Federal Internet Law & Policy
An Educational Project


Dont be a FOOL; The Law is Not DIY

The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.- Samuel D. Warren, Louis D. Brandeis (1890)

“You have zero privacy anyway. Get over it.” Sun Microsystems CEO Scott McNeally

The mantra in Washington D.C. in the 1990s concerning the Internet was "self-regulation." The paradigm example of the mantra has been privacy. It was preached that premature intervention by the Federal government would risk stifling ecommerce. In a competitive market where consumers have bountiful choices, where information concerning company practices and transgressions is readily available, and where fraudulent and deceptive activity can be penalized, industry's solemn oath to be good would be sufficient.

Privacy has alwasy been a concern for the ARPANET / Internet. The original ARPANET Policies contained privacy provisions. See ARPANET Information Brochure, Defense Communications Agency p. 4 1978 ("The proposed use of the ARPANET must not violate applicable privacy laws.")

Every year, privacy legislation would be introduced in Congress (sometimes it would be among the first legislative proposals submitted in a given Congress) and every year it would be rejected. The Federal Trade Commission, prior to 2002, had submitted several reports to Congress on the impact of the Internet and ecommerce on privacy, and every time the FTC has stayed largely faithful to the tenant of self-regulation.

But in time, visions of paradise transformed into the reality of trouble and abuse. Growing pains of the new online economy were tolerated as industry, consumer groups, and governments continued to negotiated resolutions to privacy blunders. [News] But, when it comes to children, industry blunders were swiftly greeted with the hammer coming down. [See also e.g. CDA, COPA, CIPA seeking to protect children from harmful content]

The first reformation came in 1996 with the Center for Media Education Report documenting the behavior of online services with children’s information. The documented behavior was atrocious. The online services might set up games where the children could earn points towards winning prizes. Play a few games and win a few points. Provide the salaries of your parents along with information about whom they work for and win lots of points.

This led to the Federal Trade Commission 1998 report Privacy Online: A Report to Congress. This Report found that while 89% of sites surveyed collected information from children, only 24% had posted privacy policies, and only 1% required prior parental consent. These reports led to the unusual break from the mantra for self regulation and the swift passage of the Children's Online Privacy Protection Act, the first online privacy law of the Internet era.

As the Clinton Administration's time came to a close, the faithful continued to abandon "self regulation." The last FTC Privacy Report of the Clinton era continued the call for reform, concluding that the time for self regulation had passed. The FTC recommended to Congress that privacy legislation responsive to industry transgressions would be appropriate.

Ongoing consumer concerns regarding privacy online and the limited success of self-regulation efforts to date make it time for government to act to protect consumers' privacy on the Internet. Accordingly, the Commission recommends that Congress enact legislation to ensure adequate protection of consumer privacy online.

[Privacy Report 2000 p. 36]

Reminder: Unlike the private sector where there is no federal legislation generally mandating privacy policies, the public sector plays under different rules. [See Privacy Act] Government entities have explicit legal obligations concerning privacy, the collection of information, and the dissemination of that information. There are specific obligations that apply to government online resources. [See Sec. 626, Exec. Memo M-00-13, Exec. Memo M-99-18, ECPA] Oh, one area of privacy protection for the private sector involves telephone carriers. [See CPNI]

Common Carriage

Privacy is a core value for public networks, with roots deep within common carriage.

During revolutionary times, Benjamin Franklin had a problem. Had been appointed Postmaster of the Colonies mail service. But the mail service was not to be trusted. A post office during those times tended to pretty much a bag hanging in the town tavern. Posting a letter by dropping it in the bag meant it was available for purusal by anyone else in the tavern. When the letter departed the tavern, it was then vulnerable to deep packet inspection by the nasty British - who though surveillance of the communications network was an excellent way to do intillegence gathering on colonial terrorists (aka Founding Fathers). The communications network was vulnerable and those who used the network put themselves potentially at risk. Franklin knew that in order for the network to succeed - and in order for colonial businesses and discourse to succeed - the network had to be trusted. Communications through the network had to be private.

This lesson would be repeated as the network evolved from a postal network, to an electronic telegraph, to telephone, to the Internet, and beyond.

As the telegraph network created a communications revolution, the value of privacy in the public network had already matured. But the legacy value had to evolve to fit the new network. The very first federal rules concerning telegraph addressed privacy. MORE

The telephone network likewise struggled as it too innovated and introducted its communications revolution. The telephone went through typical stages of adoption, moving from a novelty of the select few businesses, to widely deployed amoung businesses, and finally to a universal service available to all. But as the telephone moved from novelty to utility, the value of privacy had to evolve. Fourth Amendment privacy protection traditionally protected against the search and seizure of papers within one's house. Therefore, thought the police, if we are not inside the house, we can listen into telephone conversations all we want (just like the nasty British). During prohibition, suspecting Olmstead to be a bootlegger, law enforcement installed wiretaps outside of Olstead's home and business. After his conviction, Olmstead challenged the wiretaps as Fourth Amendment violations. The Supreme Court in a rigid analysis analysis failed to transform Benjamin Franklin's wisedom to evolve with historical progress. In a famous dissent, however, Justice Brandeis articulated the necessity of privacy in the communications network.

When the Fourth and Fifth Amendments were adopted, "the form that evil had theretofore taken," had been necessarily simple. Force and violence were then the only means known to man by which a Government could directly effect self-incrimination. It could compel the individual to testify - a compulsion effected, if need be, by torture. It could secure possession of his papers and other articles incident to his private life - a seizure effected, if need be, by breaking and entry. Protection against such invasion of "the sanctities of a man's home and the privacies of life" was provided in the Fourth and Fifth Amendments by specific language. But "time works changes, brings into existence new conditions and purposes." Subtler and more far-reaching means of invading privacy have become available to the Government. Discovery and invention have made it possible for the Government, by means far more effective than stretching upon the rack, to obtain disclosure in court of what is whispered in the closet. 

[Olmstead, Brandeis dissent, 473] [Compare Chief Justice Waite, Pensacola Telegraph, 96 US at 9 (commenting on how Constitutional Law "keeps pace with the progress of the country," discussing Congressional authority over interstate transmission of intelligence evolving from postal service to telegraph service.)]

While the evolution of criminal law to keep pace with privacy wisedom struggled during decades of national tribulation (the Depression, World War II), civil privacy progressed. Section 605 of the Communications Act barred telephone companies from easvesdropping on communications for any reason other than those incidents necessary for the operation and protection of the network. See also 47 U.S.C. 222 (CPNI).

After Brandeis' dissent, history occured: The Depression and World War II. The courts grappled with privacy in the network but the necessity of the public defense overshadowed. When the country emerged from decades of trial, once again the courts struggled to bring traditional wisedom in alignment with technological progress. By the 1960s, the telephone had become prolific in business and society, and the idea that the individual lacked privacy was an anathema. In 1968, the Supreme Court in Katz adopted Brandeis' wisedom and held that the individual has the right to privacy as against the nasty government.

Once against technology innovated, and once again legal wisedom had to evolve. By the 1980s, computer networks were breaking onto the scene, but computer networks were not covered by the Wiretap Act. Therefore Congressed passed the Electronic Communications Privacy Act.

Technological progress hasnt stopped. The Internet has moved from a narrowband application capable of small data transimissions, to the broadband Internet pervassively present in our lives. While the law has failed so far to evolve, the recognition of the necessity is ever present. Prof. Kevin Werbach testified before Congress that in order for Cloud computing to be successful, their had to be trust in the network.

This is a rich dialog that involves many values and public policy objectives. It is in part a discussion of personal liberty; it is in part a discussion of government restraint (the nasty government); and it is also in part a discussion of the necessary characteristics of a public communications network. The tradition of common carrier seeks to ensure the viability and utility of the public network, for the benefit of the public. For the network to suceed, and for business to thrive and discourse to transpire, people must trust the network - privacy must be assured. [Ohm, The Rise and Fall of Invasive ISP Surveillance (privacy "is a pillar of the concept of 'common carriage'")]

39 USC s 404, et. seq. Privacy 4th Amendment;
Wiretap Act;
4th Amendment;
Wiretap Act;
      FTC Act, et al;

Federal Agencies

Online Privacy Issue
Federal Agency
Government Government Office of Management & Budget Other
EU Privacy Directive Department of Commerce Other
Federal Policy Department of Commerce
Spam SPAM Creator
Network Service Provider
Federal Trade Commission
Federal Communications Commission
Sec. 5 of FTC; Can Spam Act Content
Children's Online Privacy Content Application Service Providers
Network Service Providers
Federal Trade Commission Children's Online Privacy Protection Act Content / Application
ID Theft Federal Trade Commission
Department of Justice
Sec. 5 of FTC Content / Application
Privacy Policies (eCommerce) Ecommerce Provider Federal Trade Commission Sec. 5 of FTC Application
Spyware Federal Trade Commission
Department of Justice
Sec. 5 of FTC Application
Law Enforcement: Wiretaps Network Service Provider Department of Justice
Federal Communications Commission
4th Amendment; Wiretap Act; Electronic Communications Privacy Act; CALEA Network
Cable Consumer Network Service Provider Federal Communications Commission Cable Act Network
Telecommunications Service; Telephone, iVoIP, Directory Listing Network Service Provider Federal Communications Commission Customer Proprietary Network Information Network
Network Privacy Network Service Provider Federal Trade Commission
Federal Communications Commission
Sec. 5 of FTC
FCC Transparency Disclosure Rule