Southwestern Association of Law Librarians – 44th Annual Meeting
Privacy and the Internet: Protecting Yourself Online

Legal Concept of Privacy
The law of privacy can be traced as far back as 1361, when the Justices of the Peace Act in England provided for the arrest of peeping toms and eavesdroppers.
James Michael, Privacy and Human Rights, UNESCO 1994 p.15.

International Privacy Rights
The 1948 Universal Declaration of Human Rights provides in Article 12:
No-one should be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks on his honour or reputation. Everyone has the right to the protection of the law against such interferences or attacks
1948 Universal Declaration of Human Rights, Article 12 http://www.hrweb.org/legal/udhr.html

Constitutional Basis for Privacy
Nowhere does the text of the United States Constitution contain the word "privacy."  The Supreme Court has found the concept of "privacy" to be protected by a number of the Amendments.
Thus, privacy is known as a "penumbra right."
Schmerber v. California, 384 U.S. 757, 779, 86 S. Ct. 1826, 16 L.Ed.2d 908 (1966).

Constitutional Commentary
“[s]pecific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that help give them life and substance.”
Justice Douglas, Griswold v. Connecticut, 381 U.S. 484 (1965).
"[t]he ‘liberty’ protected by the Fifth and Fourteenth Amendments from infringement by the Federal Government or the States is not restricted to rights specifically mentioned in the first eight amendments.”
Justice Goldberg, Griswold v. Connecticut, 381 U.S. 493 (1965).
"The right to be left alone - the most comprehensive of rights, and the right most valued by a free people."
Justice Brandeis, Olmstead v. U.S. (1928).

We Are Watched at Work
One-Third of U.S. Online Workforce Under Internet/E-Mail Surveillance
Sunday, July 1, 2001
Fourteen million employees — just over one-third of the online workforce in the United States — have their Internet or e-mail use under continuous surveillance at work, according to an analysis conducted by the Privacy Foundation in Denver. Worldwide, the number of employees under such surveillance is estimated at 27 million.
www.privacyfoundation.org

What Do We Do Online
Research of all types
Lexis
Westlaw
Lois Law
Individual Searches
Craig Ball Research Links

We Are Watched Online
Comcast Backs Down from Web Tracking
Wednesday, February 13, 2002
Comcast Corp., which yesterday acknowledged that it had begun tracking the Web browsing activities of its one million high-speed Internet subscribers without notifying them, announced today that it will no longer be engaging in this practice.

We Are Watched Online
Netscape Navigator Browser Snoops on Web Searches
Washington D.C. March 7, 2002
Anytime a Navigator 6 user performs a search by typing terms into the browser’s URL bar and pressing the Search button. . . the user data is sent to a server at info.netscape.com using a URL forwarding system.
[In contrast] using Microsoft Explorer 6  data is sent directly to the designated search site and is not intercepted by Microsoft.
www.newsbytes.com

We Are Watched Online
DoubleClick Nearing Privacy Settlements
Monday, April 1, 2002
The preliminary settlement, set to be finalized May 21, would clear up class-action lawsuits from California, Texas and New York that were consolidated last year. The suits charged that DoubleClick violated state and federal laws by surreptitiously tracking and collecting consumers' personally identifiable data and combining it with information on their Web surfing habits.
http://settlement.doubleclick.net/settlement
In re DOUBLECLICK INC. PRIVACY LITIGATION Master File No. 00-CIV-0641 (NRB)

We Are Watched on the Street
Metropolitan Police Department Draft General Order on Closed Circuit Surveillance Cameras
April 4, 2002
The Washington D.C. Police Department has utilized strategic placement of closed-circuit television cameras (CCTV) in the District of Columbia. Past U.S. Supreme Court and lower court decisions strongly suggest that this type of police monitoring is a valid exercise of a government's police powers. Under current interpretations of the First and Fourth Amendment, CCTV appears to represent a valid use of the state's power to protect its citizens. It does not intrude upon an individual's sphere of privacy, but rather records events occurring in public space for which individuals do not have a reasonable expectation of privacy.

Government Purchasing Private Personal Information
April 13, 2001
The Wall Street Journal reported that executive branch agencies were purchasing "troves of personal data from the private sector." The article quoted government sources for the proposition that DOJ, FBI, USMS, INS, and IRS employees had electronic access to citizens' assets, phone numbers, driving records, and other personal information from their desktop computers. The article reported that ChoicePoint, a publicly-held company, and its competitors were supplying citizens' personal information to at least thirty-five federal government agencies.
Glenn R. Simpson, Big Brother-in-Law, If the FBI Hopes to Get the Goods on You, It May Ask ChoicePoint, Wall St. J., April 13, 2001 at A1.

FBI and Carnivore
How Carnivore works:
The FBI has a reasonable suspicion that someone is engaged in criminal activities and requests a court order to view the suspect's online activity.
A court grants the request for a full content-wiretap of e-mail traffic only and issues an order. A "content-wiretap" means that everything in the packet can be captured and used. The other type of wiretap is a trap-and-trace, which means that the FBI can only capture the destination information, such as the e-mail account of a message being sent out or the Web-site address that the suspect is visiting. A reverse form of trap-and-trace, called pen-register, tracks where e-mail to the suspect is coming from or where visits to a suspect's Web site originate.
The FBI contacts the suspect's ISP and requests a copy of the back-up files of the suspect's activity.
The FBI sets up a Carnivore computer at the ISP to monitor the suspect's activity.
The FBI configures the Carnivore software with the IP Address of the suspect so that Carnivore will only capture packets from this particular location. It ignores all other packets.
Carnivore copies all of the packets from the suspect's system without impeding the flow of the network traffic.
Once the copies are made, they go through a filter that only keeps the e-mail packets.
The surveillance cannot continue for more than a month without an extension from the court.
Once complete, the FBI removes the system from the ISP.
If the results provide enough evidence, the FBI can use them as part of a case against the suspect.

We Are Watched by the Government
Study Urged for National ID System
Friday, April 12, 2002
WASHINGTON - While a national identity card has been widely discussed following the terrorist attacks, a panel of the National Academy of Sciences says any such system must carefully balance security needs with privacy concerns.
A well-run national system would make it more difficult for a person to have multiple identities and would help in finding people such as potential terrorists, the committee concluded. But serious questions must be addressed about how to protect privacy, who would use the system, whether participation would be mandatory, the type of information to be collected and how to deal with any failure or misuse of the system.

Executive Order: Office of Homeland Security
(b)  Detection.  The Office shall identify priorities and coordinate efforts for collection and analysis of information within the United States regarding threats of terrorism against the United States and activities of terrorists or terrorist groups within the United States.
(i)  In performing these functions, the Office shall work with Federal, State, and local agencies, as appropriate, to:
              (A)  facilitate collection from State and local governments and private entities of information pertaining to terrorist threats or activities within the United States.
Executive Order 13228, October 8, 2001

USA Patriot Act
Amends the Federal criminal code to authorize the interception of wire, oral, and electronic communications for the production of evidence of: (1) specified chemical weapons or terrorism offenses; and (2) computer fraud and abuse.
Authorizes an investigative or law enforcement officer, or an attorney for the Government, who, by authorized means, has obtained knowledge of the contents of any wire, oral, or electronic communication or evidence derived therefrom to disclose such contents. . . to the extent that such contents include foreign intelligence or counterintelligence.
Permits the seizure of voice-mail messages under a warrant.
Expands the scope of subpoenas for records of electronic communications to include the length and types of service utilized, temporarily assigned network addresses, and the means and source of payment
Enacted 10/30/2001

USA Patriot Act
Permits electronic communication and remote computing service providers to make emergency disclosures to a governmental entity of customer electronic communications to protect life and limb.
Makes it lawful to intercept the wire or electronic communication of a computer trespasser in certain circumstances.
Amends FISA to require an application for an electronic surveillance order or search warrant to certify that a significant purpose (currently, the sole or main purpose) of the surveillance is to obtain foreign intelligence information.
Amends the Right to Financial Privacy Act to permit the transfer of financial records to other agencies or departments upon certification that the records are relevant to intelligence or counterintelligence activities related to international terrorism.

USA Patriot Act
Amends the Fair Credit Reporting Act to require a consumer reporting agency to furnish all information in a consumer's file to a government agency upon certification that the records are relevant to intelligence or counterintelligence activities related to international terrorism.
Allows the FBI to request telephone toll and transactional records, financial records, and consumer reports in any investigation to protect against international terrorism or clandestine intelligence activities only if the investigation is not conducted solely on the basis of activities protected by the first amendment to the U.S. Constitution.
Amends the General Education Provisions Act and the National Education Statistics Act of 1994 to provide for disclosure of educational records to the Attorney General in a terrorism investigation or prosecution.

Library Privacy Policy – Subject to USA Patriot Act?
We may disclose information about you if we have a good-faith belief that we are required to do so by law or legal process, to respond to claims, or to protect the rights, property or safety of GigaLaw.com or others.
Your personal information included with these records is used to contact you for [___] Library-related business only and is not made available to any other entity outside the Library except as required by law.
FindLaw will not willfully disclose any individually identifiable information about its users to any third party without first receiving that user's permission. FindLaw may disclose personal information when we believe in good faith that the law requires it or to protect the rights or property of FindLaw.

Online Protection Tools
Browsing Vulnerabilities
www.anonymizer.com/snoop.cgi
www.privacy.net/analyze
Encryption Check
 https://www.fortify.net/sslcheck.html
Firewall Protection
www.iss.net
www.mcafee.com
Sniffer Protection
http://www.spycop.com

Online Communication Tools
Surfing Anonymously
www.anonymizer.com
www-new.the-cloak.com/anonymous-surfing-home.html
www.rewebber.de
Secure E-mail Services
www.safemessage.com
www.hushmail.com
www.ensuredmail.com

Data and File Protection
Browser Filters and Controls
http://internet.junkbuster.com
http://www.flaaten.dk/prox
Deleting Hard Drive Data
www.tolvanen.com/eraser
www.webroot.com/washer12.htm

PDA Protection Issues
PDA Saver (www.kensington.com) Cable lock.
The Bond (www.force.com) Lanyard cable.
Sword (www.palmix.itil.com) Password cracker.
CrypBox (www.portableprojects.com) Data encryption.
OnlyMe (www.tranzoa.com) Password lock.
TealLock (www.tealpoint.com/softlock.htm) Advanced password features and data protection.
PDA Secure (www.goldsecure.com) Advanced password protections.
movianVPN (http://www.certicom.com) Wireless access protection.
SmartGate (www.v-one.com) Remote access protection.
Sign-On (www.cic.com) Biometric signature access.
PDADefense (www.pdadefense.com)  Data security.
Antivirus for Palm (www.symantec.com) Virus protection.
Backupbuddy (www.bluenomad.com) Data backup software.

Remember…
Surf Safe… Surf Smart!
Mitchel L. Winick
Assistant Dean for External Affairs
Texas Tech University School of Law
mwinick@airmail.net
214-769-5432