Privacy Legislation

This section 1) explores federal privacy legislation related to internet technology, 2) notes the accompanying potential for unintended consequences, and 3) calls for Educator participation in the debate over and development of such legislation.

Introduction

“The right to be left alone is indeed the beginning of all freedom.”

Supreme Court Justice William O. Douglas (Liberty-Tree.ca, 2005)

While the U. S. Constitution’s Bill of Rights does not explicitly enumerate such a a privacy right or protection, privacy is “one of the most cherished personal liberties enjoyed by Americans.” (Facts.Com, 2005, para. 1). The rapidly evolving and powerful data collection capability of the Internet has sparked great concern about online privacy. In a nationwide ABC News/Washington Post Poll conducted in March 2005, 57% of the 1001 adults polled (all adults, not just internet users) responded “a lot” or “some” to the question “How much do you worry that computers and technology are being used to invade your privacy?” (ABC News/Washington Post Poll, 2005). Not surprisingly, congress Congress has introduced and enacted legislation that either directly or indirectly affects directly or indirectly affects Internet privacy. Some of this legislation is intended to protect personal privacy; some authorizes government surveillance in various forms and is considered by many to be a privacy threat to privacy.

Privacy Legislation

Current Protection

The Legal Information Institute (LII) of the Cornell University Law School states “The right of privacy has evolved to protect the ability of individuals to determine what sort of information about themselves is collected, and how that information is used.” (LII, 2005). Five important pieces of legislation governing electronic access to personal information are noted:

• Privacy Mission of the Federal Trade Commission (FTC) - provides for FTC enforcement of privacy promises made in the market place
• Privacy Act of 1974 - prevents the federal government from unauthorized disclosure of personal information that it holds.
• Gramm-Leach-Bliley Act - guidelines for the protection of personal financial information
• Children’s Online Privacy Protection Act – allows parental control of information about their children (younger than 13) collected online.
• Fair Credit Reporting Act – limits access to financial information collected by credit reporting agencies and the fraudulent collection of financial information.

In a 1998 report to congress, The FTC identified four “Fair Information Practice Principles” (FTC, 1998):

• Notice – consumers should be made aware of information practices before any information is collected.
• Choice – consumers should be able to opt-out (the consumer tells) if they choose or choose not to opt-in ( the consumer is asked) before personal information is used beyond the purpose of the immediate transaction.
• Access – consumers should have the ability to review and correct data about them.
• Security – reasonable measures must be taken to ensure collected data is accurate and guarded from unauthorized access, corruption, use, or disclosure.

Importantly, the laws and regulations mentioned above govern only Internet commerce, “Other participants in the marketplace are not bound by law to develop similar protections and disclosure practices.” (LII, 2005).

Laws That Invade Threaten Privacy

Strangely, the government charged with promulgating privacy laws may be the larger threat to Internet privacy. Often in the pursuit of security or law enforcement, “Much legislation plays a significant role in undermining privacy.” (Harper, 2004, p.1). Here are three important examples of federal legislation with provisions that erode Internet privacy:

• Patriot Act – makes it easier to copy files from your computer without your knowledge through a court “sneak and peak” search warrant and allows the FBI access to the records of internet service providers and libraries with internet services without any judicial review (American Civil Liberties Union [ACLU], Taking Liberties With Our Freedom, 2005).
• Homeland Security Act – provides avenues for monitoring Internet communications without subpoenas or court oversight. In addition, hardware and software manufacturers, ISPs, and telecommunications companies could avoid publicizing and taking responsibility for security flaws in their products and services. Under the Homeland Security Act, once reported to the federal government as being “too big of a risk to let anyone know”, such problems can be declared “Critical Infrastructure Information” and kept secret. (Weinstein, 2002)
• Real ID Act – creates a central government depository of personal information and biometric data. The ACLU argues “The resulting network will be a rich target for hackers and identity thieves.” and “Thousands of government workers … will have access to this personal information.” (ACLU, Give your Members of Congress Feedback On Key Privacy Vote, 2005)

Proposed Law Legislation

Neither the House nor the Senate suffers from a shortage of privacy bills. As of May 16, 2005, the 109’th Congress was is considering15 house and 12 senate bills related to internet privacy and or identity theft (Smith , M., 2005). Here is a s sample of the proposed legislation:

• Online Privacy Protection Act, H.R. 84: Requires the FTC to extend privacy regulations for those not covered by COPPA.
• Consumer Privacy Protection Act, H.R. 1263 : Provisions related to identity theft, data collection, and a study of the effect of international privacy laws on U.S. foreign and domestic commerce.
• Security and Freedom Ensured Act (SAFE), H.R.1526 & S. 737: Makes section 216 of the Patriot Act subject to the sunset date.
• SPY Act, H.R. 29: Spyware regulation Regulates spyware and makes phishing illegal.
• Information Protection and Security Act, H.R. 1080 & S. 500: Regulates the conduct of information brokers and the personally identifiable information (PII) held by them.
• Privacy Act of 2005, S. 116 : Requires consent of an individual prior to the sale or marketing of PII.
• Comprehensive Identity Theft Prevention Act, S. 768 : Includes provisions for protecting SSNs, assistance for the victims of identity theft, coordination international action against identity theft, notification of information breaches, and establishment of an Office of Identity Theft within the FTC.

As with most bills few, if any of these will become law. Web Sites with information about the status of these and other Internet privacy bills are listed in the “Learn More” Links section.

Unintended Consequences

Protection or Restriction?

Internet privacy protection laws seem to be a rational prescription for the abuse of personal information on the Internet. However, some argue that however well intentioned, the actual result , though well intended, is ineffective regulation that stifles innovation, economic growth, and customer satisfaction. A Progressive Policy Institute white paper, Online Privacy and a Free Internet: Striking a Balance, Hamm & Atkinson (2001) state, s “any online privacy legislation should balance the need to protect consumer privacy with the need to encourage the growth of a free and freely available Internet…” ( Hamm & Atkinson, 2001, p.1). The ability to collect information and profile consumers allows marketers to operate more efficiently and, therefore, provide free content. “If overly strict online privacy legislation cuts into marketing revenues, the Internet as it currently exists -- a vast repository of free and easily accessible information -- may cease to exist.” ( Hamm & Atkinson, 2001, p.1).

While f Free content does not entitle Web companies to all they personal information they can vacuum from the Internet grab, snatch, or sneak . , The point here is that legislat ors ion should be developed without tunnel vision bear in mind that marketers invest in as well as exploit the internet. The terms “Internet” and “Web” emphasize connectedness. Tug Disturb on one corner of a the web with restrictive legislation and vibrations radiate throughout the entire structure. The best outcome will be is achieved when if personal privacy is can be preserved without sacrificing digital freedom and vice versa.

Educator Involvement

A May 2000 survey by the Annenberg Public Policy Center reported that 74% of parents were concerned about their children giving out personal information about themselves when visiting Web sites or chat rooms. (Turow & Nir, 2000) The internet is used i n s schools for instruction, research, and for the administration of student records. These activities , like any activity on the Internet, could be vulnerable to commercial data collection . Any educator who works with both children and the Internet has a stake in relevant privacy legislation. Here are a few examples of how educators can be involved:

• Understand and use COPPA to keep commerce from intruding on education (at least for those students under 13).
• Educate students about Internet privacy practices and pitfalls.
• Educate students about their Internet privacy rights under the law.
• Support Internet privacy legislation beneficial to education.
• Oppose legislation that erodes student and educator privacy.

Conclusion

As the Internet has grown, so have digital privacy concerns. Within the limited domain of commerce, Federal laws and regulations offer some degree have developed to provide some degree of Internet privacy protection. However, other Federal laws allow, or even direct, the same government to actions that invade Internet user’s privacy. Legislation should carefully balance laws and regulations intended to guard privacy with the benefits advantages of digital freedom. Finally, educators will benefit from an awareness of Internet privacy legislation, should teach their students about privacy issues, and should are encouraged to support beneficial legislation.