A concept near and dear to my heart for years now has re-surfaced in the news. For many years, I made my living working with computers. Prior to being an attorney, I worked with the first two Internet Service Provider companies in the Fresno area. This was immediately after the first Internet web browser (Mosaic) was developed and the Internet “went commercial.”

Being of a philosophical bent and also with a strong interest in Anthropology, I couldn’t help but ponder some the impact the Internet was having on our world. And, of course, privacy issues were quickly becoming paramount.

The impact computers and internetworks have had upon privacy concerns is not limited to the Internet, of course. Nowadays, in particular, someone who wanted to know could tell what kind of food you prefer to eat, what types of medicines you require, what books you like to read, etc. Even if you don’t use a credit card, you probably have something like a Von’s card. These are perfectly good for tracking your purchases and dumping them into some massive database somewhere just waiting to be mined.

And don’t give me that, “It’s not tracking individual purchases. It just collects data, but ‘anonymously.'” Do you think when the checker looks at your receipt and says, “Thank you, Mr. Horowitz,” that they just happen to have prodigious memories and recognize all the customers who’ve ever come through the line?

But enough of longing for the old days, when what one ate, bought, or needed was nobody else’s business.

Recently, Judge Kozinski of the Ninth Circuit Court of Appeals was smeared by the media after an angry litigant invaded his privacy and discovered what, for awhile, was erroneously referred to as “Internet porn.” [1]For those who may visit this article after the links have expired, there was no Internet porn. There was definitely no bestiality. As others have noted, the “bestiality video” was a silly video that had been posted on YouTube — hardly the hotbed of hardcore perverse pornography. Whoa! A judge in the Ninth Circuit Court of Appeals is into Internet porn!?!?

Turns out, it’s not quite that juicy. [2]See Lawrence Lessig’s article on this for more at http://www.lessig.org/blog/2008/06/the_kozinski_mess.html.

The interesting thing about this is not that Judge Kozinski had files of which some people might disapprove on his computer. Nor is it interesting to realize how easy it is to incorrectly set up a computer so that it can be invaded by miscreants who don’t care about your privacy rights. What’s interesting is the people saying things like, “There is no expectation of privacy on the Internet.”

Why not? My initial response to this statement, posted earlier today on the ABA’s solo practitioners’ listserv, was similar to that of Lawrence Lessig’s. [3]Ibid.

The thing I find wrong with arguments against any expectation of privacy on the Internet is this: I see no difference between hacking into someone’s computer system and hacking into their house, or mailbox. Some people hack into houses using their feet: I’ve defended some whose alleged modus operandi is kicking in doors. Others break windows. Some simply walk in to homes after owners leave doors unlocked. Do none of those people who choose to live in houses have a reasonable expectation of privacy in their own homes?

Some people hack into mailboxes by various means. For the older-style mailboxes that don’t have keys, hacking is even easier: there’s not so much as an index.php or index.html. [4]Such pages will usually prevent you from seeing what other files might exist in the same directory where they are found. You simply walk to the box outside the house, pull the front open with the handy latch and, voila!, you’re in! Then you hack into the envelope and retrieve the goodies.

The argument that people don’t have an expectation of privacy in their own stuff just because it’s possible to hack into it without having to physically kick in a door or break into a mailbox is specious. The ownership of the stuff is undisputed. The DESIRE to not have others going through one’s stuff is likely still there. Just because the invaders did not have to physically journey to your home to violate you doesn’t make you any less violated. That they could rifle through your private communications without having to actually break the doors or physically tear open the envelopes should not alter whether or not you have an expectation of privacy.

Unless we think that your stupidity in owning a house and keeping things behind a door which can be kicked in, or having an old-style mailbox anyone can pull open to steal your mail means you have no reasonable expectation of privacy.

I’m sorry. There are no locks so strong that they can’t be broken somehow. Just ask Benjamin Franklin Gates.

Sign up for my newsletter and receive a free ePamphlet on "How to Hire a Criminal Defense Lawyer."

References   [ + ]

1. For those who may visit this article after the links have expired, there was no Internet porn. There was definitely no bestiality. As others have noted, the “bestiality video” was a silly video that had been posted on YouTube — hardly the hotbed of hardcore perverse pornography.
2. See Lawrence Lessig’s article on this for more at http://www.lessig.org/blog/2008/06/the_kozinski_mess.html.
3. Ibid.
4. Such pages will usually prevent you from seeing what other files might exist in the same directory where they are found.

23 comments

  1. Also, I wanted to stress that I am of the opinion that YOU should absolutely have and expect privacy as it relates to your personal property (i.e. your computer); however, when you start using someone else’s property to do things on the internet (like accessing servers) and giving them information about you, that is another matter.

    By default, there should be no expectation of privacy; instead it should be established opt-in style between the communicating parties. The important aspect of privacy should be focused on how it is identified, established, maintained, and verified between opt-in parties. Expectations should be limited to the outcome of that.

  2. Also, I wanted to stress that I am of the opinion that YOU should absolutely have and expect privacy as it relates to your personal property (i.e. your computer); however, when you start using someone else’s property to do things on the internet (like accessing servers) and giving them information about you, that is another matter.

    By default, there should be no expectation of privacy; instead it should be established opt-in style between the communicating parties. The important aspect of privacy should be focused on how it is identified, established, maintained, and verified between opt-in parties. Expectations should be limited to the outcome of that.

  3. Also, I wanted to stress that I am of the opinion that YOU should absolutely have and expect privacy as it relates to your personal property (i.e. your computer); however, when you start using someone else’s property to do things on the internet (like accessing servers) and giving them information about you, that is another matter.

    By default, there should be no expectation of privacy; instead it should be established opt-in style between the communicating parties. The important aspect of privacy should be focused on how it is identified, established, maintained, and verified between opt-in parties. Expectations should be limited to the outcome of that.

  4. The rights afforded to individuals in the “real world” and expectations of privacy are derived from property rights which are important due to resource scarcity (hence the need for them in the first place). The majority of information is not property but communications, which is a part of speech and expression.

    The reason why privacy should not be expected on the internet is because it is ubiquitous, while society and government are not. It is not reasonable to expect privacy beyond the regional governments capabilities to enforce it. Combine the fact that the information is usually speech and not property AND you are often relying on other people’s private (you know real world) property to communicate it on your behalf. Their property rights take precedence over your virtual privacy in most cases.

    If you sign up for a webmail account from a chinese or russian email provider (and you are a us citizen) with the expectation of privacy then you are naive and negligent. It would be like storing your personal items in someone else’s home in Russia then complaining when it gets stolen, often times blaming the homeowner.

    The moment you give into the privacy mentality is the moment internet ubiquity dies. It really comes down to common sense that you cannot expect privacy in SOMEONE else’s home.

    If you want privacy on the internet you need a world government entity that delegates enforcement (can we have world peace too?) or you need to limit your privacy expectations to SPECIFIC entities accountable to your existing government under relevant legislation. Expecting privacy on a site that is relevant and accountable is much more reasonable than expecting privacy on the internet. Good luck with that by the way.

  5. The rights afforded to individuals in the “real world” and expectations of privacy are derived from property rights which are important due to resource scarcity (hence the need for them in the first place). The majority of information is not property but communications, which is a part of speech and expression.

    The reason why privacy should not be expected on the internet is because it is ubiquitous, while society and government are not. It is not reasonable to expect privacy beyond the regional governments capabilities to enforce it. Combine the fact that the information is usually speech and not property AND you are often relying on other people’s private (you know real world) property to communicate it on your behalf. Their property rights take precedence over your virtual privacy in most cases.

    If you sign up for a webmail account from a chinese or russian email provider (and you are a us citizen) with the expectation of privacy then you are naive and negligent. It would be like storing your personal items in someone else’s home in Russia then complaining when it gets stolen, often times blaming the homeowner.

    The moment you give into the privacy mentality is the moment internet ubiquity dies. It really comes down to common sense that you cannot expect privacy in SOMEONE else’s home.

    If you want privacy on the internet you need a world government entity that delegates enforcement (can we have world peace too?) or you need to limit your privacy expectations to SPECIFIC entities accountable to your existing government under relevant legislation. Expecting privacy on a site that is relevant and accountable is much more reasonable than expecting privacy on the internet. Good luck with that by the way.

  6. The rights afforded to individuals in the “real world” and expectations of privacy are derived from property rights which are important due to resource scarcity (hence the need for them in the first place). The majority of information is not property but communications, which is a part of speech and expression.

    The reason why privacy should not be expected on the internet is because it is ubiquitous, while society and government are not. It is not reasonable to expect privacy beyond the regional governments capabilities to enforce it. Combine the fact that the information is usually speech and not property AND you are often relying on other people’s private (you know real world) property to communicate it on your behalf. Their property rights take precedence over your virtual privacy in most cases.

    If you sign up for a webmail account from a chinese or russian email provider (and you are a us citizen) with the expectation of privacy then you are naive and negligent. It would be like storing your personal items in someone else’s home in Russia then complaining when it gets stolen, often times blaming the homeowner.

    The moment you give into the privacy mentality is the moment internet ubiquity dies. It really comes down to common sense that you cannot expect privacy in SOMEONE else’s home.

    If you want privacy on the internet you need a world government entity that delegates enforcement (can we have world peace too?) or you need to limit your privacy expectations to SPECIFIC entities accountable to your existing government under relevant legislation. Expecting privacy on a site that is relevant and accountable is much more reasonable than expecting privacy on the internet. Good luck with that by the way.

  7. I appreciate my Fourth Amendment Right, in fact I cherish them, however the pragmatic world and the world of law sometimes don’t intersect.

    There are laws against invasion of privacy but it still happens, that’s pragmatic. When it’s my government doing the invading, that’s scarier than any terrorist can create.

  8. I appreciate my Fourth Amendment Right, in fact I cherish them, however the pragmatic world and the world of law sometimes don’t intersect.

    There are laws against invasion of privacy but it still happens, that’s pragmatic. When it’s my government doing the invading, that’s scarier than any terrorist can create.

  9. I appreciate my Fourth Amendment Right, in fact I cherish them, however the pragmatic world and the world of law sometimes don’t intersect.

    There are laws against invasion of privacy but it still happens, that’s pragmatic. When it’s my government doing the invading, that’s scarier than any terrorist can create.

  10. The world doesn’t fall under any single legal jurisdiction, either. 😉

    At any rate, the fact that there are lots of thieves in the land does not change the issue regarding an expectation of privacy. Maybe the problem here is this: “expectation of privacy” is, to attorneys, a term of art. I don’t mean as in paint, canvas and all that stuff. I mean patois. If you “have no expectation of privacy,” then this means that there is no legally recognized right preventing the government from invading your otherwise private space and then using anything they find there against you in a court of law.

    Yet you do have such a pre-existing right in your “person[], house[], papers, and effects” recognized by the Fourth Amendment to the United States Constitution. Acquiescence to the idea that, because your computer is “Internet-connected,” you don’t have such a right is opening yourself up to the idea that “anything goes” regarding your computer.

    Do you really believe that? Do you really think that because your computer is sometimes (maybe 24/7 for some of us) connected to the Internet, that you’ve given up all constitutional rights thereto?

    And so, again, we’re right back at square one: Since it’s possible for anyone to break into your house at any time, does this mean you should stop believing you have a right to privacy there? Since anyone, at any time, can — always could, by the way — steal your mail, the government can read it whenever they want, also? No problem?

    I expect such beliefs from uneducated people. It scares me when educated and intelligent people think such things.

    Forgive me if I continue to fight this issue, both with you and in our courts.

  11. The world doesn’t fall under any single legal jurisdiction, either. 😉

    At any rate, the fact that there are lots of thieves in the land does not change the issue regarding an expectation of privacy. Maybe the problem here is this: “expectation of privacy” is, to attorneys, a term of art. I don’t mean as in paint, canvas and all that stuff. I mean patois. If you “have no expectation of privacy,” then this means that there is no legally recognized right preventing the government from invading your otherwise private space and then using anything they find there against you in a court of law.

    Yet you do have such a pre-existing right in your “person[], house[], papers, and effects” recognized by the Fourth Amendment to the United States Constitution. Acquiescence to the idea that, because your computer is “Internet-connected,” you don’t have such a right is opening yourself up to the idea that “anything goes” regarding your computer.

    Do you really believe that? Do you really think that because your computer is sometimes (maybe 24/7 for some of us) connected to the Internet, that you’ve given up all constitutional rights thereto?

    And so, again, we’re right back at square one: Since it’s possible for anyone to break into your house at any time, does this mean you should stop believing you have a right to privacy there? Since anyone, at any time, can — always could, by the way — steal your mail, the government can read it whenever they want, also? No problem?

    I expect such beliefs from uneducated people. It scares me when educated and intelligent people think such things.

    Forgive me if I continue to fight this issue, both with you and in our courts.

  12. The world doesn’t fall under any single legal jurisdiction, either. 😉

    At any rate, the fact that there are lots of thieves in the land does not change the issue regarding an expectation of privacy. Maybe the problem here is this: “expectation of privacy” is, to attorneys, a term of art. I don’t mean as in paint, canvas and all that stuff. I mean patois. If you “have no expectation of privacy,” then this means that there is no legally recognized right preventing the government from invading your otherwise private space and then using anything they find there against you in a court of law.

    Yet you do have such a pre-existing right in your “person[], house[], papers, and effects” recognized by the Fourth Amendment to the United States Constitution. Acquiescence to the idea that, because your computer is “Internet-connected,” you don’t have such a right is opening yourself up to the idea that “anything goes” regarding your computer.

    Do you really believe that? Do you really think that because your computer is sometimes (maybe 24/7 for some of us) connected to the Internet, that you’ve given up all constitutional rights thereto?

    And so, again, we’re right back at square one: Since it’s possible for anyone to break into your house at any time, does this mean you should stop believing you have a right to privacy there? Since anyone, at any time, can — always could, by the way — steal your mail, the government can read it whenever they want, also? No problem?

    I expect such beliefs from uneducated people. It scares me when educated and intelligent people think such things.

    Forgive me if I continue to fight this issue, both with you and in our courts.

  13. Any expectation of internet privacy is naive. The scary thing is this in spite of routers and virus protection, etc our best protection is in our numbers. The bad guys just haven’t gotten to us yet.

    Additionally, if you want to do any business on the web, you have to allow the ‘good’ guys to drop cookies on your hard drive and track your purchase history. If you just want to ‘window’ shop, chances are that a tracking cookie is still being placed on your PC so the marketing world can see where you visit and how long you stay there. And don’t forget, these are the GOOD guys.

    And don’t get me started about employers reading your emails, whether they are addressed to them or not.

    The internet is, quite simply, a bad neighborhood. You lock your doors, you don’t leave anything in your car, you watch where you walk.

    Perhaps the scariest part is that the internet really doesn’t fall under any single legal jurisdiction. The bad guys (and the information they collect) can be across the world in seconds…along with your privacy.

    Tread carefully…

  14. Any expectation of internet privacy is naive. The scary thing is this in spite of routers and virus protection, etc our best protection is in our numbers. The bad guys just haven’t gotten to us yet.

    Additionally, if you want to do any business on the web, you have to allow the ‘good’ guys to drop cookies on your hard drive and track your purchase history. If you just want to ‘window’ shop, chances are that a tracking cookie is still being placed on your PC so the marketing world can see where you visit and how long you stay there. And don’t forget, these are the GOOD guys.

    And don’t get me started about employers reading your emails, whether they are addressed to them or not.

    The internet is, quite simply, a bad neighborhood. You lock your doors, you don’t leave anything in your car, you watch where you walk.

    Perhaps the scariest part is that the internet really doesn’t fall under any single legal jurisdiction. The bad guys (and the information they collect) can be across the world in seconds…along with your privacy.

    Tread carefully…

  15. Any expectation of internet privacy is naive. The scary thing is this in spite of routers and virus protection, etc our best protection is in our numbers. The bad guys just haven’t gotten to us yet.

    Additionally, if you want to do any business on the web, you have to allow the ‘good’ guys to drop cookies on your hard drive and track your purchase history. If you just want to ‘window’ shop, chances are that a tracking cookie is still being placed on your PC so the marketing world can see where you visit and how long you stay there. And don’t forget, these are the GOOD guys.

    And don’t get me started about employers reading your emails, whether they are addressed to them or not.

    The internet is, quite simply, a bad neighborhood. You lock your doors, you don’t leave anything in your car, you watch where you walk.

    Perhaps the scariest part is that the internet really doesn’t fall under any single legal jurisdiction. The bad guys (and the information they collect) can be across the world in seconds…along with your privacy.

    Tread carefully…

  16. Yep, I’ve thrown in the towel on privacy. Once the spammers got ahold of my email addy, that’s all she wrote. I cannot delude myself into thinking that I will have privacy on the net or even that I may be entitled to have it. It just ain’t happening. So with that in mind, I try to keep as little out there as possible, so that at least they’re only gonna get what I want them to have.

    Now I’m talking about personal information disseminated on the internet either by me or gleaned elsewhere. But as far as Big Brother reaching into my computer and its hard drive, that is disconcerting. But with all the trojans and keyloggers and zombie computers out there, you’d be naive to expect THAT isn’t safe either. I do what I can to protect it. E.g., not loging in with the admin account, keeping sensitive data on media that is not accessible from the net, etc.

    But if you were to ask me, I guess my line in the sand is my router. Anything on the other side of it, fair game/ On my side of it, keep your meathooks off it. 🙂

    Joni Muellers last blog post..Good Samaritan My Hind End!

  17. Yep, I’ve thrown in the towel on privacy. Once the spammers got ahold of my email addy, that’s all she wrote. I cannot delude myself into thinking that I will have privacy on the net or even that I may be entitled to have it. It just ain’t happening. So with that in mind, I try to keep as little out there as possible, so that at least they’re only gonna get what I want them to have.

    Now I’m talking about personal information disseminated on the internet either by me or gleaned elsewhere. But as far as Big Brother reaching into my computer and its hard drive, that is disconcerting. But with all the trojans and keyloggers and zombie computers out there, you’d be naive to expect THAT isn’t safe either. I do what I can to protect it. E.g., not loging in with the admin account, keeping sensitive data on media that is not accessible from the net, etc.

    But if you were to ask me, I guess my line in the sand is my router. Anything on the other side of it, fair game/ On my side of it, keep your meathooks off it. 🙂

    Joni Muellers last blog post..Good Samaritan My Hind End!

  18. In reading your comments, I think we’re talking about an apples and oranges thing here, in a way. You seem to be saying that since the world is full of thieves and you can’t really properly lock your door, you’ve given up trying.

    That’s different from saying that you should not have an expectation of privacy in your own stuff.

    But as for the point you seem to be arguing: If some month, you came home every day to find that someone had broken into your house and gone through your papers, would you say, “Oh, well. I have no reasonable expectation of privacy in my own home. Ce la vie. Let’s go to a movie.”?

    I don’t think so. Yet you seem to be arguing that since it can be easy for some people to break into an Internet-connected computer, that changes everything.

    I mean no disrespect — hopefully you know me well enough to know that — but that’s kind of silly. The ease with which some people can do things they should not do isn’t the gauge by which we decide whether or not to just shrug our shoulders over it and say that it’s okay.

  19. In reading your comments, I think we’re talking about an apples and oranges thing here, in a way. You seem to be saying that since the world is full of thieves and you can’t really properly lock your door, you’ve given up trying.

    That’s different from saying that you should not have an expectation of privacy in your own stuff.

    But as for the point you seem to be arguing: If some month, you came home every day to find that someone had broken into your house and gone through your papers, would you say, “Oh, well. I have no reasonable expectation of privacy in my own home. Ce la vie. Let’s go to a movie.”?

    I don’t think so. Yet you seem to be arguing that since it can be easy for some people to break into an Internet-connected computer, that changes everything.

    I mean no disrespect — hopefully you know me well enough to know that — but that’s kind of silly. The ease with which some people can do things they should not do isn’t the gauge by which we decide whether or not to just shrug our shoulders over it and say that it’s okay.

  20. In reading your comments, I think we’re talking about an apples and oranges thing here, in a way. You seem to be saying that since the world is full of thieves and you can’t really properly lock your door, you’ve given up trying.

    That’s different from saying that you should not have an expectation of privacy in your own stuff.

    But as for the point you seem to be arguing: If some month, you came home every day to find that someone had broken into your house and gone through your papers, would you say, “Oh, well. I have no reasonable expectation of privacy in my own home. Ce la vie. Let’s go to a movie.”?

    I don’t think so. Yet you seem to be arguing that since it can be easy for some people to break into an Internet-connected computer, that changes everything.

    I mean no disrespect — hopefully you know me well enough to know that — but that’s kind of silly. The ease with which some people can do things they should not do isn’t the gauge by which we decide whether or not to just shrug our shoulders over it and say that it’s okay.

  21. So, by analogy, then, while it would be *nice* to *expect* some amount of privacy in your home, once it’s out on the land, it’s fair game, pretty much.

    Your uncle was, no doubt, right. So, does the fact that someone can get in mean you have no expectation of privacy?

    The fact that someone can hack into your house, or mailbox, or other areas — like your computer attached to the Internet — does not impact the expectation of privacy. If it did, then you would have *no* expectation of privacy in your home. Burglars are a well-known part of reality.

    My point was that just because your personal, private computer is attached to the Internet is no different. Your house is attached to the earth. No doubt for virtual (pun intended) all of us, that piece of earth is reachable by a road, street, or path. Even in this day and age, many people do not always lock their doors. Does this mean that because “it’s out there” in the sense that someone can get to it, without even having to kick in the door, you have *no* expectation of privacy in your own home?

    There’s no reason the Internet should be any different in that regard. Your computer may be attached to the Internet. And some people may not lock their doors. That does not change whether or not they have a reasonable expectation of privacy in their computers.

    If it does, then *by the same reasoning*, you have no reasonable expectation of privacy in your home.

  22. So, by analogy, then, while it would be *nice* to *expect* some amount of privacy in your home, once it’s out on the land, it’s fair game, pretty much.

    Your uncle was, no doubt, right. So, does the fact that someone can get in mean you have no expectation of privacy?

    The fact that someone can hack into your house, or mailbox, or other areas — like your computer attached to the Internet — does not impact the expectation of privacy. If it did, then you would have *no* expectation of privacy in your home. Burglars are a well-known part of reality.

    My point was that just because your personal, private computer is attached to the Internet is no different. Your house is attached to the earth. No doubt for virtual (pun intended) all of us, that piece of earth is reachable by a road, street, or path. Even in this day and age, many people do not always lock their doors. Does this mean that because “it’s out there” in the sense that someone can get to it, without even having to kick in the door, you have *no* expectation of privacy in your own home?

    There’s no reason the Internet should be any different in that regard. Your computer may be attached to the Internet. And some people may not lock their doors. That does not change whether or not they have a reasonable expectation of privacy in their computers.

    If it does, then *by the same reasoning*, you have no reasonable expectation of privacy in your home.

  23. I’m not so sure I agree. While it would be *nice* to *expect* some amount of privacy, once it’s out on the Net, it’s fair game, pretty much. What I do have a big problem with, though, is the “1984”-like tracking that sites like Amazon and e-Bay do. Adsense works along those same lines.

    I’ve read so many stories about folks getting busted for porn after taking their computer to a repair shop. Not that I have any porn on my computer, but I had the occasion to take all three of my computers in for repair and before I did so, I backed up their contents to two separated drives and nuked everything in each “My Documents” folder. Not because I had something to hide, but because I don’t want some bored computer repairperson sifting through my stuff.

    And remember a few years ago, the Sony “rootkit” debacle? Read about that here:
    http://www.wired.com/politics/security/commentary/securitymatters/2005/11/69601

    I try to remember what a favorite uncle once told me: Locks only keep honest people out. 🙂

Leave a comment:

Your email address will not be published. Required fields are marked *

Free ePamphlet

Sign up for my newsletter and receive a free ePamphlet on "How to Hire a Criminal Defense Lawyer."

Recent Posts

Topics

Archives