Information Privacy
The Internet and electronic communications have created a host of
issues surrounding information privacy. The articles in this section
focus on the technology, legal and business issues surrounding the
electronic collection, storage and dissemination of personal information.
The Technology of the Internet and Information
Originally published July 2000
New technologies have historically raised a host of privacy concerns,
from interception of telephone transmissions to eavesdropping via
miniature transmitters and recording devices. However, there is no
technology in history that affords potentially greater access to
personal, intimate and private information than the Internet. Any
form of media capable of recording - text, sound, video, live performances
- can be converted to digital information and transferred and shared
electronically over the Internet. Electronic information is generally
inexpensive to store and process. In addition, operation of the network
often relies on electronic footprints that track business transactions,
web activity and e-mail records. Internet technology aimed at traffic
maintenance, storage and content delivery is fluid and rapidly evolving
making the challenge of privacy advocates a race to keep up with
new developments.
Electronic Trails
The Internet by its nature creates an electronic trail of virtually
all activity conducted using the network. Every computer connected
to the Internet is assigned an Internet Protocol (IP) address that
allows users to connect to everyone else on the network without regard
to geographical boundaries. A web Uniform Resource Locator (URL), a unique high-level IP address, is assigned to web site hosts by
administrative organizations, allowing access to the web site and
the pages of content or files contained within the site. The storage
of information in computer memory (called cache) of individual users,
on Internet service provider (ISP) computer's known as proxy servers,
on network administrator equipment and on the servers of proprietors
of Internet web sites, together with the transfer of information
between IP addresses, is what allows the Internet to function efficiently.
Once information is accessible on the Internet, it must be located
amongst billions of other pieces of information. A variety of tools
are being developed to sort through the morass of data. Databases
of links to Web sites URLs, such as YAHOOTM and more specialized
search tools, such as LexMarkersTM, sort, categorize, compile and
organize Internet destinations to streamline access to resources.
Increasingly sophisticated search engines allow keyword searching
on anyone and anything. Businesses and individuals have free or fee-based
access to a wealth of data regarding other businesses and individuals
and their personal affairs from a variety of public and private sources.
Development of artificial intelligence tools is being undertaken
to better match individuals with sought after data.
Aside from information available through Internet search tools,
advertisers and marketers are compiling individualized information
at an incredible rate. Under the mantra of one-to-one or customized
marketing, a number of technologies are being developed that allow
for the profiling of individuals and their on-line and off-line activities
often on a real time or instantaneous basis. While some of this information
is a matter of "public record", other information is gathered,
without the knowledge or understanding of the Internet user through
cookies, web bugs and other Internet tracking tools.
From the standpoint of businesses and marketers, the Internet contains
a treasure trove of data for analyzing consumer behavior, targeting
advertising and building relationships with consumers. Profiling
consumers and their patterns, interests and preferences is accomplished
through a variety of techniques. Most efforts are focused on aggregated
anonymous and broad demographic data. Others' efforts are more aggressive,
seeking to determine specific surfing and purchasing patterns of
individuals. The ire of regulators was recently raised when web-marketer
Double-Click proposed matching anonymous consumer behavioral data
with profiles of actual people. This may be done explicitly, as in
the case of permission based marketing where individuals are given
incentives or prizes in exchange for providing personal information.
However, it may also be done covertly without the knowledge of the
particular individual whose information is gathered.
Web visitor data is particularly attractive to businesses seeking
effective promotional targeting, merchandising and product assortment
planning. There are millions of commercial web sites on the Internet
with the numbers growing daily. Unlike many traditional forms of
marketing, such as billboards, television advertising and print media,
the Internet allows advertising to be targeted based on user characteristics,
demographics, transactions and individualized information. Often
times this is done through banner ads, static or multi-media advertisements
used by web pages to generate revenue and by businesses to market
to consumers.
For example, Double-Click, a leading developer of targeted advertising
tools, processes over a billion banner ads per day. Computer software
matches Internet user data with particular advertisements directed
at the target market segment. Go into the Alta Vista search engine
at www.altavista.com and type in "legal research." Chances
are, the banner ad at the top of the screen will be for a commercial
or quasi-commercial legal Internet site, courtesy of Double-Click
or another "ad-server" company. Likewise, order a book
from Amzaon.com and you'll soon find suggestions for other books
you might enjoy given your particular profile. The customized approach
to marketing creates an enhanced user experience while allowing businesses
to more selectively focus awareness and customer relationship building
efforts. However, it may also subject users to junk e-mail or spam based on their preferences or sites they visited or contain embarrassing
information from users who have accessed sensitive, controversial
or illegal materials online.
Cookies
Many techniques for capturing individual data incorporate the use
of cookies. A cookie is a small file sent to the browser of a user
to store information. Cookies may be used store passwords and user
ids, order information, site personalization information, and web
activity. Cookies cannot be used to get data or information from
your hard-drive or files on your computer. In addition, individual
cookie information may generally be accessed only by the site that
deposited the cookie. Session cookies are used temporarily while
the user is engaging in activity within the site.
Covert or surveillance cookies help track browsing behavior, typically
on an anonymous basis. Cookies may be placed by either the visiting
site or by advertising companies that place banner ads containing
cookies within the site.
Cookies may be used for ad serving activity and data tracking to
create user profiles. However, not all cookie usage impacts user
privacy. Cookies are often used voluntarily for site customization.
A particular site may recognize a return visitor through use of a
cookie in order to provide customized information for the user, such
as stock portfolio management or customized news services, or to
store user ID and password information. Cookies are also used in
electronic commerce by helping retailers keep track of a user's electronic "shopping
cart" before completing a purchase and managing retailer awards
programs.
Most computers have the ability to determine whether cookies have
been placed on their machine. For example, on computers with Windows
operating systems, go to the "Find" command off of the
Start Bar and type "cookies" in the Find Files or Folders
query box. Then click "Find Now." Windows will generate
a list of files or folders with cookies placed by third party web
sites. Double click on the cookie files and the text of the cookie,
usually a string of numbers, can be viewed. These identification
numbers allow an Internet company to recognize a user each time he
or she accesses the web site. Cookies can be deleted by clicking
on the particular cookie file and hitting the delete key.
Cookies can be disabled easily in either Netscape or Internet Explorer
web browsers. In Netscape, open the "Edit" pull down menu
and select preferences. Then select "Advanced" in the category
column. Netscape allows you to accept all cookies, accept cookies
placed by the original server, reject all cookies, or receive a warning
when a cookie is being placed. In Internet Explorer, click "File",
then "Tools" and then "Internet Options." Next
click on the "Security" tab then select the "Internet" symbol
(denoted by a globe). Click on the "Custom Level" button
and scroll down to the "Cookies" section. There you can
enable or disable or require a prompt for cookies that are permanently
stored on your computer or used on a "per session" basis
only. To see how prevalent cookies are, change your browser setting
to require a prompt before accepting cookies. Disabling cookies can
considerably slow down and interfere with your Internet session.
In February, 2000, the Michigan Attorney General filed a Notice of
Intended Action against web marketer Double Click for its use of
covert or surveillance cookies that enable the company to track Michigan
consumer Internet browsing behavior. According to the complaint:
Double Click has intruded upon users' computers and covertly recorded
and retrieved valuable personal and confidential information regarding
users' browsing activities ... The covert placement of a "surveillance
cookie" on a consumer's hard drive by DOUBLECLICK is neither
apparent to nor authorized by most Michigan consumers. It is the
consumer's lack of knowledge and consent to an invisible third-party
implanting electronic files and subsequently using that information
without the consumer's knowledge or consent, however, that makes
DOUBLECLICK's particular practices unlawful.
In response to the action of the Attorney General and pressure from
the FTC, DoubleClick abandoned its plans to aggregate anonymous
and personally identifiable information and modified its privacy
policies. Nonetheless, the DoubleClick experience has raised individual
awareness of cookies and attendant privacy concerns.
Web Bugs
While users viewing banner ads can generally assume they may be
receiving cookies, a new less obvious form of "tracking device" has
recently been developed. Web bugs or 1-pixel gifs are designed in
a fashion that the user does not know that activity is being tracked.
Web bugs are very small graphics, about the size of a period, that
are hidden in a web page or HTML e-mail. Web bugs act like cookie-serving
banner ads that collect information from preexisting cookies as well
as the IP address of the computer user, the URL of the page from
which the bug was downloaded, and the time of the page view. Web
bugs can also be placed in HTML e-mail to determine whether an e-mail
was viewed, when and whether it was forwarded. However, unlike banner
ads, web bugs may originate from pages where no banners are present
and where individuals might not otherwise expect their activity to
be tracked.
Web bugs collect information to add to a user's profile maintained
by Internet sites and ad marketing companies. Web bugs are controversial
because they collect information covertly. People using anonymous
e-mail accounts or receiving newsgroup messages can be tracked back
to their IP address through use of a web bug. This information can
then be aggregated with other information collected in public and
private databases. Because web bugs can track people who are, for
example, reading newsgroup messages, there is a concern that web
bugs may be used to track political and social activities. The federal
government recently came under fire for using web bugs on a federal
drug site, prompting Clinton Administration action and increased
attention of this new form of tracking device.
In June, 2000, the Michigan Attorney General filed a notice of intended
action against four different (but presumably carefully selected)
Internet sites which sheds light on at least one governmental agency's
view on web bugs and Cookies. At www.procrit.com, web bugs collected
visitor information from Internet users looking up information on
drugs associated with the treatment of cancer and AIDS; at www.AmericasBaby.com and companion site www.babyfurniture.com, web bugs were used but
the site privacy policy said nothing about third party tracking;
at www.stockpoint.com, cookies were used at a site that collected
personal information, including email, age range, gender and on-line
stock portfolios in the absence of a posted privacy policy; finally,
at www.iFriends.net, an adult-oriented site, web bugs were present
on pages including those devoted to fetishes and inter-racial sex,
where the privacy policy was difficult to access and failed to note
third party tracking. The use of web bugs and cookies in these fashions
is alleged to be an unfair and deception trade practice.
Anatomy of an Individual Profile
The following example illustrates how cookies, web bugs and e-mail
can be used to create an individual profile:
| User accesses Web site that places cookie on site or reads
existing cookie on site to set up user preferences |
--> |
Banner ad is downloaded from ad company server;
ad is displayed based on prior profile or search query |
--> |
Ad server places cookie on user hard drive and logs
IP address |
| Ad company compiles list of other sites visited by computer
with cookie and matches to IP address |
--> |
Web site requires registration information for access or contest
or conducts on-line surveys; information tied to cookie |
--> |
User signs up for e-mail updates or access services and e-mail
sent in HTML format; web site where image downloaded has record
of when e-mail was opened and whether e-mail was forwarded. |
| E-mail address is linked to IP address identifyi8ng host computer;
may be matched with e-mail address database or other data to
specifically identify user. |
--> |
User data can be collected and aggregated with other data from
a host of public and private sources (such as credit bureau data,
court records, public filings, and offline customer data) to
create more detailed profile of individual user. |
|
|
The Public Record Dilemma
While cookies and web bugs create concerns because new technology
may be used in an inappropriate and covert fashion, a more troubling
concern may be the ease of access to public information regarding
individuals and their activities. A unique aspect of the Internet's
interconnected network is the ability to render obscure or practically
inaccessible public records and documents available to virtually
anyone at the click of a mouse. A number of free and subscription
based web sites have sprung up to bring so-called "public" information
out of government repositories and into the homes and offices of
millions of people on the Internet. These searchable databases of
public information can make finding public documents effortless for
interested parties, such as businesses looking for information on
prospective employees, venture partners or competitors. However,
they also raise unique privacy concerns and the specter of identity
theft because of the amount and types of information that can be
located by anyone, regardless of the purpose, online from anywhere
with an Internet connection.
Court documents provide an interesting example of the types of information
potentially available over the Internet or other electronic services.
Court filings often contain reams of sensitive, personal or potentially
embarrassing information, including unsubstantiated or unproved allegations
in civil and criminal pleadings. Other information includes social
security numbers, medical records, financial documents, depositions,
transcripts and other documents or information. The unencumbered
release of such intimate information can be embarrassing or damaging
without appropriate restrictions on access and use.
While many courts allow unrestricted off-line access to legal filings,
there are significant barriers that make the information practically
inaccessible. For example, viewing the contents of a case file frequently
involves a trip to the particular court where the records are kept,
locating the individual files and then poring through files to find
particular documents of relevance or interest. Finding and viewing
the records takes hours at a minimum and can have numerous additional
costs. However, if court records and pleadings are available on-line,
the barrier to access is removed. The documents can be found and
filtered in minutes anywhere in the world.
U.S. Courts have long recognized a general common law right to inspect
and copy public documents, including court records. For example,
in Nixon v. Warner Communications, 435 U.S. 589, a media led battle
over the right to access the Watergate tapes for sale and publication,
the Court recognized a common law right of access to court filings
but further determined that the right is not absolute. Reasons for
access in prior holdings include a "citizen's desire to keep
a watchful eye on the workings of public agencies" and "in
a newspaper publisher's intention to publish information concerning
the operation of government." On the other hand, courts have
supervisory powers over their records and files and access has been
denied in cases where there was an intention to use the information
to "used to gratify private spite or promote public scandal" or "serve
as a reservoirs of libelous consumption for press statements."
In U.S. Deyt. of Justice v. Reporter's Committee for the Freedom
of the Press, 489 US 749 (1989), a CBS correspondent and the Reporter's
Committee filed a FOIA request seeking information about a reputed
organized crime figure from an FBI database of criminal information
records or "rap sheets." The Freedom of Information Act
contains two important exceptions to the general principles favoring
release of 'information accumulated by the government. Section 6c
of the Act prohibits release of "personnel and medical files
and similar files the disclosure of which would constitute a clearly
unwarranted invasion of personal privacy." Section 7c excludes
records or information compiled for law enforcement purposes "but
only to the extent that the production of such [materials] ... could
reasonably be expected to constitute an unwarranted invasion of personal
privacy".
The Court went to great lengths to distinguish compiled computerized
data from data avail-, able through other means, which is "practically
obscure." In holding the rap sheet information was not subject
to FOIA release, the court noted:
Medico may or may not be one of the 24 million persons for whom
the FBI has a rap sheet. If respondents are entitled to have the
FBI tell them what it knows about [his] criminal history, any other
member of the public is entitled to the same disclosure - whether
for writing a news story, for deciding whether to employ Medico,
to rent a house to him, to extend credit to him, or simply to confirm
or deny a suspicion. Id at 775.
The Court concluded by holding "as a categorical matter that
a third party's request for law enforcement records or information
about a private citizen can reasonably be expected to invade that
citizen's privacy, and that when the request seeks no "official
information" about a Government agency, but merely records that
the Government happens to be storing, the invasion of privacy is "unwarranted."
The Reporters case arose in the FOIA context and FOIA does not apply
to Court records. As a general rule, case files are available to
anyone that asks for them during normal business hours absent a protective
order granted by the court, notwithstanding the fact that there may
be sensitive personal and private information in the files. Historically,
this unfettered access has been tempered by the practical obscurity
of the information and the practical difficulty in finding and locating
the information. Widespread acceptance of the Internet and the increased
reliance on digital information is leading to electronic case management
and docketing systems, such as the Case Management/Electronic Case
Files system being developed by the Administrative Office of the
United States courts. While the system allows for purging access
to case files and particular documents or media within the file,
access may be within the general discretion of the courts.
Courts currently testing the CM/ECF system generally permit the
public to access documents and information on the system. State and
federal courts may also allow for electronic public access to information
and records remotely over the Internet. This, in turn, is raising
a number of unanswered questions regarding privacy concerns with
respect to the compiled information in court files that can be accessed
and searched in minutes. While one position is "public is public",
others are concerned that unrestricted Internet access to case files
compromises privacy and exposes litigants and others to personal
harm. The debate regarding appropriate restrictions on release of
court files and related information has only just begun.
A Web of Information
Court files are just one example of "public" information,
the disclosure of which deeply impacts privacy concerns. The following
table is a sampling of the types of detailed information collected
from individuals and available electronically. As discussed below,
some of this information is protected through state or federal legislation
and regulations. However, other information is currently available
with nominal restrictions. Like many areas of privacy in the Internet
environment, the boundaries of access are still being defined.
INFORMATION COLLECTED |
REPOSITORY/SOURCE |
| Credit card charges and other purchases (billing and activity
information) |
Point of sale merchant systems, credit
bureaus and third party advertisers and
marketers who purchase anonymous or
personal information |
| Medical Records (medical conditions, prescriptions, diagnoses) |
Physician offices, hospital and third party payor systems;
databases of aggregated nonidentifiable information |
| Internet related activities (purchases, usage patterns, etc.) |
Web sites and third party marketing services collect information
through registra tion, transaction records, web bugs and cookies |
| Judgments and liens |
Local UCC and lien filing authorities |
| Real estate (property address, purchase price, amount financed) |
Local Register of Deeds or real estate office |
| Vehicle record information (name, address, date of birth) |
State agencies (many of which sell records
to third party marketers) |
| Birth records |
Birth certificates at government records offices |
| Public stock ownership (shares, amount paid, holdings) |
Securities and Exchange Commission
records for certain shareholders; accessible at EDGAR and third party web sites
and data bases
|
| Information, pleadings, deposition transcripts, financial
and medical and other information regarding litigants, experts
and witnesses |
Court records and filings |
| Listserv and newsgroup postings |
Accessed at listserv archives and through search engine queries |
| Information appearing in newspapers |
Newspaper data bases (accessed at media web site and through
search engines) |
| Campaign contributions (name, address, employer, recipient
and amount) |
Available at all levels of government under campaign disclosure
laws |
| Phone survey information (name, phone number, age, income level
and a host of other information) |
Group conducting survey is typical repository but information
often sold to advertisers, mail order companies, commercial businesses
or government agencies |
| Warranty card and registration information (name, phone number,
income, interests and other information) |
Same as phone surveys |
| Movie rentals |
Video stores and interactive cablevision companies |
| Phone numbers |
Available on-line through a variety of directories (including
reverse directories which allow for identification and address
based on a phone number) |
| Individual residence location |
Available through on-line maps and GPS programs |
Opt-In/Opt-Out
Information regarding individuals and their activities can be collected
and disseminated voluntarily or involuntarily from a variety of sources.
In most cases, there is no ulterior motive behind the collection
of information. However, consumers may neither want information collected
about them or may want to restrict access to such information or
how it is used. The choice of the individual with respect to their
information is in many cases one of voluntarily permitting or excluding
access through an opt-in or opt-out approach.
Individual's opt-in with respect to information collection and dissemination
practices by voluntarily permitting information use and access. For
example, individual's opt-in when they agree that information they
provide can be used for marketing purposes. Many web sites will prompt
the consumer to check a box or take some other affirmative action
to allow their information to be accessed or shared. Individual's
may also opt-in by participating in surveys and contests or registering
for goods or services.
Individual's opt-out by directing parties collecting information
to cease using or collecting information in a particular fashion
or instructing parties not to use the information. Unlike opt-in,
which requires some affirmative act before the information is collected,
opt-out presumes that the information will be collected and used
unless the individual directs otherwise. Businesses and advertisers
in general prefer an opt-out approach because it is much easier to
collect information unless an individual objects than it is to get
an individual to voluntarily agree to access.
Many services allow individuals to opt out of the collection of
information. Examples include the following:
- Many Internet advertisers, including DoubleClick, AdForce,
AdSmart and others allow users to opt out of on-line tracking
and profiling through banner ad services
Various states allow individuals to opt out of having their vehicle
record information shared with third party marketers
1. Excerpted from the chapter by Gary A. Kendra "Information
Privacy and the Internet" in A Practical Guide to
E-Business Law, ICLE (December 2000).
|
