THE RIGHT OF PRIVACY AND CYBERSPACE LAW
"Every man's home is his castle" (William Pitt's common law definition of privacy)

    There is an important distinction between privacy and anonymity.  Privacy applies when people already know something about each other or the facts can be publicly known.  Anonymity applies when you don't know anything about anybody.  Privacy is the power to control how much other people know about you.  Privacy has meanings which give it the power of a verb, as in the ability or power to stop something of an informational nature.  Privacy also has meanings which express its noun-like status as the most typical trade-off or counterpoint in discussions about the concept of security.  All governments at all times throughout history have always restricted privacy.  There is always a tradeoff between security and privacy.  There are many types of privacy (e.g., informational, personal, economic, political, etc.), but what most people wish to keep private are truths about themselves, sometimes unfavorable truths, but truths nonetheless.  The law of defamation handles falsehoods, but the law of privacy is about hidden truths (i.e., private facts).  The right to privacy is not an all-or-nothing proposition; it can only be more-or-less "responsibly" managed, responsible innovation being something that people like Jeff Jonas have long called for.  The issues take on critical importance in a modern, technological age characterized by gadgets, databases, and the ubiquitous privacy-free nature of cyberspace.  Technology need not threaten privacy.

    Technology is from Mars; privacy is from Venus.  Nobody has any perfect solutions from either point of view.  Technology must advance if society is to progress, and privacy must advance if quality of life is to remain sustainable.  The role of government and corporation cooperation is vital, and while many privacy advocates (like the ACLU) are afraid of government agencies (like the NSA and CIA) tapping into corporate databases, credit histories, telephone records, and financial transactions, the issue should not be whether these things ought to be done, but whether they can be done in a responsible fashion.  However, privacy advocates see threats to privacy everywhere, from SWIFT (Society for Worldwide Interbank Financial Telecommunication) transactions, to surveillance cameras, to fusion centers, to DNA databanking, to RFID chips, to all sorts of advances in biometrics.  It is urgent that technology advocates and privacy advocates begin a dialogue with one another.  Here's a list of some major privacy advocates:

• American Civil Liberties Union (ACLU)

• Cato Institute (CATO)

• Center for Democracy and Technology (CDT)

• Electronic Frontier Foundation (EFF)

• Electronic Privacy Information Center (EPIC)

• Markle Foundation Task Force on National Security        

A HISTORY OF THE RIGHT TO PRIVACY

    Historically, the concept of a right of privacy is derived from that particular kind of freedom known as freedom from biased press coverage.  The idea first appeared in 1890 in a Harvard Law Review article by Samuel Warren and Louis Brandeis. They used the term in proposing a new tort -- the invasion of privacy -- in their complaint about how the PRESS was printing lurid accounts of social activities of the Warrens, a prominent Boston family. They distinguished it from injury to reputation on grounds that invasion of privacy was a deeper harm, one that damaged a person's sense of their own uniqueness, independence, integrity, and dignity, making the astonishing claim (for 1890) that privacy was a personal, not a property, right.

    Forty years later, these ideas evolved into the notion of freedom from wiretapping.  Louis Brandeis became a Supreme Court justice and expressed opinions that reflected the ideas in his 1890 article with Samuel Warren. For example, Justice Brandeis wrote a vigorous dissent in the case of Olmstead v. U.S. 277 U.S. 438 (1928) which upheld the right of Elliot Ness and his untouchables to wiretap the telephone lines of bootleggers as long as it was done at a point between the defendant's homes and their offices. Let's take a look at some of the passages (paraphrased) in this famous case:

• "The makers of our Constitution understood the need to secure conditions favorable to the pursuit of happiness, and the protections guaranteed by this are much broader in scope, and include the right to life and an inviolate personality -- the right to be left alone -- the most comprehensive of rights and the right most valued by civilized men. The principle underlying the Fourth and Fifth Amendments is protection against invasions of the sanctities of a man's home and privacies of life. This is a recognition of the significance of man's spiritual nature, his feelings, and his intellect. Every violation of the right to privacy must be deemed a violation of the Fourth Amendment. Now, as time works, subtler and more far-reaching means of invading privacy will become available to the government. The progress of science in furnishing the government with the means of espionage is not likely to stop with wiretapping. Advances in the psychic and related sciences may bring means of exploring beliefs, thoughts and emotions. It does not matter if the target of government intrusion is a confirmed criminal. If the government becomes a lawbreaker, it breeds contempt for law. It is also immaterial where the physical connection of the wiretap takes place. No federal official is authorized to commit a crime on behalf of the government." (Justices HOLMES and STONE dissenting, agreeing with Justice BRANDEIS)

    It is generally considered unknown where Justice Brandeis extracted the right to privacy of life from, but the next case is instructive, and involves the freedom of reproduction.  Few people know that the right to privacy has a historical linkage to the notion of reproductive rights.  However, long before Roe v. Wade (1973) which established a mother's right to privacy, there were some interesting attempts to articulate the right to privacy in cases during America's short-lived Eugenics Movement. The most famous of these cases was Buck v. Bell 274 U.S. 200 (1927).  Some people may be familiar with Justice Holmes' statement in that case:

• "Three generations of imbeciles are enough. It is better for all the world, if instead of waiting to execute degenerate offspring for crime, or to let them starve for their imbecility, to prevent those who are manifestly unfit from continuing their kind."

    For about fifteen years (1923-1939), it was constitutional to sterilize people against their will. Numerous states had procedures for declaring people imbeciles, morons, or unfit. These people would then be carted off to a doctor's office and sterilized so they could not reproduce. Oklahoma, in fact, made sterilization a mandatory punishment for anyone convicted of a crime of "moral turpitude". Various other habitual offender or sexual psychopath statutes mandated sterilization -- the ultimate invasion of the human body.

    Let's look at a conception of the right to privacy at this time. The case is Meyer v. Nebraska 262 U.S. 390 (1923):

• "The Court has never attempted with much exactness to define liberty. Without doubt, it denotes not merely the freedom from bodily restraint but also the right of the individual to contract, to engage in any of the common occupations of life, to acquire useful knowledge, to worship according to the dictates of their own conscience, to marry, establish a home, bring up children, and generally to enjoy those privileges long recognized at common law as essential to the orderly pursuit of happiness." (Justice MCREYNOLDS, writing for the majority)

    There are other issues involving the right to privacy. Take the right to sexual freedom, for example, and the right to be a practicing homosexual. Currently, about 19 states severely punish sexual activities between consenting adults of the same sex. In these cases, privacy is conceptualized as a lifestyle issue. Let's look at some of these conceptions by paraphrasing the dissents in Bowers v. Hardwick 478 U.S. 186 (1986):

• "This case is no more about the right to engage in sodomy than about a fundamental right to watch an obscene movie or place a bet from a telephone booth. It is instead about the most comprehensive of rights -- the right to be left alone. How a person engages in sex should be irrelevant as a matter of state law. Sexual intimacy is a sensitive, key relationship of human existence and the development of human personality. In a diverse nation such as ours, we must preserve the individual freedom to choose, and not imply that there are any "right" ways of conducting relationships" (Justice BLACKMUN with whom BRENNAN, MARSHALL, & STEVENS join in dissent)

    Finally, the right to peacefully die is also a matter of privacy, or perhaps better conceived as a matter of individual autonomy. Suppose someone wants to terminate life support when he or she, because of accident or illness, survives only in a vegetative state. In cases where the victim is comatose, the matter is more a procedural issue in determining the level of proof (via clear and convincing evidence) in the expression of the patient's wishes than it is about the right to die. Let's look at a couple of cases:

• Matter of Quinlan 70 N.J. 10, 355 (1976) - Should a family member or court-appointed guardian make the decision for someone?

• Cruzan v. Missouri Dept. of Public Health 497 U.S. 261 (1990) - There is always a right to be free from unwanted medical attention just as there is a right to personally evaluate the possible consequences of treatment and decide on the basis of personal values whether to subject oneself to the intrusion.

CONTEMPORARY DEFINITIONS

PRIVACY AS A PENUMBRA RIGHT
    It is generally agreed that the Court recognized a "Constitutional" right of privacy for the first time in Griswold v. Connecticut 381 U.S. 479 (1965). The Court decided that Connecticut's birth-control law (making it a crime for anyone to give out information or instructions on the use of birth control devices) intruded upon notions of privacy surrounding the ideas of marital privilege and reproductive rights. This is the famous case in which Justice William O. Douglas announced the "penumbra" right to privacy.

    Let's look at a paraphrasing of this penumbra right to privacy:

• "Previous cases suggest that the specific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that give them substance. Various guarantees create zones of privacy, such as the First Amendment right of association, the Third Amendment prohibition against quartering soldiers in a home, the Fourth Amendment right to be secure in one's person, house, papers, and effects, the Fifth Amendment right to not surrender anything to one's detriment, and the Ninth Amendment right to not deny or disparage any right retained by the people. These cases press for recognition of the penumbral rights of privacy and repose." (Justice DOUGLAS, for the majority with GOLDBERG, WARREN, & BRENNAN also concurring)  Note: It is generally considered questionable whether "repose" would be a right.

    The Douglas definition of "penumbra right to privacy" has been criticized on many grounds. Some experts say it's a poor example of legal reasoning. The only thing that even comes close to a sufficient beachhead for the right would be the Ninth Amendment, but by mutual agreement, it has largely been ignored because nobody's sure what it means with the exception of motorcycle groups who oppose helmet laws, seatbelts, and other government intrusions on the basis of a penumbra right to privacy (the right to be left alone).  A common criticism of the Douglas definition is that it may be confined to issues surrounding marital, sexual, or reproductive behavior. This led the Court to some interesting conclusions in Roe v. Wade, eight years later.

PRIVACY AS A FUNDAMENTAL RIGHT
    We need not go into Roe v. Wade (1973) in any detail. Most people know it was the case that legalized abortion, striking down a Texas anti-abortion law, and that there have been several cases since then significantly affecting the law's position on abortion, most notably the Freedom of Access to Clinic Entrances Act of 1993 where it was made a federal crime to intimidate women seeking abortions, not so much to cut down on antiabortion demonstrations but in response to shootings, bombings, and massive blockades. We are concerned, however, with the privacy issues, and the significance of Roe v. Wade in this regard is as follows:

• It extended the rights of marital privacy to unmarried people (Griswold involved the crime of discussing birth control with married couples; Roe was an unmarried woman)

• It established the right of privacy to be fundamental, thus triggering a strict scrutiny test for any government regulation (This was accomplished by the Court's skillful use of the pregnancy trimester concept in reasoning that life does not begin at conception, therefore no separate human being exists in the form of a fetus, and the right to life, liberty, and pursuit of happiness adheres to the mother for at least the first trimester -- a controversial ruling)

• It shifted the definition of privacy from an associational conception to a person-based conception (Previous conceptions of privacy were driven implicitly by the understanding that a good part of its grounding was based on the precedent of sacrosanct "privileges"; husband-wife, doctor-patient, lawyer-client, etc.)

THE REASONABLE EXPECTATION TEST

    By far, the most significant case in the history of the right of privacy is Katz v. U.S. 389 U.S. 347 (1967). It is a complex case (a nightmare for instructors who require students to brief it), and in many ways has more to do with good faith (U.S. v. Leon) than privacy. However, it is regarded as the most fundamental shift in this area (a landmark case). Here are some of the things that make it significant:

• Katz shifted the definition of privacy from being place-based to being person-based (Previous conceptions of privacy were derived mainly from the "property" concept in life, liberty, and property; and of course from the Common Law trespass doctrine that "Every Man's Home is His Castle")

• Katz balanced the interest in protecting individuals from government intrusion with the interest in protecting society from criminals (It created a two-prong test for "reasonable expectation" based on this balance)

    The "reasonable expectation" test is a two-prong test based on:
(1) the first prong -- subjective privacy -- is whether the person exhibited a personal expectation to be left alone from government intrusion
(2) the second prong -- objective privacy -- is whether the personal expectation is one that society is prepared to recognize as reasonable and several areas have already been determined to be beyond what society is willing to recognize ("exceptions" to what constitutes a search or requires a warrant to seize):

• items open to plain view, hearing, smell, and touch

• open fields

• public places

• abandoned property

SEARCH & SEIZURE CONSIDERATIONS

    Contemporary Fourth Amendment interpretation defines a "search" as any invasion of privacy by a government official where there is a reasonable expectation of privacy. A "seizure" is any deprivation of liberty or property. Both searches and seizures are governed by the unreasonable search and seizure clause before any other standard is applied. That's why the "exceptions" (to what constitutes a search or requires a warrant for seizure) have conditional elements within themselves.

    Plain View, hearing, smell, and touch, for example, require 3 elements:

• officers are lawfully present

• detection occurs without advanced technology (flashlight & binoculars OK)

• detection is inadvertent or immediately apparent

    A search under this exception might unreasonably intrude on someone's reasonable expectation of privacy if (a) hidden vantage points were used; (b) a pretext was used; (c) probable cause was not present to accompany a seizure; (d) position was shifted to afford a closer examination of items; (e) any containers are opened that have not already had their seal compromised by a private party.

    Open fields, for example, require calculation of the curtilage, based on:

• distance from house

• presence or absence of fence

• use or purpose of area

• measures taken to prevent public view

    A search under this exception might unreasonably intrude on someone's reasonable expectation of privacy if (a) "No trespassing" signs were present; (b) probable cause was not present to accompany a seizure; (c) the area had a history of refusing access to the police; (d) telescopic aids were used - binoculars not OK; (e) low-flying helicopters were used.

    Public places, for example, often requires calculation of whether:

• area is open to public or not

• area is enclosed or partitioned

• area can be seen over and under partitions or through cracks or gaps

    Abandoned property, for example, requires proving the elements of:

• intent to throw away property

• acts that infer that intent

    A search under this exception might unreasonably intrude on someone's reasonable expectation of privacy if (a) it's too quickly assumed that someone abandoned something (a motel room, e.g.) when in fact they planned to return; (b) mere absence of a person is the sole basis for determining abandonment; (c) a person is living (squatting) out of something abandoned (a junk car, e.g.); (d) the intrusion takes place after a fire, flood, or other natural disaster; (e) the item searched is still within the curtilage.

THE TRANSFORMATIVE NATURE OF CYBERSPACE

    Prof. Lawrence Tribe once proposed a 28th Amendment which went like this: This Constitution's protections for the freedoms of speech, press, petition, and assembly, and its protections against unreasonable searches and seizures and the deprivation of life, liberty, or property without due process of law, shall be construed as fully applicable without regard to the technological method or medium through which information content is generated, stored, altered, transmitted, or controlled.  The key phrase is "without regard to the technological method of medium."  Technology evolves, and it's difficult to keep up with the frontiers of it.

    One of the most transformative technologies ever developed was the Internet. Different people, of course, have different uses for it, but it's rapidly becoming the main source for information and connecting people to one another. Technology in the form of print, you'll remember, brought privacy concerns into law in the first place, but a computer hooked up to the Internet is a publishing company, telephone, television, and more all rolled into one. It has generated more than a few problems no one ever expected. This lecture expands on the basics of privacy.  The purpose is simply to introduce students to emerging areas of cyberspace law, an area that is covered by many others from many angles, such as Prof. Lessig at Stanford Law School and cyberlaw students at Harvard who have contributed to Wikiproject Cyberlaw.  Cyberlaw is typically defined as referring to all legal and regulatory aspects of the Internet, the World Wide Web, and other forms of on-line information processing.

    People belong to the world, and they should be connected with others. This is important for social and personal development.  It's not that anyone would devolve into apes if they shunned technology; it's just that the whole process of self-discovery requires comparison. You can't be an autonomous individual with a unique personality unless you're capable of distinguishing your persona from everyone else's. A net persona, however, is based on anonymity. The right to privacy is sort of about persona -- that special uniqueness, self, personal life, or "voice."  You can't obtain the personal without having a life, and a persona is kind of like a life.  Privacy is not the same as secrecy, or completely withdrawing from society.  However, many persona involve claims some of which are true and some of which are half-true.  The Net can destroy a persona as well as help build one.  Hence the dilemma: we need privacy from technology, but we need technology in order to obtain privacy.

THE CONCEPT OF INFORMATION PRIVACY

    The traditional approach to Constitutional study of privacy involves thinking in terms of certain protected zones or spheres of activity -- home, reading, sex, reproduction, health, etc. In part, this way of thinking is due to the precedent (case-by-case) nature of our legal system, and the other reason is that we're not really sure where in the Constitution privacy is guaranteed, our best guess being the Fourth Amendment, which forces us to think in terms of zones or spheres because of the particularity clause.

    The Internet and information technology changes all that. Information isn't considered a commodity. You can't treat cyberspace as a zone or sphere of activity. Nobody really owns it, nobody considers it "home", not many people expect privacy from it, and not too many people want the government or anybody else sniffing, snooping, or regulating every part of it. You'd tie up a Congress of legislators for years trying to come up with a comprehensive set of cyberspace regulations, and then there's that whole jurisdiction problem. Where exactly does cyberspace begin and end?

    Traditional ways of thinking in law enforcement aren't much better. The good news for police is that computer hard drives are like digital diaries of every voyage on the Internet, so all they need to do is swear out warrants to confiscate hard drives (and all related computer equipment, which is usually overkill). The process is similar to swearing out warrants for the confiscation of drugs. However, all they're doing is fighting the problem on the demand-side or supply-side, with the receivers or suppliers. The objectionable Internet content is probably still out there somewhere, in a multiplicity of multiple copies, posts, aliases, finger and mirror sites. It would take an army of cybercops years to track down every last piece of something.

    Instead, what's important in terms of information privacy is the flow of information -- not who has what, but how much and the mode it takes. It's an equity concern. Some people don't have access, some people don't know how, some people won't take the risk, and most unfortunately, some people don't care, even though there might be a doctored photo of them out there, a hate page posted by their worst enemy, or information about their credit history. Imagine your surprise when you walk into a police station to file a complaint about some Internet information on you that you don't think should be there, and the police say if it hasn't got anything to do with child pornography they can't help you. Consumer protection is also kind of weak, with most laws aimed at spammers or telemarketers while multinational corporations operate in freewheeling fashion. Workers essentially have no anti-surveillance rights in the workplace. The criminal justice system concentrates on hackers while e-commerce invasions promise to rob us of more than what any trojan virus or worm could ever do.

THE CONCEPT OF CYBERSPACE

    The term cyberspace was first coined by William Gibson in the 1984 sci-fi novel Neuromancer, and it has since come to mean any non-physical terrain created by online computer systems. It's the impression that what one is experiencing is real, as real as talking to somebody face-to-face, doing library research, or window shopping. It doesn't require virtual reality or tactile sensation, and at a minimum, only consequences that are real. People can get married in cyberspace, obtain college degrees, and order things that are delivered to their door.

    If the marriages, college degrees, and shopping experiences are real, then the question becomes how real are the virtual rapes that go on in MUDs or MOOs, the stalking and harassment that goes on in email and chat rooms, the plagiarism that is rampant on web pages, and the installation of cookies on your hard drive every time you visit a site to develop your consumer interest profile or put you on a mailing list? Another unanswered question is how important it is to protect children on the Internet? How many crimes are possible to commit in cyberspace? 

    The main problem is our limited legal concept of jurisdiction. Generally, any government's jurisdiction only extends to those individuals who reside within its borders or to the transactions or events which occur within those borders. The Internet doesn't have any borders, or if it does, a global one. Courts simply cannot accept cases unless they have jurisdiction. A few states have been daring, claiming that the flow of commerce, or financial stream, across their borders gives them jurisdiction over the Internet. However, it's unlikely that any U.S. state is issuing warrants for Internet offenders overseas, or who have only minimal physical contact with U.S. citizens or U.S. soil. The minimal contact requirement usually governs transborder technology-related commerce cases (International Shoe Co. v. Washington 1945). However, problems arise with the Internet as to what nation would be appropriate to pursue legal action. If a company in the Netherlands posts a child pornography web site, and someone in the U.S. browses, caches, and downloads a photo, what law would apply? Would the browsing, caching, and downloading be sufficient to bring the Netherlands web author to justice in the U.S.?  

    Copyright law applies mainly to copies, and the whole technology of web browsing with files stored in every viewer's computer cache on their hard drive raises the question of what constitutes a copy. Do intellectual property rights apply to freely-accessible information? When creating a web page with links to someone else's web page, do you have to ask for permission first? It's rapidly becoming a norm, not a law, that you do. 

    Also, there's the whole complex of community, self-regulation, and cyberculture. Major web sites, especially educational ones, are fond of cultivating what they call a "community", and do these communities have enough legal status to declare themselves independent -- like the Free States of CyberSpace? Does the Internet have it's own norms, enough that laws could be devised? A number of legal cases, involving the likes of AOL and Prodigy, as well as the way Internet Service Providers are cast into police roles, seem to be moving us in this direction, but it's unlikely that the Internet is going to become a separate nation-state.                 

CYBERSPACE LAW

    First of all, the Constitution requires that people care about their privacy. The key test applied to all privacy questions is the reasonable expectation test (Katz v. U.S. 1967), and the first prong of this test is whether or not, subjectively, the person held to a personal belief that privacy is important in their lives. You would fail this first prong if you became upset only after finding something about yourself on the Internet. Privacy is about preserving the inner self, and this you must do on your own. The government is there to help you all it can, but it also wants you to be actively involved in public life. A place-based conception of privacy is a fundamental right; a person-based conception of privacy is a fighting right. In cyberspace law, you've got to stand up for your rights. The Gertz test (Gertz v. Welch 1974) makes it clear that individuals who feel defamed or invaded in the Internet medium must first avail themselves of all accessible remedies for posting a reply or correction in the same medium before obtaining any standing.

    Secondly, there are a number of well-known exceptions to the privacy right on objective grounds. The notion of objectivity here means the law is convinced that custom allows such practices. Let's not review all of them, just the more relevant ones:

• Plain View -- In cyberspace law, this means that as long as someone isn't using too advanced a technology, they can peer through any "holes" in your security system. It has implications for what others can do with and to your hard drive via the Internet.

• Open Fields -- In cyberspace law, this means that anything posted beyond your "curtilage" is public domain or public property. Unless there's a really good copyright notice, or better yet, a registered trademark or patent, there's little, if any, intellectual property on the Internet. 

• Public Places -- In cyberspace law, this means that any "flow" of information as part of ordinary commerce, regular transmission or exchange of information is not private. Banking, credit records, and all sorts of other databases qualify as nonprivate in this regard.

    Next, let's consider the legal status of a web page. Is it "real speech" or binary code (computer algorithms) sent over the Internet and later translated into readable form on the end user's screen? In the latter case, it's the end user's responsibility, but unlike television (where the user can just change the channel), not too many computer users know how to filter out web page content. Sure, parents can install programs like NetNanny and so forth, but how many people regularly adjust the advanced security settings in their browser? Not many. The key case analyzing web content as speech or code is Bernstein v. U.S. Department of State (1996).

    Speech on the Internet works somewhat differently from other media. You first have to have some kind of source code (or operating system) to run the computers, for both sender and receiver. This source code (like Windows, MAC OS, or Linux) is not considered speech by the law, but it is regarded as a patentable product than can be made subject to licensing and restriction. As such, it is therefore subject to copyright and export restrictions. Export is the key issue here. Source codes cannot fall into the hands of nations the United States does not have tariff agreements with. Therefore, steps have to be taken to protect the privacy of source codes. One of the quickest ways to get into trouble is to make source codes downloadable from the Internet where they are globally accessible. Readers may or may not be familiar with PGP (Pretty Good Privacy) encryption software, but the source code for it should not fall into the hands of certain Middle Eastern or Asian nations. 

    The next level of speech is software application (programs like word processors, games, etc.). The law refers to this as machine-readable code. There's a few more bits and pieces of it than source code which is understandable to the untrained eye. To be considered speech, it depends upon what higher-order language the code is written in. Higher-order languages (like C++, Fortran, or Pascal) tend to be treated by the courts the same as ordinary language (like English, French, or German). Lower-order, or uncompiled, programming is treated as irrelevant. The effect that most readers are familiar with is the vast proliferation of crappy, buggy, crashing software because the law holds compiled software to a higher standard. A programmer can get sued or held criminally liable by planting "Easter Eggs" or hidden messages in compiled software, but not with lower-order programming. Most modern software applications today are so large, they contain both types of programming. It's also difficult to impossible to tell who the author was of some rogue program.

    Finally, we're at the level of Internet web browsing. In this case, the law refers to the HTML script that interprets itself as readable text on the user end as object code. Object code contains bits and pieces of source code, bits and pieces of machine-readable code, a series of arcane, program-like command words called "tags", and a whole lot of plain, ordinary words. Because there's a preponderance of plain, ordinary words (which are also visible when you go into "Source View"), HTML script is speech, pure and simple. It is therefore subject to the same restrictions on absolute freedom of speech as any other. To review those restrictions and apply them to the Internet produces the following:

• the Brandenburg test -- In cyberspace law, this means that no matter how repugnant the web page, there can be no claim for invasion of privacy or harm unless the speaker intends incitement, openly encourages or urges incitement, imminent action, or suggests a duty to do harm.

• the O'Brien test -- In cyberspace law, this means that any offensive or invasive graphic images, design features, or symbols cannot be suppressed merely for the sake of suppression. There must be other reasons such as traffic congestion, trespass, disorderly conduct, or breach of peace.

• the Miller test -- In cyberspace law, this means that anything deemed obscene or invasive must appeal to prurient interests (morbid, abnormal, or disgusting), involve hard core demeaning acts to women, and lack serious literary, artistic, political, or scientific value. 

• Libel -- In cyberspace law, this means that privacy is invaded when the intent of the web page author is malicious or reckless, providing that damage can be shown to reputation, profession, or business. Public figures are exempt, as is parody, cartoon, or anything clearly for entertainment purposes.

• Fighting words -- In cyberspace law, this means that privacy is invaded by anything abusive and insulting, which under face-to-face circumstances would provoke an immediate violent response. Public officials are held to higher standard, however.

• Pornography -- In cyberspace law, this means that privacy is invaded when the web content provider fails to restrict easy access to their site or fails to construct fencing that at least requires users to attest to age. Certain displays are prohibited but unenforced in some local jurisdictions, such as sadomasochism, bestiality, snuff flicks, and degradation to women. Solicitation of prostitution is, of course, expressly prohibited unless parties are in a private chat room.

• Hate sites -- In cyberspace law, race- or hate-motivated web sites do not invade privacy if the speaker honestly believes they are contributing to the free interchange of ideas and the ascertainment of truth. The best that can be done is to track and counter such sites.

    Privacy law in the United States is a patchwork of specialized protections, liberally punctuated with loopholes and exceptions. For example, there is privacy protection for bank records but not for medical records. There is coverage for videotape rentals, but not magazine subscriptions. Credit records are covered, but insurance records are not. Even where privacy protection exists, new business practices and new technological developments often make good laws quickly outdated. What is missing is a larger context of legal and social principles, such as the notion of "Informational Self-determination"

CYBERSPACE THREATS TO PRIVACY

GOVERNMENT RECORDS
    For many years, the policy of the U.S. government used to be "partitioning", or keeping different agency databases separate from accessing one another. However in recent years, support has grown for the idea of unified or "federated" databases in e-government. Since 1992, a joint NSA/FBI proposal called the "Clipper chip" has been hotly debated because it gives the government an ability to intercept all electronic forms of communication. It involves placing a tamper-resistant cryptographic device into every computer that not only gives it a unique ID, but runs a program called SKIPJACK which is a family key used by law enforcement and a device unique key that unlocks any encryption efforts the user tries to make.  

COMMERCIAL ORGANIZATIONS
    Because the threat to privacy has always been conceived of as a government threat, the U.S. has practically no legal traditions for dealing with threats to privacy from the commercial sector. Credit bureaus contain an alarming number of erroneous entries, for example, yet there's no government regulations which make them clean up their act. In the fields of medicine and insurance, there's nothing the consumer can even do to correct erroneous entries. Many employers regularly monitor their employee's electronic activities, from phone logs to emails to web pages visited, and there's no corresponding workplace freedom acts or laws protecting workers. People are regularly flooded with spam (junk email) because there's little to no control over direct-mail database services.   

MALEVOLENT INDIVIDUALS
    Every "hacker" knows that government and commercial computers can, accidentally or by design, disclose information that should be private. Government computers are especially susceptible to break-ins by pretending to be an authorized user.  Commercial systems are just plain lax with security, but most are exploited by misusing the system until it's about to crash (as in denial of service attacks) and then gaining administrative privileges. Small-time commercial systems (such as rental agencies) often simply leave their personal computers on at night, allowing network intrusion into things like "bad tenant" files. Every public key-based authentication/encryption system has a built-in "trapdoor" vulnerability. More secure cryptography that falls into public hands can thwart law enforcement and national security interests.     

WIRELESS CONSUMER NETWORKS
    Cellular and wireless technologies are bandwagons that people have jumped on without considering the privacy risks. Every mobile phone has a unique personal ID just as every computer has a unique IP address. Adding mobility to the picture means that every consumer's movements can be tracked electronically. It's as if you had a "bumper beeper" attached to your vehicle. In one respect, all computers are wireless. All desktops and peripheral devices emit electromagnetic radiation that can be intercepted and translated using TEMPEST specifications for EMI emissions. Users who run the cables behind their equipment into a "rat's nest" are just creating an antenna which allows intercept over greater distances than several inches. The only alternative is to cover all your equipment with aluminum mesh. Cordless and wireless intercepts can produce credit card theft if used for financial purposes.   

CONSUMER PRIVACY REQUIREMENTS

    Write to any company you don't want to hear from and ask to be taken off its mailing list. Any envelopes with "Address Correction Requested" or "Return Postage Guaranteed" can be returned unopened by writing "Refused--Return to Sender" on the envelope. The company will have to pay the return postage. If there is a postage-paid return envelope inside, put all of the information in the return envelope with a note that you wish to have your name removed from the mailing list. To get off of ALL mailing lists, write to the Direct Marketing Association's (DMA) Mail Preference Service, P.O. Box 9008, Farmingdale, NY 11735. Tell the DMA you do not want to receive catalogs and other promotional material through the mail. They will put you into the "delete" file which is sent to the DMA's member organizations four times a year. Write to the customer service department of your credit card companies and request your name be removed from the lists they rent to others and from their "in-house" mailing list. Write to the three major credit reporting firms: Equifax, Trans Union and TRW, and ask to be removed from their marketing mailing lists. Be aware that warranty or "product registration" cards have less to do with warranties than they do with mailing lists. They all go to a company called National Demographics and Lifestyles, and you can ask them to delete you from their mailing lists: National Demographics and Lifestyles, List Order Department, 1621 18th Street, Suite 300 Denver, Colorado 80202 When shopping, checkout scanners can also be used to link your name to your purchases, especially if you are using the store's "buyers club" card. If you do not want information compiled about your personal buying habits through the use of price scanners, don't participate in the store's "buyers club." If you are concerned about keeping your name and address private, consider having an unlisted number. Or request that the local phone company publish just your name and phone number and omit your address. In addition, ask the phone company to remove your listing from its "street address directory." Also, write to the major directory companies and request that your listing be removed: Haines & Co., Criss-Cross Directory, 2382 East Walnut Ave., Fullerton, CA 92631; R. L. Polk & Co., List Compilation & Development, 6400 Monroe Blvd., Taylor, MI 48180-1814; Rueben H. Donnelley Corp., 287 Bowman Ave., Purchase, NY 10577. Never print your Social Security number on your checks, business cards, address labels or other identifying information. And do not carry your SSN card in your wallet, which could be lost or stolen. Attempt to resist merchants' requests to put your name and address into their cash registers when you purchase something.

INTERNET RESOURCES
About.com Law:CyberSpace Law
Center for Democracy and Technology
CyberSpace Law for Non-Lawyers
Electronic Frontier Foundation (EFF) home page
Electronic Privacy Information Center (EPIC) home page
FindLaw's CyberSpace Law Center
First Amendment Issues in CyberSpace
John Marshall Law School CyberSpace Law Center
Lawyer Library: Guide to Cyberspace Law
Legal Issues in Computer Operator Liability
Privacy.org news site
Privacy Rights Clearinghouse
Right to Privacy Website forum
San Diego Law Review article on Information Privacy
Search & Seizure in CyberSpace Law
Social Science Research Network's Lessons in CyberSpace Law
Society for Computers and Law
UCLA Online Institute for CyberSpace Law and Policy
U.S. DOJ CyberCrime Section home page
U.S. DOJ on Privacy Issues in the High-Tech Context
Volokh Conspiracy Articles on Cyberspace Law
Yahoo's List of Privacy Links

PRINTED RESOURCES
Agre, P. & M. Rotenberg. (1998). Technology and Privacy. Cambridge, MA: MIT Press.
Biegel. S. (2003). Beyond our Control: Confronting the Limits of our Legal System in the Age of Cyberspace. Cambridge, MA: MIT Press.
Cate, F. (1997). Privacy in the Information Age. Washington D.C.: Brookings Institute.
Del Carmen, R. (1998). Criminal Procedure: Law and Practice. Belmont, CA: Wadsworth.
Ferdico, J. (1996). Criminal Procedure for the Criminal Justice Professional. Minneapolis: West.
Garfinkel, S. (2000). Database Nation: The Death of Privacy in the 21st Century. NY: O'Reilly.
Gilliom, J. (2001). Overseers of the Poor: Surveillance, Resistance, and the Limits of Privacy. Chicago: Univ. of Chicago Press.
Henderson, H. (1999). Privacy in the Information Age: Library in a Book. NY: Facts on File, Inc.
Lessig, L. (2000). Code and Other Laws of Cyberspace. NY: Basic Books. [author's website]
Reed, C. (2001). Internet Law: Text and Materials. London: Butterworths.
Samaha, J. (1999). Criminal Procedure. Belmont, CA: Wadsworth.

Last updated: July 17, 2011
Not an official webpage of APSU, copyright restrictions apply, see Megalinks in Criminal Justice
O'Connor, T.  (2011). "Privacy and Cyberspace Law," MegaLinks in Criminal Justice. Retrieved from http://www.drtomoconnor.com/3000/3000lect04a.htm accessed on July 17, 2011.