Privacy in Cyberspace
with Professor Arthur MillerProfessor: Professor Arthur Miller
Teaching Fellows: Allison Liff, Mr. Antoun Nabhan, Brandon Ponichter, Ms. Emily Sexton, Jason Linder, Ms. Jessamyn Berniker, Ms. Jocelyn Dabeau, Mr. Alexander Macgillivray, Melanie Schneck, Slade Sullivan and Ms. Wendy Seltzer
Course Dates: March 15, 1999 to May 1, 1999
March 22, 1999
1. Who's Watching and Why?: Privacy and Identity
Privacy is an intensely, perhaps uniquely, personal value. The word stems from a Latin root, "privare," which meant "to separate." To want privacy is to want to be separate, to be individual. Another meaning of the Latin was "to deprive"; privacy also means leaving something behind.
We would encourage participants to think about the readings in the context of your own lives and value systems. Who are you in private, and who are you in public? To what degree did privacy allow you to become who you are now? And what did you leave behind to become that person?
Once you have thought about what privacy does, for you and for other individuals, we'll discuss what the Internet can do with privacy.
Sherri Turkle, Who Am We?
J.D. Lasica, "The Net Never Forgets"
Fair Information Principles and Practices
Sixdegrees, Inc., Privacy as commodity 1: SixDegrees.com
IdeaLab!, Privacy as commodity 2: Free-PC.com
Privacy Law 1: Katz v. United States, 389 U.S. 347 (1967)
Privacy Law 2: NAACP v. Alabama ex rel. Patterson, 357 U.S. 449 (1958)
Privacy Protection Technologies: Anonymous Remailers
2. Who's Watching the Watchers?: Privacy Standards
Fair Information Practice Principles
Federal Trade Commission, June 1998, Privacy Online: A Report to Congress
The Associated Press, Competing privacy standards are proposed
Joseph Reagle and Lorrie Faith Cranor, P3P in a Nutshell
Elizabeth de Bony, Euro Commission Plays Down Opinion on Privacy Standards
Jeri Clausing, Proposed Standards Fail to Please Advocates of Online Privacy
Jeri Clausing, Privacy Watchdog Declines to Pursue Microsoft, a Backer
3. It's a World-Wide Web: Cross-Border Issues
Consider for a moment the governmental structures with which you are already familiar. Government in real space is geographically bounded. Territories traditionally have defined the scope of government's legislative authority; and where governments have attempted to reach beyond territories, it has only been when behavior outside territories has affected life within the government's domain.
As mobility has increased, this model for sovereignty has been put under great strain. When people live in one area, yet work in another, and then send their kids to school in a third, a system of democratic government that restricts their influence to the first increasingly makes less and less sense. This has lead some scholars to question, even in real space, the exclusive reliance on geography as a basis for legislative jurisdiction, or citizenship participation.
In cyberspace, the problem is only worse. One's behavior while in cyberspace can affect many in many other jurisdictions. And while one is always also in real space while one is in cyberspace, the behavior in cyberspace is increasingly behavior that is not really regulated properly by any individual sovereign, or set of sovereigns. There is emerging in cyberspace an existence that is outside of the life of any particular real world sovereign.
The question for us this week is, in short, what real world sovereigns can do to govern this emerging independent existence in cyberspace. There are at least two distinct concerns which are important to consider separately.
1. Law. What are the constraints, either political or legal, on a state's or nation's ability to govern activity on the Internet which it sees as affecting life within its real space borders? What are the legal tools available to a sovereign to control the conduct of its citizens on the Internet and of those individuals outside its borders whose conduct has effects within the sovereign's borders? It may be useful for you to read this short primer on jurisdiction to give you some feel for the background issues. When you feel comfortable with these jurisidictional considerations, have a look at Compuserve, Inc. v. Patterson, a federal appellate case which examines one state's claim of jurisdiction over a matter conducted entirely in cyberspace.
2. Architecture. Some of the readings collected below focus less on what those in charge of regulating some aspect of the internet may do than on how they may go about doing it. The Internet comprises a wide variety of technologies, which may collectively be called the architecture of cyberspace. Most of these technologies may be used and tweaked in ways which constrain or encourage particular behavior patterns. Discovering what architectures are available and how they may be used are important parts of this week's lesson.
To begin, please read this week's hypothetical.
Douglas Jehl, Islamic World Opens Door to the Internet, but Restrictions Are Many
John Perry Barlow, A Cyberspace Independence Declaration
David G. Post, Anarchy, State, and the Internet: An Essay on Law-Making in Cyberspace
David R. Johnson and David G. Post, Law and Borders - The Rise of Law in Cyberspace
Juliet M. Oberding and Terje Norderhaug, A Separate Jurisdiction for Cyberspace
Jack Goldsmith, Against Cyberanarchy
Paulina Borsook, How Anarchy Works: On location with the masters of the metaverse, the Internet Engineering Task Force.
4. Email Tapping, Digital Signatures, and Encryption: Protection for Your Electronic Communications
For most of us, e-mail has quickly become a part of our daily interaction with the world. And yet, in the course of our normal routine, we rarely give thought to the security of these transactions. When we call someone or send a postal letter, we are secure in our expectations of privacy. Yet, most people do not stop to consider whether their electronic communications are afforded the same level of protection. Do we have an expectation of privacy in our electronic communications? If so, is that expectation unfounded?
The law protects us to an extent, making it a federal offense to intercept or disclose the contents of electronic communications, either in the course of transmission or while in storage on a remote computer system. However, a number of uncertainties in the federal statute, widely known as the Electronic Communications Privacy Act, have not yet been hammered out by the courts. Who will be deemed to be a electronic service provider? Under what conditions may a service provider tap into your electronic communications? Under what terms will you be considered to have consented to the interception of your email?
Technological protections, such as encryption technology, are available, but they are also restrained by the law. As encryption technology grows stronger, the government grows more concerned about their inability to "tap" such communications and the ability of organized crime rings, drug traffickers and terrorist organizations to communicate undetected over the borderless realm of cyberspace. To this end, the U.S. government has placed a number of export controls on strong encryption technologies. The SAFE Act, in its latest form, which recently passed the House of Representatives, has several major provisions which enhance consumer privacy and reduce export controls.
The SAFE Act seems to address some of the major issues in email tapping as well as encryption, by setting a minimum to the standard required by law enforcement in order to invade privacy, and limiting their technical ability to do so. However, the harm it would do to law enforcement is unclear. It would be extremely difficult to accurately determine empirically how often encryption interferes with law enforcement since law enforcement may not be aware of many of those occurrences.
What do you think US policy on exporting encryption programs should be? What about law enforcement and private access "keys" and encrypted emails? What standard of cause or suspicion should be necessary to infringe on privacy interests? Should we be more worried about a potential terrorist's communication going undetected in cyberspace or about the security of our own online transactions? If people shouldn't have a reasonable expectation of privacy in their email, should they be afforded this expectation when they employ encryption technology to safeguard their messages?
As you go through the readings, think about these questions and what your model policies would be notwithstanding the current law.
First, however, please read this week's hypothetical.
David R. Johnson, Good Sysops Should Build Good Fences
Lucien Capone III, Examination of User E-Mail Files
Steve Jackson Games, Inc. v. United States Secret Service
RSA Labs, How is cryptography applied?
PGP International, PGP International: Customer Briefing on International Availability of PGP
Alex Lash, Crypto Panelists Square Off
Center for Democracy and Technology, Center for Democracy and Technology Cryptography page.
RSA Labs, RSA Frequently Asked Questions
5. Cookies and Clickstreams: Madison Ave. is Watching You
Tracking Transactional InformationTo download this file, your browser sent a request to the Berkman Center server asking for the text of the page along with its accompanying images and scripts. The page requested, and the IP address to send it to, must have been sent to our server. Depending on which browser you use, however, other information, such as the name and version of the browser and the page that referred you to this one, might also be supplied. Our webserver stores all the information your browser provides and, with that information, a good web sleuth could determine much more about you, such as how long you stayed at the site, what links you followed and ignored on our site, where you are, what company you work for (or which Internet Service Provider you use) and what type of computer you are using.
We collect that information to help us in tailoring our web pages for our users and to allow you to continue checking discussion groups without having to re-enter your username and password. However, as the Center for Democracy and Technology warns:
CookiesAccording to Netscape, the first to implement cookie technology:
6. Free Speech, Journalism, and Filtering: --When one person's privacy is another person's speech.
For simplicity’s sake, the readings are divided into 3 main areas:
a.) False information available about individuals—i.e. libel and defamation;
b.) The availability of true, but private information about individuals, as illustrated by the Nuremberg files case;
c.) Giving out private information to access protected speech in the case of library filtering.
A more detailed introduction of each topic appears as the first reading in each sub-lesson. Because of the different areas covered this week, it looks like there is a ton of reading—don’t worry. Only a few readings are required. The rest of the readings are there if you want to explore any given topic in greater depth. Also, many of the readings are short news articles or press releases rather than longer cases and legal essays.
As you read, think about the questions posed by the hypothetical and the questions that accompany each section of the lesson. Also, consider what private information you have about the people you interact with on the 'net and what information they have about you. How might that information be used in any of the contexts comtemplated by the readings?
Zeran v. America Online, 129 F.3d 427 (4th Cir. 1997)
CNN, 4/23/1998, "AOL Dismissed as defendant in Clinton aide's suit"
Communications Decency Act Section 230
Mike Goodwin for Internet World Magazine, June 199, "Libel, Public Figures and the Net"
Mike Hadley, Libel in Cyberspace
Michael Holland, "Libel on the Internet:An International Problem"
Availability Of Personal Information on the World Wide Web--"The Nuremberg Files" Case Study
Shari Steele, EFF, 6/6/1995, "EFF Summary of Stratton-Oakmont & Porush v. Prodigy: Prodigy Potentially Liable for User Postings"
Karin Spaink's Nuremberg Files Homepage
Cathy Ramey, "Coorespondence from the Courtroom" [sic]
Courtney Macavinta, C|Net News, 3/12/1999, "Anti-abortion sites vs. free speech"
Public Prerogatives—protecting children or invading privacy?
Eastern District of Virginia, Nov. 1998, Mainstream Loudoun v. Board of Trustees of the Loudoun County Library
ACLU Press Release,11/23/1998, "Virginia Court Says Internet Blocking for Adult Library Users is Unconstitutional"
Courtney Macavinta, C|Net News, 2/6/1998, "ACLU takes filtering to court"
ACLU Cyberliberties Page
7. Workplace Privacy: In the Workplace, Everybody Knows If You're a Dog
Current U.S. Statutory Law
Current U.S. Case Law
Privacy in Cyberspace: Is Your E-mail Safe from the Boss, the SysOp, the Hackers, and the Cops? (1996)
Privacy in Cyberspace: Is Your E-mail Safe from the Boss, the SysOp, the Hackers, and the Cops? (1996)
ACLU, The Rights of Employees (1996)
ACLU, Surveillance, Incorporated: American Workers Forfeit Privacy for a Paycheck (1996)
Mark S. Dichter & Michael S. Burkhardt, “Electronic Interaction in the Workplace: Monitoring, Retrieving and Storing Employee Communications in the Internet Age,” The American Employment Law Council Fourth Annual Conference, Oct. 1996
U.S. Congress, Office of Technology Assessment, The Electronic Supervisor: New Technology, New Tensions (1987)
8. Medical Records
This article discusses a new project at the University of California San Diego School of Medicine called the Patient Centered Access to Secure Systems Online (PCASSO). PCASSO will put patients' full medical records on the Internet, permitting physicians and health-care providers to view them from anywhere with Internet access. Borzo reports that such a system will help patients become "providers" of their own care, since they can ask doctors to define and clarify things in their records. Borzo talks briefly about the security measures the system will employ to prevent unauthorized users from gaining the patients' medical information.
This site provides three insightful articles relating to managing computerized patient records. In his article, "What Healthcare REALLY Needs to Know About Managing Electronic Documents," Bob Smallwood details the benefits health care providers derive from using Electronic Paper Records (EPR). He argues that they, "...reduce labor, eliminate lost files and loose sheets, improve access to authorized users, increase security (with a 100% audit trail), and provide quicker documentation for claims." Debbie Madison argues in her article, "Breaking Away from Paper," that "With the click of a button, the physician can access each chart to be reviewed and completed. Physicians can also edit transcribed documents online in real time rather than sending them back to the transcriptionists...The hospital estimates that emergency department physicians are completing charts in 1/15 of the time it previously took with paper..." And, finally, in their article, "The Journey to the Electronic Health Record," Mary Lu Lander and Angela Daniel give further explanation of the way electronic health records work and their benefits.
This is the site to a health care environment entitled TelMed, created by the Los Alamos National Laboratory in collaboration with the National Jewish Center for Immunology and Respiratory Medicine. TelMed "is an intuitive patient-record system that supports image, audio, and graphical data, ... integrates complete patient records with detailed radiographic data, and allows the remote sharing of patient and radiological data over networks...TeleMed improves clinical diagnosis and reduces the cost of health care by eliminating the time-consuming and costly activity of data gathering and by enabling easy use of powerful analysis tools."
This site advertises a LaserCard System, which stores a patient's medical information electronically on a card that the patient carries with him or her. The site claims that the optical memory card can "transport secure, partial or complete electronic patient records, helping to expedite care, reduce costs, and perhaps save lives."
The Dystopic Alternative
The 1997 movie "Gattaca," written and directed by Andrew Niccol, was an flashy flop that nevertheless prompted viewers to consider the society that we might end up with if medical databases were combined with a little biological determinism. Andrew Niccol spoke at the Computers, Freedom, and Privacy in Washington, D.C. this year.
Current Federal Legislation
The following two acts provide some limited protection for medical information privacy:
Americans with Disabilities Act. This act provides that: employers may not ask for medical information prior to offering employment; once hired, the employer may not require any medical examination that is not required of all employees holding similar positions; if a potential employee is not hired, the employer must prove that it is physically impossible for the individual to do the work required. This act applies to businesses with more than 25 employees.
Within this same bill, Congress called for the development of recommendations to protect the privacy and confidentiality of Americans' health records.
The recommendations, presented to Congress by HHS Secretary Donna Shalala, propose to "provide important new rights for patients and define responsibilities and limitations for those who need to have access to these medical records." Shalala's recommendations include: a nationwide standard; leave for the states to enact stronger standards if they wish; granting patients access to their own medical records and the ability to make corrections; ensuring that those who provide and pay for health care give patients clear written explanations of how they intend to use, keep and disclose the information; and providing punishment for those who misuse personal health information.
The recommendations provide for an exception to privacy requirements for law enforcement officials acting in their official capacities. If Congress does not pass legislation with regard to privacy, the Health Insurance Portability and Accountability Act of 1996 calls for the Secretary of the Health and Human Services to impose confidentiality controls on electronic transaction systems.
Urges Congress to Protect Americans' Personal Medical Records," HHS
Press Release, Sept. 11, 1997.
Proposed Federal Legislation
The following bills, introduced during the current session of Congress, are attempts to provide federal protection to health and medical information in an age of computerization.
Currently there are several proposed laws designed specifically to protect genetic information from misuse. For the purposes of this course, we will highlight proposed laws that seek to protect health and medical information generally.
Introduced by Senator Jeffords (R-VT), this bill seeks to protect against the unauthorized and inappropriate use of health information that is created or maintained as part of medical treatment, health care plan administration, or medical research. If enacted, this bill would allow individuals to inspect and copy their individual medical information upon written request. Additionally, this bill would require health care providers, employers, health or life insurers, and health researchers to provide notice of their confidentiality practices.
Introduced by Senators Leahy (D-VT) and Kennedy (D-MA), this bill would prohibit discrimination on the basis of all protected health information in employment and insurance. Protected health information is defined to include any individually identifiable information that is created during, or becomes part of the health care treatment, diagnosis, enrollment, payment, plan administration, testing, or research processes. In addition, every patient would have the right to challenge the accuracy and completeness of his or her protected health information. The bill would also establish an Office of Health Information Privacy within the Department of Health and Human Services.
This bill is an amendment to section 552a of title 5, United States Code to protect personally identifiable health information, as improper use "may unfairly affect the ability of the individual to obtain employment, education, insurance, credit, and other necessities." Representative Condit (D-CA) offers the movement of individuals and health information across state lines, the computerization of health information, and the emergence of multi-state health care providers as justifications for the need for uniform Federal law.
Introduced by Representative Barrett (D-WI), this bill is designed to prohibit Federal agencies from making available through the Internet certain confidential records with respect to individuals, including medical history records. It also provides for remedies in cases in which such records are made available through the Internet.
This bill, introduced by Representative McDermott (D-WA), notes the lack of protection of health information in some states and the threats to confidentiality posed by computerization and the possibility of unauthorized electronic access and suggests the need for minimum Federal standards of protection. One of the stated purposes of H.R. 1815 is to restrict the gathering of aggregate health information for financial gain or other purposes without obtaining the consent of each subject.
Introduced by Representative Tauzin (R-LA), this proposed act includes a provision that restricts the use, for commercial marketing purposes, of any personal health or medical information obtained through an interactive computer service without the consent of the individual.
Privacy Laws by State, Electronic Privacy Information Center, Current as of October 1994.
This extensive database allows users to click on any state and provides
a chart for each state's privacy legislation. If a state legislates privacy
for a certain topic (medical records is an included area), an X appears
next to the topic.
"Legislative Survey of State Confidentiality Laws, with Specific Emphasis on HIV and Immunization," Final Report Presented to the U.S. Centers for Disease Control and Prevention, Professor Lawrence O. Gostin, J.D., LL.D. (Hon.), Georgetown University Law Center and The Johns Hopkins School of Hygiene and Public Health; Zita Lazzarini, J.D., M.P.H., Harvard School of Public Health; and Kathleen M. Flaherty, J.D., Georgetown/Johns Hopkins Program on Law and Public Health , Feb. 1997.
This report provides a thorough overview of state laws for each area of medical privacy concern. For each sub-topic, the researchers have analyzed how states handle privacy concerns and how many states legislate privacy in medical records. For example, the report analyzes state laws regarding health care information, public health data, redress of medical privacy violations, and protection for HIV and immunization information. Below, we provide only a small sample of the information that is available in this report regarding medical privacy and electronic media. The report also provides an overview of gaps in federal and state laws and provides recommendations for new legislation.
"Computers and other electronic media are fast becoming the storage method of choice for medical and other personal information. Despite this fact, only twenty-two states have specific provisions regarding the protection of confidentiality of records maintained on electronic or computerized media. These provisions offer varying degrees of protection. Several states, such as Tennessee, use the same standards for confidentiality of computerized or electronic records as those applied to paper records. In other states, including Arkansas, statutes governing confidentiality of computerized health care information apply only to public health data; private physicians, hospitals and other health care facilities may or may not be held to the same definition. Oklahoma's Health Care Information System Act provides that individual forms, computer tapes or other forms of data collected by and furnished to the Division of Health Care Information or to a data processor shall be confidential. Statutory protection of computerized data may also lack specificity. Florida requires only that computerized records be kept in accordance with "sound" record-keeping practices."
Cases involving medical records privacy generally implement a balancing test, weighing an individual's right or expectation of privacy against the employer's or government's need to access medical records. As you read these cases, apply your own balancing test: do you feel that individual privacy is being sufficiently protected?
Also, bear in mind that computer networks can collect, aggregate, and disseminate personal medical information on a vastly increased scale. What effect, if any, will cyberspace have on future judicial determinations similar to these cases?
v. Roe, 429 U.S. 589 (1977)
Patients and physicians brought an action challenging the constitutionality of New York statutes that mandated that the state be provided with a copy of every prescription for certain drugs and that also provided security measures to protect that information. The Supreme Court reversed a lower court decision and held that the statutes were a reasonable exercise of the state's broad police power. Other courts interpret this decision as recognizing that individuals do have a limited right to privacy in their medical records. What do you think?
United States v. Westinghouse Elec. Corp., 638 F.2d 570 (3d Cir. 1980) [full text available on Lexis/Nexis or Westlaw]
The United States sought to compel an employer--by authority of the Occupational Safety and Health Act--to produce employee medical records. The employer objected, raising the privacy interests of its employees and their medical records. The Court of Appeals held that strong public interest in facilitating research and investigations of the National Institute for Occupational Safety and Health justified minimal intrusion into privacy surrounding employees' medical records, and that the employer was not justified in its blanket refusal to give the Institute access to records or in seeking to condition their disclosure on compliance with the employer's strict terms.
v. SEPTA 72 F.3d 1133 (3d Cir. 1995)
A public employee filed suit against his employer and supervisor for violating his right to privacy after the employer discovered that the employee had AIDS. This discovery was made by examining records of drug purchases made through its employee health program. The Court of Appeals recognized a limited constitutional right to privacy in one's prescription records; however, the Court held that the employer's need for access to employee prescription records outweighed the employee's interest in confidentiality.
v. Lawrence 1998 WL 39209 (9th Cir.(Cal.))
The Court of Appeals held, inter alia, that the constitutionally protected privacy interest in avoiding disclosure of personal matters clearly encompasses medical information and its confidentiality.
This article describes a settlement with two of the largest health care companies in the U.S. The settlement requires the companies to substantially reform their methods of marketing prescription drugs. Under the terms of the settlement, consumers must be advised about the extent to which confidential information in their files will remain confidential, including the fact that medical histories and prescription drug usage could be made available to consumers' employers.
International Views Regarding Medical Privacy Federal Privacy Legislation in Australia. This site provides a list of links and summaries for public and private sector privacy laws in Australia. While these do not specifically address medical records, the laws give some insight into the direction of Australian views with regard to privacy generally.
European Commission, Press Release: Council Definitively Adopts Directive on Protection of Personal Data, July 25, 1995. This press release summarizes the European Union's 1995 privacy directive.
Gesundheitsdatenshutz. Gesundheit is German for health, daten is data, and schutz is protection. Generally, the site notes that German-speaking countries (Austria, Germany, Switzerland) have not yet addressed such issues in any systematic way, but have begun to show concern for the protection of medical privacy. The German and Swiss Data Protection Registrars (one each for the federal states and one for Germany as a whole) have "issued several cautionary statements about smart cards in the health care field which are being tested in Germany with approval of the physicians' chamber."
The Doctrine of Confidentiality, Irish Medical Journal, June/July 1997. This article discusses current Irish judicial opinions with respect to medical records confidentiality. Generally, it explains, "[t]he doctor's duty of confidentiality as regards the patient's medical records, is also governed, ethically by the Irish Medical Council's Guide to Ethical Conduct and Behavior and Fitness to Practice, and legally by the Common Law Doctrine of Confidentiality." It also explores the impact of electronic data on individuals' privacy and the security of medical records.
Privacy in Cyberspace Reference Library
What's Privacy and What's Not: Getting Personal Information
"Coping With Identity Theft"
Introduction to Cookies: How Websites Collect Your Private Information
Whose Privacy Is At Risk?
Whose Privacy Is At Risk?
Whose Privacy Is At Risk?
Privacy Protection Via Voluntary Initiatives: Platform for Privacy Preferences (P3P)
Privacy Protection Via Voluntary Initiatives: TRUSTe
Privacy Protection Via Voluntary Initiatives: Privacy Watchdog
Privacy Protection Technologies: Encryption
Privacy Protection Technologies: Anonymous Remailers
Privacy Protection Technologies: Anonymous Remailers
Privacy Protection Under the Law:
Privacy Protection Under the Law: Marital Privacy and the Right to Procreate
Privacy Protection Under the Law: A Right to Anonymity?
Privacy Protection Under the Law: Existing Congressional Legislation
Pending Congressional Legislation:
Pending Congressional Legislation:
Pending Congressional Legislation: United States Senate
Privacy Protection Under the Law: State Tort Law (US)
Privacy Protection Under the Law: European Union
In the News: Pentium III
Pentium III: Privacy Advocates Protest
Pentium III: Privacy Advocates Protest Vigorously
Pentium III: Congress Gets in on the Act
Pentium III: Congress gets in on the Act
Pentium III: Intel Changes Chip
Novell to Offer Data-Privacy Technology fo
John Markoff, When Privacy Is More Perilous Than the Lack of It
Andrew Shapiro, Wired News, 4/23/1998, "The Netizen: Drudge Match"
David Potts, "What is Libel and Other Questions"
Additional reference links on online libel and defamation.
Courtney Macavinta, C|Net News, 2/2/1999, "Abortion 'hitlist' slammed in court"
"Planned Parenthood Wins Injunction in Oregon Case; Judge Orders American Coalition of Life Activists to Stop Threats 'To Bodily Harm, Assault, or Kill' Abortion Providers"
C|Net News, 3/12/1999, "Abortion site causes free speech firestorm"
Home page for the Loudoun County Public Library.
Privacy Readings in Web Page Format
The Bot's questions
Prepared: November 17, 1999 - 08:02:29 PM