Summary of Cyberspace in Privacy
Module 1: Introduction
Participants discussed the value of privacy, namely, why informational
"privacy," including Privacy in Cyberspace is and should
be important. Responses pondered the ways in which the Internet
allows the taking of information without individual knowledge of
what has been taken and by whom.
Further, participants answered the question: "Does technology
change conceptions of "privacy?" While some felt that
it should not change the fundamental idea of privacy, others contended
that the theory may be the same, but different standards must necessarily
apply. Adopting rules designed for the brick and mortar world may
not be the best response.
On the issue of anonymity and privacy, participants addressed the
paradox that the Internet actually enables anonymity in some ways,
but simultaneously destroys it in others.
Participants also discussed moral obligations of corporations concerning
privacy violations. Just because collection of private, individual
information is legal, does that mean that companies should proceed,
particularly without disclosure?
Module 2: Data Profiling
In discussing why more consumers seem to have accepted real world
profiling than online profiling, some participants felt that the
Internet allowed companies to find out much more personal information
about someone than a brick and mortar store. Others felt that the
dangers were just as strong in both contexts, particularly with
the advent of rewards programs.
On the issue of cookies and consent, participants discovered that
cookies have become non-optional if one wants to use the Internet.
Also, new technologies are on the way that will outlast cookies,
which currently have a life of about five years.
Participants also answered the question: Should websites be required
to obtain surfers' explicit consent before collecting data? Responses
ranged from a simple "yes" to the assertion that website
should not be allowed to collection information at all.
Module 3: Privacy in the Workplace
On the issue of balancing rights between employees and employers,
some participants viewed the situation as one of property rights,
meaning that the employer should have an absolute right to control
of their "property." Others disagreed and asserted that
even in a work context, individuals should have privacy rights.
Participants similarly disagreed when asked the question: should
employers be required specifically to notify employees when their
clickstream data are being collected or their emails are monitored?
Answers ranged from "You are paid to work, not to socialize
and have fun" to "An employee should be notified of the
employer's monitoring activities" to "It is becoming more
and more difficult to differentiate between personal and work because
work time keeps growing into what used to be personal time."
In adapting workplace rules to the academic setting, some participants
saw a major difference in that students are not employees of the
university. Others argued that the university does own the "property"
and should have an unlimited right to monitor.
Module 4: Governmental Collection of Data - Part I
When asked: How can we properly balance law enforcement's need
for information with the right to privacy, some participants commented
that the current laws are appropriately balancing privacy interests
with the government's police power interest. But others disagreed
and said, for instance, "Can we afford to have our liberties
abridged or absconded with in the name of national security? Are
we not, in effect and act, giving in to the terrorists' tactics
and sacrificing the principles we hold dear and sacred?"
In discussing statutory protections under the ECPA, participants
noted that many definitions in the statutes are confusing. For instance,
the distinction between "storage" and "in transit"
is unclear in purpose. Some suggested that perhaps legislators who
wrote the laws were not schooled enough in the technology.
Module 5: Governmental Collection of Data - Part II
Participants discussed the new USA Patriot legislation. Some responses
were quite negative to the legislation, which was said to completely
negate and circumvent the Constitution. But other participants recognized
that the Constitution has seemingly been violated in the past in
order to protect national security. And in some circumstances, this
may be necessary.
In terms of the international implications of the USA Patriot Act,
non-US citizens were concerned about the power of the US intelligence
agencies. Others felt it was a good and appropriate against terrorism.
When asked about the jurisdiction of the FISA "secret"
court, some noted that interdicting terrorism before it strikes
is an admirable goal. Others noted that we should not be looking
for the quick and easy solution, but a proper solution that respects
In discussing that many provisions of USA Patriot allow or even
encourage ISP's to voluntarily disclose private information including
customer records as well as content of electronic transmissions,
participants worried about how voluntary the disclosure really is
and if there really are any incentives not to disclose.
Module 6: Cryptography and Other Self-Help Mechanisms
In discussing encryption, there was some participant recognition
that it is needed by private users as a protection against the state
and other individuals. Others lamented that encryption technology
is simply insufficient to protect users from privacy violations.
"There are software applications specifically designed to counter
encryption techniques. Software now exists to catch your key clicks
and to transfer your keyboard actions to an outside party."
Participants also looked at P3P as an alternative, but found it
is not yet sufficiently developed. As a final note, participants
generally agreed that whatever technology protections do become
available, it is the users that will need to insist upon protections
and actually make use of the technology.