "privare," which meant "to separate." To want privacy is to want to be separate, to be individual. Another meaning of the Latin was "to deprive"; privacy also means leaving something behind.

  Back to top


2. Who's Watching the Watchers?: Privacy Standards

    Lesson Two begins by considering the nature of privacy itself and discussing some of the privacy concerns raised by the availability of information on the Internet. Then a look at how industry groups are addressing these concerns by developing both privacy policies and technological solutions. Consider whether these standards might make it easier for users to protect themselves without having to investigate the privacy policies and technical specifications of every individual web site they visit. Or are standards, like individual privacy policies and techniques, useless if they are not backed up by clear legal enforcement?

  Back to top


3. It's a World-Wide Web: Cross-Border Issues

    Having explored the nature of privacy, information, and identity and having looked at some responses to the privacy concerns raised by cyberspace. to understand the degree to which these responses may be implemented, and by whom, Lesson Three explores who has the power to control cyberspace, and by what mechanisms. To this end, Lesson Three focuses on questions of sovereignty.

    Consider for a moment the governmental structures with which you are already familiar. Government in real space is geographically bounded. Territories traditionally have defined the scope of government's legislative authority; and where governments have attempted to reach beyond territories, it has only been when behavior outside territories has affected life within the government's domain.

    As mobility has increased, this model for sovereignty has been put under great strain. When people live in one area, yet work in another, and then send their kids to school in a third, a system of democratic government that restricts their influence to the first increasingly makes less and less sense. This has lead some scholars to question, even in real space, the exclusive reliance on geography as a basis for legislative jurisdiction, or citizenship participation.

    In cyberspace, the problem is only worse. One's behavior while in cyberspace can affect many in many other jurisdictions. And while one is always also in real space while one is in cyberspace, the behavior in cyberspace is increasingly behavior that is not really regulated properly by any individual sovereign, or set of sovereigns. There is emerging in cyberspace an existence that is outside of the life of any particular real world sovereign.

  Back to top


4. Email Tapping, Digital Signatures, and Encryption: Protection for Your Electronic Communications

    For most of us, e-mail has quickly become a part of our daily interaction with the world. And yet, in the course of our normal routine, we rarely give thought to the security of these transactions. When we call someone or send a postal letter, we are secure in our expectations of privacy. Yet, most people do not stop to consider whether their electronic communications are afforded the same level of protection. Do we have an expectation of privacy in our electronic communications? If so, is that expectation unfounded?

    The law protects us to an extent, making it a federal offense to intercept or disclose the contents of electronic communications, either in the course of transmission or while in storage on a remote computer system. However, a number of uncertainties in the federal statute, widely known as the Electronic Communications Privacy Act, have not yet been hammered out by the courts. Who will be deemed to be a electronic service provider? Under what conditions may a service provider tap into your electronic communications? Under what terms will you be considered to have consented to the interception of your email?

    Technological protections, such as encryption technology, are available, but they are also restrained by the law. As encryption technology grows stronger, the government grows more concerned about their inability to "tap" such communications and the ability of organized crime rings, drug traffickers and terrorist organizations to communicate undetected over the borderless realm of cyberspace. To this end, the U.S. government has placed a number of export controls on strong encryption technologies. The SAFE Act, in its latest form, which recently passed the House of Representatives, has several major provisions which enhance consumer privacy and reduce export controls.

    The SAFE Act seems to address some of the major issues in email tapping as well as encryption, by setting a minimum to the standard required by law enforcement in order to invade privacy, and limiting their technical ability to do so. However, the harm it would do to law enforcement is unclear. It would be extremely difficult to accurately determine empirically how often encryption interferes with law enforcement since law enforcement may not be aware of many of those occurrences.

    What do you think US policy on exporting encryption programs should be? What about law enforcement and private access "keys" and encrypted emails? What standard of cause or suspicion should be necessary to infringe on privacy interests? Should we be more worried about a potential terrorist's communication going undetected in cyberspace or about the security of our own online transactions? If people shouldn't have a reasonable expectation of privacy in their email, should they be afforded this expectation when they employ encryption technology to safeguard their messages?

  Back to top


5. Cookies and Clickstreams: Madison Ave. is Watching You

    Introduction When you browse the Web, your browser communicates with web sites through the HyperText Transfer Protocol (HTTP) to get the web pages you request. One of the distinguishing features of HTTP (as opposed to File Transfer Protocol and Telnet) is its instantaneous nature. There is no real connection between a web server and browser during an HTTP session. The browser makes a request, the server fills it and moves on to its next request. When your browser makes another request, it does so as if it had never made the first. This is a good thing because it reduces server load (the server does not need to keep a connection open with your computer while you browse a page) but it is a bad thing because your browser must make a new connection for every request and the server treats every request as unrelated to any other. So-called "stateless" protocols are a problem for features like shopping carts or password saving because such features require some memory of what happened in previous requests from the same browser. Tracking a user by transactional information, cookies and the proposed Open Profiling Standard (OPS) are ways in which web servers are attempting to introduce "state" into HTTP.


    Tracking Transactional Information
    As the Center for Democracy and Technology warns:

      When [transactional information is] correlated with other sources of personal information, including marketing databases, phone books, voter registration lists, etc, a detailed profile of your online activities can be created without your knowledge or consent. (CDT Privacy Demonstration Page, Center for Democracy and Technology
    Cookies According to Netscape, the first to implement cookie technology:
      Cookies are a general mechanism which server side connections (such as CGI scripts) can use to both store and retrieve information on the client side of the connection. The addition of a simple, persistent, client-side state significantly extends the capabilities of Web-based client/server applications. (PERSISTENT CLIENT STATE HTTP COOKIES, Netscape
    In English, c|net explains,
      Cookies are small data files written to your hard drive by some Web sites when you view them in your browser. These data files contain information the site can use to track such things as passwords, lists of pages you've visited, and the date when you last looked at a certain page. (C|NET Glossary: Cookie, C|NET
    Most browsers support cookie technology which allows any web server to write directly to a cookie file on your hard drive and read the cookies they set. Though cookies were first used for site personalization, shopping baskets, and saving userids and passwords, they are now also used for targeted marketing and tracking across sites (see Cookie Central and Cookies Revisited by HotWired's Marc Slayton for more information). DoubleClick, an advertising company, sets cookies for targeted advertising and tracking across sites through its banner ads on a wide variety of sites. Chances are better than even that you have a DoubleClick cookie in your cookie file. The company's $400 million market value is another indication that they are successful.

  Back to top


6. Free Speech, Journalism, and Filtering: --When one person's privacy is another person's speech.
    Lesson Six addresses the intersection of free speech and privacy on the Internet. There are a number of ways that the freedom of speech as guaranteed by the First Amendment to the U.S. Constitution implicates the privacy rights of the person speaking and of other people.

  Back to top


7. Workplace Privacy: In the Workplace, Everybody Knows If You're a Dog
    Lesson Seven looks at a very old problem with which most people are familiar—workplace monitoring. Unlike the previous lessons, the question here is not if a person should have privacy, but how much employers can invade the privacy of their employees.

  Back to top


8. Medical Records
    Lesson Eight focuses on the benefits of increased data collection, proposed federal legislation and case law in this area, and international views regarding medical privacy.

  Back to top


Privacy on the Internet Library


    A collection of articles, additional resources and links on privacy in cyberspace and related legal issues




Papers on Cyberspace Law from the Cyberspace Law Institute



Links to papers written by Computer Law Institute Fellows and Friends




Courses on Cyberspace Law Issues and Interactive Forms



Privacy on the Web Reports




Pending Congressional Legislation (Requires Acrobat Reader)

    Privacy Commission Act (Reported in the House)[H.R.4049.RH]
    Privacy Commission Act (Introduced in the House)[H.R.4049.IH]
    Privacy Commission Act (Introduced in the Senate)[S.3040.IS]
    Electronic Rights for the 21st Century Act (Introduced in the Senate)[S.854.IS]
    Defense of Privacy Act (Introduced in the House)[H.R.3307.IH]
    Consumer Privacy Protection Act (Introduced in the Senate)[S.2606.IS]
    Personal Privacy Protection Act (Introduced in the House)[H.R.97.IH]
    Financial Information Privacy Act of 1999 (Introduced in the House)[H.R.30.IH]
    Financial Privacy Act Amendments of 1999 (Introduced in the House)[H.R.2062.IH]
    Student Privacy Protection Act (Introduced in the Senate)[S.1908.IS]
    Student Privacy Protection Act (Introduced in the House)[H.R.2915.IH]
    Health Information Privacy Act (Introduced in the House)[H.R.1941.IH]
    Medical Information Privacy and Security Act (Introduced in the Senate)[S.573.IS]
    Medical Information Privacy and Security Act (Introduced in the House)[H.R.1057.IH]
    American Financial Institutions Privacy Act of 1999 (Introduced in the Senate)[S.466.IS]
    American Financial Institutions' Privacy Act (Introduced in the House)[H.R.530.IH]
    Financial Information Privacy and Security Act (Introduced in the Senate)[S.1924.IS]
    Wireless Privacy Enhancement Act of 1999 (Referred in Senate)[H.R.514.RFS]
    Wireless Privacy Enhancement Act of 1999 (Engrossed in House )[H.R.514.EH]
    Wireless Privacy Enhancement Act of 1999 (Introduced in the House)[H.R.514.IH]
    Personal Information Privacy Act of 1999 (Introduced in the House)[H.R.1450.IH]
    Wireless Privacy Enhancement Act of 1999 (Reported in the House)[H.R.514.RH]
    Public Broadcasting Donor Privacy Act (Introduced in the House)[H.R.2791.IH]
    Computer Security Enhancement Act of 2000 (Engrossed in House )[H.R.2413.EH]
    Privacy Protection Study Commission Act of 1999 (Introduced in the Senate)[S.1901.IS]
    Consumer Internet Privacy Enhancement Act (Introduced in the Senate)[S.2928.IS]
    Securities Investors Privacy Enhancement Act of 1999 (Introduced in the House)[H.R.1340.IH]
    Social Security Number Privacy Act of 2000 (Introduced in the Senate)[S.2871.IS]
    Financial Information Privacy Act of 1999 (Introduced in the Senate)[S.187.IS]
    Computer Security Enhancement Act of 2000 (Reported in the House)[H.R.2413.RH]
    Electronic Privacy Bill of Rights Act of 1999 (Introduced in the House)[H.R.3321.IH]
    Telephone Call Privacy Act of 1999 (Introduced in the Senate)[S.1850.IS]
    Social Security Number Protection Act of 2000 (Introduced in the House)[H.R.4611.IH]
    Wireless Telephone Spam Protection Act (Introduced in the House)[H.R.5300.IH]
    Freedom and Privacy Restoration Act of 1999 (Introduced in the House)[H.R.220.IH]
    Social Security Number Protection Act of 2000 (Introduced in the Senate)[S.2699.IS]
    Financial Information Privacy Protection Act of 2000 (Introduced in the Senate)[S.2513.IS]
    Online Privacy Protection Act of 2000 (Introduced in the House)[H.R.3560.IH]
    Online Privacy Protection Act of 1999 (Introduced in the Senate)[S.809.IS]
    Consumer's Right to Financial Privacy Act (Introduced in the Senate)[S.1903.IS]
    Consumer Financial Privacy Act (Introduced in the House)[H.R.4380.IH]
    Telephone Privacy Act of 1999 (Introduced in the Senate)[S.781.IS]
    Personal Pictures Protection Act of 2000 (Introduced in the House) [H.R.5462.IH]
    Internet Consumer Information Protection Act (Introduced in the House) [H.R.2882.IH]
    Electronic Rights for the 21st Century Act (Introduced in the Senate) [S.854.IS]
    Consumer Online Privacy and Disclosure Act (Introduced in the House) [H.R.5430.IH]
    Internet Growth and Development Act of 1999 (Introduced in the House) [H.R.1685.IH]
    Internet Integrity and Critical Infrastructure Protection Act of 2000 (Introduced in the Senate) [S.2448.IS]
    Internet Tax Moratorium and Equity Act (Introduced in the Senate) [S.2775.IS]
    Internet Nondiscrimination Act of 2000 (Engrossed in House ) [H.R.3709.EH]
    Spyware Control and Privacy Protection Act of 2000 (Introduced in the Senate) [S.3180.IS]
    Inbox Privacy Act of 1999 (Introduced in the Senate) [S.759.IS]
    Secure Online Communication Enforcement Act of 2000 (Introduced in the House) [H.R.3770.IH]
    Secure Online Communication Enforcement Act of 2000 (Introduced in the Senate) [S.2063.IS]
    Internet Nondiscrimination Act of 2000 (Placed on the Calendar in the Senate) [H.R.3709.PCS]
    Unsolicited Commercial Electronic Mail Act of 2000 (Referred in Senate) [H.R.3113.RFS]
    Unsolicited Commercial Electronic Mail Act of 2000 (Reported in the House) [H.R.3113.RH]
    Unsolicited Electronic Mail Act of 1999 (Introduced in the House) [H.R.3113.IH]
    Amending the Federal Food, Drug, and Cosmetic Act to enhance consumer protection in the purchase of prescription drugs from interstate Internet sellers. (Introduced in the House) [H.R.5476.IH]
    Amending the Federal Food, Drug, and Cosmetic Act to enhance consumer protection in the purchase of prescription drugs from interstate Internet sellers. (Introduced in the Senate) [S.3208.IS]
    Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2000 (Introduced in the Senate) [S.2542.IS]
    Wireless Telecommunications Sourcing and Privacy Act (Reported in the House) [H.R.3489.RH]
    Personal Data Privacy Act of 1999 (Introduced in the House) [H.R.2644.IH]
    Networking and Information Technology Research and Development Act (Reported in the House)[H.R.2086.RH]


Findlaw in Cyberspace Privacy Resources



Findlaw Cyber Crime Resources



Additional Reading




Findlaw Online Journals




Additonal Links and Resources

  Back to top



INTERNET AND SOCIETY
Computer Science 33b


Prepared: June 12, 2000 - 12:02:29 PM
Edited and Updated, January 13-15, 2001



Privacy on the Internet
Professor Andreas Teuber