Internet Privacy

• Reports and Resources |
• Topic Areas |
• News

EPIC Reports and Resources

• EPIC Report 94-1 Privacy Guidelines for the National Information Infrastructure, 1994
• "Surfer Beware III: Privacy Policies Without Privacy Protection" (1999).
• "Surfer Beware II: Notice is Not Enough" (1998).
• EPIC Report, "Surfer Beware: Personal Privacy and the Internet" is based on a review of the privacy practices of top Internet web sites. The report examines the current state of privacy policies on the Internet and includes recommendations to protect online privacy, June 1997.
• Practical Privacy Tools. Information on how to get PGP and other encryption programs, anonymous remailers and other privacy enhancing technologies.
• EPIC's Online Guide to Privacy Resources.
• Internet Privacy: Overview and Pending Legislation (PDF), CRS Report for Congress RL31408, updated February 6, 2003.
• Personal Privacy Protection: The Legislative Response (PDF), CRS Report for Congress RL30671, updated May 24, 2001.

Topic Areas

• Cookies. What *are* those nasty little things, and who's been putting them on your hard drive? Check our cookies page for a list of good resources.
• Cryptography Policy Information on the Clipper Chip, Key Escrow and other pending issues related to cryptography policy.
• Electronic Mail. "Electronic Interaction in the Workplace: Monitoring, Retrieving and Storing Employee Communications in the Internet Age," a comprehensive analysis (from the *employer* perspective) by Mark S. Dichter and Michael S. Burkhardt (October 1996). For a different perspective, see the Ontario Privacy Principles for E-mail.
• Federal Trade Commission. Consumer protector or industry lapdog? What the FTC has done (or not done) on protecting privacy on the net.
• SPAM -- Unsolicited Commercial E-Mail. Resources on SPAM and pending proposals to curb it.

News

• EPIC Submits Comment for Online Profiling Workshop. The National Telecommunications and Information Administration (NTIA) of the United States Department of Commerce and the Federal Trade Commission held a public workshop on "online profiling" on November 8, 1999. EPIC filed a request to participate and submitted a comment (PDF) on the effectiveness of industry self-regulation with regards to the surreptitious collection of information from individuals. In the comment, EPIC argues that -- in the absence of meaningful legal protections -- the privacy of individuals will continue to be invaded. On November 30, EPIC also submitted reply comments (PDF) after the workshop. (November 1999)
• Lawsuit Filed Against Earthlink for Violating Email Privacy. A New York man has filed a lawsuit against ISP Earthlink for violating the Electronic Communications Privacy Act of 1986.
• Academics, Advocates, Experts Call for National Conference on Privacy. A group of more than 70 leading privacy scholars, advocates, and technical experts have urged the Department of Commerce to ensure that a proposed White House conference on privacy is not dominated by special interest groups. The group says that it is also time to assess the adequacy of "self-regulation" as a means to protect privacy. (March 1998)
• EPIC Testifies In Congress. In testimony on March 26, EPIC Director Marc Rotenberg told the House Judiciary Committee that current U.S. privacy policy is backward -- "We impose government controls on techniques to protect privacy, where market-based solutions are preferable. And we leave privacy problems to the market, where government involvement is required." Other testimony from the hearing is available. (March 1998)
• Court Blocks Discharge in Navy/AOL Privacy Case. A federal judge in Washington has enjoined the dismissal of a highly decorated sailor who was ordered discharged after America Online turned over confidential information to a Navy investigator (the text of the decision is available). The ruling comes in the sailor's lawsuit against the Navy alleging privacy violations. EPIC has sent a letter to Navy Secretary Dalton, urging a formal inquiry into an apparently illegal disclosure of personal information. The Navy may have violated federal law; AOL appears to have violated its contractual obligation to protect subscriber privacy. Write the President and Pentagon officials!
• Internet Users Want Privacy Legislation. The latest survey from the GVU reveals that 72% of Internet users believe there should be new laws to protect privacy on the Internet. The survey also found that 82% of users object to the sale of personal information. The survey suggests a sharp increase in privacy concerns since the last GVU poll.
• "Look Up" Industry Sidesteps Regulation. The Federal Trade Commission, which had been asked by Congress to investigate "possible violations of consumer privacy rights by companies that operate computer data bases," has decided instead to endorse industry guidelines that lack enforcement and provide no legal rights for aggrieved parties.
• FTC Finds Little Privacy for Kids on the Internet. The Federal Trade Commission surfed children's web sites to review privacy practices and found that many web sites are collecting data on kids and few are obtaining parental consent.
• Consumer Groups Question FTC Report. Several privacy and consumer organizations that participated in the FTC's Consumer Privacy Workshop have questioned the accuracy of a preliminary report submitted by the FTC to Senator McCain. The letter from CFA, CME, EFF, EPIC, PRC and others says that the FTC misrepresented a critical consumer survey that showed strong support for privacy legislation. See the EPIC FTC archive for general background as well as the original letter from the Senate Commerce Committee which asked the the Commission to "investigate the compilation, sale, and usage of electronically transmitted data bases that include identifiable personal information of private citizens without their knowledge."
• America Online Nixes Plan to Sell Phone Numbers. Responding to widespread criticism, America Online has reversed its decision to sell subscriber telephone numbers. In a quiet change to its privacy policy, AOL had planned to add member phone numbers to the list of personal information that it sells to direct marketers. It is unclear whether the company intends to go forward with its plans to use "navigational" or "transactional" information (such as where you go or what you buy through AOL) to "develop member lists for companies with which AOL has a contractual marketing relationship." EPIC has sent a letter to the online service seeking clarification.