Among the many legal issues presented by the Internet, privacy is a leading problem. In fact, Internet privacy covers a broad range of concerns: fears about the safety of children in chat rooms and on the World Wide Web, the privacy of e-mail, the vulnerability of web users to having their Internet use habits tracked, the collection and use of personal information, the freedom of people to chat and post messages anonymously. Moreover, the rapid evolution of the Internet has frequently brought such privacy concerns before lawmakers and the courts.
Privacy concerns are frequently newsworthy. During the 1990s, child safety advocates highlighted special online dangers for children following high-profile abuse cases. Internet commerce has also been affected, too. The Federal Trade Commission (FTC) report noted in 2000 in its annual report to Congress that survey data demonstrated 92% of consumers are concerned about the misuse of personal information online. Privacy concerns over unsolicited commercial messages arose as Internet users battled to keep this so-called “spam” out of their e-mail inboxes, while in 2001, civil liberties advocates opposed potential abuse by the Federal Bureau of Investigation of its Carnivore hardware, a data-collecting technology attached to Internet services for criminal investigation.
Congress has been reluctant to enact legislation, relying upon a privacy law last revised in 1986 and passing only one new Internet privacy law in the 1990s. This was not for want of ideas. Numerous bills proposing Internet privacy protections were submitted in Congress during the late 1990s and early 2000s, and the Federal Trade Commission (FTC) also proposed legal reform. But lawmakers showed deep reservations about trifling with Internet regulation of privacy, expressing fears about hurting online commerce and creating an unenforceable regulatory scheme. Internet crime laws passed, but these criminalized intrusive and destructive behaviors without directly creating privacy rights.
The legal framework for online privacy thus rests largely on two federal laws, a subdued federal regulatory approach, a mixture of state laws, and contradictory case law from the courts:
- In 1986, Congress significantly updated the Electronic Communications Privacy Act (ECPA), originally enacted two decades earlier in 1968 to prevent telephone wiretapping. The law protects the privacy of much online communication, such as e-mail and other digital messaging, but far from all of it. The law offers little privacy protection to electronic communication in the workplace, which courts have further restricted.
- The Children’s Online Privacy Protection Act of 1998 was passed amid complaints that websites frequently sought too much personal information from children. The law requires website operators to maintain privacy policies, grants parents powers to control information gleaned from their children by websites, and grants regulatory power to the FTC.
- Throughout the 1990s, the FTC studied and recommended proposals for new Internet privacy laws. The commission made such recommendations again in its annual 2000 report on the issue, but in 2001 new FTC leadership called for more study of the issue and a continued emphasis on self-regulation by business.
- Passed in response to the September 11, 2001 terrorist attacks upon the United States, the Patriot Act of 2001 appeared likely to significantly impact online privacy. The law dramatically increases federal police investigatory powers, including the right to intercept e-mail and track Internet usage.
- Courts have offered mixed verdicts on anonymity on the Internet. In 1997, Georgia was prohibited from enforcing a statute that barred anonymous communication in ACLU v. Miller. In subsequent cases, courts have allowed plaintiffs to force disclosure of the identities of anonymous users of Internet message boards, but some have required that strict evidentiary standards are met by plaintiffs first.