News Contents: Electronic privacy

Internet privacy

Internet privacy involves the desire or mandate of personal privacy concerning transactions or transmission of data via the Internet. It also involves the exercise of control over the type and amount of information revealed about a person on the Internet and who may access said information.

Internet privacy forms a subset of computer privacy. A number of experts within the field of Internet security and privacy believe that privacy doesn't exist; "Privacy is dead – get over it" This should be more encouraged according to Steve Rambam, private investigator specializing in Internet privacy cases. In fact, it has been suggested that the "appeal of online services is to broadcast personal information on purpose." On the other hand, in his essay The Value of Privacy, security expert Bruce Schneier says, "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance."

Levels of privacy

People with only a casual concern for Internet privacy need not achieve total anonymity. Internet users may achieve an adequate level of privacy through controlled disclosure of personal information. The revelation of IP addresses, non-personally-identifiable profiling, and similar information might become acceptable trade-offs for the convenience that users could otherwise lose using the workarounds needed to suppress such details rigorously. On the other hand, some people desire much stronger privacy. In that case, they may try to achieve Internet anonymity to ensure privacy — use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information (P.I.I.) of the Internet user. In order to keep your information private, people need to be careful on what they submit and look at online. When filling out forms and buying merchandise, that becomes tracked and because your information was not private, companies are now sending you spam and advertising on similar products.

Related State Laws Privacy of Personal Information: Nevada and Minnesota require Internet Service Providers to keep information private regarding their customers. This is only unless a customer approves their information being given out. According to the National Conference of State Legislator, the following states have certain laws on the personal privacy of its citizens.

Minnesota Statutes §§ 325M.01 to .09 -Prohibits Internet service providers from disclosing personally identifiable information, including a consumer's physical or electronic address or telephone number; Internet or online sites visited; or any of the contents of a consumer's data storage devices. Provides for certain circumstances under which information must be disclosed, such as to a grand jury; to a state or federal law enforcement officer acting as authorized by law; pursuant to a court order or court action. Provides for civil damages of $500 or actual damages and attorney fees for violation of the law.

Nevada Revised Statutes § 205.498 -In addition, California and Utah laws, although not specifically targeted to on-line businesses, require all nonfinancial businesses to disclose to customers, in writing or by electronic mail, the types of personal information the business shares with or sells to a third party for direct marketing purposes or for compensation. Under the California law, businesses may post a privacy statement that gives customers the opportunity to choose not to share information at no cost.

There are also certain laws for employees and businesses and privacy policies for websites.

California, Connecticut, Nebraska and Pennsylvania all have specific privacy policies regarding websites, these include:

"California (Calif. Bus. & Prof. Code §§ 22575-22578) California's Online Privacy Protection Act requires an operator, defined as a person or entity that collects personally identifiable information from California residents through an Internet Web site or online service for commercial purposes, to post conspicuously its privacy policy on its Web site or online service and to comply with that policy. The bill, among other things, would require that the privacy policy identify the categories of personally identifiable information that the operator collects about individual consumers who use or visit its Web site or online service and third parties with whom the operator may share the information.

Connecticut (Conn. Gen Stat. § 42-471) Requires any person who collects Social Security numbers in the course of business to create a privacy protection policy. The policy must be "publicly displayed" by posting on a web page and the policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.

Nebraska (Nebraska Stat. § 87-302(14)) Nebraska prohibits knowingly making a false or misleading statement in a privacy policy, published on the Internet or otherwise distributed or published, regarding the use of personal information submitted by members of the public.

Pennsylvania (18 Pa. C.S.A. § 4107(a)(10)) Pennsylvania includes false and misleading statements in privacy policies published on Web sites or otherwise distributed in its deceptive or fraudulent business practices statute."

There are also at least 16 states that require government websites to create privacy policies and procedures or to include machine-readable privacy policies into their websites. These states include Arizona, Arkansas, California, Colorado, Delaware, Iowa, Illinois, Maine, Maryland, Michigan, Minnesota, Montana, New York, Sourth Carolina, Texas, Utah, and Virginia.

Risks to internet privacy

In today’s technological world, millions of individuals are subject to privacy threats. Companies are hired not only to watch what you visit online, but to infiltrate the information and send advertising based on your browsing history. People set up accounts for Facebook; enter bank and credit card information to various websites.

Those concerned about Internet privacy often cite a number of privacy risks — events that can compromise privacy — which may be encountered through Internet use. These methods of compromise can range from the gathering of statistics on users, to more malicious acts such as the spreading of spyware and various forms of bugs (software errors) exploitation.

Privacy measures are provided on several social networking sites to try to provide their users with protection for their personal information. On Facebook for example privacy settings are available for all registered users. The settings available on Facebook include the ability to block certain individuals from seeing your profile, the ability to choose your "friends," and the ability to limit who has access to your pictures and videos. Privacy settings are also available on other social networking sites such as E-harmony and MySpace. It is the user's prerogative to apply such settings when providing personal information on the internet.

In late 2007 Facebook launched the Beacon program where user rental records were released on the public for friends to see. Many people were enraged by this breach in privacy, and the Lane v. Facebook, Inc. case ensued.

HTTP cookies

An HTTP cookie is data stored on a user's computer that assists in automated access to websites or web features, or other state information required in complex web sites. It may also be used for user-tracking by storing special usage history data in a cookie. Cookies are a common concern in the field of privacy. As a result, some types of cookies are classified as a tracking cookie. Although website developers most commonly use cookies for legitimate technical purposes, cases of abuse occur. In 2009, two researchers noted that social networking profiles could be connected to cookies, allowing the social networking profile to be connected to browsing habits.

Systems do not generally make the user explicitly aware of the storing of a cookie. (Although some users object to that, it does not properly relate to Internet privacy. It does however have implications for computer privacy, and specifically for computer forensics.

The original developers of cookies intended that only the website that originally distributed cookies to users so they could retrieve them, therefore returning only data already possessed by the website. However, in practice programmers can circumvent this restriction. Possible consequences include:

Some users choose to disable cookies in their web browsers – as of 2000 a Pew survey estimated the proportion of users at 4%. Such an action eliminates the potential privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) offer the option to clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general, but preventing their abuse. There are also a host of wrapper applications that will redirect cookies and cache data to some other location.

The process of profiling (also known as "tracking") assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. Some organizations engage in the profiling of people's web browsing, collecting the URLs of sites visited. The resulting profiles can potentially link with information that personally identifies the individual who did the browsing.

Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of 'typical Internet users'. Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does.

Profiling becomes a more contentious privacy issue when data-matching associates the profile of an individual with personally-identifiable information of the individual.

Governments and organizations may set up honeypot websites – featuring controversial topics – with the purpose of attracting and tracking unwary people. This constitutes a potential danger for individuals.

Flash cookies

Flash cookies, also known as Local Shared Objects, work the same ways as normal cookies and are used by the Adobe Flash Player to store information at the user's computer. They exhibit a similar privacy risk as normal cookies, but are not as easily blocked, meaning that the option in most browsers to not accept cookies does not affect flash cookies. One way to view and control them is with browser extensions or add-ons.

Evercookies

An Evercookie is a JavaScript-based application which produces cookies in a web browser that actively "resist" deletion by redundantly copying themselves in different forms on the user's machine (e.g.: Flash Local Shared Objects, various HTML5 storage mechanisms, window.name caching, etc.), and resurrecting copies are missing or expired.

Photographs on the internet

Today many people have digital cameras and post their photos online. The people depicted in these photos might not want to have them appear on the Internet.

Some organizations attempt to respond to this privacy-related concern. For example, the 2005 Wikimania conference required that photographers have the prior permission of the people in their pictures. Some people wore a 'no photos' tag to indicate they would prefer not to have their photo taken.

The Harvard Law Review published a short piece called "In The Face of Danger: Facial Recognition and Privacy Law," much of it explaining how "privacy law, in its current form, is of no help to those unwillingly tagged." Any individual can be unwillingly tagged in a photo and displayed in a manner that might violate them personally in some way, and by the time Facebook gets to taking down the photo, many people will have already had the chance to view, share, or distribute it. Furthermore, traditional tort law does not protect people who are captured by a photograph in public because this is not counted as an invasion of privacy. The extensive Facebook privacy policy covers these concerns and much more. For example, the policy states that they reserve the right to disclose member information or share photos with companies, lawyers, courts, government entities, etc. if they feel it absolutely necessary. The policy also informs users that profile pictures are mainly to help friends connect to each other. However, these, as well as other pictures, can allow other people to invade a person’s privacy by finding out information that can be used to track and locate a certain individual. In an article featured in ABC news, it was stated that two teams of scientists found out that Hollywood stars could be giving up information about their private whereabouts very easily through pictures uploaded to the Internet. Moreover, it was found that pictures taken by iPhones automatically attach the latitude and longitude of the picture taken through metadata unless this function is manually disabled.

Search engines

Search engines have the ability to track a user’s searches. Personal information can be revealed through searches including search items used, the time of the search, and more. Search engines have claimed a necessity to retain such information in order to provide better services, protect against security pressure, and protect against fraud.

Data logging

Many programs and operating systems are set up to perform data logging of usage. This may include recording times when the computer is in use, or which web sites are visited. If a third party has sufficient access to the computer, legitimately or not, the user's privacy may be compromised. This could be avoided by disabling logging, or by clearing logs regularly.

Privacy within social networking sites

Prior to the social networking site explosion over the past decade, there were early forms of social network technologies that included online multiplayer games, blog sites, news groups, mailings lists and dating services. These all created a backbone for the new modern sites, and even from the start of these older versions privacy was an issue. In 1996, a young woman in New York City was on a first date with an online acquaintance and later sued for sexual harassment as they went back to her apartment after when everything became too real. This is just an early example of many more issues to come regarding internet privacy.

Social networking sites have become very popular within the last five years. With the creation of Facebook and the continued popularity of MySpace many people are giving their personal information out on the internet. These social networks keep track of all interactions used on their sites and save them for later use. Most users are not aware that they can modify the privacy settings and unless they modify them, their information is open to the public. On Facebook privacy settings can be accessed via the drop down menu under account in the top right corner. There users can change who can view their profile and what information can be displayed on their profile. In most cases profiles are open to either "all my network and friends" or "all of my friends." Also, information that shows on a user's profile such as birthday, religious views, and relationship status can be removed via the privacy settings. If a user is under 13 years old they are not able to make a Facebook or a MySpace account, however, this is not regulated.

Social networking has redefined the role of Internet privacy. Since users are willingly disclosing personal information online, the role of privacy and security is somewhat blurry. Sites such as Facebook, Myspace, and Twitter have grown popular by broadcasting status updates featuring personal information such as location. Facebook “Places,” in particular, is a Facebook service, which publicizes user location information to the networking community. Users are allowed to “check-in” at various locations including retail stores, convenience stores, and restaurants. Also, users are able to create their own “place,” disclosing personal information onto the Internet. This form of location tracking is automated and must be turned off manually. Various settings must be turned off and manipulated in order for the user to ensure privacy. According to epic.org, Facebook users are recommended to: (1) disable "Friends can check me in to Places," (2) customize "Places I Check In," (3) disable "People Here Now," and (4) uncheck "Places I've Visited.". Moreover, the Federal Trade Commission has received two complaints in regards to Facebook’s “unfair and deceptive” trade practices, which are used to target advertising sectors of the online community. “Places” tracks user location information and is used primarily for advertising purposes. Each location tracked allows third party advertisers to customize advertisements that suit one’s interests. Currently, the Federal Trade Commissioner along with the Electronic Privacy Information Center are shedding light on the issues of location data tracking on social networking sites.

Recently, Facebook has been scrutinized for having a variety of applications that are considered to be invasive to user privacy. “The Breakup Notifier” is an example of a Facebook “cyberstalking” app that has recently been taken down. Essentially, the application notifies users when a person breaks up with their partner through Facebook, allowing users to instantly become aware of their friend's romantic activities. The concept became very popular, with the site attracting 700,000 visits in the first 36 hours; people downloaded the app 40,000 times. Just days later, the app had more than 3.6 million downloads and 9,000 Facebook likes.

There are other applications that border on “cyberstalking.” An application named "Creepy" can track a person's location on a map using photos uploaded to Twitter or Flickr. When a person uploads photos to a social networking site, others are able to track their most recent location. Some smart phones are able to embed the longitude and latitude coordinates into the photo and automatically send this information to the application. Anybody using the application can search for a specific person and then find their immediate location. This poses many potential threats to users who share their information with a large group of followers.

Facebook recently updated its profile format allowing for people who are not “friends” of others to view personal information about other users, even when the profile is set to private. However, As of January 18, 2011 Facebook changed its decision to make home addresses and telephone numbers accessible to third party members, but it is still possible for third party members to have access to less exact personal information, like one’s hometown and employment, if the user has entered the information into Facebook . EPIC Executive Director Marc Rotenberg said "Facebook is trying to blur the line between public and private information. And the request for permission does not make clear to the user why the information is needed or how it will be used." Similar to Rotenberg’s claim that Facebook users are unclear of how or why their information has gone public, recently the Federal Trade Commission and Commerce Department have become involved. The Federal Trade Commission has recently released a report claiming that Internet companies and other industries will soon need to increase their protection for online users. Because online users often unknowingly opt in on making their information public, the FTC is urging Internet companies to make privacy notes simpler and easier for the public to understand, therefore increasing their option to opt out. Perhaps this new policy should also be implemented in the Facebook world. The Commerce Department claims that Americans, “have been ill-served by a patchwork of privacy laws that contain broad gaps,”. Because of these broad gaps, Americans are more susceptible to identity theft and having their online activity tracked by others.

Spokeo - Spokeo is a “people-related” search engine with results compiled through data aggregation. The site contains information such as age, relationship status, estimated personal wealth, immediate family members and home address of individual people. This information is compiled through what is already on the internet or in other public records, but the website does not guarantee accuracy.

Spokeo has been faced with potential class action law suits from people who claim that the organization breaches the Fair Credit Reporting Act. In September, 2010, Jennifer Purcell claimed that the FCRA was violated by Spokeo marketing her personal information. Her case is pending in court. Also in 2010, Thomas Robins claimed that his personal information on the website was inaccurate and he was unable to edit it for accuracy. The case was dismissed because Robins did not claim that the site directly caused him actual harm. On February 15, 2011, Robins filed another suit, this time stating Spokeo has caused him “imminent and ongoing” harm.

Twitter Case - In January 2011, the government recently obtained a court order to force the social networking site, Twitter, to reveal information applicable surrounding certain subscribers involved in the WikiLeaks cases. This outcome of this case is questionable because it deals with the user’s First Amendment rights. Twitter moved to reverse the court order, and supported the idea that internet users should be notified and given an opportunity to defend their constitutional rights in court before their rights are compromised.

Facebook Friends Study - A study was conducted at Northeastern University by Alan Mislove and his colleagues at the Max Planck Institute for Software Systems, where an algorithm was created to try and discover personal attributes of a Facebook user by looking at their friend’s list. They looked for information such as high school and college attended, major, hometown, graduation year and even what dorm a student may have lived in. The study revealed that only 5% of people thought to change their friend’s list to private. For other users, 58% displayed university attended, 42% revealed employers, 35% revealed interests and 19% gave viewers public access to where they were located. Due to the correlation of Facebook friends and universities they attend, it was easy to discover where a Facebook user was based on their list of friends. This fact is one that has become very useful to advertisers targeting their audiences but is also a big risk for the privacy of all those with Facebook accounts.

Law enforcement prowling the networks - The FBI has dedicated undercover agents on Facebook, Twitter, MySpace, LinkedIn. The rules and guidelines to the privacy issue is internal to the Justice Department and details aren't released to the public. Agents can impersonate a friend, a long lost relative, even a spouse and child. This raises real issues regarding privacy. Although people who use Facebook, Twitter, and other social networking sites are aware of some level of privacy will always be compromised, but, no one would ever suspect that the friend invitation might be from a federal agent whose sole purpose of the friend request was to snoop around. Furthermore, Facebook, Twitter, and MySpace have personal information and past posts logged for up to one year; even deleted profiles, and with a warrant, can hand over very personal information. One example of investigators using Facebook to nab a criminal is the case of Maxi Sopo. Charged with bank fraud, and having escaped to Mexico, he was nowhere to be found until he started posting on Facebook. Although his profile was private, his list of friends were not, and through this vector, they eventually caught him.

In recent years, some state and local law enforcement agencies have also begun to rely on social media websites as resources. Although obtaining records of information not shared publicly by or about site users often requires a subpoena, public pages on sites such as Facebook and MySpace offer access to personal information that can be valuable to law enforcement. Police departments have reported using social media websites to assist in investigations, locate and track suspects, and monitor gang activity.

Teachers and MySpace - Teachers’ privacy on MySpace has created controversy across the world. They are forewarned by The Ohio News Association that if they have a MySpace account, it should be deleted. Eschool News warns, “Teachers, watch what you post online.” The ONA also posted a memo advising teachers not to join these sites. Teachers can face consequences of license revocations, suspensions, and written reprimands.

The Chronicle of Higher Education wrote an article on April 27, 2007, entitled "A MySpace Photo Costs a Student a Teaching Certificate" about Stacy Snyder. She was a student of Millersville University of Pennsylvania who was denied her teaching degree because of an unprofessional photo posted on MySpace, which involved her drinking with a pirate's hat on and a caption of “Drunken Pirate". As a substitute, she was given an English degree.

Internet privacy and Blizzard Entertainment - On July 6, 2010, Blizzard Entertainment announced that it would display the real names tied to user accounts in its game forums. On July 9, 2010, CEO and cofounder of Blizzard Mike Morhaime announced a reversal of the decision to force posters' real names to appear on Blizzard's forums. The reversal was made in response to subscriber feedback.

Internet privacy and Google Maps - In Spring 2007, Google improved their Google Maps to include what is known as "Street View". This feature gives the user a 3-D, street level view with real photos of streets, buildings, and landmarks. In order to offer such a service, Google had to send trucks with cameras mounted on them and drive through every single street snapping photos. These photos were eventually stitched together to achieve a near seamless photorealistic map. However, the photos that were snapped included people caught in various acts, some of which includes a man urinating on the street, nude people seen through their windows, and apparently, a man trying to break into someone's apartment, etc; although some images are up to interpretation. This prompted a public outburst and sometime after, Google offered a "report inappropriate image" feature to their website.

Internet privacy and Facebook advertisements - The illegal activities on Facebook are very wild, especially “phishing attack” which is the most popular way of stealing other people’s passwords. The Facebook users are led to land on a page where they are asked for their login information, and their personal information is stolen in that way. According to the news from PC World Business Center which was published on April 22, 2010, we can know that a hacker named Kirllos illegally stole and sold 1.5 million Facebook IDs to some business companies who want to attract potential customers by using advertisements on the Facebook. Their illegal approach is that they used accounts which were bought from hackers to send advertisements to friends of users. When friends see the advertisements, they will have opinion about them, because “People will follow it because they believe it was a friend that told them to go to this link," said Randy Abrams, director of technical education with security vendor Eset.. There were 2.2232% of the population on Facebook that believed or followed the advertisements of their friends .Even though the percentage is small, the amount of overall users on Facebook is more than 400 million worldwide. The influence of advertisements on Facebook is so huge and obvious. According to the blog of Alan who just posted advertisement son the Facebook, he earned $300 over the 4 days. That means he can earn $3 for every $1 put into it . The huge profit attracts hackers to steal users’ login information on Facebook, and business people who want to buy accounts from hackers send advertisements to users’ friends on Facebook.

Internet service providers

Internet users obtain Internet access through an Internet service provider (ISP). All data transmitted to and from users must pass through the ISP. Thus, an ISP has the potential to observe users' activities on the Internet.

However, ISPs are usually prevented from participating in such activities due to legal, ethical, business, or technical reasons.

Despite these legal and ethical restrictions, some ISPs, such as British Telecom (BT), are planning to use deep packet inspection technology provided by companies such as Phorm in order to examine the contents of the pages that people visit. By doing so, they can build up a profile of a person's web surfing habits, which can then be sold on to advertisers in order to provide targeted advertising. BT's attempt at doing this will be marketed under the name 'Webwise'.

Normally ISPs do collect at least some information about the consumers using their services. From a privacy standpoint, ISPs would ideally collect only as much information as they require in order to provide Internet connectivity (IP address, billing information if applicable, etc).

Which information an ISP collects, what it does with that information, and whether it informs its consumers, pose significant privacy issues. Beyond the usage of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. In the US and other countries, such a request does not necessarily require a warrant.

An ISP cannot know the contents of properly-encrypted data passing between its consumers and the Internet. For encrypting web traffic, https has become the most popular and best-supported standard. Even if users encrypt the data, the ISP still knows the IP addresses of the sender and of the recipient. (However, see the IP addresses section for workarounds.)

An Anonymizer such as I2P – The Anonymous Network or Tor can be used for accessing web services without them knowing your IP address and without your ISP knowing what the services are that you access.

General concerns regarding Internet user privacy have become enough of a concern for a UN agency to issue a report on the dangers of identity fraud.

While signing up for internet services, each computer contains a unique IP, Internet Protocol address. This particular address will not give away private or personal information, however, a weak link could potentially reveal information from your ISP.

Legal threats

Use by government agencies of an array of technologies designed to track and gather Internet users' information are the topic of much debate between privacy advocates, civil libertarians and those who believe such measures are necessary for law enforcement to keep pace with rapidly changing communications technology.

Specific examples

Laws for Internet Privacy Protection

USA Patriot Act

The purpose of this act, enacted on October 26, 2001 by former President Bush, was to enhance law enforcement investigatory tools, investigate online activity, as well as to discourage terrorist acts both within the United States and around the world. This act reduced restrictions for law enforcement to search various methods and tools of communication such as telephone, e-mail, personal records including medical and financial, as well as reducing restrictions with obtaining of foreign intelligence.

Electronic Communications Privacy Act (ECPA)

This act makes it unlawful under certain conditions for an individual to reveal the information of electronic communication and contains a few exceptions. One clause allows the ISP to view private e-mail if the sender is suspected of attempting to damage the internet system or attempting to harm another user. Another clause allows the ISP to reveal information from a message if the sender or recipient allows to its disclosure. Finally, information containing personal information may also be revealed for a court order or law enforcement’s subpoena.

Employees and Employers Internet Regulations

When considering the rights between employees and employers regarding internet privacy and protection at a company, different states have their own laws. Connecticut and Delaware both have laws that state an employer must create a written notice or electronic message that provides understanding that they will regulate the internet traffic. By doing so, this relates to the employees that the employer will be searching and monitoring emails and internet usage. Delaware charges $100 for a violation where Connecticut charges $500 for the first violation and then $1000 for the second. When looking at public employees and employers, California and Colorado created laws that would also create legal ways in which employers controlled internet usage. The law stated that a public company or agency must create a prior message to the employees stating that accounts will be monitored. Without these laws, employers could access information through employees accounts and use them illegally. In most cases, the employer is allowed to see whatever he or she pleases because of these laws stated both publicly and privately.

Other potential Internet privacy risks

Specific cases

Jason Fortuny and Craigslist

In early September 2006, Jason Fortuny, a Seattle-area freelance graphic designer and network administrator, posed as a woman and posted an ad to Craigslist Seattle seeking a casual sexual encounter with men in that area. On September 4, he posted to the wiki website Encyclopædia Dramatica all 178 of the responses, complete with photographs and personal contact details, describing this as the Craigslist Experiment and encouraging others to further identify the respondents.

Although some online exposures of personal information have been seen as justified for exposing malfeasance, many commentators on the Fortuny case saw no such justification here. "The men who replied to Fortuny's posting did not appear to be doing anything illegal, so the outing has no social value other than to prove that someone could ruin lives online," said law professor Jonathan Zittrain, while Wired writer Ryan Singel described Fortuny as "sociopathic".

The Electronic Frontier Foundation indicated that it thought Fortuny might be liable under Washington state law, and that this would depend on whether the information he disclosed was of legitimate public concern. , the EFF's staff attorney, said "As far as I know, they (the respondents) are not public figures, so it would be challenging to show that this was something of public concern."

According to Fortuny, two people lost their jobs as a result of his Craigslist Experiment and another "has filed an invasion-of-privacy lawsuit against Fortuny in an Illinois court."

Fortuny did not enter an appearance in the Illinois suit, secure counsel, or answer the complaint after an early amendment. Mr. Fortuny had filed a motion to dismiss, but he filed it with the Circuit Court of Cook County, Illinois, and he did not file proof that he had served the plaintiff. As a result, the court entered a default judgment against Mr. Fortuny and ordered a damages hearing for January 7, 2009. After failing to show up at multiple hearings on damages, Fortuny was ordered to pay $74,252.56 for violation of the Copyright Act, compensation for Public Disclosure of Private Facts, Intrusion Upon Seclusion, attorneys fees and costs.

USA vs. Warshak

The case United States v. Warshak, decided December 14, 2010 by the Sixth Circuit Court of Appeals, maintained the idea that an ISP actually is allowed access to private e-mail. However, the government must get hold of a search warrant before obtaining such e-mail. This case dealt with the question of emails hosted on an isolated server. Due to the fact that e-mail is similar to other forms of communication such as telephone calls, e-mail requires the same amount of protection under the 4th amendment.

Search engine data and law enforcement

Data from major Internet companies, including Yahoo! and MSN (Microsoft), have already been subpoenaed by the United States and China. AOL even provided a chunk of its own search data online, allowing reporters to track the online behaviour of private individuals.

In 2006, a wireless hacker pled guilty when his Google searches were used as evidence against him. The defendant ran a Google search over the network using the following search terms: "how to broadcast interference over wifi 2.4 GHZ," "interference over wifi 2.4 Ghz," "wireless networks 2.4 interference," and "make device interfere wireless network." While court papers did not describe how the FBI obtained his searches (e.g. through a seized hard-drive or directly from the search-engine), Google has indicated that it can provide search terms to law enforcement if given an Internet address or Web cookie.

US v. Zeigler

In the United States many cases discuss whether a private employee (i.e., not a government employee) who stores incriminating evidence in workplace computers is protected by the Fourth Amendment's reasonable expectation of privacy standard in a criminal proceeding.

Most case law holds that employees do not have a reasonable expectation of privacy when it comes to their work related electronic communications. See, e.g. US v. Simons, 206 F.3d 392, 398 (4th Cir., Feb. 28, 2000).

However, one federal court held that employees can assert that the attorney-client privilege with respect to certain communications on company laptops. See Curto v. Medical World Comm., No. 03CV6327, 2006 U.S. Dist. LEXIS 29387 (E.D.N.Y. May 15, 2006).

Another recent federal case discussed this topic. On January 30, 2007, the Ninth Circuit court in US v. Ziegler, reversed its earlier August 2006 decision upon a petition for rehearing. In contrast to the earlier decision, the Court acknowledged that an employee has a right to privacy in his workplace computer. However, the Court also found that an employer can consent to any illegal searches and seizures. See US v. Ziegler, ___F.3d 1077 (9th Cir. Jan. 30, 2007, No. 05-30177). [1] Cf. US v. Ziegler, 456 F.3d 1138 (9th Cir. 2006).

In Ziegler, an employee had accessed child pornography websites from his workplace. His employer noticed his activities, made copies of the hard drive, and gave the FBI the employee's computer. At his criminal trial, Ziegler filed a motion to suppress the evidence because he argued that the government violated his Fourth Amendment rights.

The Ninth Circuit allowed the lower court to admit the child pornography as evidence. After reviewing relevant Supreme Court opinions on a reasonable expectation of privacy, the Court acknowledged that Ziegler had a reasonable expectation of privacy at his office and on his computer. That Court also found that his employer could consent to a government search of the computer and that, therefore, the search did not violate Ziegler's Fourth Amendment rights.

State v. Reid

The New Jersey Supreme Court has also issued an opinion on the privacy rights of computer users, holding in State v. Reid that computer users have a reasonable expectation of privacy concerning the personal information they give to their ISPs.

In that case, Shirley Reid was indicted for computer theft for changing her employer's password and shipping address on its online account with a supplier. The police discovered her identity after serving the ISP, Comcast, with a municipal subpoena not tied to any judicial proceeding.

The lower court suppressed the information from Comcast that linked Reid with the crime on grounds that the disclosure violated Reid's constitutional right to be protected from unreasonable search and seizure. The appellate court affirmed, as did the New Jersey Supreme Court, which ruled that ISP subscriber records can only be disclosed to law enforcement upon the issuance of a grand jury subpoena. As a result, New Jersey offers greater privacy rights to computer users than most federal courts. This case also serves as an illustration of how case law on privacy regarding workplace computers is still evolving.

Robbins v. Lower Merion School District

In Robbins v. Lower Merion School District (U.S. Eastern District of Pennsylvania 2010), the federal trial court issued an injunction against the school district after plaintiffs charged two suburban Philadelphia high schools violated the privacy of students and others when they secretly spied on students by surreptitiously and remotely activating webcams embedded in school-issued laptops the students were using at home. The schools admitted to secretly snapping over 66,000 webshots and screenshots, including webcam shots of students in their bedrooms.

References

External links

Retrieved from : http://en.wikipedia.org/wiki/Internet_privacy

News Contents

2011-03-29

Electronic privacy