Privacy

Do you have a secret? Have you ever lied? Are there certain things you don't want your parents to know? How about your friends? How would you feel if in twenty years, in the midst of a successful career, someone told your boss that once, when you were 17, you tried some pot at a party. Or that you are gay or have AIDS. What if they got this information from an e-mail that you fully expected would not go beyond yourself and the recipient, but was intercepted and posted on a web page? That would be an unfair violation of your privacy.

While the Constitution does not literally guarantee your right to privacy, over the past 223-odd years the Supreme Court has granted privacy protections under, most notably, the Fifth Amendment's protection for self-incrimination and the Fourth Amendments protection from unreasonable search and seizure (Privacy Basics) Fair Information Practices have been loosely followed by government and industry. These are not laws - they are a set of industry ethics. A generic copy of these policies states that practices should be open, individuals maintain the right to know and see what data is being collected from them, data collection should be limited, specific, and secure, and that data collectors will be responsible for the use of the information.

To discuss online privacy, there are a couple basic definitions to take into account. I'm sure that no matter how little time you have spent online, you have been asked if you would like to accept a cookie, or told that a cookie has been sent. Well, of course, you think at first. Mmmmm....cookie. Unfortunately, cookies are neither quite that tangible nor delectable. A cookie is a piece of data that a web site collects about you when you visit (Cookie Central, Cookies). The data varies with the web site - a commercial web site will collect demographics (that is, sex, age, and other advertising information) to learn more about you, while an e-mail service may collect identifying or personal (name, mailing address) information to recognize you. Cookies allow a web site to be tailor made for you as long as you stay in that domain name or each time you visit. An CGI or JavaScript code in the beginning of the web page you visit instructs you browser to send certain information to a server. If you have ever checked a box saying "Remember My Password", you have set a cookie.

There are two aspects of privacy online. One is a need for protection for yourself. Online stalking has been a problem, with people harassing new 'friends' online and sometimes even threatening them, or confronting them in person. The second is a need to protect your data from strangers. This comes not from the fear of physical, but financial harm. The first is the fear of being mugged on the way down to the mail box, and the second is the fear of being mugged on the way back, while carrying your paycheck and credit card bill.

The Communication Decency Act (CDA, see also section How Obscene!: The Plot Thickens) stated that telecommunications, meaning the internet, e-mail, chat and chat programs (including IRC, AIM, and ICQ) should not be used to purposely harass or intimidate. You cannot e-mail bomb people. Also, under the law you must identify yourself. This part of the CDA was unaffected by the Supreme Court decision regarding obscenity clauses.

There are three levels of online privacy provided by systems administrators (admin), like the guy in the back room at school or AOL monitors. (Bowman, What Is Privacy?). The first is Complete Privacy. Here, the admin agrees not to read any of your e-mail or keep track of where you go on the web in any way. This obviously allows the most privacy, but often creates a liability to admins and Internet Service Providers (ISP). The second level is Almost Complete Privacy. Here admins will look at your e-mails and chats if they suspect any sort of illegal activity. The third level is No Privacy. Here admins are allowed to look at any email you send, whether the subject is "My Plan To Plunge The Internet Into Darkness" or "My Rave With Dave".

Your privacy is protected by some laws already. The Electronic Communcations Privacy Act, created in the late 70's in response to the Watergate scandal, already protects against interception of electronically transmitted messages as well as the privacy of information stored within a private computer system (Bowman, What Is The Electronic Communications Privacy Act ("ECPA")). But in March of 1992, the FBI suggested that all communications be designed so that law enforcement agents could tap into them from afar (Cranor, Digital Liberties). This would have made e-mail, the internet, chat rooms, and even ISPs vulnerable to be intercepted at any time. Opponents claimed that the first version of the bill gave the FBI privileges it had not been afforded in older wiretapping laws. The FBI worked with Senator Patrick Leahy (D-VT) and Representative Don Edwards (D-CA) to refine a new bill (Edwards/Leahy Digital Telephony Legislation (HR 4922/S 2375)), which was passed almost unanimously into law. ISPs were now exempt from the law. Some considered this a failure, but most agreed that the protection afforded to ISPs was a victory or at least a good compromise. However, this simply makes intercepting data illegal. It does not make it impossible.

A recent survey by the Georgetown Business School states that 93% of commercial internet sites collect some sort of data that may be used to identify your (this may be your home address, you e-mail address, name, etc.) and 57% collect demographics. Over one third of these sites did not post any information that they were collecting data and/or what it would be used for. The report concluded that only 10% of the commercial web sites that collected personal or demographic information followed fair information practices in respect to notice, choice, access, security and contact information. The Center for Democracy and Technology believes that "the study shows that definite progress has been made in making many more Web sites privacy sensitive. But those numbers also show that real fair information practices are incorporated by only a small number of sites and most sites have yet to embody more than minimum disclosure of their information practices."