Berkman Center for Internet & Society.
Berkman Online Lectures & Discussions

Harvard Law School > Berkman Center > Open Education >



Online Profiling
Employees Privacy on the Net
Governmental Collection of Data - Part I
Governmental Collection of Data - Part II
Cryptography and other Self-Help Mechanisms

Module VI -
Self-Help Mechanisms: Cryptography, Privacy-enhancing Technologies, and P3P

"[E]ncryption technologies are the most important technological breakthrough in the last one thousand years."
--Professor Lawrence Lessig, Code and Other Laws of Cyberspace 36 (1999).

Assigned Reading:

1. Please read the Introduction to this Module.

2. Please Read Cryptography
I. Introduction
II. How Does Encryption Work?
III. A Survey of the Issues Surrounding Encryption
IV. Arguments for Restrictions on Cryptography - Law Enforcement
V. Arguments against Restrictions on Cryptography - Free Commerce and the Right to Privacy
VI. Another Way to Look at the Encryption Policy Debate: Individuals v. Marketeers

3. Articles:

(a) The Platform for Privacy Preferences (P3P) and other Industry responses to privacy concerns
1. Read section entitled "What is P3P?"
2. Read a comment by a critic of P3P:
Karen Coyle, A Response to "P3P and Privacy: An Update for the Privacy Community" by the Center for Democracy and Technology (May, 2000):
3. Read the Center for Democracy & Technology (CDT) position paper on P3P:
4. Peruse the website of the Network Advertising Initiative and read the basic principles promulgated by this consortium of five major online advertising companies:
5. Read about TRUSTe, an industry consortium that sets certain minimum standards of data collection and privacy practices for its members to follow:

(b) EFF's Top 12 Ways to Protect Your Online Privacy

(c) EPIC's Online Guide to Practical Privacy Tools
(discussion & description of commercial products that help protect privacy, including Snoop Proof Email; Anonymous Remailers; Anonymous surfing tools; HTML Filters; Cookie Busters; Voice Privacy; Email & File Privacy; Web Encryption; Encryption; Disk/File Erasing Programs; PC Firewalls)

Discussion Topics/Assignment:
Please read through the following discussion questions. Use the links after each question to submit your thoughts to the discussion board. Feel free to address as many questions as you like.

1. What problems does encryption solve? Does encryption create new problems? Consider, in this regard, the final section of the article entitled "Encryption" on another way to look at the debate about encryption.

2. Are you optimistic about the possibility of constructing checks and balances
against the political and commercial forces that seek to centralize data after September 11? Do the "self-help" measures listed by groups such as EFF and EPIC solve users' online privacy dilemmas? The assignments identify a number of industry efforts designed to come to terms with the online privacy concerns manifested by numerous privacy groups. Do TRUSTe and the Network Advertising Initiative offer constructive alternatives to the position of many privacy groups that no data should be collected beyond transactional data, and that data should be destroyed as soon as possible? Which, if any, are examples of technologies that effectively balance liberty and security?

3. Does the Platform for Privacy Preferences (P3P) offer a reasonable alternative to the present situation of lack of user choice? Does P3P adequately protect user privacy?

4. What is the most startling technology you came across while swimming in Silicon Valley?
What are examples of technologies that effectively balance liberty and security? Can you give examples of technologies developed by Silicon Valley for business intelligence that are now being applied to national intelligence? Is there a historical precedent for the search for silver bullet technologies in America?

5. Invasive technologies and technologies that protect privacy sometimes seem to operate in leap-frog fashion. When a technology develops that seems to threaten privacy (e.g., cookies), other users develop counter-measures (e.g., cookie eaters). Should cyberspace users defer to the technologists to develop privacy protection devices? Or, should legislatures and courts be involved in setting privacy protection measures?

Go to Discussion Summary




Please send all inquiries to:

Welcome | Registration | Discussion | Reference |

The Berkman Center for Internet & Society