Privacy, Annonymity and Encryption

Statues affecting privacy:

  1. Federal Laws:
    1. U.S.A. Patriot Act (which modifies certain sections of 50 U.S.C. and 18 U.S.C.)
    2. Cable Communications Policy Act of 1984 (47 U.S.C. § 551)
    3. The Children's Online Privacy Protection Act (15 U.S.C. §§ 6501-6506)
    4. Communications Assistance for Law Enforcement Act of 1994 (47 U.S.C. §§ 1001-1010)
    5. Counterfeit Access Device and Computer Fraud Abuse Act of 1984 (18 U.S.C. § 1030)
    6. Driver’s Privacy Protection Act of 1994 (18 U.S.C. § 2721)
    7. Electronic Communications Privacy Act (18 U.S.C. §§ 2510-21, 2701-11)
    8. Fair Credit Reporting Act (15 U.S.C. §§ 1681-1681(u))
    9. Fair and Accurate Credit Transactions Act of 2003 (which amended FCRA)
    10. Fair Debt Collection Practices Act of 1977 (15 U.S.C. §§ 1692-92o)
    11. Family Education Rights and Privacy Act of 1974 (20 U.S.C. § 1232g)
    12. General Education Provisions Act (specifically, 20 U.S.C. § 1232h)
    13. Gramm-Leach-Bliley Act (15 U.S.C. §§ 6801-6809)
    14. Health Insurance Portability and Accountability Act (42 U.S.C. § 1306)
    15. The Privacy Act of 1974 (5 U.S.C. § 552a)
    16. Right to Financial Privacy Act (12 U.S.C. § 3402)
    17. Telecommunications Act of 1996 (47 U.S.C. § 222)
    18. Telephone Consumer Protection Act of 1991 (47 U.S.C. § 227)
    19. Video Privacy Protection Act of 1998 (18 U.S.C. § 2710)
    20. Federal Wiretap Statute (18 U.S.C. § 2516)
    21. Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. §1805)
  2. State Laws:
    1. California: SB 1386 (Requires dislosure of security breaches to CA residents if their personal information was known or reasonably likely to have been disclosed.)
    2. Texas:
      Texas Bus. and Comm. Code Sec. 48.102-48.103 (Data protection, breach/notification statues)
      Texas Bus. and Comm. Code Sec. 35.48 (Data retention and disposal)
  3. Case Law:
    1. Dwyer v. American Express Co., 652 N.E.2d 1351 (Ill. App. Ct. 1995) (no cause of action against credit card company that provides marketers with cardholder's identity in a categorization of spending habits).
    2. Shibley v. Time, Inc., 341 N.E.2d 337 (Ohio Ct.App. 1975) (no cause of action against magazine publisher for selling subscriber information to marketers).
    3. Remsburg v. Docusearch Inc., 816 A.2d 1001 (N.H. 2003) ("The threats posed by stalking and identity theft [for selling Social Security Numbers] lead us to conclude that the risk of crimina misconduct is sufficiently foreseeable so that an investigator has a duty to exercise reasonable caution indisclosing a third persons personal information to a client.").

Technological measures:

  1. HTTP REQUEST
  2. Keyboard loggers
  3. Spyware

Recommended reading:

  1. Privacy and Anonymity
    1. What you can do to protect yourself while online.
    2. Web Firms Choose Profit Over Privacy, Washington Post, July 1, 2003; Page A01.
    3. You have some privacy rights under federal law. See, The Privacy Act of 1974 (5 U.S.C. §552a).
    4. The problem is that, while you have some federal rights, that only applies to the federal government, and even most of those are eroded by the Patriot Act.
    5. See what your browser is telling web sites. Take this test.
    6. What your other devices (e.g., TiVo) are telling companies. Note, in the TiVo case, the company said they were doing it to alleviate fears of the content providers and not for the company's customers.
    7. Read about the Federal Trade Commission's Privacy Initiative.
    8. Contrast the FTC's efforts with the European Data Protection Directive. (just skim it). Note, the EU Directive has teeth, the US policy does not.
    9. Do you use Windows XP or are thinking of getting it? Read this.
    10. If you have Windows XP or are about to get it, there are some helpful guidelines in the article "Windows XP: Surviving the First Day".
    11. Read about the recent privacy flap with Amazon.com
    12. Lawrence Lessig, "Behind the Curtain," The Industry Standard, September 4, 2000.
    13. Regulating Privacy: At What Cost?.
    14. E. Alderman, C. Kennedy, "The Right to Privacy" (Alfred A. Knopf, New York, NY, 1995).
    15. Amitai Etzioni, "The Limits of Privacy" (Basic Books, New York, NY, 1999).
    16. Michell Slatalla, "Undercover Buying, Fake Names and All," New York Times, Thursday, September 14, 2000, page D4, col. 1.
  2. Encryption
    1. A primer on public/private key cryptography.
    2. 1999 World Survey of Cryptography Laws
    3. Junger v. Daley, 209 F.3d 481 (6th Cir. 2000), 209 F.3d 481 (6th Cir. 2000)
  3. Previous semester's Poster Child: Digital Convergence and the Cue Cat
    • There once was a company called "Digital Convergence". (hereinafter, "DC")
    • They made a device called the "Cue Cat."
    • CNet was one of the first news organizations that recognized the privacy issues about the Cue Cat.
    • DC distributed the Cue Cat at Radio Shacks and (by unsolicited direct mail) to subscribers of magazines such as Wired.
    • Unfortunately, DC included software only for Windows 98. Many Wired readers use Linux, FreeBSD, BeOS, Mac, OS/2, NetBSD, OpenBSD, Solaris, ad nauseum...
    • One recipient (with way too much time on his hands) hacked the device and made it useful for general purposes.
    • Then another web site sprang up. And then another.
    • In an attempt to stem the hacking, DC tried to change the End User License Agreement (EULA). This was the original EULA. Note that the main difference between the two license agreements relates to the hardware that was hacked.
    • DC also sent the first threatening letter to the hacker community. (See in particular page two of the letter).
    • Most hackers took their sites offline, although some replied to the first threat letter.
    • DC declared victory over the hackers.
    • Then came an article from Security Focus.
    • To make matters worse, DC's server system was cracked. The crack exposed about 140,000 consumers' names, email addresses and ZIP codes.
    • A major Internet privacy organization put out an alert on the Cue Cat.
    • After consulting with lawyers, all of the hacker sites are back in operation.
    • The final insult from the hacker community came when one of them consulted a lawyer and found that DC may be in violation of U.S. Postal Regulations, and provided a hyperlink to the U.S. Postal Service Mail Fraud Complaint form.
    • Seemingly undaunted, DC issues a second threatening letter.
    • Here is a final opinion by an industry observer, although this case isn't over yet.

Web sites with subtantive content devoted to privacy:

Copyright 2006, Ronald Chichester, ALL RIGHTS RESERVED