ELECTRONIC PRIVACY PRINCIPLES

The team has also assembled some online sources of information on privacy.

Electronic Privacy Guidelines

Technology currently facilitates massive invasions of privacy that were never possible in the days of traditional sealed envelopes and locked filing cabinets. Both data collectors and governments are taking advantage of these technical possibilities, and neither is doing enough to guarantee the privacy rights of the public. A new commitment to providing technology for privacy protection is needed among software developers and information providers. Governments must also guarantee the rights of individuals and organizations to communicate without risk of unwittingly disclosing information to unknown parties.

Protection of privacy is best achieved through cooperation between employers, service providers, software developers, governments, and information collectors. The burden of protection should fall on those collecting or using data, not on the multitudes of scattered individuals who are using a variety of electronic systems to go about their daily activities. Anonymity is a critical goal: every user should be able to conduct activities without the knowledge of uninvolved parties, and without the risk of having these activities or their embedded information logged for unrelated purposes.

Accomplishing this goal is a complex technical and social matter, requiring an industry-wide effort that governments, at best, should help to coordinate and, at the very least, should not hinder. This document provides guidelines that might be used by principled institutions to guarantee proper respect for the privacy and dignity of employees, customers, and citizens.

While we call on governments and data collectors to promote privacy-protecting technology and to offer guaranties that electronically exchanged information will not be misused, we recognize that they are not doing so adequately at present. Users should therefore protect themselves by learning about the risks of using networks and by employing available software solutions. Technologies exist today to protect and preserve privacy. These include encryption products like PGP, anonymous remailers, and a variety of security and privacy mechanisms built into commonly-used software. Some of these resources have been attacked at the federal level as dangerous to national and internal security. The real danger is that the world of networked communication will be one in which users can be monitored in their every move. These privacy resources must be protected for the benefit of all.

Guidelines

Employer providers

• Each employer should provide and act on clear policies regarding the privacy implications of the computing resources used in the workplace. The policies should explicitly describe:
  • acceptable use of electronic mail and computer resources, including personal use;
  • practices that may be used to enforce these policies, such as the interception and reading of electronic mail or scanning of hard disks;
  • penalties for non-compliance with these policies.

• Employees should be informed of any electronic monitoring systems that might be used on workplace computers.

Service providers

• Service providers must provide users with a clear understanding of privacy implications of the service contract, including:
  • the intended use of any information collected as part of the subscription to an ISP, such as mailing address, phone number, credit card information, and software used;
  • whether the user can choose to stop the use of the information for purposes not immediately required for operation of the service, or better yet, whether the user must explicitly permit the use before it takes place.

• Demographic or identifying information gathered at servers that is not actively provided by the user should not be used beyond the analysis of site activity; in particular, no attempt should be made to identify individual users or to pass this information on to other parties. Beyond the needs of system administration, information should not be collected or stored on usage patterns of individuals, such as time of day usage, sites visited, and downloads.

Web page owners and other information providers

• Web sites should describe the intended use of "registration" information required by some prior to access or to downloading of information.
• Internet white pages services should use only legitimate sources for information. For example, Usenet posts and home pages might be appropriate, while service provider customer lists would not be. These services should provide automated "delete me" services suitable for eliminating present and future inclusions of an individual's identifying information.
• Individuals should be able remove their names from mass electronic mailing lists.

Mailing list operators, database managers, and other information collectors

• When individuals log into any Internet site or bulletin board, they should be provided with descriptions of potential uses of any personal information. These potential uses should be narrowly and clearly defined and no commercial use outside of those described should be permitted. Whenever possible, the site should give the individual the choice as to whether to opt in to the use of this personal information.
• Information collected should be limited to that which is necessary for the described uses, and all personal information should be accurate and up-to-date.
• Individuals should have easy and immediate access to copies of any information that data collectors may have regarding them. Individuals should be allowed to dispute and correct any inaccuracies.
• Information collectors should take appropriate technical measures to insure the protection of individual privacy and to safeguard the integrity of the stored information.
• Information from multiple sources should not be stored in large centralized databases where access is too easy for unauthorized people; nor should large quantities be keyed by a single identifier (such as a social security number in the United States).
• Data collected about individuals should be sold for commercial purposes only after they give their informed consent.

Software developers

• Network software should provide users with the ability to take active measures to protect their privacy. These measures might include:
  • support for strong encryption, such as Pretty Good Privacy (PGP);
  • mailer/news-posting options that might be used to exclude items of information from automated search services;
  • automatic and explicit notification of any cases where a user's identity might be explicitly or implicitly revealed.
  • Privacy protection should be a design goal incorporated into any software that could entail an interaction between a user and a system or network that others have access to.

Governments

• Attempts at protecting individual privacy and anonymity must not be hindered by government interference or legislation.
• Strong encryption, and the ability to use communication facilities such as electronic mail and discussion groups anonymously, should be available without restriction.
• Law-enforcement efforts must not be used as a pretext for invasion of privacy rights. Investigations online must be narrowly tailored to accomplish an explicit, legitimate government purpose.
• Universal standards should be adopted that define privacy rights and the technical and legal means of securing them.
• Laws must make it clear that the use of information stored in computers and on networks should be limited to the use for which the information was collected, and should include both civil and criminal penalties for misuse of that information by individuals, private institutions, or government agencies.

Conclusions

At every step, the public should challenge information collectors and users regarding privacy issues, and not simply accept a dismissive explanation of "company policy."

Computer, network, and software developers should make their systems as secure as is technically possible, and should make privacy protection a built-in feature that is transparent or easily used. Access providers should then use these secure systems and guarantee that they will guard against privacy breeches. Governments must remove barriers to the use of technical solutions and must adopt and enforce civil and criminal penalties for privacy violations. Data collectors must allow individuals access to the data about themselves, and must restrict use of the data to activities of which the individual is aware.

Our society depends on the notion of privacy. It is the ability to maintain privacy, ironically, that allows individuals to participate in the daily activities of their communities. Without guarantees, people will feel inhibited in sending electronic mail, researching in online libraries, shopping at electronic stores, or voicing opinions in political forums. Strong policies protecting and valuing privacy must be put in place now, while the electronic systems that will define commerce and communication in the coming decades are being developed.

Some Online Sources of Information on Privacy

Written by Harry Hochheiser, harry@tigger.jvnc.net, and Andrew Oram, andyo@ora.com, of the Cyber Rights Working Group of CPSR, with input from Mary Connors, Craig Johnson, and Christine Mailloux of CPSR, Audrie Krause of NetAction, and Marc Rotenberg of the Electronic Privacy Information Center (EPIC). This document was approved by the Cyber Rights Working Group of CPSR on 9 September 1996 and stored on the World Wide Web at http://www.cpsr.org/program/privacy/privacy8.htm.

Return to the CPSR home page.

Send mail to webmaster.