Talk:Internet privacy

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Internet (Rated B-class, High-importance)
WikiProject icon This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
B-Class article B  This article has been rated as B-Class on the project's quality scale.
 High  This article has been rated as High-importance on the project's importance scale.
 

Contents

Some old comments mixed with one newer comment that weren't in a section[edit]

This article includes some good information. Perhaps if the ideas are combined with the digital trail article, we can have a really strong article.

This page contains a bunch of stupid stuff and just plain nonsense. Cleanup? 24.5.54.218 07:27, 20 Dec 2004 (UTC)

Yes, needs cleanup. Did you forget to loigin? -- Chris 73 Talk 07:28, Dec 20, 2004 (UTC)
Yeah. There's the bit about logging temperature and vibration, and I can't figure out what "a young woman in New York City was on a first date with an online acquaintance and later sued for sexual harassment as they went back to her apartment after when everything became too real" means. This important article lacks coherence and flow. I'd suggest seperating into provided information (eg. facebook) and collected information (eg. malware, logs, etc)68.149.1.64 (talk) 05:45, 15 February 2012 (UTC)

I would like to suggest that the pronoun "you" should not be used in this (or any) Wikipedia article. One-dimensional Tangent (Talk) 03:47, 26 August 2005 (UTC)

Editing one section[edit]

Under the heading of "Teachers and Myspace", there is a coherence problem in the second paragraph (about Stacy Snyder).

  • "The Chronicle of Higher Education wrote an article on April 27, 2007 entitled "A MySpace Photo Costs a Student a Teaching Certificate" about Stacy Snyder[15]. She was a student of Millersville University of Pennsylvania who was denied her teaching degree because of an unprofessional photo posted on MySpace, which involved her drinking with a pirates’ hat on and a caption of “Drunken Pirate". Due to this, she was given an English degree."

The funny inference from this paragraph is that due to her picture on Mysapce, she was given an English degree. (as a conciliatory prize)

Without knowing the case any more than the article, I suggest someone with more knowledge rectify this situation. I would separate the fact the MySpace experience from the information about her receiving an English degree. I suggest rewriting the last sentence, to "Because of the community's reaction to her MySpace picture she was not granted her teaching degree." Scrap the whole idea of her English degree. Writerz (talk) 01:29, 14 September 2008 (UTC)

External links[edit]

Ok, since anons keep reverting my external links cleanup, let's discuss it. You may be aware that Wikipedia is not a repository of links. There are guidelines regarding what to link to. Specifically, we link to sites that are either necessary for verifiability, or links with topical material for those interested in a deeper insight or more perspectives than what the article gives. We normally discourage adding links to mere "services" or "tools", and especially if those are for-pay, commercial entities. The external links section insisted on by the anons is ripe with those. In addition, external links should, obviously, be external. The external links section the anons insist on, contains four internal links, which should be at "See also" instead. Further, external links should work. The current section includes two links that turn up the HTTP Forbidden message.

I believe I have Wikipedia policy (and common sense) on my side, and I'll revert back to my link (which contains many, many links to services and tools through the DMOZ links). I hope the anons will discuss my points here before reverting again. Haakon 11:44, 16 January 2006 (UTC)

--

I knew Wikipedia External Links, just let me cite the first two sentences: "Wikipedia is not a web directory. However, adding a certain number of external links is of valuable service to our readers.". Ok, not all of those links have been valueable but some of those definitely are. Also links to services for privacy enhancing technologies fit perfectly to this article. You were right, the internal links were placed wrongly, also I didn't know that there were some broken links, because you deleted all of them and not only the broken ones with a suitable comment.

So the following links are missing now in the current verison of the article:

1. Free: Anonymouse: anonymous surfing, emailing and posting
2. Free: Stay invisible  
3. Payed: Proxy Blind       
4. Free: WhatismyProxy : Test to see if your proxy is working       
5. Payed: a4proxy: connects to anonymous proxies  
6. Payed: TRUSTe: certification, monitoring and dispute resolution in matters of Internet privacy 
7. Broken: IP Privacy Internet Privacy - Resources, Tips and Articles.
8. Broken: How To Cover Your Online Tracks

Of course the broken links should not be in the article, the free services should be in the article additionally No. 5 because A4Proxy is a very valueable service and No. 6 because TRUSTe let users file privacy complaints against (registered) websites and informs users about privacy practices of websites. Mark, 19:11, 16 January 2006 (UTC)

There has been consensus to remove nos. 1-3 from articles like anonymity and proxy server already, and no. 4 from IP address, so I don't see how they belong better here. Nos. 5 and 6 may be valuable to its customers, but not to Wikipedia readers in general (see WP:EL about what not to include: "Sites that primarily exist to sell products or services"). As for 7 and 8, I'm glad we agree :-) I'm sure we can also agree that many potentially useful links are available already through the DMOZ link. Haakon 19:45, 16 January 2006 (UTC)

As the links are about internet anonymity it is obvious that they do not belong in the general group anonymity, but they perfectly belong here and additionaly they are valuable services. No. 5 does not sell anything unlike you said, No 6. sells seals only to website-owners but offers filing of privacy complaints for private persons therefore the target group are also Wikipedia readers. Mark, 09:02, 16 January 2006 (UTC)

Noted cases?[edit]

Why is it necessary to highlight these two particular "Noted cases" (AOL data & Craigslist thing). Seems there have been many internet privacy cases over the decades, and these just happen to be recent ones. (I hate presentist biases). --ZimZalaBim (talk) 20:20, 12 September 2006 (UTC)

Fortuny prank[edit]

I've trimmed the section on Jason Fortuny's Craigslist prank; it's still a bit too long, I think, but I think getting it any shorter would require an actual rewrite of the section.

I know that Fortuny referred to the prank as an 'experiment', but I don't think the article itself should follow suit, at least not without sarcasm quotes, as there was nothing in Fortuny's methods that resembled an experiment in the scientific sense. So I've changed one 'experiment' to 'prank'. -- Vary | Talk 15:47, 24 November 2006 (UTC)


as of oct 2007 the article needs wikified. it seems to be done now, maybe that needs to be taken off?

Badmachine (talk) 04:27, 5 April 2008 (UTC)

Help reverting vandalism -- impossible![edit]

The spam filter is currently stopping me from reverting the vandalism on this page because there is a link already existing on the page which now is on a spam blacklist meaning I can't save the reverted page. Angus Lepper(T, C, D) 22:12, 22 May 2007 (UTC)

I settled for simply removing the citation causing the problem. Replace the '0' in the URL with an 'o'.

<ref>{{cite web | url = http://www.encycl0pediadramatica.com/RFJason_CL_Experiment | author = Encyclopedia Dramatica | title = RFJason CL Experiment | publisher = EncyclopediaDramatica.com | date = 2006-09-13 | accessdate = 2006-09-13 }}</ref> <ref> {{cite web | url = http://www.youtube.com/watch?v=4y6LqhrdAxg | author = [[MSNBC]] | title = RFJason CL Experiment on Encyclopedia Dramatica | publisher = Youtube.com | date = 2006-09-13 | accessdate = 2006-09-13 }}</ref>


social networks and privacy[edit]

I added a fact tag to the assertion that social networking websites provide 'adequate' privacy measures. I don't necessarily disagree, and often counsel friends who hype the perceived privacy problems of sites like myspace and facebook that such pages cannot reveal information that they as users do not provide, but nevertheless, I think that it is clear that such a comment fails to satisfy NPOV. Who says that the privacy measures of Facebook (for example) are 'adequate'? additionally, I was encountering difficulty with the spam filter on this page because of the inclusion of one of the links in the 'broken links' section above. I reformatted the spelling of the website so that this edit would go through. Cuffeparade 16:35, 25 October 2007 (UTC)

Degrees of severity and risk[edit]

I found that in terms of expressing the concept of internet privacy, there was a lot of straightforward statements about the "strength" of some forms of privacy as well as "legitimate" uses of information. I feel it's difficult to nail down in a fashion that is agreeable by everyone as to what is a valid use of people's information and what isn't. I tried to clean up some of the more blatant issues I felt were there, but I do still feel there is a leaning in this article. Roadm (talk) 03:36, 10 February 2008 (UTC)

Possible Fortuny Prank Justification: Exposure of Malfeasance?[edit]

Although some online exposures of personal information have been seen as justified as exposing malfeasance, many commentators on the Fortuny case saw no such justification here.

What's malfeasance got to do with semi-random private citizens? This sentence seems irrelevant as phrased currently.

If you want to talk about justification for exposing misbehavior of some kind, that idea is remotely plausible.

63.249.110.32 (talk) 01:44, 17 May 2008 (UTC)

There is a world outside the US[edit]

This article is too US specific. It gives place names without indicating what country they are in. 78.149.219.203 (talk) 11:35, 18 August 2008 (UTC)

How about the privacy of IP packets?[edit]

I had a friend check for domain names, and somehow someone grabbed it after several days. This has also happened to me once. How does the law approach this issue? Obviously someone sniffed our IP packets and recovered the domain name we were checking. Who's liable for this? --Nathanael Bar-Aur L. (talk) 22:21, 3 December 2008 (UTC)

There are plenty of ways to do that without direct sniffing of your packets; and those methods are far more likely, and irrelevant here. King Spook 02:49, 5 December 2008 (UTC) —Preceding unsigned comment added by Kngspook (talkcontribs)

Remove Case Studies?[edit]

I'm not convinced that the case studies make a valuable addition to this article. Several commenters above have questioned the neutrality of this article in various ways. These examples are interesting, but seem rather arbitrary and not particularly illustrative of the breadth of the internet privacy topic. So far the examples consist of a case study which has its own entry (Jason Fortuny), an incomplete history of the use of search engine data by law enforcement, and two cherry-picked court cases. I recommend removing this content, though perhaps linking to the Fortuny article. Since this is a large change, I thought I would post here first to see what people think. Judd (talk) 16:55, 5 December 2008 (UTC)

I agree. The article's becoming a coatrack for detailed discussions of cases that don't merit their own articles. Anything in the Fortuny's section that isn't already covered in his article should be moved there, but the rest can go, imo. -- Vary Talk 23:23, 24 January 2009 (UTC)
I also agree. Unless a specific case sets a precedent that informs the nature and scope of Internet privacy, I don't believe case studies lend much. I do think that specific ways in which laws, etc. contour online privacy, and a recounting of the laws responsible, add another, needed dimension to the article. To this end I added the "Legal Threats" section, and two such legally sanctioned mens in which online privacy (for better or worse) is curtailed by the state. I view this information as similar, but distinct and more useful than a potentially endless enumeration of case studies. I would love others thoughts on this angle.

--SoulSyndicate (talk) 00:49, 9 February 2009 (UTC)

Agreed. That material is better organized by moving it to a "list of" type article or just using a category or links to any notable incident. The article needs improvement and clean-up in other ways but narrowing the focus is a good start.Wikidemon (talk) 23:21, 21 February 2009 (UTC)

-- I have to disagree. I think that these case studies give the casual wikipedia reader great insight into specific instances where internet search engines have been used by law enforcement agencies. i suspect many people would be interested to know this and the citation provided to the Global Privacy Journal Article would be a great starting point for them to find out more. There simply isn't enough room in this article to have a comprehensive discussion of the need for a "compelte history of the use of search engine data by law enforcement." While that would be great, i think this article does enough to provide a overview of the issues. —Preceding unsigned comment added by 64.32.145.74 (talk) 19:17, 25 October 2009 (UTC)

MySpace? Seriously????[edit]

"She was a student of Millersville University of Pennsylvania who was denied her teaching degree because of an unprofessional photo posted on MySpace, which involved her drinking with a pirates’ hat on and a caption of “Drunken Pirate". As a substitute, she was given an English degree."

I simply cannot get over the fact that people are being treated unfairly in their PROFESSIONAL lives, simply because they have a PERSONAL social networking profile, and are judged by it, ie - what it looks like, what pictures, music, etc, are on it. WHY are professional employers and schools even going on these sites searching for people anyways? I've heard about a clinic denying a patient because of what her Facebook page has on it. Are you FREAKING KIDDING ME??!!!? [Enter profanity here] those people who judge others like this and deny them professional equality. Seriously. Viperpulse (talk) 02:00, 21 January 2010 (UTC)


For example, I think that in the context of an job interview it is very important to do your best to please the recruiters but finally it turns out, after a while, you don't suit the recruiters moreover it is very difficult for them to figure out you really are for two hours specially because you are hiding yourself. Recruiters would be interested in those social medias only for minimizing the risk of hiring a non-interesting workers or also for choosing the best profile between two applicants. Nevertherless it is not always necessarily in a descriminative way, they would rather hire someone that they can trust.

Here an article from Forbes magazin that depicts widely my point of view. [1]

Proposed move[edit]

Not filing this as a WP:RM just yet, since what to rename it is an open question. This article should obviously be at either online privacy or electronic privacy. The name Internet privacy is too narrow. Just for starters, the most crucial legal case in the field had nothing to do with the Internet at all, but rather BBSes (namely Steve Jackson Games v. U.S. Secret Service). Very little (other than technical details) can be said about Internet privacy in particular that does not also apply to all other electronic networking technologies, past, present and almost certainly future. — SMcCandlish Talk⇒ ʕ(Õلō Contribs. 06:08, 28 February 2011 (UTC)

Browser Fingerprinting[edit]

Browser and device(as in computer, smart phone, etc.) fingerprinting should be added and have a substantial discussion because this is the latest method of tracking. Editors should look at websites like Panopticlick, BrowserSpy, and http://ip-check.info/ (Anonymity Test). Apparently there's a lot of money to be made in user-specific(?) or targeted advertising on the internet, which seems to be what's driving this invasion of privacy. 107.36.164.74 (talk) 18:03, 28 December 2011 (UTC)

WSJ resource[edit]

22:39, 27 January 2012 (UTC) — Preceding unsigned comment added by 97.87.29.188 (talk)

Review[edit]

This article is very turstworthy, quite biased, very complete, very well-written,and quite accurate. This is very well written and provides a broad variety of information related to internet security. Agampa (talk) 16:20, 5 February 2012 (UTC)agampa

Very optimistic view. The article is full if irrelevant details and most important issues are completely missing or buried deeply and very hard to find such as:
Richiez (talk) 14:17, 7 February 2012 (UTC)

Doesn't read like an encyclopedic article[edit]

The article doesn't read like it's in an encyclopedia. It reads more like an essay on the topic. It goes into too many specifics, and I feel that it isn't encyclopedic overall.

Inglonias (talk) 19:44, 16 February 2012 (UTC)

External links[edit]

Upon quick glance not a single of those is familiar to me as a trustworthy resource. Please feel free to add them back, with explanation here and preferably backed by a statement by http://eff.org or similar. -- 10:03, 4 March 2012 (UTC)

The first reference is entirely erroneous. The citation belongs to Scott McNealy from Sun Microsystems, 1999: http://www.wired.com/politics/law/news/1999/01/17538 — Preceding unsigned comment added by Iknovate (talkcontribs) 19:44, 9 March 2012 (UTC)

overview references[edit]

Lots to clean up here... but the references need a lot of work in particular. Better overview references would be super. -- phoebe / (talk to me) 22:56, 22 May 2012 (UTC)

NO PROTECTION AGAINST POLICE ! Or, 99999999 Cop's no job's.[edit]

Monitoring all connections to the Internet was here in Brussels, angekundigt publicly in newspapers (eg <Metrotime.be>). Helps a user identify speziäle policing program. This means - Get internet from any activities in Belgium out without the Belgian police for a Kentnis. Publication, Veröfentlichengen, discussion, chat, forum's, blog's, preparation, organization and Koordiniation a terrorist attack, etc., transactions over the Internet - Internet - such as banking, including credit card information. The question - Young Gay `s (obgemagerte Cruchon's) erlädigen this difficult job for Belgian police are subject to a secrecy about what they do or can they also Dinst auserkundschaft pralen free to express his opinion and so on? If the police or simply <Boy`s> mùit best connections to Islamist circles? A placement of a child porn Web Since Ciber or - send viruses via a Belgian provider, incognito and invisible to the police Belgique even impossible, right? <Police Kisky> -- Drink only Uissky . — Preceding unsigned comment added by 194.78.58.10 (talk) 10:58, 15 June 2012 (UTC)

Page ratings[edit]

The ratings for this article aren't particularly good. 42 to 47 people have rated the page and the ratings on a scale from 1 (poor) to 5 (good) are: 2.3 Trustworthy (47), 2.0 Objective (42), 2.0 Complete (44), and 2.0 Well-written (47). What needs to be done to make the article better? --Jeff Ogden (W163) (talk) 02:31, 6 July 2012 (UTC)

  • It seems far too long, rambling (unfocused), non-neutral, and disorganized to me. LittleBen (talk) 02:21, 20 September 2012 (UTC)

State Laws Related to Internet Privacy[edit]

One link that could be included in this article is National Conference of State LegislaturesThis website could help in supporting information in regards to cases that refer to privacy laws. Many people may not know exactly what their state's laws maybe in regards to internet privacy and this site definitely helps in clearing up information. I feel that cases should be decided off of the laws that have been set instone but the laws can be bended to intiate rightful Justice. -Jmckella16 (talk) 01:37, 18 September 2012 (UTC)

Yes check.svg Done. I added this. --Jeff Ogden (W163) (talk) 02:58, 18 September 2012 (UTC)

HTML 5[edit]

The HTML 5 section of the main article seems a bit overbearing and convoluted. There is only one reference for the whole section. It also seems slightly biased, as if trying to convey that HTML 5 as a whole is a negative thing. The second paragraph is written in a confusing manner and does not add much to the article.

Stepping back from the section itself - are cookies the only possible exploit on HTML 5? I don't know the answer myself, but surely there is more information on what things, good or back, HTML 5 brings to the table in regards to Internet privacy. Chriisss (talk) 03:34, 18 September 2012 (UTC)

  • This Internet privacy article and the Internet security article are interrelated in that security defects in browsers and browser plugins can affect privacy as well as security. LittleBen (talk) 02:15, 20 September 2012 (UTC)
  • I agree with Chriisss - the HTML5 section is strange & one-sided. The WHATWG HTML section on privacy & user tracking should be cited. The basic point—that storage mechanisms have multiplied, so merely wiping cookies is no longer enough—should be mentioned. I can't confirm the "HTML 5 can store information from at least 10 different sites from your computer, much more than the ordinary cookie" which sounds simply untrue. Each domain can store precisely 1 cookie upon your computer & you can have an essentially unlimited number of domains employing cookies.
I'm going to make edits reflecting the above. I also think "code" isn't the right term, HTML5 is a web standard not a code. I'm not sure what privacy enhancements there are in HTML5 but I can research it a bit.
I don't understand how LittleBen's comment relates to the HTML5 section. Phette23 (talk) 18:04, 11 December 2012 (UTC)

Create a us-specific article?[edit]

Feel free to create an article for us-specific cases or put in article "internet privacy in the us"

This article is also still way too long Wikipedia:Article size#A rule of thumb




Start of content saved from main article


Laws and regulations[edit]

The concept of “online privacy” is very broad and tends to cover other aspects of telecommunications and technology. The privacy concerns relate to both the misuse of certain information or the disclosure of this to others. Over the last thirty years, consumer privacy is a public issue that has received substantial attention. These rights protect individuals against the obligations by government. The growth of the Internet in general has produced new concerns about protecting the rights of consumers online. The Privacy Act prohibits the disclosure of personal information, no matter how this information is gathered. The consumers’ control and knowledge applied to on the internet come under two categories- purchasing and surfing. The legal protection law for individual privacy in the United States has been passed fairly recently, and limits the protection of data. Data collection methods have raised concerns about consumer privacy. The FTC, in their efforts to ensure success, has developed principles that would protect consumers and the information they choose to display.

USA Patriot Act[edit]

The USA Patriot Act, signed into law on October 26, 2001 by former President Bush, is legislation to enhance law enforcement investigatory tools, investigate online activity, as well as to discourage terrorist acts both within the United States and around the world. This act reduced restrictions for law enforcement to search various methods and tools of communication such as telephone, e-mail, personal records including medical and financial, as well as reducing restrictions with obtaining of foreign intelligence.[2] Many of these expanded powers and lowered standards are not limited to terrorist investigations.[3]

The USA PATRIOT Act, professionally known as the “Uniting and Strengthening America by Providing Appropriate Tools Require to Intercept and Obstruct Terrorism Act” was put in to effect in reaction to the 9/11 Terrorist attacks. President Bush wanted to prevent terrorism in the United States and he believed that by keeping an eye on communication around the country, terrorism could be diminished. Although many people supported this law because of the September 11 attacks and the desire to keep America safe, many believe that this act interferes with civil liberties. The USA PATRIOT Act has been described as “unjustified infringement of privacy, association, and due process rights.” After the act passed, federal law enforcement now has access to additional wiretapping and surveillance.[4]

Electronic Communications Privacy Act (ECPA)[edit]

The Electronic Communications Privacy Act, enacted in 1986, is known as a “victory for privacy.” This act lays the boundaries for law enforcement having access to person electronic communication and stored electronic records. This includes email, pictures, date books, etc. With the enormous growth in the use of computers, many people store numerous items on servers that can ultimately be visible to many people. The ECPA protects this information from being accessed by law enforcement. There are five parts to the Act. Part I discusses the origin of the ECPA, Part II the law enforcement and the access provisions made involving electronic communication. Part II explains why this Act is needed due to the increase of personal internet use by individuals. Part IV observes the “business records cases” and pinpoints three principles. Lastly, Part V discusses ECPA’s reliance on the “business records cases” and the points against Part IV of the act.[5]

This act makes it unlawful under certain conditions for an individual to reveal the information of electronic communication and contains a few exceptions. One clause allows the ISP to view private e-mail if the sender is suspected of attempting to damage the internet system or attempting to harm another user. Another clause allows the ISP to reveal information from a message if the sender or recipient allows to its disclosure. Finally, information containing personal information may also be revealed for a court order or law enforcement’s subpoena.[6]

Employees and employers Internet regulations[edit]

When considering the rights between employees and employers regarding internet privacy and protection at a company, different states have their own laws. Connecticut and Delaware both have laws that state an employer must create a written notice or electronic message that provides understanding that they will regulate the internet traffic.[7] By doing so, this relates to the employees that the employer will be searching and monitoring emails and internet usage. Delaware charges $100 for a violation where Connecticut charges $500 for the first violation and then $1000 for the second.[7] When looking at public employees and employers, California and Colorado created laws that would also create legal ways in which employers controlled internet usage.[7] The law stated that a public company or agency must create a prior message to the employees stating that accounts will be monitored. Without these laws, employers could access information through employees accounts and use them illegally.[8] In most cases, the employer is allowed to see whatever he or she pleases because of these laws stated both publicly and privately.[9]

Gramm-Leach-Bliley Act[edit]

The Gramm-Leach-Bliley Act (GLB) was signed into law by U.S. President Bill Clinton and repealed part of the Glass-Stegall Act of 1933. The purpose of the legislation was to allow institutions to participate more broadly across investment banking, insurance, and commercial banking. The GLB also includes several provisions that aim to protect consumer data privacy. The Safeguards Rule, which implements the security requirements of the GLB Act, requires financial institutions to have reasonable policies and procedures to ensure the security and confidentiality of customer information.[10]

The Children's Online Privacy Protection Act (COPPA)[edit]

The Children's Online Privacy Protection Act prohibits website operators from knowingly collecting personally identifiable information from children under 13 years old without parental consent. It requires site operators to collect only personal information that is “reasonably necessary” for an online activity. This law was put into action as an act in 1998 and took effect in 2000. Personal information that is not allowed to be obtained from children includes their full name, home or e-mail address, telephone number or social security number. This law was enacted in order to give parental control over the information collected from their children online and to know how that information is used or shared. In order to enforce this law, the FTC actively monitors websites. The FTC recommends that websites screen users if they collect personal information or if children under 13 could potentially be using the website.

Privacy Bill of Rights[edit]

On February 22, 2012 the Obama administration signed an agreement to put some new rules in place to regulate the information that can be taken from people on the Internet. Previously, companies have not been under any federal restrictions and have been basically in charge of themselves. Due to the recent uprisings about how companies, such as Facebook and Google, are using people’s information, the Obama administration felt it necessary to act. These new regulations will be a “privacy bill of rights.” And as a result, companies will have to change their privacy policies to ensure that personal information will only be used for things specifically permitted by the person giving it.[11]

The National Telecommunications and Information Administration in collaboration with certain privacy activist groups will be working to develop “codes of conduct” for companies who collect personal information. However, some people fear the that the Federal Trade Commission will not be able to enforce these “codes of conduct” due to the fact that Congress has not passed these privacy regulations to law as of yet. It does appear that companies are willing to work with the government in order to calm the uproar with online privacy currently.[11]

It was a document that the Obama Administration created to suggest how companies should protect consumer online information. Seven different rights that are outlined in this document. The first "right" is Individual control. Companies must provide clear and easy to understand policies on how they are going to use the consumer's data. The second "right" is transparency. Companies should outline clearly why they want to collect consumer's data. The third "right" is Respect for context. It means that the firm cannot decide it wants to use data for another purpose. The fourth "right" is Security. Consumers expect that firms provide adequate protection of their data. The fifth "right" is Access and Accuracy. The consumer should able to access their personal data to make edits. The sixth "right" is Focused collection. Companies should only collect the data that they need. The last "right" is Accountability. Companies should be held accountable for lost data. This document has not become a law yet.

U.S. state laws[edit]

In response to rising concerns among Americans regarding privacy on the Internet, states have passed numerous laws that require companies to be somewhat open to showing the users or customers the information they are collecting. The National Conference of State Legislatures maintains a web page that lists selected state laws related to Internet privacy.[12]

These laws cover:

  • Electronic surveillance
  • Employee E-mail communications and Internet access
  • Phishing
  • Privacy of certain online activities
  • Privacy of personal information held by ISPs
  • Privacy policies for web sites
  • Privacy policies for government web sites
  • Security breaches
  • Spam
  • Spyware

Libraries and books[edit]

  • California Government Code § 6267: Protects an individual’s privacy when using online library resources, such as writing email or text messages, online chat or reading e-books.[13]
  • California Civil Code § 1798.90: The California Reader Privacy Act protects information about the books Californians browse, read or purchase from electronic services and online booksellers, who may have access to detailed information about readers, such as specific pages browsed.[14]

Privacy of personal information held by ISPs[edit]

Two states, Nevada and Minnesota, require Internet Service Providers to keep private certain information concerning their customers, unless the customer gives permission to disclose the information. Both states prohibit disclosure of personally identifying information, but Minnesota also requires ISPs to get permission from subscribers before disclosing information about the subscribers' online surfing habits and Internet sites visited.

  • Minnesota Statutes §§ 325M.01 to .09
  • Nevada Revised Statutes § 205.498

In addition, California and Utah laws, although not specifically targeted to on-line businesses, require all nonfinancial businesses to disclose to customers, in writing or by electronic mail, the types of personal information the business shares with or sells to a third party for direct marketing purposes or for compensation. Under the California law, businesses may post a privacy statement that gives customers the opportunity to choose not to share information at no cost.

  • California Civil Code §§ 1798.83 to .84
  • Utah Code §§ 13-37-101, −102, −201, −202, −203

Employee e-mail communications and Internet access[edit]

Two states, Connecticut and Delaware, require employers to give notice to employees prior to monitoring e-mail communications or Internet access. Colorado and Tennessee require states and other public entities to adopt a policy related to monitoring of public employees' e-mail.

General Statutes of Connecticut § 31-48d

  1. Employers who engage in any type of electronic monitoring must give prior written notice to all employees, informing them of the types of monitoring which may occur.
  2. If an employer has reasonable grounds to believe that employees are engaged in illegal conduct and electronic monitoring may produce evidence of this misconduct, the employer may conduct monitoring without giving prior written notice.
  3. Provides for civil penalties of $500 for the first offense, $1,000 for the second offense and $3,000 for the third and each subsequent offense.

Delaware Code § 19-7-705

  1. Prohibits employers from monitoring or intercepting electronic mail or Internet access or usage of an employee unless the employer has first given a one-time written or electronic notice to the employee.
  2. Provides exceptions for processes that are performed solely for the purpose of computer system maintenance and/or protection, and for court ordered actions.
  3. Provides for a civil penalty of $100 for each violation.

Public employers[edit]

In addition, Colorado and Tennessee require certain public entities to adopt a written policy on monitoring of email:

  • Colorado Rev. Stat. § 24-72-204.5

Tennessee Code § 10-7-512

  1. Requires the state or any agency, institution, or political subdivision thereof that operates or maintains an electronic mail communications system to adopt a written policy on any monitoring of electronic mail communications and the circumstances under which it will be conducted.
  2. The policy shall include a statement that correspondence of the employee in the form of electronic mail may be a public record under the public records law and may be subject to public inspection under this part.

Privacy policies for web sites[edit]

California (Calif. Bus. & Prof. Code §§ 22575-22578): California's Online Privacy Protection Act requires an operator, defined as a person or entity that collects personally identifiable information from California residents through an Internet web site or online service for commercial purposes, to post a conspicuous privacy policy on its web site or online service and to comply with that policy. The bill, among other things, would require that the privacy policy identify the categories of personally identifiable information that the operator collects about individual consumers who use or visit its web site or online service and third parties with whom the operator may share the information.

Connecticut (Conn. Gen Stat. § 42-471): Requires any person who collects Social Security numbers in the course of business to create a privacy protection policy. The policy must be "publicly displayed" by posting on a web page and the policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.

Nebraska (Nebraska Stat. § 87–302(14)): Nebraska prohibits knowingly making a false or misleading statement in a privacy policy, published on the Internet or otherwise distributed or published, regarding the use of personal information submitted by members of the public.

Pennsylvania (18 Pa. C.S.A. § 4107(a)(10)): Pennsylvania includes false and misleading statements in privacy policies published on web sites or otherwise distributed in its deceptive or fraudulent business practices statute.

Privacy policies: Government web sites[edit]

At least sixteen states require, by statute, government web sites or state portals to establish privacy policies and procedures, or to incorporate machine-readable privacy policies into their web sites.

   State          Statute
   Arizona        Ariz. Rev. Stat. Ann. § 41-4151, 41–4152
   Arkansas       Ark. Code § 25-1-114
   California     Cal. Government Code § 11019.9
   Colorado       Colo. Rev. Stat. § 24-72-501, 24-72-502
   Delaware       Del. Code tit. 29 § 9017C et seq.
   Iowa           Iowa Code § 22.11
   Illinois       Ill. Rev. Stat. ch. 5 § 177/15
   Maine          Me. Rev. Stat. tit. 1 § 14-A § 541- 542
   Maryland       Md. State Government Code § 10-624 (4)
   Michigan       2003 Mich Pub. Acts, Act 161 (sec. 572 (7))
   Minnesota      Minn. Stat. § 13.15
   Montana        Mont. Code Ann. § 2-17-550 to – 553
   New York       N.Y. State Tech. Law § 201 to 207
   South Carolina S.C. Code Ann. § 30-2-40
   Texas          Tex. Government Code Ann. § 10-2054.126
   Utah           Utah Code Ann. § 63D-2-101, −102, −103, −104
   Virginia       Va. Code § 2.2-3800, – 3801, −3802, −3803

Specific cases[edit]

Jason Fortuny and Craigslist[edit]

In early September 2006, Jason Fortuny, a Seattle-area freelance graphic designer and network administrator, posed as a woman and posted an ad to Craigslist Seattle seeking a casual sexual encounter with men in that area. On September 4, he posted to the wiki website Encyclopædia Dramatica all 178 of the responses, complete with photographs and personal contact details, describing this as the Craigslist Experiment and encouraging others to further identify the respondents.[15]

Although some online exposures of personal information have been seen as justified for exposing malfeasance, many commentators on the Fortuny case saw no such justification here. "The men who replied to Fortuny's posting did not appear to be doing anything illegal, so the outing has no social value other than to prove that someone could ruin lives online," said law professor Jonathan Zittrain,[16] while Wired writer Ryan Singel described Fortuny as "sociopathic".[17]

The Electronic Frontier Foundation indicated that it thought Fortuny might be liable under Washington state law, and that this would depend on whether the information he disclosed was of legitimate public concern. Kurt Opsahl, the EFF's staff attorney, said "As far as I know, they (the respondents) are not public figures, so it would be challenging to show that this was something of public concern."[16]

According to Fortuny, two people lost their jobs as a result of his Craigslist Experiment and another "has filed an invasion-of-privacy lawsuit against Fortuny in an Illinois court."[18]

Fortuny did not enter an appearance in the Illinois suit, secure counsel, or answer the complaint after an early amendment. Mr. Fortuny had filed a motion to dismiss, but he filed it with the Circuit Court of Cook County, Illinois, and he did not file proof that he had served the plaintiff.[19] As a result, the court entered a default judgment against Mr. Fortuny and ordered a damages hearing for January 7, 2009.[20] After failing to show up at multiple hearings on damages,[21][22] Fortuny was ordered to pay $74,252.56 for violation of the Copyright Act, compensation for Public Disclosure of Private Facts, Intrusion Upon Seclusion, attorneys fees and costs.[23]

USA vs. Warshak[edit]

The case United States v. Warshak, decided December 14, 2010 by the Sixth Circuit Court of Appeals, maintained the idea that an ISP actually is allowed access to private e-mail. However, the government must get hold of a search warrant before obtaining such e-mail. This case dealt with the question of emails hosted on an isolated server. Due to the fact that e-mail is similar to other forms of communication such as telephone calls, e-mail requires the same amount of protection under the 4th amendment.[6]

In 2001, Steven Warshak owned and operated a number of small businesses in the Cincinnati area. One of his businesses was TCI Media, Inc, which sold media advertisements in sporting venues. Warshak also owned a dozen other companies that sold herbal supplements. Although all of his companies sold various different products, they were all run as a single business, and were later merged to form Berkeley Premium Nutraceuticals, Inc. Berkeley took orders over the phone, mail and Internet orders. Customers could only purchase products with credit cards which would later be entered into a database along with all of their other information. During sales calls, representatives would read from a script. Shelley Kinmon (an employee) testified that Warshak had the final word on the content of the scripts.[24] The scripts would include a description of the product, as well as persuasive language to get customers to make additional purchases. Enzyte’s popularity was due to Berkeley’s aggressive advertising campaigns. 98% of their advertising was conducted through television sports.[24] Around 2004, network television was covered with Enzyte advertisements featuring a character called “Smilin’ Bob,” whose trademark exaggerated smile was an asset to the result of Enzyte’s success.[24] Warshak used false advertisement within the media. He claimed that there was a 96% customer satisfaction rating, when in reality it was nowhere near those numbers.[24] Many print and television ad’s bragged that Enzyte had been created by reputable doctors with Ivy League educations. According to the ads, “Enzyte was developed by Dr. Fredrick Thomkins, a physician with a biology degree from Stanford and Dr. Michael Moore, a leading urologist from Harvard.”[24] The ads also stated that the doctors had been working on developing such a supplement to “stretch and elongate” for over 13 years. In reality, the doctors were made up characters who didn’t exist nor attended university at Harvard or Stanford.

EPIC vs. FTC[edit]

In February 2009, Google attempted to create an application called "Buzz." It was attached to Gmail, and allowed for social networking among other users. EPIC (Electronic Privacy Information Center) in turn filed a claim stating "that Google engaged in unfair and deceptive trade practices by transforming its email service into a social networking service without offering users meaningful control over their information or opt-in consent." The FTC established new privacy safeguards for users of Google products in October 2011.

The safeguard issued prohibits Google from misrepresenting their privacy practices. It also requires Google to obtain consent from their users before disclosing any information, and lastly, it also requires Google to follow a comprehensive privacy program. Because of this case, Google now consolidates all of its data files about users into one merged file from each Google service, instead of keeping separate files for each Google service used by each user. This change became effective in March 2012.[25]

Search engine data and law enforcement[edit]

Data from major Internet companies, including Yahoo! and MSN (Microsoft), have already been subpoenaed by the US government[26] and China.[27] AOL even provided a chunk of its own search data online,[28] allowing reporters to track the online behaviour of private individuals.[29]

In 2006, a wireless hacker pled guilty when his Google searches were used as evidence against him. The defendant ran a Google search over the network using the following search terms: "how to broadcast interference over wifi 2.4 GHZ," "interference over wifi 2.4 Ghz," "wireless networks 2.4 interference," and "make device interfere wireless network." While court papers did not describe how the FBI obtained his searches (e.g. through a seized hard-drive or directly from the search-engine), Google has indicated that it can provide search terms to law enforcement if given an Internet address or Web cookie.[30]

US v. Ziegler[edit]

In the United States many cases discuss whether a private employee (i.e., not a government employee) who stores incriminating evidence in workplace computers is protected by the Fourth Amendment's reasonable expectation of privacy standard in a criminal proceeding.

Most case law holds that employees do not have a reasonable expectation of privacy when it comes to their work related electronic communications. See, e.g. US v. Simons, 206 F.3d 392, 398 (4th Cir., Feb. 28, 2000).

However, one federal court held that employees can assert that the attorney-client privilege with respect to certain communications on company laptops. See Curto v. Medical World Comm., No. 03CV6327, 2006 U.S. Dist. LEXIS 29387 (E.D.N.Y. May 15, 2006).

Another recent federal case discussed this topic. On January 30, 2007, the Ninth Circuit court in US v. Ziegler, reversed its earlier August 2006 decision upon a petition for rehearing. In contrast to the earlier decision, the Court acknowledged that an employee has a right to privacy in his workplace computer. However, the Court also found that an employer can consent to any illegal searches and seizures. See US v. Ziegler, ___F.3d 1077 (9th Cir. Jan. 30, 2007, No. 05-30177). [1] Cf. US v. Ziegler, 456 F.3d 1138 (9th Cir. 2006).

In Ziegler, an employee had accessed child pornography websites from his workplace. His employer noticed his activities, made copies of the hard drive, and gave the FBI the employee's computer. At his criminal trial, Ziegler filed a motion to suppress the evidence because he argued that the government violated his Fourth Amendment rights.

The Ninth Circuit allowed the lower court to admit the child pornography as evidence. After reviewing relevant Supreme Court opinions on a reasonable expectation of privacy, the Court acknowledged that Ziegler had a reasonable expectation of privacy at his office and on his computer. That Court also found that his employer could consent to a government search of the computer and that, therefore, the search did not violate Ziegler's Fourth Amendment rights.

State v. Reid[edit]

The New Jersey Supreme Court has also issued an opinion on the privacy rights of computer users, holding in State v. Reid that computer users have a reasonable expectation of privacy concerning the personal information they give to their ISPs.[31][32]

In that case, Shirley Reid was indicted for computer theft for changing her employer's password and shipping address on its online account with a supplier. The police discovered her identity after serving the ISP, Comcast, with a municipal subpoena not tied to any judicial proceeding.[33]

The lower court suppressed the information from Comcast that linked Reid with the crime on grounds that the disclosure violated Reid's constitutional right to be protected from unreasonable search and seizure.[34] The appellate court affirmed, as did the New Jersey Supreme Court, which ruled that ISP subscriber records can only be disclosed to law enforcement upon the issuance of a grand jury subpoena.[35] As a result, New Jersey offers greater privacy rights to computer users than most federal courts.[36] This case also serves as an illustration of how case law on privacy regarding workplace computers is still evolving.

Robbins v. Lower Merion School District[edit]

In Robbins v. Lower Merion School District (U.S. Eastern District of Pennsylvania 2010), the federal trial court issued an injunction against the school district after plaintiffs charged two suburban Philadelphia high schools violated the privacy of students and others when they secretly spied on students by surreptitiously and remotely activating webcams embedded in school-issued laptops the students were using at home. The schools admitted to secretly snapping over 66,000 webshots and screenshots, including webcam shots of students in their bedrooms.

Saved references[edit]

  1. ^ http://www.forbes.com/sites/kashmirhill/2012/03/06/what-employers-are-thinking-when-they-look-at-your-facebook-page/
  2. ^ (January 2011) “USA PATRIOT Act.” Retrieved from http://www.fincen.gov/statutes_regs/patriot/
  3. ^ "EPIC – USA PATRIOT Act". Electronic Privacy Information Center. Retrieved 2011-12-17. 
  4. ^ McCarthy, Michael. "USA PATRIOT Act". Retrieved 5 February 2012. 
  5. ^ Mulligan, Deirdre. "Reasonable Expectations In Electronic Communications: A Critical Perspective on the Electronic Commincations Privacy Act". Retrieved 5 February 2012. 
  6. ^ Cite error: The named reference privacyrights.org was invoked but never defined (see the help page).
  7. ^ a b c NCSL (October 9, 2009). “State Laws Related to Internet Privacy.” National Conference of State Legislatures. Retrieved January 23, 2011, from http://www.ncsl.org/default.aspx?tabid=13463
  8. ^ Cranor, Lorrie Faith (June 1998). “Internet Privacy: A Public Concern.” Lorrie Faith Cranor. Retrieved January 24, 2011, from http://lorrie.cranor.org/pubs/networker-privacy.html
  9. ^ Privacy Rights Clearinghouse (January 2011). “Fact Sheet 7: Workplace Privacy and Employee Monitoring.” Privacy Rights Clearinghouse. Retrieved January 23, 2011 from http://www.privacyrights.org/fs/fs7-work.htm
  10. ^ "FTC Enforces Gramm-Leach-Bliley Act's Safeguards Rule Against Mortgage Companies" Retrieved October 1, 2011 from http://www.ftc.gov/opa/2004/11/ns.shtm
  11. ^ a b / ' 'The Economist' ', Online Privacy in America: Rights and Wrongs, February 23, 2012
  12. ^ "Selected State Laws Related to Internet Privacy", National Conference of State Legislatures, accessed 17 September 2012
  13. ^ "Public Access to Records Policy - Libraries and Information Services". City of Pasadena, California. Retrieved 7 July 2012. 
  14. ^ "Senate Bill No. 602". Official California Legislative Information. Retrieved 7 July 2012. 
  15. ^ Neva Chonin (September 17, 2006). "Sex and the City". San Francisco Chronicle. Retrieved June 17, 2007. 
  16. ^ a b Anick Jesdanun (September 12, 2006). "Prankster posts sex ad replies online". Associated Press. Retrieved June 27, 2007. 
  17. ^ Ryan Singel (September 8, 2006). "Craigslist". Wired Blogs. Retrieved September 12, 2006. 
  18. ^ Schwartz, Mattathias (August 3, 2008). "Malwebolence". New York Times. Retrieved August 1, 2008. "After receiving death threats, Fortuny meticulously scrubbed his real address and phone number from the Internet. “Anyone who knows who and where you are is a security hole,” he told me. “I own a gun. I have an escape route. If someone comes, I’m ready.”" 
  19. ^ Doe v. Fortuny, 1:08-cv-1050 (D. Ill. December 15, 2008).
  20. ^ Doe v. Fortuny, 1:08-cv-1050 (D. Ill. 11/12/2008).
  21. ^ Doe v. Fortuny, 1:08-cv-1050 (D. Ill. 01/07/2009).
  22. ^ Doe v. Fortuny (D. Ill. 04/09/2009). Text
  23. ^ Doe v. Fortuny, 1:08-cv-1050 (D. Ill. 04/09/2009).
  24. ^ a b c d e US Court 2010
  25. ^ (2012). Epic v. FTC (enforcement of the google consent order). Electronic Privacy Information Center, Retrieved from http://epic.org/privacy/ftc/google/consent-
  26. ^ "Bush Administration Demands Search Data; Google Says No; AOL, MSN & Yahoo Said Yes". Blog.searchenginewatch.com. Retrieved 2011-11-25. 
  27. ^ Previous post Next post (2007-07-30). "Yahoo Knew More About China Journalist Subpoena Than It Told Congress It Did". Blog.wired.com. Retrieved 2011-11-25. 
  28. ^ "Forget The Government, AOL Exposes Search Queries To Everyone". Techdirt.com. 2006-08-07. Retrieved 2011-11-25. 
  29. ^ Andrew Brown (August 28, 2006). "They know all about you". London: Technology.guardian.co.uk. Retrieved 2011-11-25. 
  30. ^ Tim Wafa (June 2009). "Global Internet Privacy Rights – A Pragmatic Approach". University of San Francisco Intellectual Property Law Bulletin. SSRN 1444191. 
  31. ^ "a-105-06.doc.html". Lawlibrary.rutgers.edu. Retrieved September 13, 2010. 
  32. ^ "State v. Reid'', 194 N.J. 386, 954 A.2d 503 (N.J. 2008)". Lawlibrary.rutgers.edu. Retrieved 2011-11-25. 
  33. ^ Id. at 393.
  34. ^ Id. at 393
  35. ^ Id. at 402.
  36. ^ Id. at 3 96–97.


End of content saved from main article


Moved material needs review[edit]

It seems that User:Waveclaira moved a lot of material to the talk page (see above), without discussion, and has been blocked. Quite a lot of the moved material was US-specific, so it would have been better to move it to a new US-specific page rather than to the talk page. LittleBen (talk) 00:08, 19 October 2012 (UTC)

Rewrite Needed[edit]

This article needs a massive rewrite & editing. I started to do a little but gave up b/c I don't have the time. It reads like it was written by someone with an extremely dysfunctional grasp on the English language. Sentences are jumbled, words are missing, clauses conflict & repeat, & much of it reads like a poorly worded scare tract.75.73.11.164 (talk) —Preceding undated comment added 01:17, 15 March 2013 (UTC)

I agree that a rewrite is needed. --Jeff Ogden (W163) (talk) 12:52, 17 July 2013 (UTC)

Should the sub-section on "Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.)" be removed?[edit]

I just spent some time editing the sub-section on Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.) within the Device fingerprinting section, but am now wondering if the material is really appropriate for this article or if it should be removed as being too specific or as WP:Spam. Here is the current text:

Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.)
Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.) is device fingerprinting software technology that identifies the device (computer, tablet, smartphone, …) being used to access a website. This information in turn can be used to help differentiate legitimate users from those using false identities or those attempting to work anonymously. A.D.A.P.T. uses only HTTP and JavaScript to identify a device and identifies devices without requesting any personal information entered directly by the user. It makes an accurate “fingerprint” of the device by using many different pieces of information including, operating system, browser, and PC characteristics. A.D.A.P.T. is concealed in that the user of the device has no idea that the device is being “fingerprinted” and there is no actual tagging of the device.[1]

  1. ^ Sentinel Advanced Detection Analysis & Predator Tracking (A.D.A.P.T.), Eschell Hamel (Sentinel Tech Holding Corp), a paper submitted to the Internet Safety Technical Task Force, Berkman Center for Internet and Society, Harvard University, July 30, 2008
--Jeff Ogden (W163) (talk) 12:50, 17 July 2013 (UTC)

RfC concerning the Lavabit email service[edit]

There is a request for comments (RfC) that may be of interest. The RfC is at

Talk:Lavabit#RfC: Should information about Lavabit complying with previous search warrants be included?

At issue is whether we should delete or keep the following text in the Lavabit article:

Before the Snowden incident, Lavabit had complied with previous search warrants. For example, on June 10, 2013, a search warrant was executed against Lavabit user Joey006@lavabit.com for alleged possession of child pornography.

Your input on this question would be very much welcome. --Guy Macon (talk) 05:05, 29 August 2013 (UTC)

Calling for a more positive editorial "label"[edit]

The introduction characterizing this article is exceedingly disparaging. It does give an overview of an important subject and enough links to enable further study.

Yes, it is long, detailed, and does elaborate on US experience. The subject matter is also large, and many key players in both the open and the closed net tracking business are US based, hence labelling it in a way that makes it look tedious and ethnocentric seems unfair.

Conclusion: while encouraging knowledgeable people to contribute with later than 2012 info, structuring the text with "sattelite" themes to make it shorter and other improvements, the introductory "consumer beware" label should be made more supportive.

p. (Paul hofseth (talk) 06:53, 23 November 2013 (UTC))

The four cleanup templates at the top of the article had been there for 17 months. That is long enough for improvements to have been made, so I removed them. The templates removed were: "update", "globalize", "overly", and "essay". I left the "Globalize/US|date=September 2012" template that appears at the beginning of the "Levels of privacy" section since it hasn't been there quite as long and isn't as prominent as the other cleanup tags. None of this should prevent editors from making improvements to the article or discussing possible improvements here on the talk page. --Jeff Ogden (W163) (talk) 09:47, 23 November 2013 (UTC)