Introduction

Privacy is a concern in most areas of life, and the protection of privacy on the Internet is a matter of increasing concern to many people. The varieties of interaction that many of us (among professional people in the U.S., almost 100% of us) have with sites on the Internet; the ease with which others can observe, record, and integrate these interactions and draw inferences from them; and the ease with which others can intrude into "our space," for example, by placing cookies and other files on our computers--all of these facts should make every one of us cautious at least, and alarmed, at worst.

Privacy on the Internet

All of us have a general understanding of what we mean by privacy, but the matter is more complex than a casual glance suggests. Here is how Lawrence Lessig, a lawyer and a keen student of the Internet, distinguishes various aspects of privacy on the Internet:

[The Internet] has already upset a traditional balance. It has already changed the control that individuals have over facts about their private lives. . . .

There is a part of anyone's life that is monitored, and there is a part that can be searched. The monitored is that part of one's daily existence that others see or notice and that others can respond to, if response is appropriate. As I walk down the street, my behavior is monitored. . . .

The searchable is the part of your life that leaves, or is, a record. Scribblings in your diary leave a record of your thoughts. Stuff in your house is a record of what you possess. The recordings on your telephone answering machine are a record of who called and what they said. These parts of your life are not so ephemeral. They instead remain to be reviewed--if technology and the law permit.

Privacy . . . is the power to control what others can come to know about you. People gain knowledge about you in only two ways--through monitoring or searching (or by reports relying on the results of monitoring and searching). One can do little about gossip, and the law can do little about reporting. So to understand the real privacy that you have, we must understand something about these two ideas of monitoring and searching. What are the constraints in real life on others' ability to monitor and search, and how do those constraints change as we move to cyberspace? (Endnote 1)

Lessig continues by distinguishing three conceptions of privacy:

The first conception, . . . the utility conception, seeks to minimize intrusion. We want to be left alone, not interfered with, not troubled. And so we want a protection that minimizes the extent to which tranquillity is disturbed. Sometimes the state will have reason to search us or to interfere with our peace. But we want this interference kept at a minimum. . . .

The second conception tracks dignity. Even if a search does not bother you at all, or even if you do not notice the search, this conception of privacy holds that the very idea of a search of your possessions is an offense to your dignity. From this perspective, if the state wants to search your house, it had better have a good reason. Its search harms your dignity whether it interferes with your life or not.

These two conceptions of privacy, however, are distinct from a third, which is about neither preserving dignity nor minimizing intrusion but instead is substantive--privacy as a way to constrain the power of the state to regulate. [It has been argued] that the real purpose of the Fourth and Fifth Amendments is to make some types of regulation too difficult to effect by making the evidence needed to prosecute violations unavailable.

This is a hard idea for us to imagine, for in our world the sources of evidence are many--credit card records, telephone records, video cameras at 7-Elevens, and so on. But put yourself back two hundred years, when the only real evidence was testimony and things. Imagine that in that time the state wanted to punish you for "sedition." The only good evidence of sedition would be your writings or your own testimony about your thoughts. If those two sources were eliminated, then it would be practically impossible to prosecute sedition successfully. . . .

[T]his is just what the Fourth and Fifth Amendments do. Combined, they make collecting the evidence for a crime like sedition impossible, thereby making a crime like sedition impossible. . . .

On this conception, privacy is a substantive limit on government's power. As a restriction on the power of government to enforce certain laws, it provides a substantive limit on the kinds of regulation that government can effectively impose. Understood this way, privacy does more than protect dignity or limit intrusion; privacy limits what government can do. (Endnote 2)

Although Lessig is especially concerned with privacy as a protection against government--and that is certainly an important part of privacy!--, today most of us are, or should be, concerned at least as much about privacy as a protection against other individuals and against corporate and other institutions in our society.

As I noted earlier, the Internet presents us with threats to our privacy because of our interactions with it. We visit sites, make purchases, send email messages, and view Webpages on a variety of subjects--including possibly some Webpages that we would prefer our friends and family members to be unaware of our visiting. These interactions are recorded at least transiently (for example, a browser server has to store your IP address long enough to know where to send its response to an inquiry from your browser), and some sites make a point of recording interactions.

An example of the recording of your interactions with a Website is what Amazon.com does. Note: I am using Amazon as an example because many of us interact with it from time to time (Endnote 3) so that what it does is likely to be familiar to you. I am also using Amazon because some of what it does with the information it gleans from our interactions with it is to offer us services, and that helps to explain why many of us see it as a well run business offering good customer service.

Amazon places a cookie on your computer to identify you to it; it keeps a record of what books you purchase from it; and when your browser contacts an Amazon server, the server responds by, inter alia, offering suggestions of new books that it thinks you might be interested in, on the basis of your previous purchases. Amazon also uses its information about you to offer you its "1-click" purchase process (a process on which it has filed for a patent, though its patent application is currently being contested by competitors). Furthermore, Amazon uses its information about you for the purposes of marketing its various non-book businesses to you, and it shares certain information about you with companies with which it is affiliated.

To Amazon's credit, it is quite frank about what it does; and it sets a good example by offering, as part of its Website, a Privacy Notice. I strongly recommend that you read this notice to gain a fuller understanding of what Amazon does and claims the right to do (unless you take the initiative to object in advance to certain possible actions), for what Amazon does is quite typical of how Internet commerce makes use of information about us Web users. Amazon posted this privacy notice early in 2000, and many people became quite upset upon reading it and thus realizing what uses can be made of information about them. But I repeat, I am using Amazon here as an example because it is well known and because it has, laudably, made its privacy policies explicit. What Amazon does is merely a typical set of uses of information about customers, and these uses are by no means the most egregious uses that Internet companies make of such information.

The Platform for Privacy Preferences (P3P) Project

In response to widespread concerns about privacy and the Internet, the World-Wide Web Consortium (W3C) has recently established a project called the Platform for Privacy Preferences (P3P). The W3C intends this project to be an emerging

industry standard providing a simple, automated way for users to gain more control over the use of personal information on Web sites they visit. At its most basic level, P3P is a standardized set of multiple-choice questions, covering all the major aspects of a Web site's privacy policies. Taken together, they present a clear snapshot of how a site handles personal information about its users. P3P-enabled Web sites make this information available in a standard, machine-readable format. P3P-enabled browsers can "read" this snapshot automatically and compare it to the consumer's own set of privacy preferences. P3P enhances user control by putting privacy policies where users can find them, in a form users can understand, and, most importantly, enables users to act on what they see. (Endnote 4)

You should note that P3P is a project that is seeking voluntary cooperation from Internet businesses and institutions. We can all hope that the project will enjoy considerable success. I strongly recommend that you read the P3P and Privacy on the Web FAQ to gain a more detailed understanding of what the project aims to accomplish and what it sees as some of the threats to privacy that it is trying to counter.

Endnote

1. Lessig, Lawrence. Code and Other Laws of Cyberspace. New York, NY: Basic Books; 1999. ISBN:0-465-03913-8. Pp. 142-144.

2. Lessig, op. cit., pp. 146-149.

3. I am speaking for myself here, for I have bought books from Amazon.com and have engaged in numerous other financial transactions over the Internet. However, I find myself somewhat worried by the fact that Prof. Philip Doty, a specialist in information policy, refuses to make purchases over the Internet because of his concern over his privacy. His example leads me from time to time to ask myself, "Am I too trustful about doing transactions over the Internet?". I hasten to add that I am not singling Amazon out for special concern in this respect; it is the whole Internet of which I am mildly, and Prof. Doty strongly, distrustful.