Showing papers on "Information privacy published in 2000"

Practical techniques for searches on encrypted data

Abstract: It is desirable to store data on data storage servers such as mail servers and file servers in encrypted form to reduce security and privacy risks. But this usually implies that one has to sacrifice functionality for security. For example, if a client wishes to retrieve only documents containing certain words, it was not previously known how to let the data storage server perform the search and answer the query, without loss of data confidentiality. We describe our cryptographic schemes for the problem of searching on encrypted data and provide proofs of security for the resulting crypto systems. Our techniques have a number of crucial advantages. They are provably secure: they provide provable secrecy for encryption, in the sense that the untrusted server cannot learn anything about the plaintext when only given the ciphertext; they provide query isolation for searches, meaning that the untrusted server cannot learn anything more about the plaintext than the search result; they provide controlled searching, so that the untrusted server cannot search for an arbitrary word without the user's authorization; they also support hidden queries, so that the user may ask the untrusted server to search for a secret word without revealing the word to the server. The algorithms presented are simple, fast (for a document of length n, the encryption and search algorithms only need O(n) stream cipher and block cipher operations), and introduce almost no space and communication overhead, and hence are practical to use today.

Privacy Concerns and Consumer Willingness to Provide Personal Information

Abstract: The authors examine potential relationships among categories of personal information, beliefs about direct marketing, situational characteristics, specific privacy concerns, and consumers’ direct marketing shopping habits. Furthermore, the authors offer an assessment of the trade-offs consumers are willing to make when they exchange personal information for shopping benefits. The findings indicate that public policy and self-regulatory efforts to alleviate consumer privacy concerns should provide consumers with more control over the initial gathering and subsequent dissemination of personal information. Such efforts must also consider the type of information sought, because consumer concern and willingness to provide marketers with personal data vary dramatically by information type.

Dimensions of Privacy Concern Among Online Consumers

Abstract: The Federal Trade Commission (FTC) is one of many organizations studying influences on consumer privacy online. The authors investigate these influences, taking into consideration the current body of literature on privacy and the Internet and the FTC’s core principles of fair information practice. The authors analyze these influences to assess the underlying factors of privacy concern online. The authors examine the current recommendations and actions of the FTC in light of the results of an e-mail survey of online consumers in the United States that assessed their attitudes toward privacy online. The authors find that the FTC’s core principles address many of online consumers’ privacy concerns. However, two factors not directly incorporated in the five principles, the relationships between entities and online users and the exchange of information for appropriate compensation, may influence consumers’ privacy concerns.

Information Privacy: Corporate Management and National Regulation

Abstract: The 1990s have seen a resurgence of interest in information privacy. Public opinion surveys show that many citizens are becoming greatly concerned about threats to their information privacy, with levels of such concern reaching all-time highs. Perhaps as a response to the growing concerns of citizens, the media are devoting more attention to privacy issues, and governmental regulation of the corporate privacy environment is increasing in many countries. Almost all developed countries have grappled with the trade-offs between open access to information--which enables economic efficiency--and an individual's right to privacy. Consistent with these trade-offs, many recent incidents suggest that regulatory approaches to information privacy, corporate management of personal data, and consumer reactions are becoming tightly interwoven around the world. To provide some insights into these relationships, we develop a conceptual model and test it with a cross-cultural sample from 19 different countries.In general, we find that a country's regulatory approach to the corporate management of information privacy is affected by its cultural values and by individuals' information privacy concerns. In addition, as governments become more involved in the corporate management of information privacy, internal management of such issues seems to tighten. This result supports previous observations that most firms take a primarily reactive approach to managing privacy by waiting for an external threat before crafting cohesive policies that confront their information practices. Moreover, when corporations are not perceived to adequately manage information privacy issues, and/or when privacy concerns rise, individuals are more inclined to prefer government intervention and be distrustful of firm self-regulation. As such, citizens may look to lawmakers to enact stricter regulation to reduce their privacy concerns. These findings and several international trends suggest that the self-regulatory model of privacy governance may not be sustainable over the long term.Findings from this research constitute an important contribution to the emerging theoretical base of information privacy research and should be particularly enlightening to those managing information privacy issues. Several directions for future research are also discussed.

Consumer Online Privacy: Legal and Ethical Issues

Abstract: Consumer privacy is a public policy issue that has received substantial attention over the last thirty years. The phenomenal growth of the Internet has spawned several new concerns about protecting the privacy of consumers. The authors examine both historical and conceptual analyses of privacy and discuss domestic and international regulatory and self-regulatory approaches to confronting privacy issues on the Internet. The authors also review ethical theories that apply to consumer privacy and offer specific suggestions for corporate ethical policy and public policy as well as a research agenda.

Internet Privacy and Security: An Examination of Online Retailer Disclosures

Abstract: The Federal Trade Commission has declared the privacy and security of consumer information to be two major issues that stem from the rapid growth in e-commerce, particularly in terms of consumer-related commerce on the Internet. Although prior studies have assessed online retailer responses to privacy and security concerns with respect to retailers’ disclosure of their practices, these studies have been fairly general in their approaches and have not explored the potential for such disclosures to affect consumers. The authors examine online retailer disclosures of various privacy- and security-related practices for 17 product categories. They also compare the prevalence of disclosures to a subset of data from a consumer survey to evaluate potential relationships between online retailer practices and consumer perceptions of risk and purchase intentions across product categories.

Protecting Privacy Online: Is Self-Regulation Working?

Abstract: The author assesses the extent to which 361 consumer-oriented commercial Web sites post disclosures that describe their information practices and whether these disclosures reflect fair information practices. Although approximately 67% of the sites sampled post a privacy disclosure, only 14% of these disclosures constitute a comprehensive privacy policy. The study was initiated by the private sector as a progress report to the Federal Trade Commission (FTC) and is one in a series of efforts designed to assess whether consumer privacy can be protected through industry self-regulation or whether legislation is required. Although the FTC does not recommend legislation at this time, the study suggests that an effective self-regulatory regime for consumer privacy online has yet to emerge.

Consumer Privacy and Name Removal Across Direct Marketing Channels: Exploring Opt-In and Opt-Out Alternatives

Abstract: The authors examine consumer perspectives of data collection awareness and knowledge of name removal mechanisms, such as opt in and opt out, across mail, telephone, and Internet direct channels. The authors investigate consumer privacy states based on the fair information practices of notice (data collection awareness) and choice (knowledge of name removal mechanisms). Data from a national survey suggest that name removal preference varies by channel, consumer privacy state, channel-specific purchase experience, and consumer demographics. Empirical support is also found for alternative approaches (i.e., opt-in methods) for removing personal information from direct marketing lists.

Examined Lives: Informational Privacy and the Subject as Object

Abstract: In the United States, proposals for informational privacy have proved enormously controversial. On a political level, such proposals threaten powerful data processing interests. On a theoretical level, data processors and other data privacy opponents argue that imposing restrictions on the collection, use, and exchange of personal data would ignore established understandings of property, limit individual freedom of choice, violate principles of rational information use, and infringe data processors' freedom of speech. In this article, Professor Julie Cohen explores these theoretical challenges to informational privacy protection. She concludes that categorical arguments from property, choice, truth, and speech lack weight, and mask fundamentally political choices about the allocation of power over information, cost, and opportunity. Each debate, although couched in a rhetoric of individual liberty, effectively reduces individuals to objects of choices and trades made by others. Professor Cohen argues, instead, that the debate about data privacy protection should be grounded in an appreciation of the conditions necessary for individuals to develop and exercise autonomy in fact, and that meaningful autonomy requires a degree of freedom from monitoring, scrutiny, and categorization by others. The article concludes by calling for the design of both legal and technological tools for strong data privacy protection.

Privacy and Ethical Issues in Database/Interactive Marketing and Public Policy: A Research Framework and Overview of the Special Issue

Abstract: Privacy is a high-profile public policy issue that affects consumers and marketers. The emergence of online marketing brings new privacy concerns that have resulted in Federal Trade Commission scrutiny and review. At the same time, industry groups and associations have been active in self-regulation efforts. To highlight areas in which marketing researchers can add value to the public policy discussion on privacy, the author provides a research framework that highlights four aspects of information exchange between marketers and consumers. The author argues that improving exchange mechanisms will provide consumers with more control and the ability to make more informed trade-offs of personal information for benefits. Within this framework, the author provides an overview of the articles in this special issue and suggests avenues for further research.

Privacy and Power: Computer Databases and Metaphors for Information Privacy

Abstract: Journalists, politicians, jurists, and legal academics often describe the privacy problem created by the collection and use of personal information through computer databases and the Internet with the metaphor of Big Brother - the totalitarian government portrayed in George Orwell's Nineteen Eighty-Four. Professor Solove argues that this is the wrong metaphor. The Big Brother metaphor as well as much of the law that protects privacy emerges from a longstanding paradigm for conceptualizing privacy problems. Under this paradigm, privacy is invaded by uncovering one's hidden world, by surveillance, and by the disclosure of concealed information. The harm caused by such invasions consists of inhibition, self-censorship, embarrassment, and damage to one's reputation. Privacy law has developed with this paradigm in mind, and consequently, it has failed to adapt to grapple effectively with the database problem. Professor Solove argues that the Big Brother metaphor merely reinforces this paradigm and that the problem is better captured by Franz Kafka's The Trial. Understood with the Kafka metaphor, the problem is the powerlessness, vulnerability, and dehumanization created by the assembly of dossiers of personal information where individuals lack any meaningful form of participation in the collection and use of their information. Professor Solove illustrates that conceptualizing the problem with the Kafka metaphor has profound implications for the law of information privacy as well as which legal approaches are taken to solve the problem.

The Death of Privacy

Abstract: The rapid deployment of privacy-destroying technologies by governments and businesses threatens to make informational privacy obsolete. The first part of this article describes a range of current technologies to which the law has yet to respond effectively. These include: routine collection of transactional data, growing automated surveillance in public places, deployment of facial recognition technology and other biometrics, cell-phone tracking, vehicle tracking, satellite monitoring, workplace surveillance, internet tracking from cookies to “clicktrails,” hardware-based identifiers, intellectual property protecting “snitchware,” and sense-enhanced searches that allow observers to see through everything from walls to clothes. The cumulative and reinforcing effect of these technologies may make modern life completely visible and permeable to observers; there could be nowhere to hide. The second part of the article discusses leading attempts to craft legal responses to the assault on privacy – including self-regulation, privacy-enhancing technologies, data-protection law, and property-rights based solutions – in the context of three structural obstacles to privacy enhancement: consumers’ privacy myopia; important First Amendment protections of rights to collect and repeat information; and fear of what other people may do if not monitored. The article concludes that despite the warnings of information privacy pessimists, all is not lost – yet.

Enterprise privacy manager

Abstract: A method for privacy management includes providing a linked collection of interactive resources through which a user is able to exchange information with an enterprise that provides the resources, and assigning respective, non-uniform privacy policies to at least some of the resources regarding use of the information that is exchanged through the resources. The user, accessing a given one of the resources, is provided with the respective privacy policy for that resource. At least a portion of the information that is associated with the given one of the resources is exchanged with the user subject to the provided privacy policy.

Privacy as Intellectual Property

Abstract: Some economists and privacy advocates have proposed giving individuals property rights in their personal data to promote information privacy in cyberspace. A property rights approach would allow individuals to negotiate with firms about the uses to which they are willing to have personal data put and would force businesses to internalize a higher proportion of the societal costs of personal data processing. However, granting individuals property rights in personal information is unlikely to achieve information privacy goals in part because a key mechanism of property law, namely, the general policy favoring free alienability of such rights, would more likely defeat than achieve information privacy goals. Drawing upon certain concepts from the unfair competition-based law of trade secrecy, this article suggests that information privacy law needs to impose minimum standards of commercial morality on firms engaged in the processing of personal data and proposes that certain default licensing rules of trade secrecy law may be adapted to protect personal information in cyberspace.

Database Nation: The Death of Privacy in the 21st Century

Abstract: Fifty years ago, in 1984, George Orwell imagined a future in which privacy was demolished by a totalitarian state that used spies, video surveillance, historical revisionism, and control over the media to maintain its power. Those who worry about personal privacy and identity--especially in this day of technologies that encroach upon these rights--still use Orwell's "Big Brother" language to discuss privacy issues. But the reality is that the age of a monolithic Big Brother is over. And yet the threats are perhaps even more likely to destroy the rights we've assumed were ours. Database Nation: The Death of Privacy in the 21st Century shows how, in these early years of the 21st century, advances in technology endanger our privacy in ways never before imagined. Direct marketers and retailers track our every purchase; surveillance cameras observe our movements; mobile phones will soon report our location to those who want to track us; government eavesdroppers listen in on private communications; misused medical records turn our bodies and our histories against us; and linked databases assemble detailed consumer profiles used to predict and influence our behavior. Privacy--the most basic of our civil rights--is in grave peril. Simson Garfinkel--journalist, entrepreneur, and international authority on computer security--has devoted his career to testing new technologies and warning about their implications. This newly revised update of the popular hardcover edition of Database Nation is his compelling account of how invasive technologies will affect our lives in the coming years. It's a timely, far-reaching, entertaining, and thought-provoking look at the serious threats to privacy facing us today. The book poses a disturbing question: how can we protect our basic rights to privacy, identity, and autonomy when technology is making invasion and control easier than ever before? Garfinkel's captivating blend of journalism, storytelling, and futurism is a call to arms. It will frighten, entertain, and ultimately convince us that we must take action now to protect our privacy and identity before it's too late.

The Death of Privacy

Abstract: The rapid deployment of privacy-destroying technologies by governments and businesses threatens to make informational privacy obsolete. The first part of this article describes a range of current technologies to which the law has yet to respond effectively. These include: routine collection of transactional data, growing automated surveillance in public places, deployment of facial recognition technology and other biometrics, cell-phone tracking, vehicle tracking, satellite monitoring, workplace surveillance, internet tracking from cookies to “clicktrails,” hardware-based identifiers, intellectual property protecting “snitchware,” and sense-enhanced searches that allow observers to see through everything from walls to clothes. The cumulative and reinforcing effect of these technologies may make modern life completely visible and permeable to observers; there could be nowhere to hide. The second part of the article discusses leading attempts to craft legal responses to the assault on privacy – including self-regulation, privacy-enhancing technologies, data-protection law, and property-rights based solutions – in the context of three structural obstacles to privacy enhancement: consumers’ privacy myopia; important First Amendment protections of rights to collect and repeat information; and fear of what other people may do if not monitored. The article concludes that despite the warnings of information privacy pessimists, all is not lost – yet.

System and method for managing data privacy in a database management system including a dependently connected privacy data mart

Abstract: A system for managing data privacy comprises a database management system for storing data from a plurality of consumer database tables, with irrevocable logging of all access, whether granted or denied, to the data contents stored in the consumer data tables; a privacy metadata system that administers and records all data, users and usage of data that is registered as containing privacy elements; and a replication system that feeds the consumer access system with personal consumer data, maintains integrity of the consumer data and provides changes and corrections back to the originating database management system through their own integrity filters as well as a means of storage and the mechanism to provide input for changes in the personal data or privacy preferences. The system further includes means for managing consumer notification, access, correction and change of preferences for privacy or data protection in the privacy metadata system.

Who owns the online consumer

Abstract: Powerful emerging technologies, fierce competition in the marketplace, more sophisticated consumers and the relentless drive for higher corporate earnings are at the root of online consumers’ information privacy concerns. The issue of consumer privacy could be a defining element in the battle for the ownership of online consumers. Businesses have a choice in how they respond to this matter. They can see it as a threat and simply react defensively. Or they can treat this as an opportunity and be proactive in maximizing the gains. Clearly, businesses that add value to their offerings by leveraging Internet technology in coordination with a proactive policy to preserve consumer privacy will be the success stories of the future. The goal of this research is to identify the strategic and tactical opportunities created by online consumers’ privacy concerns. Approaches to treating the privacy concerns as a source of competitive advantage are clearly discussed.

Resolving Conflicting International Data Privacy Rules in Cyberspace

Abstract: International flows of personal information on the Internet challenge the protection of data privacy and force divergent national policies and rules to confront each other. While core principles for the fair treatment of personal information are common to democracies, privacy rights vary considerably across national borders. This article explores the divergences in approach and substance of data privacy between Europe and the United States. Professor Reidenberg argues that the specific privacy rules adopted in a country have a governance function. The article shows that national differences support two distinct political choices for the roles in democratic society assigned to the state, the market and the individual: either liberal, market-based governance or socially-protective, rights-based governance. These structural divergences make international cooperation imperative for effective data protection in cyberspace. Professor Reidenberg postulates that harmonization of the specific rules for the treatment of personal information will be harmful for the political balance adopted in any country and offers, instead, a conceptual framework for coregulation of information privacy that can avoid confrontations over governance choices. The theory articulates roles for institutional players, technical codes, stakeholder summits and eventually a treaty-level “General Agreement on Information Privacy” to develop mutually acceptable implementations of the universally accepted core principles. The article concludes with a taxonomy of strategies and partners to develop international cooperation and achieve a high level of protection for personal information in international data transfers. *. Professor of Law and Director of the Graduate Program, Fordham University School of Law. A.B., Dartmouth; J.D., Columbia; D.E.A., Univ. de Paris I-Sorbonne. For provoking my early thoughts on this article at the 20 th International Conference of Data Protection Authorities, I thank

Privacy of medical records: IT implications of HIPAA

Abstract: Increasingly, medical records are being stored in computer databases that allow for efficiencies in providing treatment and in the processing of clinical and financial services. Computerization of medical records has also diminished patient privacy and, in particular, has increased the potential for misuse, especially in the form of nonconsensual secondary use of personally identifiable records. Organizations that store and use medical records have had to establish security measures, prompted partially by an inconsistent patchwork of legal standards that vary from state to state. There is widespread appreciation among policy makers regarding the need for legal reform. The Health Information and Portability Accountability Act of 1996 mandated that the Administration develop regulations regarding the control of medical records. The Administration has offered regulations from the Department of Health and Human Services (Standards for Privacy of Individually Identifiable Health Information; Proposed Rule 45 CFR Parts 160 through 164). Survey data reveal what healthcare professionals who have access to sensitive medical records believe are the greatest threats to patients' privacy. The overlap between Administration proposals and the responses of healthcare professionals is striking.

Privacy issues in knowledge discovery and data mining

Abstract: Recent developments in information technology have enabled collection and processing of vast amounts of personal data, such as criminal records, shopping habits, credit and medical history, and driving records. This information is undoubtedly very useful in many areas, including medical research, law enforcement and national security. However, there is an increasing public concern about the individuals' privacy. Privacy is commonly seen as the right of individuals to control information about themselves. The appearance of technology for Knowledge Discovery and Data Mining (KDDM) has revitalized concern about the following general privacy issues: • secondary use of the personal information, • handling misinformation, and • granulated access to personal information. They demonstrate that existing privacy laws and policies are well behind the developments in technology, and no longer offer adequate protection. We also discuss new privacy threats posed KDDM, which includes massive data collection, data warehouses, statistical analysis and deductive learning techniques. KDDM uses vast amounts of data to generate hypotheses and discover general patterns. KDDM poses the following new challenges to privacy.

Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems

Abstract: While the Internet is dramatically changing the way business is conducted, security and privacy issues are of deeper concern than ever before. A primary fault in evolutionary electronic commerce systems is the failure to adequately address security and privacy issues; therefore, security and privacy policies are either developed as an afterthought to the system or not at all. One reason for this failure is the difficulty in applying traditional software requirements engineering techniques to systems in which policy is continually changing due to the need to respond to the rapid introduction of new technologies which compromise those policies. Security and privacy should be major concerns from the onset, but practitioners need new systematic mechanisms for determining and assessing security and privacy. To provide this support, we employ scenario management and goal-driven analysis strategies to facilitate the design and evolution of electronic commerce systems. Risk and impact assessment is critical for ensuring that system requirements are aligned with an enterprise''s security policy and privacy policy. Consequently, we tailor our goal-based approach by including a compliance activity to ensure that all policies are reflected in the actual system requirements. Our integrated strategy thus focuses on the initial specification of security policy and privacy policy and their operationalization into system requirements. The ultimate goal of our work is to demonstrate viable solutions for supporting the early stages of the software lifecycle, specifically addressing the need for novel approaches to ensure security and privacy requirements coverage.

Information Privacy/Information Property

Abstract: From most objective standpoints, protecting information privacy though industry self-regulation is an abject failure. The current political climate has been hostile to proposals for meaningful privacy regulation. Privacy advocates have been casting around for some third alternative and a number of them have fastened on the idea that data privacy can be cast as a property right. People should own information about themselves, and, as owners of property, should be entitled to control what is done with it. The essay explores that proposal. I review the recent enthusiasm for protecting data privacy as if it were property, and identify some of the reasons for its appeal. I examine the model and conclude that a property rights approach would be unlikely to improve matters; indeed, it would tend to encourage the market in personal data rather than constraining it. After critiquing the property model, I search for a different paradigm, and explore the possibility that tort law might support a workable approach to data privacy. Current law does not provide a tort remedy for invasion of data privacy, but there are a number of different strands in tort jurisprudence that might be extended to encompass one. In particular, a rubric based loosely on breach of confidence might persuade courts to recognize at least limited data privacy rights. I conclude, however, that while the tort solution is preferable to a property rights approach, it is likely to offer only modest protection. Common law remedies are by their nature incremental, and achieving widespread adoption of novel common law causes of action is inevitably a slow process. Even established common law remedies, moreover, are vulnerable to statutory preemption. Although a rash of state tort law decisions protecting data privacy might supply the most compelling impetus to federal regulation we are likely to achieve, the resulting protection scheme is unlikely to satisfy those of us who believe that data privacy is worth protecting.

Database Nation

Abstract: Fifty years ago, in 1984, George Orwell imagined a future in which privacy was demolished by a totalitarian state that used spies, video surveillance, historical revisionism, and control over the media to maintain its power. Those who worry about personal privacy and identity--especially in this day of technologies that encroach upon these rights--still use Orwell's "Big Brother" language to discuss privacy issues. But the reality is that the age of a monolithic Big Brother is over. And yet the threats are perhaps even more likely to destroy the rights we've assumed were ours. Database Nation: The Death of Privacy in the 21st Century shows how, in these early years of the 21st century, advances in technology endanger our privacy in ways never before imagined. Direct marketers and retailers track our every purchase; surveillance cameras observe our movements; mobile phones will soon report our location to those who want to track us; government eavesdroppers listen in on private communications; misused medical records turn our bodies and our histories against us; and linked databases assemble detailed consumer profiles used to predict and influence our behavior. Privacy--the most basic of our civil rights--is in grave peril. Simson Garfinkel--journalist, entrepreneur, and international authority on computer security--has devoted his career to testing new technologies and warning about their implications. This newly revised update of the popular hardcover edition of Database Nation is his compelling account of how invasive technologies will affect our lives in the coming years. It's a timely, far-reaching, entertaining, and thought-provoking look at the serious threats to privacy facing us today. The book poses a disturbing question: how can we protect our basic rights to privacy, identity, and autonomy when technology is making invasion and control easier than ever before? Garfinkel's captivating blend of journalism, storytelling, and futurism is a call to arms. It will frighten, entertain, and ultimately convince us that we must take action now to protect our privacy and identity before it's too late.

Employee Monitoring and Computer Technology: Evaluative Surveillance V. Privacy

Abstract: In this article I address the tension between evaluative surveillance and privacy against the backdrop ofthe current explosion of information technology. More specifically, and after a brief analysis of privacy rights, I argue that knowledge of the different kinds of surveillance used at any given company should be made explicit to the employees. Moreover, there will be certain kinds of evaluative monitoring that violate privacy rights and should not be used in most cases. Too many employers practice a credo of "In God we trust, others we monitor."

Information Privacy/information Property

Abstract: From most objective standpoints, protecting information privacy though industry self-regulation is an abject failure. The current political climate has been hostile to proposals for meaningful privacy regulation. Privacy advocates have been casting around for some third alternative and a number of them have fastened on the idea that data privacy can be cast as a property right. People should own information about themselves, and, as owners of property, should be entitled to control what is done with it. The essay explores that proposal. I review the recent enthusiasm for protecting data privacy as if it were property, and identify some of the reasons for its appeal. I examine the model and conclude that a property rights approach would be unlikely to improve matters; indeed, it would tend to encourage the market in personal data rather than constraining it. After critiquing the property model, I search for a different paradigm, and explore the possibility that tort law might support a workable approach to data privacy. Current law does not provide a tort remedy for invasion of data privacy, but there are a number of different strands in tort jurisprudence that might be extended to encompass one. In particular, a rubric based loosely on breach of confidence might persuade courts to recognize at least limited data privacy rights. I conclude, however, that while the tort solution is preferable to a property rights approach, it is likely to offer only modest protection. Common law remedies are by their nature incremental, and achieving widespread adoption of novel common law causes of action is inevitably a slow process. Even established common law remedies, moreover, are vulnerable to statutory preemption. Although a rash of state tort law decisions protecting data privacy might supply the most compelling impetus to federal regulation we are likely to achieve, the resulting protection scheme is unlikely to satisfy those of us who believe that data privacy is worth protecting.

Protecting privacy in publicq Surveillance technologies and the value of public places

Abstract: While maintaining the importance of privacy for critical evaluations of surveillance technologies, I suggest that privacy also constrains the debate by framing analyses in terms of the individual. Public space provides a site for considering what is at stake with surveillance technologies besides privacy. After describing two accounts of privacy and one of public space, I argue that surveillance technologies simultaneously add an ambiguity and a specificity to public places that are detrimental to the social, cultural, and civic importance of these places. By making public places accessible to other places and/or times, surveillance technologies make these social contexts ambiguous by blurring their spatial and temporal bounds. At the same time, surveillance technologies valence public places in functionally specific ways that are detrimental to informal civic life. To complement defensive approaches to surveillance technologies based on individual privacy, I conclude by suggesting how sociality as a relational value or an ethics of place as a contextual value could provide a proactive line of reasoning for affirming the value of that which is between people and places.

An Online Public Auction Protocol Protecting Bidder Privacy

Abstract: On-line auctioning is one of the fundamental services for the new Internet economy. Most current auction services are public auction where all bids are made available to any party. User privacy is a primary concern in electronic world because electronic environment facilitates the gathering of personal data. This paper proposes a public auction protocol that achieves bidder privacy using binding group signatures. A concrete solution for preventing defaults in auctions is also presented.

Breach of Confidence as a Privacy Remedy in the Human Rights Act Era

Abstract: This article examines the impact of the Human Rights Act (HRA) on the current lack of a remedy for non-consensual publication of personal information by the media. It argues that the action for breach of confidence is now ripe for development into a privacy law in all but name and that the normative impetus for this enterprise can be found in the HRA which will require domestic courts to consider Convention jurisprudence. It will suggest that when Strasbourg decisions are examined in the context of more general Convention doctrines, they may be seen to suggest the need for an effective privacy remedy. Drawing upon approaches from other jurisdictions it seeks to demonstrate that principled solutions may be found to the thicket of legal problems associated with such development. It contends that the main objection to this enterprise, the perceived threat to media freedom, is largely misplaced, as analysis at the theoretical and doctrinal levels reveals that speech and privacy interests are in many respects mutually supportive and the areas of conflict small and readily susceptible to resolution.