Southwestern Association of Law Librarians – 44^th Annual Meeting

Privacy and the Internet: Protecting Yourself Online

Legal Concept of Privacy

The law of privacy can be traced as far back as 1361, when the Justices of the Peace Act in England provided for the arrest of peeping toms and eavesdroppers.

James Michael, Privacy and Human Rights, UNESCO 1994 p.15.

International Privacy Rights

The 1948 Universal Declaration of Human Rights provides in Article 12:

No-one should be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks on his honour or reputation. Everyone has the right to the protection of the law against such interferences or attacks

1948 Universal Declaration of Human Rights, Article 12 http://www.hrweb.org/legal/udhr.html

Constitutional Basis for Privacy

Nowhere does the text of the United States Constitution contain the word "privacy." The Supreme Court has found the concept of "privacy" to be protected by a number of the Amendments.

Thus, privacy is known as a "penumbra right."

Schmerber v. California, 384 U.S. 757, 779, 86 S. Ct. 1826, 16 L.Ed.2d 908 (1966).

Constitutional Commentary

“[s]pecific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that help give them life and substance.”

Justice Douglas, Griswold v. Connecticut, 381 U.S. 484 (1965).

"[t]he ‘liberty’ protected by the Fifth and Fourteenth Amendments from infringement by the Federal Government or the States is not restricted to rights specifically mentioned in the first eight amendments.”

Justice Goldberg, Griswold v. Connecticut, 381 U.S. 493 (1965).

"The right to be left alone - the most comprehensive of rights, and the right most valued by a free people."

Justice Brandeis, Olmstead v. U.S. (1928).

We Are Watched at Work

One-Third of U.S. Online Workforce Under Internet/E-Mail Surveillance

Sunday, July 1, 2001

Fourteen million employees — just over one-third of the online workforce in the United States — have their Internet or e-mail use under continuous surveillance at work, according to an analysis conducted by the Privacy Foundation in Denver. Worldwide, the number of employees under such surveillance is estimated at 27 million.
www.privacyfoundation.org

What Do We Do Online

Research of all types

Lexis

Westlaw

Lois Law

Individual Searches

Craig Ball Research Links

We Are Watched Online

Comcast Backs Down from Web Tracking

Wednesday, February 13, 2002

Comcast Corp., which yesterday acknowledged that it had begun tracking the Web browsing activities of its one million high-speed Internet subscribers without notifying them, announced today that it will no longer be engaging in this practice.

We Are Watched Online

Netscape Navigator Browser Snoops on Web Searches

Washington D.C. March 7, 2002

Anytime a Navigator 6 user performs a search by typing terms into the browser’s URL bar and pressing the Search button. . . the user data is sent to a server at info.netscape.com using a URL forwarding system.

[In contrast] using Microsoft Explorer 6 data is sent directly to the designated search site and is not intercepted by Microsoft.

www.newsbytes.com

We Are Watched Online

DoubleClick Nearing Privacy Settlements
Monday, April 1, 2002

The preliminary settlement, set to be finalized May 21, would clear up class-action lawsuits from California, Texas and New York that were consolidated last year. The suits charged that DoubleClick violated state and federal laws by surreptitiously tracking and collecting consumers' personally identifiable data and combining it with information on their Web surfing habits.

http://settlement.doubleclick.net/settlement

In re DOUBLECLICK INC. PRIVACY LITIGATION Master File No. 00-CIV-0641 (NRB)

We Are Watched on the Street

Metropolitan Police Department Draft General Order on Closed Circuit Surveillance Cameras

April 4, 2002

The Washington D.C. Police Department has utilized strategic placement of closed-circuit television cameras (CCTV) in the District of Columbia. Past U.S. Supreme Court and lower court decisions strongly suggest that this type of police monitoring is a valid exercise of a government's police powers. Under current interpretations of the First and Fourth Amendment, CCTV appears to represent a valid use of the state's power to protect its citizens. It does not intrude upon an individual's sphere of privacy, but rather records events occurring in public space for which individuals do not have a reasonable expectation of privacy.

Government Purchasing Private Personal Information

April 13, 2001

The Wall Street Journal reported that executive branch agencies were purchasing "troves of personal data from the private sector." The article quoted government sources for the proposition that DOJ, FBI, USMS, INS, and IRS employees had electronic access to citizens' assets, phone numbers, driving records, and other personal information from their desktop computers. The article reported that ChoicePoint, a publicly-held company, and its competitors were supplying citizens' personal information to at least thirty-five federal government agencies.

Glenn R. Simpson, Big Brother-in-Law, If the FBI Hopes to Get the Goods on You, It May Ask ChoicePoint, Wall St. J., April 13, 2001 at A1.

FBI and Carnivore

How Carnivore works:

The FBI has a reasonable suspicion that someone is engaged in criminal activities and requests a court order to view the suspect's online activity.

A court grants the request for a full content-wiretap of e-mail traffic only and issues an order. A "content-wiretap" means that everything in the packet can be captured and used. The other type of wiretap is a trap-and-trace, which means that the FBI can only capture the destination information, such as the e-mail account of a message being sent out or the Web-site address that the suspect is visiting. A reverse form of trap-and-trace, called pen-register, tracks where e-mail to the suspect is coming from or where visits to a suspect's Web site originate.

The FBI contacts the suspect's ISP and requests a copy of the back-up files of the suspect's activity.

The FBI sets up a Carnivore computer at the ISP to monitor the suspect's activity.

The FBI configures the Carnivore software with the IP Address of the suspect so that Carnivore will only capture packets from this particular location. It ignores all other packets.

Carnivore copies all of the packets from the suspect's system without impeding the flow of the network traffic.

Once the copies are made, they go through a filter that only keeps the e-mail packets.

The surveillance cannot continue for more than a month without an extension from the court.

Once complete, the FBI removes the system from the ISP.

If the results provide enough evidence, the FBI can use them as part of a case against the suspect.

We Are Watched by the Government

Study Urged for National ID System
Friday, April 12, 2002

WASHINGTON - While a national identity card has been widely discussed following the terrorist attacks, a panel of the National Academy of Sciences says any such system must carefully balance security needs with privacy concerns.

A well-run national system would make it more difficult for a person to have multiple identities and would help in finding people such as potential terrorists, the committee concluded. But serious questions must be addressed about how to protect privacy, who would use the system, whether participation would be mandatory, the type of information to be collected and how to deal with any failure or misuse of the system.

Executive Order: Office of Homeland Security

(b) Detection. The Office shall identify priorities and coordinate efforts for collection and analysis of information within the United States regarding threats of terrorism against the United States and activities of terrorists or terrorist groups within the United States.

(i) In performing these functions, the Office shall work with Federal, State, and local agencies, as appropriate, to:

(A) facilitate collection from State and local governments and private entities of information pertaining to terrorist threats or activities within the United States.

Executive Order 13228, October 8, 2001

USA Patriot Act

Amends the Federal criminal code to authorize the interception of wire, oral, and electronic communications for the production of evidence of: (1) specified chemical weapons or terrorism offenses; and (2) computer fraud and abuse.

Authorizes an investigative or law enforcement officer, or an attorney for the Government, who, by authorized means, has obtained knowledge of the contents of any wire, oral, or electronic communication or evidence derived therefrom to disclose such contents. . . to the extent that such contents include foreign intelligence or counterintelligence.

Permits the seizure of voice-mail messages under a warrant.

Expands the scope of subpoenas for records of electronic communications to include the length and types of service utilized, temporarily assigned network addresses, and the means and source of payment

Enacted 10/30/2001

USA Patriot Act

Permits electronic communication and remote computing service providers to make emergency disclosures to a governmental entity of customer electronic communications to protect life and limb.

Makes it lawful to intercept the wire or electronic communication of a computer trespasser in certain circumstances.

Amends FISA to require an application for an electronic surveillance order or search warrant to certify that a significant purpose (currently, the sole or main purpose) of the surveillance is to obtain foreign intelligence information.

Amends the Right to Financial Privacy Act to permit the transfer of financial records to other agencies or departments upon certification that the records are relevant to intelligence or counterintelligence activities related to international terrorism.

USA Patriot Act

Amends the Fair Credit Reporting Act to require a consumer reporting agency to furnish all information in a consumer's file to a government agency upon certification that the records are relevant to intelligence or counterintelligence activities related to international terrorism.

Allows the FBI to request telephone toll and transactional records, financial records, and consumer reports in any investigation to protect against international terrorism or clandestine intelligence activities only if the investigation is not conducted solely on the basis of activities protected by the first amendment to the U.S. Constitution.

Amends the General Education Provisions Act and the National Education Statistics Act of 1994 to provide for disclosure of educational records to the Attorney General in a terrorism investigation or prosecution.

Library Privacy Policy – Subject to USA Patriot Act?

We may disclose information about you if we have a good-faith belief that we are required to do so by law or legal process, to respond to claims, or to protect the rights, property or safety of GigaLaw.com or others.

Your personal information included with these records is used to contact you for [___] Library-related business only and is not made available to any other entity outside the Library except as required by law.

FindLaw will not willfully disclose any individually identifiable information about its users to any third party without first receiving that user's permission. FindLaw may disclose personal information when we believe in good faith that the law requires it or to protect the rights or property of FindLaw.

Online Protection Tools

Browsing Vulnerabilities

www.anonymizer.com/snoop.cgi

www.privacy.net/analyze

Encryption Check

https://www.fortify.net/sslcheck.html

Firewall Protection

www.iss.net

www.mcafee.com

Sniffer Protection

http://www.spycop.com

Online Communication Tools

Surfing Anonymously

www.anonymizer.com

www-new.the-cloak.com/anonymous-surfing-home.html

www.rewebber.de

Secure E-mail Services

www.safemessage.com

www.hushmail.com

www.ensuredmail.com

Data and File Protection

Browser Filters and Controls

http://internet.junkbuster.com

http://www.flaaten.dk/prox

Deleting Hard Drive Data

www.tolvanen.com/eraser

www.webroot.com/washer12.htm

PDA Protection Issues

PDA Saver (www.kensington.com) Cable lock.

The Bond (www.force.com) Lanyard cable.

Sword (www.palmix.itil.com) Password cracker.

CrypBox (www.portableprojects.com) Data encryption.

OnlyMe (www.tranzoa.com) Password lock.

TealLock (www.tealpoint.com/softlock.htm) Advanced password features and data protection.

PDA Secure (www.goldsecure.com) Advanced password protections.

movianVPN (http://www.certicom.com) Wireless access protection.

SmartGate (www.v-one.com) Remote access protection.

Sign-On (www.cic.com) Biometric signature access.

PDADefense (www.pdadefense.com) Data security.

Antivirus for Palm (www.symantec.com) Virus protection.

Backupbuddy (www.bluenomad.com) Data backup software.

Remember…
Surf Safe… Surf Smart!

Mitchel L. Winick

Assistant Dean for External Affairs

Texas Tech University School of Law

mwinick@airmail.net

214-769-5432


	The law of privacy can be traced as far back as 1361, when the Justices of the Peace Act in England provided for the arrest of peeping toms and eavesdroppers.
	James Michael, Privacy and Human Rights, UNESCO 1994 p.15.


	The 1948 Universal Declaration of Human Rights provides in Article 12:

	No-one should be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks on his honour or reputation. Everyone has the right to the protection of the law against such interferences or attacks

	1948 Universal Declaration of Human Rights, Article 12 http://www.hrweb.org/legal/udhr.html


	Nowhere does the text of the United States Constitution contain the word "privacy." The Supreme Court has found the concept of "privacy" to be protected by a number of the Amendments.
	Thus, privacy is known as a "penumbra right."
	Schmerber v. California, 384 U.S. 757, 779, 86 S. Ct. 1826, 16 L.Ed.2d 908 (1966).


	“[s]pecific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that help give them life and substance.”
	Justice Douglas, Griswold v. Connecticut, 381 U.S. 484 (1965).

	"[t]he ‘liberty’ protected by the Fifth and Fourteenth Amendments from infringement by the Federal Government or the States is not restricted to rights specifically mentioned in the first eight amendments.”
	Justice Goldberg, Griswold v. Connecticut, 381 U.S. 493 (1965).

	"The right to be left alone - the most comprehensive of rights, and the right most valued by a free people."
	Justice Brandeis, Olmstead v. U.S. (1928).


	One-Third of U.S. Online Workforce Under Internet/E-Mail Surveillance
	Sunday, July 1, 2001
	Fourteen million employees — just over one-third of the online workforce in the United States — have their Internet or e-mail use under continuous surveillance at work, according to an analysis conducted by the Privacy Foundation in Denver. Worldwide, the number of employees under such surveillance is estimated at 27 million. www.privacyfoundation.org


	Research of all types
		Lexis
		Westlaw
		Lois Law
	Individual Searches
		Craig Ball Research Links


	Comcast Backs Down from Web Tracking
	Wednesday, February 13, 2002
	Comcast Corp., which yesterday acknowledged that it had begun tracking the Web browsing activities of its one million high-speed Internet subscribers without notifying them, announced today that it will no longer be engaging in this practice.


	Netscape Navigator Browser Snoops on Web Searches
	Washington D.C. March 7, 2002
	Anytime a Navigator 6 user performs a search by typing terms into the browser’s URL bar and pressing the Search button. . . the user data is sent to a server at info.netscape.com using a URL forwarding system.
	[In contrast] using Microsoft Explorer 6 data is sent directly to the designated search site and is not intercepted by Microsoft.
	www.newsbytes.com


	DoubleClick Nearing Privacy Settlements Monday, April 1, 2002
	The preliminary settlement, set to be finalized May 21, would clear up class-action lawsuits from California, Texas and New York that were consolidated last year. The suits charged that DoubleClick violated state and federal laws by surreptitiously tracking and collecting consumers' personally identifiable data and combining it with information on their Web surfing habits.
	http://settlement.doubleclick.net/settlement
	In re DOUBLECLICK INC. PRIVACY LITIGATION Master File No. 00-CIV-0641 (NRB)


	Metropolitan Police Department Draft General Order on Closed Circuit Surveillance Cameras
	April 4, 2002
	The Washington D.C. Police Department has utilized strategic placement of closed-circuit television cameras (CCTV) in the District of Columbia. Past U.S. Supreme Court and lower court decisions strongly suggest that this type of police monitoring is a valid exercise of a government's police powers. Under current interpretations of the First and Fourth Amendment, CCTV appears to represent a valid use of the state's power to protect its citizens. It does not intrude upon an individual's sphere of privacy, but rather records events occurring in public space for which individuals do not have a reasonable expectation of privacy.


	April 13, 2001
	The Wall Street Journal reported that executive branch agencies were purchasing "troves of personal data from the private sector." The article quoted government sources for the proposition that DOJ, FBI, USMS, INS, and IRS employees had electronic access to citizens' assets, phone numbers, driving records, and other personal information from their desktop computers. The article reported that ChoicePoint, a publicly-held company, and its competitors were supplying citizens' personal information to at least thirty-five federal government agencies.

	Glenn R. Simpson, Big Brother-in-Law, If the FBI Hopes to Get the Goods on You, It May Ask ChoicePoint, Wall St. J., April 13, 2001 at A1.


	How Carnivore works:
	The FBI has a reasonable suspicion that someone is engaged in criminal activities and requests a court order to view the suspect's online activity.
	A court grants the request for a full content-wiretap of e-mail traffic only and issues an order. A "content-wiretap" means that everything in the packet can be captured and used. The other type of wiretap is a trap-and-trace, which means that the FBI can only capture the destination information, such as the e-mail account of a message being sent out or the Web-site address that the suspect is visiting. A reverse form of trap-and-trace, called pen-register, tracks where e-mail to the suspect is coming from or where visits to a suspect's Web site originate.
	The FBI contacts the suspect's ISP and requests a copy of the back-up files of the suspect's activity.
	The FBI sets up a Carnivore computer at the ISP to monitor the suspect's activity.
	The FBI configures the Carnivore software with the IP Address of the suspect so that Carnivore will only capture packets from this particular location. It ignores all other packets.
	Carnivore copies all of the packets from the suspect's system without impeding the flow of the network traffic.
	Once the copies are made, they go through a filter that only keeps the e-mail packets.
	The surveillance cannot continue for more than a month without an extension from the court.
	Once complete, the FBI removes the system from the ISP.
	If the results provide enough evidence, the FBI can use them as part of a case against the suspect.


	Study Urged for National ID System Friday, April 12, 2002
	WASHINGTON - While a national identity card has been widely discussed following the terrorist attacks, a panel of the National Academy of Sciences says any such system must carefully balance security needs with privacy concerns.
	A well-run national system would make it more difficult for a person to have multiple identities and would help in finding people such as potential terrorists, the committee concluded. But serious questions must be addressed about how to protect privacy, who would use the system, whether participation would be mandatory, the type of information to be collected and how to deal with any failure or misuse of the system.


	(b) Detection. The Office shall identify priorities and coordinate efforts for collection and analysis of information within the United States regarding threats of terrorism against the United States and activities of terrorists or terrorist groups within the United States.
	(i) In performing these functions, the Office shall work with Federal, State, and local agencies, as appropriate, to:
	(A) facilitate collection from State and local governments and private entities of information pertaining to terrorist threats or activities within the United States.
	Executive Order 13228, October 8, 2001


	Amends the Federal criminal code to authorize the interception of wire, oral, and electronic communications for the production of evidence of: (1) specified chemical weapons or terrorism offenses; and (2) computer fraud and abuse.
	Authorizes an investigative or law enforcement officer, or an attorney for the Government, who, by authorized means, has obtained knowledge of the contents of any wire, oral, or electronic communication or evidence derived therefrom to disclose such contents. . . to the extent that such contents include foreign intelligence or counterintelligence.
	Permits the seizure of voice-mail messages under a warrant.
	Expands the scope of subpoenas for records of electronic communications to include the length and types of service utilized, temporarily assigned network addresses, and the means and source of payment

	Enacted 10/30/2001


	Permits electronic communication and remote computing service providers to make emergency disclosures to a governmental entity of customer electronic communications to protect life and limb.
	Makes it lawful to intercept the wire or electronic communication of a computer trespasser in certain circumstances.
	Amends FISA to require an application for an electronic surveillance order or search warrant to certify that a significant purpose (currently, the sole or main purpose) of the surveillance is to obtain foreign intelligence information.
	Amends the Right to Financial Privacy Act to permit the transfer of financial records to other agencies or departments upon certification that the records are relevant to intelligence or counterintelligence activities related to international terrorism.


	Amends the Fair Credit Reporting Act to require a consumer reporting agency to furnish all information in a consumer's file to a government agency upon certification that the records are relevant to intelligence or counterintelligence activities related to international terrorism.
	Allows the FBI to request telephone toll and transactional records, financial records, and consumer reports in any investigation to protect against international terrorism or clandestine intelligence activities only if the investigation is not conducted solely on the basis of activities protected by the first amendment to the U.S. Constitution.
	Amends the General Education Provisions Act and the National Education Statistics Act of 1994 to provide for disclosure of educational records to the Attorney General in a terrorism investigation or prosecution.


	We may disclose information about you if we have a good-faith belief that we are required to do so by law or legal process, to respond to claims, or to protect the rights, property or safety of GigaLaw.com or others.
	Your personal information included with these records is used to contact you for [___] Library-related business only and is not made available to any other entity outside the Library except as required by law.
	FindLaw will not willfully disclose any individually identifiable information about its users to any third party without first receiving that user's permission. FindLaw may disclose personal information when we believe in good faith that the law requires it or to protect the rights or property of FindLaw.


	Browsing Vulnerabilities
		www.anonymizer.com/snoop.cgi
		www.privacy.net/analyze
	Encryption Check
		https://www.fortify.net/sslcheck.html
	Firewall Protection
		www.iss.net
		www.mcafee.com
	Sniffer Protection
		http://www.spycop.com


	Surfing Anonymously
		www.anonymizer.com
		www-new.the-cloak.com/anonymous-surfing-home.html
		www.rewebber.de
	Secure E-mail Services
		www.safemessage.com
		www.hushmail.com
		www.ensuredmail.com


	Browser Filters and Controls
		http://internet.junkbuster.com
		http://www.flaaten.dk/prox
	Deleting Hard Drive Data
		www.tolvanen.com/eraser
		www.webroot.com/washer12.htm


		PDA Saver (www.kensington.com) Cable lock.
		The Bond (www.force.com) Lanyard cable.
		Sword (www.palmix.itil.com) Password cracker.
		CrypBox (www.portableprojects.com) Data encryption.
		OnlyMe (www.tranzoa.com) Password lock.
		TealLock (www.tealpoint.com/softlock.htm) Advanced password features and data protection.
		PDA Secure (www.goldsecure.com) Advanced password protections.
		movianVPN (http://www.certicom.com) Wireless access protection.
		SmartGate (www.v-one.com) Remote access protection.
		Sign-On (www.cic.com) Biometric signature access.
		PDADefense (www.pdadefense.com) Data security.
		Antivirus for Palm (www.symantec.com) Virus protection.
		Backupbuddy (www.bluenomad.com) Data backup software.


	Mitchel L. Winick
	Assistant Dean for External Affairs
	Texas Tech University School of Law
	mwinick@airmail.net
	214-769-5432