Internet Attorney

Adult Websites

Copyright

Domain Name

Fraud

Privacy

Spam

Trademark

I. Introduction
II. Constitutional Basis for Privacy
III. Invasion of Privacy
    A. Search and Seizure
    B. Unsolicited Email
    C. Defamation
    D. Secrecy
    E. Personal Databases
    F. Free Speech
IV. Waiver
V. Liability
VI. Jurisdiction
VII. Protection
    A. Software and Hardware
    B. Anonymous Remailers
    C. Anonymous Web publishing.
    D. Avoiding Cookies
VIII. Conclusion


INTRODUCTION

The right to privacy in Internet activity is a serious issue facing society. 1 Some users of the 'net wish to shield their identities while participating in frank discussions of sensitive topics. Others fulfill fantasies and harmlessly role play under the cover of a false identity in chatrooms, MUDs or the IRC. But there are the eternal "bad apples," and on the Internet, they are the people who use anonymous servers as more than a way to avoid responsibility for controversial remarks. Cases of harassment and abuse have become increasingly frequent, aided by a cloak of anonymity. 2 There are also problems with frauds and scam artists who elude law enforcement authorities through anonymous mailings and postings. Other users are concerned about the proliferation of information on the Internet. Databases of court records are now available for free over the World Wide Web. 3

Since no formal law exists within cyberspace, Internet users can find recourse only through the applicable laws of their own government. This web page will not attempt to discuss conflict of law in the international arena, but will address US law and its relevance to the American Internet user.

CONSTITUTIONAL BASIS FOR PRIVACY

Nowhere does the text of the United States Constitution contain the word "privacy." 4 The Supreme Court has found the concept of "privacy" to be protected by a number of the Amendments.5 Thus, privacy is known as a "penumbra right." 6 It is the essence of the Bill of Rights and thus a guaranteed right.

INVASION OF PRIVACY

This page will discuss five aspects of invasion of privacy as it applies to American netizens. These are: search and seizure, unsolicited e-mail, defamation, secrecy and the creation of databases consisting of personal information.

The United States Supreme Court has stated that American citizens have the protection of the Fourth Amendment (freedom from search and seizure absent warrant) when there is a reasonable expectation of privacy. 7 Without a reasonable expectation of privacy, however, there is no privacy right to protect. 8 Files stored on disk or tape in the home are protected, but the rule becomes less clear when applied to files stored on an Internet access provider's server. 9 Web servers, on the other hand, may be protected by federal law. 10 Some argue that consent of the access provider, however, is all that is required for law enforcement authorities to search and seize any files in the possession of that access provider. Internet service providers may have a lot of information about the users because servers routinely record information about users' e-mail and web browsing habits. 11

Unsolicited email is not regulated by federal law at present. Various states have outlawedunsolicited commercial email, however. A federal judge in Philadelphiahas ruled that companies have no First Amendment right to send unsolicited messages to online service subscribers. 13 One community remedy preferred by many users is to complain to the offender's service provider and publicly denounce the action on the Internet Blacklist. Another possibility for those with Eudora for the PC is to filter out unsolicited email. 14 Other free software claims to eliminate unwanted email. 15 Individuals have sued spammers in court and won. 16

Individual states specifically prohibit defamation, no matter what form it takes. Defamation consists of false and unprivileged publication which results in economic damages. Financial loss is not necessary where the statement implies that a person is a criminal or has an unpleasant disease, or which injures a person in respect to his other office, profession, or business. A judge in Texas issued an injunction to stop defamatory posting by an Internet user. 17 Hate messages sent by e-mail have also resulted in criminal penalties. 18

In some cases, companies have asked the court system to identify the authors of anonymous defamatorymessages. This has been done by filing "John Doe" lawsuits andissuing subpoenas to Yahoo! and other message boards where individuals have posted the disparaging messages. 19 Most such subpoenas go unchallenged. 20 One CompuServe user has complained that his service provider turned over account information, including credit card numbers, without any notice to him.21 One such plaintiff, Raytheon Corporation, dropped its suit as soon as it discovered the names of the people posting anonymous messages.22

Trade secrets and other confidential information can also pose legal problems. Unauthorized entry into a computer system is illegal, whether the target machine is connected to the Internet or not. 23 Nevertheless, hackers still manage to get past the most difficult of firewalls. 24 Compromise of company secrets can lead to millions of dollars in damages. Hacking is not the only danger to sensitive information, however. 25 Some software can tell webmasters which visitors came from which links. 26 In addition, all e-mail has an address attached. Even if the messagecontent is encrypted, system administrators have access to the fact of communication between two parties. 27 The existence of communication can itself often be secret, and the Internet cannot provide absolute security. In many ways, the Internet abhors secrecy. Many netizens believe in an absolute free-flow of all information.

A few companies are creating huge databases full of private information. 28 Websites may even collect email addresses inadvertently. 29 In many cases, there is no prohibition on the dissemination of personal information. 30 The federal government regulates only its own databases, leaving private database owners to decide how and when to distribute collected information. 31

Webmasters have begun using "cookies" as a means of accumulating information about web surfers without having to ask for it. 32 Cookies attempt to keep track of visitors to a Web site. 33 Criticism of cookies has included fear of the loss of privacy. 34 The information that cookies collect from users may be profitable both in the aggregate and by the individual. Whether the convenience that cookies provide outweighs the loss of privacy isaquestion each Internet user must decide for him or herself. 35

America OnLine has been accused of selling data based information about users. 36 This has led to an effort on the part of cookie proponents to control the amount of information that cookies collect. 37 Not all proponents of cookies adhere to the voluntary standards. The Federal Trade Commission determined that Geocities, a popular web site where users input personal information, was selling information in apparent violation of its own privacy policy. 38

WAIVER

Internet users sometimes do not realize the amount of privacy that is lost when accessing the online world. Usenet postings and contributions to bulletin boards may remain archived forever. 39 Public records are available free or for a fee. 40 While much of this information has been freely available in the past, the advent of the Internet has made it available more easily and quickly.

LIABILITY

Generally, there is no safety in activity that is unlawful. Anonymity should not be considered a secure shield because, ultimately, any data may be intercepted. 41 An offender is specifically liable for damages to the victim. At times, this liability can be extended to include others (e.g. an employer) with a greater capacity for satisfying the judgment.

In addition, there is current disagreement about whether a system operator or an access provider should be held liable. 42 The 1996 Telecommunications Act protects access providers from liability for the unlawful acts of users (except copyright infringement or obscenity). 43 Some Courts have protected ISPs and online services from vicarious liability for the acts of subscribers/customers. On the other hand, vicarious liability, even without knowledge, may result when either the web page designer or the ISP (1) has the right and ability to control the infringer's acts and (2) receives a direct financial benefit from the infringement.

JURISDICTION

The law surrounding issues of jurisdiction over individualsand businesses with an online presence continues to evolve. 44 The first such case was U.S. v. Thomas. Courts in Minnesota, Arizona and Ohio have made similar determinations. One Californiacase is Hall v. LaRonde. In that opinion, the California Appellate Court stated that creating a contract over email could warrant the exercise of jurisdiction. Some argue that the nature of the Internet could result in forum shopping and the necessity of modifying traditional notions of venue requirements. 45 Other courts have declined to exercise jurisdiction on the simple basis of accessibility of the Web page. 46 So the question of whether any individual court will decide to find jurisdiction on any specific set of facts is an issue for the judge hearing the case. The US Supreme Court will almost certainly lay down some guidelines within the next few years.

PROTECTION

Avoiding the seizure of communication in transit is less a legal problem than a technological one. There is software that can provide privacy protection for the individual Internet user. 47 Hardware exists that can prevent very sophisticated industrial espionage. 48 Of most concern to the common Internet user is protection of email. The most famous encryption software is PGP,created by Phil Zimmerman. The U.S. government has attempted to suppress other means of strong encryption. 49 These attempts have not always been successful, however. 50

Anonymous discourse is still available through the use of "remailers." 51 Various problems with the anon.penet.fi forwarding service, a famous anonymous remailing service in Finland, have led to a discontinuation of that service. 52 Other remailers continue to provide anonymity to e-mail and Usenet participants. 53

The key to anonymous publishing on the World Wide Web is to have as many web servers within the control and/or trust of the publisher. It also helpsto have a number of other servers performing a service to the community.Ian Goldburg and David Wagner at Berkeley are attempting to provide that service. 54

Recent versions of Netscape and Internet Explorer give web surfers the option of refusing to accept cookies. Windows users may automatically delete all cookies with every restart of the machine. 55

CONCLUSION

Before attempting anonymity on the Internet, it is best to think for a moment about your purpose and intent in hiding your identity. Think as well about the impact of the statement you wish to communicate. The safest course may be to acknowledge authorship. This avoids the uncertainties of liability and discovery.

Revised and updated on an irregular basis
Last modified August 20, 1999



CITATIONS
  1. Alara Rogers' second email signature.

  2. See Michael Froomkin, Anonymity and Its Enmities, par. 29, (listing specific instances).

  3. See, e.g., KnowX.

  4. But see Proposed Constitutional Amendment.

  5. See Neal J. Friedman, Look Both Ways Before Putting Your Station On the Information Highway (stating that Web sites may show video as long as there is no expectation of privacy).

  6. Schmerber v. California, 384 U.S. 757, 779, 86 S. Ct. 1826, 16 L.Ed.2d 908 (1966).

  7. See Will Dwyer II, The Privacy Connection (discussing United States v. Katz).

  8. What About Issues of Privacy in On-Line Activities?.

  9. See id. (opining that no reasonable expectation of privacy exists for any Internet activity).

  10. See 42 U.S.C. 2000aa (protecting work product meant for public dissemination).

  11. Web Gathering Statistics.

  12. But see Coalition Against Unsolicited Commercial Email (attempting to amend federal ban on junk faxes to include junk email).

  13. Jonathon Rosenoer, CyberLex, December 1996.

  14. How To Filter SPAM With Eudora 3.0.

  15. See Junkbuster.

  16. See Robert C. Cumbow and Gregory J. Wrenn, Reputation On (The) Line: Defamation And The Internet (discussing case law surrounding online defamation).

  17. Jonathon Rosenoer, CyberLex, November, 1996.

  18. National Law Journal.
  19. Yahoo Forums in Privacy Dispute, Associated Press (April 6, 1999).
  20. Kaitlin Quistgaard, Technology.
  21. Oscar S. Cisneros, Unmasking Anonymous Posters.

  22. Kaitlin Quistgaard, Raytheon Triumphs Over Yahoo! Posters' Anonymity.
  23. 18 U.S.C. 2701.

  24. Something Wicked This Web Comes.

  25. Kevin McAleavey, What Privacy Concerns?

  26. Glen L. Roberts, Why and Where do they come from?

  27. An Introduction to Anonymous Remailers.

  28. Stan Grist, Protect Your Privacy.
  29. Will Rodger, Deja News Privacy snafu Uncovered.

  30. See Christine A. Varney, Consumer Privacy in the Information Age: A view from the United States (stating that no federal legislation protects privacy of medical records).

  31. Mike Swiston, Alternative Approaches.

  32. Andy's Netscape Cookie Guide.

  33. Malcolm's Guide to Persistent Cookies.

  34. Peter Krakaur, Web Cookies, Fortune Cookies, and Chocolate Chip Cookies.

  35. Stephen T. Maher, Understanding Cookies: A Cookies Monster?

  36. Jonathan Rosenoer, Cyberlex, July 1997.

  37. See Webcompanies Announce Privacy Standards (announcing partnership of Netscape, VeriSign and Firefly).

  38. Internet Site Agrees to Settle FTC Charges of Deceptively Collecting Personal Information Agency's First Internet Privacy Case, FTC News Release, August 13, 1998.
  39. See, e.g., Deja News.

  40. See Deep Data (providing information on lawsuits, bankruptcies, property records and credit reports).

  41. Martin F. Noonan, An Analysis of the Security Risks Involved in Transmitting Credit Card Numbers Over the Internet.

  42. See Virginia Rezmierski, Response to Professor Lowenstein (opining that carrier should not bear responsibility).

  43. Telecommunications Act of 1996.

  44. See Personal Jurisdiction: An Emerging Controversy Heats Up (discussing cyberspace jurisdiction).

  45. Minnesota v. Granite Gate Resorts, Inc.; CompuServe v. Patterson.

  46. Raysman & Brown Computer Law: On-Line Issues.

  47. See e.g., Weber v. Jolly Hotels, 96-2582 (D. N.J.) (citing Bensusan Restaurant Corp. v. King, 937 F. Supp. 295 (S.D.N.Y. 1996) for proposition that web page which merely advertises does not justify exercise of general jurisdiction).

  48. See, e.g., NSClean (offering free demo).

  49. The Complete, Unofficial TEMPEST Information Page.

  50. Dan Bernstein's Attempt to Publish Snuffle and The Legal Issues Raised.

  51. See Judge Refuses to Apply Cryptography Export Ban, Law Journal Extra!, 8/28/97 (stating that law's regulation of both software and writings about software unjustly restricts academic discourse).

  52. See Anonymous Remailers (explaining how some servers strip information from e-mail messages before forwarding to intended recipient).

  53. Press Release.

  54. Anonymous Remailer FAQ.

  55. Taz Servers and the Rewebber Network, Enabling Anonymous Publishing on the World Wide Web, Ian Goldberg and David Wagner University of California, Berkeley (1996).
  56. See Embedded Directory, No Cookies, Please (explaining how to set up .bat file).

Cases


Statutes

18 U.S.C. 2701
42 U.S.C. 2000aa

800 West El Camino
Suite 180
Mountain View, CA 94040

Vox: (650) 842-8481
Fax: (650) 618-8687
email: send email