John T. Nockleby
At the dawn of the 21st Century, privacy has become a significant touchstone for those worried about the encroachment of technology into the sphere of the "personal." While potential invasions of privacy can come from many sources, a chief concern in recent years has been informational privacy. Informational privacy -- which Alan Westin has defined as "[t]he claim of individuals, groups, or institutions to determine for themselves how, when, and to what extent information about them is communicated to others" -- is one of many significant types of interests grouped under the rubric of “privacy.” Although other types of personal interests have often been grouped under a general claim of privacy (e.g., "decisional" privacy such as that embodied in the Supreme Court's abortion decisions), this Course is concerned with informational privacy.
Informational privacy (or its absence) is sometimes thought to represent a condition of life. For example, one meaning of privacy is the state of being left alone, as reflected in the statement “I want my privacy”. The Course seeks to distinguish privacy as a “condition” of contemporary life to be accepted or lamented, from an affirmative notion of “information privacy:” the claim that privacy consists in the capacity to control the collection, storage, use and distribution of information about oneself. This capacity to control information is a power; if you possess the power to control information about yourself we can call it a “right” of privacy. If someone else possesses the power to control information about you, we can say that person has the power of control. The fact that arguments about privacy are really arguments about who has the right to control information about you is frequently obscured in contemporary debates about informational privacy. To begin the discussion, it might be helpful to reflect on what it is about contemporary technology that has made the affirmative claim of privacy as power or control both significant—and controversial.
Six features of contemporary information and communication have brought concerns about privacy to the fore. These features are (1) Information Capture, (2) digitalization, (3) interlinking, (4) information storage, (5) market value, and (6) decentralized legal regimes. In order to understand how “the internet changes everything,” it is important to highlight the transformation in information technologies over the past few years.
Information Capture. First, remarkably new techniques for capturing information about the natural world and people in it have been developed. Infrared imagers pointed at homes can detect heat images—such as body temperatures or heat lamps—and provide an image to the device’s holder. Cameras that can “see” through clothing –like the famous “X-Ray” glasses in 1950’s comic books—have created controversy. Passive millimeter wave imaging allows a user to see through clothing and identify objects carried by the person. Radio receivers, room transmitters, Video and audio bugs can be purchased at many spyshops that, incidentally, do a booming business on the web.
During SuperBowl 2001, the government utilized surveillance cameras to photograph over 50,000 attendees at the Super Bowl football game at Raymond James Stadium, all without the attendees’ knowledge. Those images were instantly relayed by cable to computers that scanned and compared them to images in a police database of suspected criminals using a process known as facial recognition technology. Not to be outdone, the Tampa Police Department currently has over three dozen security cameras with face recognition software in their popular downtown district and everyone who enters that area of town runs the risk of having their face digitally scanned against mug shots of criminal suspects with arrests warrants. This face recognition software breaks down each facial image taken into something similar to a map, with 80 reference points to check. If the system matches more than a dozen of these reference points against an image in its database of a suspected criminal, the police officers monitoring these images send an uninformed officer to investigate and possibly make an arrest.
Cameras seem to be everywhere: on public streets, monitoring congested intersections or crime-threatened neighborhoods; in grocery stores, record stores, pharmacies, the local bank; in airports and outside, train terminals, bus terminals and hotels; in ATM machines, and outside in public parks. Many employers have installed video cameras to watch their workers.
Monitoring is not confined to cameras in public spaces. The Web is full of thousands of salacious “spycam” sites purporting to record people in bathrooms, dressing rooms, and other compromised settings. Tiny, inexpensive digital video cameras sold in threes over the internet encourage private parties to set up their own cameras to snoop. Already landlords, motel owners, and bar owners have been charged with monitoring tenants and customers in their private spaces.
Tracking devices to locate persons anywhere in the world are already widely available. Trucking companies track their delivery drivers’ progress, sacking them if they tarry at a truck stop. Car rental companies install satellite based global positioning devices (GPS) in their rental cars to assist lost drivers.  Some explain they install the devices to locate stolen vehicles. Acme Rent a Car, however, tracks drivers’ speed and sends a bill if the driver exceeds 79 miles an hour. Telemetric devices installed on new cars, similar to airplane “black boxes,” allow monitoring of a variety of information —such as pedal movement, speed and brake status, airbag deployment, whether the driver was wearing a seatbelt, and stopping time.
GPS tracking devices will soon extend to cell phones, which are widely expected to adopt GPS systems. GPS permits the holder to know where on earth she is, within a few feet, but also permits others—including the police—to track the cell phone owner’s movements. If you don’t want to carry a cell phone, one company offers to install a GPS device in your body. As an inducement, the company offers to include your health information as well.
Various forms of tracking devices are widely used even without GPS. At many bridges and tunnels, drivers pass through toll booths carrying a radio transmitter that transmits a signal to the tollkeeper that the car has passed through; a bill arrives later. Running a tollbooth or even speeding on some roads is digitally monitored; cameras take pictures of all toll evaders and speeders and the tickets, along with complimentary photos of the scofflaw, arrive in the mail.
After September 11, many people have suggested the United States adopt a national I.D. system as a mechanism of increasing security. A National I.D. card would enable two things that might enhance security: (1) identification of the holder; and (2) authentication of the holder. It is the second that most troubles civil libertarians, though even if limited to the former a National I.D. has generated lots of objections. An I.D. card that contained biometric (fingerprint, palmprint, eyescan, DNA) features would be necessary to authenticate that the person was, indeed, who the I.D. represented him/her to be. This, in turn, would require a national database of biometric features that the entire population would be required to submit. We would all have to give fingerprints or DNA to the FBI, for example. Meanwhile, wherever one traveled one would have to swipe a card to identify oneself to the official. Anonymity, if not lost, is passing.
The internet is raising similar issues of anonymity and control over information about oneself. While many people have the illusion that they surf anonymously, in fact all the data bits that one sends from one’s own computer seeking information from the larger network passes through many other computers and routers—any one of which can record the request and the response. It is technically possible for the government to track and trace virtually all surfing behavior; indeed, it is frequently possible for individual websites to identify the user—even if the user has not previously identified herself to the website.
What do these technologies tell us about informational privacy? Is “privacy” an outmoded, nineteenth century concept that some 21st Century technologists reject? Sun Microsystems CEO Scott McNealy claims that Americans have already lost all privacy and they should "just get over it." In response, one should ask if the passing of privacy” (i.e., its lack) is merely a condition of life to be accepted, or whether the issue of privacy concerns who should control certain information about oneself.
Digitalization. Second, information is rapidly becoming digitalized. Whereas previously information about an individual might be retained in analog form (paper, VCR’s, cassette tapes) those records are rapidly being converted into the computer codes of zeros and ones. Information about people or their activities -- ranging from medical records, to purchasing habits, to property ownership and borrowing habits at the video store, to cell phone conversations on some long distance providers to surfing practices on the Internet-- can all be recorded in digital form. Photography -- still as well as motion -- is becoming digitalized. A picture, formerly worth a thousand words, now embodies a million pixels and growing. Sound can be recorded in digital format, stored on computer disk and transported over the Internet to be reproduced in some other place. All information about the natural world -- sound, light, heat, color, texture, and even smell -- will soon be available in digital format. These digital forms, of course, are merely representations of the real, but are sufficiently powerful that technologists have coined a phrase -- virtual reality -- to describe the cyberspace they represent. Virtual reality, of course, has some “actual” reality but here we are concerned solely with the transformative power of the digital revolution and its implications for privacy. Those records often can be stored on computers, and other permanent storage media such as CD-ROMs. What happens to “privacy” when all information is a function of zeros and ones?
While the computer revolution brings enormous efficiencies in the acquisition, storage, manipulation, and transference of data, it also brings risks that may not have been at the forefront of developers’ minds. The inefficiencies of paper filing mechanisms is, oddly, an inherent security feature. Searching thousands of filing cabinets takes time and success depends on filing clerks --and the searcher-- correctly understanding the organizational scheme. The implicit privacy feature is that the searcher must know where to look, and have the time and motivation to look in many places. However, if information is digital, it can be easily searched. While most would applaud the search capabilities of contemporary computer software, the risk is that information that might have been hidden in a morass of detail or buried in one of a hundred filing cabinets located in dozens of places, can easily be plucked from the mire. Indeed, without encryption or other security feature, contemporary Boolean search techniques can quickly locate the single byte out of a trillion in less than a second. The haystack can’t hide the needle.
If information is searchable, it is also manipulable. Manipulability doesn’t necessarily imply corruption, though that is a risk inherent in all digitized data. Think of the family photo editors who digitally crop out the errant boyfriend, digitally replacing face with sky, feet with grass. True, scissors can manipulate hard copies, but the cropper with a scissors can’t so easily disguise the manipulation. Or, consider the internet porn artists who digitally attach a famous actress’ face to a nude photo of a similar body type. These corrupters-of-data even give awards to each other for the most realistic portrayal of the actress-in-life. Because of the ease of digital copying, the U.S. government has changed the look of paper currency, and drivers’ license bureaus around the country fear the power of the computer to generate fake i.d.’s. In court, when all documentary evidence is reducible to zero’s and one’s, no document is self-authenticating.
Less ominously, digitalized inquiries enable one to search vast databases and to organize based upon the searcher’s criteria. For example, if one wishes to search a prescription drug database by all recipients who received Claritin and Zoloft, that would be possible. But, with the great efficiencies enabled by digital storage comes increasing risk to privacy.
Storage. A third feature of contemporary information technologies concerns the nature of storage mechanisms. The Library of Congress contains millions of volumes and billions of pages of information. Books and document storage requires buildings, storage sheds and warehouses to secure hard copies. Storage and duplicates are expensive, and except for widely used volumes the practice of most libraries is to keep a single hard copy or two. To search for a copy of a book kept in storage requires physical effort, and the searching mechanism depends not only on accurate storage but also a mechanism of categorization maintained by the librarian. In contrast to analog storage, digitalized storage permits infinite databanks and infinite copies limited only by the exponentially-reducing cost of storage. Tomorrow, it may be possible to store the contents of an entire library information on a single laser disc or even a single chip. Whereas the cost of storage in the Library of Congress today is millions every year, in 10 years the cost of digital storage will be negligible in comparison.
Because the cost of information storage is being reduced exponentially, we need to think about what the cheap, easy storage of ever-increasing bits of information about ourselves says about privacy. Does the recordation process itself, the reduction of data to digits, affect information processes? What does the digitalization of data mean for privacy? Does privacy itself become transformed through these mechanisms?
Interlinking. Fourth, all those digital devices are rapidly becoming interlinked. Businesses collect information; government collects information; cameras record information; all link together through intranets, which in turn connect to the internet and other private networks. Another computer located in another part of the world can easily access information stored in a computer in California. What happens to notions of informational "privacy" when interlinked computers can transfer information so readily?
It is not merely "computers" that are interlinked. All forms of processors that collect or record data in digital form can be interlinked. Thus, a New Yorker holding a digital cell phone can link to a computer in Taiwan and the Taiwanese computer can store, transfer or manipulate the data flow. A digital camera or video recorder in Boston can transmit "live" images to Syria. A Finnish Engineer visiting Seattle can check -- or adjust -- the temperature in her London flat before setting her child's digital alarm clock in Helsinki. All these devices are or can be linked by one giant web of telecommunications that has aptly been described as The Network. What does the massive amount of data flow suggested by these examples suggest about informational privacy in the 21st Century?
Market value. A fifth feature of contemporary information technologies is that information-gathering mechanisms that some may see as "invasive" and the information obtained as "private" has market value. Significant information -- prescriptions; names and specialties of doctors (has high cholesterol, purchases Bombay Gin every week); reading matter (reads China Daily, Wired Magazine); activities on which one spends time (“purchased medium blue swimsuit, acquired climbing gear”) can also be recorded; viewing habits -- can be readily tracked with interlinked computers. Many people sign up for drug store or supermarket “memberships,” little realizing that the supermarket collects information for a reason.
Amazingly, however, it is often the little bits of banal data about one's life that is of enormous interest to the marketers. For example, what time one goes to bed; what one purchases at the grocery store or online; the length of time one logged onto a particular website; the type of car one drives; how much money one withdrew from the cash machine; how fast one drives on the freeway; the type of car or brand of coffee one buys; where one markets; what grocery discounts entice one to make a purchase; and where one lives are the sorts of data that can assist the marketeer in knowing how to persuade you to buy products. Capitalism in the end drives collection.
Computers can assist in making sense of the minutiae of daily life. Microprocessors don’t just aid in collection of data; they help the data crunchers make sense of it. Regression analyses, and other complex mathematical formulas enable marketeers to know how to make sense of the databits. Logic doesn’t necessarily control; it is the connection among nonlinear data that proves most useful. The analysis in turn allows potential targeting of unique users for marketing purposes.
Decentralized legal regimes. A final feature of contemporary information technologies is the arrival of decentralized legal regimes that accompanied the Net. The boundaries of data transfer are not dependent upon geographical or political boundaries. One can check one's email as easily in Beijing as San Jose or Accra. Political boundaries cannot limit the flow of digitalized data, though as will be seen mechanisms exist for governments to monitor or restrict certain types of dataflow.
In a world in which technology exists to permit collection, storage, distribution, and rampant commodification of billions of terabits of digitalized data about every person in the country, what forms of regulatory regimes can protect privacy? Is Scott McNeely right, that there is no privacy and we should “just get over it?” Or, is there some point in fighting over who should retain the capacity to control the collection, storage, use and distribution of information about oneself? Indeed, what remains of that which was once called “privacy”?
These are the questions that challenge us—and our legal system—and that form the crux of our course, Privacy in Cyberspace.
 Professor of Law, Loyola Law School, Los Angeles
 Kyllo v. United States, 121 S. Ct. 2038, 2041 (2001)(holding that use of a thermal imager by the police required a warrant pursuant to the Fourth Amendment).
 See generally Alyson L. Rosenberg, Passive Millimeter Wave Imaging: A New Weapon in the Fight Against Crime or a Fourth Amendment Violation?, 9 Alb. L.J. Sci. & Tech. 135 (1998).
 Super Bowl Snooping, N.Y. Times, Feb. 4, 2001; July 4, 2001
 Dana Canedy, Tampa Scans the Faces in Its Crowds for Criminals, N.Y. Times, July 4, 2001.
 See Los Angeles Times, 
 Joe Sharky, Business Travel; Most Car Rental Customers Can Relax. The Top Companies Have No Plans To Monitor Speeders, N.Y. Times, July 11, 2001.
 http://abcnews.go.com/sections/scitech/DailyNews/chipimplant020225.html (last visited February 25, 2002).
 E-Week, December 17, 2001 Rob Fixmer, “Get Over It: National Ids are on the Way” http://www.eweek.com/article/ (last visited February 6, 2002)
 The year 2000 saw the breakthrough of digital photography. David Pogue, State of the Art: A Pattern in the Dots: Film’s Rival is Gaining, N.Y. Times, July 19, 2001(Explaining that digital cameras are coming closer to producing the superior resolution of film).
 Michael S. Oberman and Trebor Llyod, Copyright Protection for Photographs in the Age of New Technologies, 2 B.U.J. Sci. & Tech. L.10 (1996).
 Niva Elkin-Koren, Article: Cyberlaw and Socal Change: A Democratic Approach to Copyright Law in in Cyberspace, 14 Cardozo Arts & Ent LJ 215, 245 (1996) (describing that designers can incorporate actual textures, capture them on video or photograph, and then convert them to a digitized form)).
 J.D. Biersdorfer, Online Scents, Speed and Cleaner Windows, N.Y. Times, Apr. 20, 2000 (Explaining that several companies are working to create hardware that will digitize scents from computer to computer. Such hardware “uses a cartridge containing chemicals that can simulate certain smells when they are mixed. Codes in the scent software tell the hardware what scent to manufacture. In an odor-enabled system, you could send a greeting card to your significant other by e-mail and attach the smell of roses to the card”).
 Popular culture reflects conventional understandings about virtual realities. As aficionados of "The Starship Enterprise" can attest, even early episodes of Star Trek contained descriptions of primitive virtual realities. See, e.g., Michael Heim, The Metaphysics of Virtual Reality, available at http://www.smnweb.com/fad/vrln/biblio/heim/heim.htm (describing virtual reality as a computer simulated world and its appearance in popular culture as in Star Treck’s holodeck).
 locate description of searching capability.
 Perhaps more accurately, in a digital world all information is a haystack but every needle bearing the sought attributes can be located.
 Navin Katyal, The Unauthorized Dissemination of Celebrity Images on the Internet…In the Flesh, 46 Clev. St. L. Rev. 739, 757 (1998) (explaining how Milano v. Machinenet, No. 98-3246, (C.D. Cal. Filed Apr. 27, 1998) and Milano v. Eight Ball Inc., et al. Case No. 98-3245 (C.D. Cal. Filed Apr. 27, 1998) were settled out of court in November 1998). See also Greg Miller, Alyssa Milano’s Two Lawsuits Would Be the First of Their Kind in a Dispute Between Celebrities and Online Entrepreneurs, L.A. Times, Apr. 28, 1998, at D-1; Greg Miller, TV Actress Prevails in Suits Over Nude Photos on the Web, L.A. Times, Dec. 21, 1998, at C-3; Do Stars Have Any Rights?, Time, July 27, 1998, at 52.
 Michael Saul, Internet Blamed in Fake Id Glut, Daily News, May 11, 2001, at 56 (explaining the internet has been blamed for being a popular avenue where people create fake identification documents such as driver’s licenses).Cite (june 2001) nytimes article about copying of drivers’ licenses.
 I thank Charlie Nesson for this insight. See also Lawrence P. Wilkins, The Ability of the Current Legal Framework to Address Advances in Technology, 33 Ind. L. Rev. 1, 4-8 (1999).
 I’m not claiming that this is, in fact, done routinely; just that it is possible to do. See, e.g., John M. Broder, Gore to Announce ‘Electronic Bill of Rights’ Aimed at Privacy, NY Times, May 14, 1998, at A-22. Also: news articles about pharmacy companies selling prescription lists.
 [cite] A "page" here is defined as an 8˝ x 11" paper on which analog information (typescript, drawing, photograph) is recorded.
 The Net (Columbia Pictures 1995) (This movie starring Sandra Bullock describes how computer programmer Angela Bennett stumbles across a mysterious program which allows her access into all government databases. Bullock quickly learns that access to these databases will only lead her to trouble, when her purse and passport are stolen and the embassy computer files identify her not as Angela Bennett the computer programmer, but as Ruth Marx the fugitive drug dealer. Thus, this movie reflects the fear that virtually anything can be accomplished through the Internet, including erasing someone’s identity)).
 example of doubleclick/abacus