Prior to the terrorist attacks on the World Trade Center and the Pentagon, Congress and the courts were backing demands for greater accountability and restraint from online companies and law enforcement agencies over wiretapping and other intelligence-gathering activities. The FTC conducted investigations exposing some online data-gathering companies of misuse of consumer information, brought privacy-invasion lawsuits against others for selling personal information, and called on Congress to more rigorously protect consumers through laws that establish standard practices for the collection and use of online information. As a result, by September 11, an abundance of Internet privacy bills were floating around Congress.
In a national crises atmosphere of fear, paranoia, and patriotism in the wake of September 11, the momentum that had been tilting toward more effective online consumer protection was instantly reversed. Understandably, public opinion, as well as governmental priorities, over the balance of individual rights and national security, shifted dramatically. Internet privacy bills have taken a backseat to a spate of bills, some already passed into law, that focus on allowing the government greater liberty to use surveillance technology, including Internet wiretaps
In fear of terrorism and war, are Americans allowing too much power and authority without little oversight or accountability? This paper traces the direction of regulatory activities with regard to Internet privacy over the last several years.
The Internet dramatically increased the amount of data that can be collected about individuals, simultaneously increasing the potential to invade information privacy. In the years immediately preceding the terrorist attacks on the World Trade Center and the Pentagon, Internet privacy was a volatile issue. Public disclosure regarding the collection and misuse of personal data by some online companies heightened user concern. Privacy advocates, human rights groups, and government regulatory agencies were pushing for stringent privacy protection measures. The debate focused primarily on tracking and data-compilation technologies widely used on the Internet without users' knowledge or consent. The controversy prompted both the industry and Congress to take action. The industry took steps toward self-regulation, while Congress introduced a plethora of bills designed to protect consumer online information.
The tragic events of September 11 softened both public and government commitment to privacy. The administration's position changed from protecting online information to obtaining the ability to access online information. Congress postponed the legislative agenda to work on anti-terrorism legislation. The Federal Trade Commission reversed its stance advocating tough new laws regulating online privacy to better enforcement of existing regulations and letting the industry police online activities.
The purpose of this paper is to trace the direction of activities, including regulations and proposed regulations with regard to online information privacy, over the last few years. Specifically, the paper discusses government activities before the terrorist attacks as well as the impact of that event on regulatory actions.
ISSUES AND ACTIVITIES PRIOR TO 9/11
Internet privacy issues revolved around tracking devices, such as cookies and Web bugs, and data aggregation. A cookie is a piece of information created by a Web server, and then written to a user's hard drive (Eichelberger, 2000). Web bugs are invisible gifs-transparent pictures that are placed on Web pages to more easily track page usage and returning users (Teinowitz, 2001a). Both cookies and Web bugs are embedded without a user's knowledge or consent. DoubleClick, the largest online marketing firm, has agreements with over 11,000 Web sites, maintains cookies on 100 million users, and has placed Web bugs on over 60,000 different Web pages, each linking to hundreds of pieces of information about a user's browsing habits. …