Privacy

From Wikipedia, the free encyclopedia

For other uses, see Privacy (disambiguation).

The examples and perspective in this article deal primarily with Western culture and do not represent a worldwide view of the subject. Please improve this article and discuss the issue on the talk page. (June 2011)
Privacy (from Latin: privatus "separated from the rest, deprived of something, esp. office, participation in the government", from privo "to deprive") is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes. Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm. When something is private to aperson, it usually means there is something within them that is considered inherently special or personally sensitive. The degree to which private information is exposed therefore depends on how the public will receive this information, which differs between places and over time. Privacy partially intersects security, including for instance the concepts of appropriate use, as well as protection, of information. The right not to be subjected to unsanctioned invasion of privacy by the government, corporations or individuals is part of many countries'privacy laws, and in some cases, constitutions. Almost all countries have laws which in some way limit privacy; an example of this would be law concerning taxation, which normally require the sharing of information about personal income or earnings. In some countries individual privacy may conflict with freedom of speech laws and some laws may require public disclosure of information which would be considered private in other countries and cultures. Privacy may be voluntarily sacrificed, normally in exchange for perceived benefits and very often with specific dangers and losses, although this is a very strategic view of human relationships. Academics who are economists, evolutionary theorists, and research psychologists describe revealing privacy as a 'voluntary sacrifice', for instance by willing participants in sweepstakes or competitions. In the business world, a person may volunteer personal details (often for advertising purposes) in order to gamble on winning a prize. Personal information which is voluntarily shared but subsequently stolen or misused can lead to identity theft. Privacy, as the term is generally understood in the West, is not a universal concept and remained virtually unknown in some cultures until recent times. Most cultures, however, recognize the ability of individuals to withhold certain parts of their personal information from wider society - a figleaf over the genitals being an ancient example. The word "privacy" is sometimes regarded as untranslatable[1] by linguists. Many languages lack a specific word for "privacy". Such languages either use a complex description to translate the term (such as Russian

combine meaning of - solitude, - secrecy, and - private life) or borrow English "privacy" (as Indonesian Privasi or Italian la privacy).[1]
Contents
[hide]

1 Types of privacy

o o o o

1.1 Brief description of privacy 1.2 Informational 1.3 Organizational 1.4 Spiritual and intellectual

2 History of privacy

o o

2.1 Privacy and technology 2.2 Privacy and the Internet

3 Right to privacy

o o o

3.1 Definitions 3.2 An individual right 3.3 A collective value and a human right

4 Privacy protection

o o o o o

4.1 Free market versus consumer protection approaches 4.2 Privacy law 4.3 Privacy on the Internet 4.4 Privacy and location-based services 4.5 Privacy by design

5 See also 6 References 7 Further reading 8 External links

[edit]Types

of privacy

The term "privacy" means many things in different contexts. Different people, cultures, and nations have a wide variety of expectations about how much privacy a person is entitled to or what constitutes an invasion of privacy.

[edit]Brief

description of privacy

Physical privacy could be defined as preventing "intrusions into one's physical space or solitude" [2] This would include such concerns as:

preventing intimate acts or hiding one's body from others for the purpose of modesty; apart from being dressed this can be achieved bywalls, fences, privacy screens, cathedral glass, partitions between urinals, by being far away from others, on a bed by a bed sheet or ablanket, when changing clothes by a towel, etc.; to what extent these measures also prevent acts being heard varies

video, of aptly named graphic, or intimate, acts, behaviors or body parts preventing unwelcome searching of one's personal possessions preventing unauthorized access to one's home, vehicle or man-cave medical privacy, the right to make fundamental medical decisions without governmental coercion or third party review, most widely applied to questions of contraception

An example of the legal basis for the right to physical privacy is the US Fourth Amendment which guarantees "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures".[3] Most countries have laws regardingtrespassing and property rights also determine the right of physical privacy. Physical privacy may be a matter of cultural sensitivity, personal dignity, and/or shyness. There may also be concerns about safety, if for example one is wary of becoming the victim of crime or stalking.[4] Civil inattention is a process whereby individuals are able to maintain their privacy within a crowd.

[edit]Informational
Main article: Information privacy Information or data privacy refers to the evolving relationship between technology and the legal right to, or public expectation of privacy in the collection and sharing of data about one's self. Privacy concerns exist wherever uniquely identifiable data relating to a person or persons are collected and stored, in digital form or otherwise. In some cases these concerns refer to how data is collected, stored, and associated. In other cases the issue is who is given access to information. Other issues include whether an individual has any ownership rights to data about them, and/or the right to view, verify, and challenge that information. Various types of personal information are often associated with privacy concerns. For various reasons, individuals may object to personal information such as their religion, sexual orientation, political affiliations, or personal activities being revealed, perhaps to avoid discrimination, personal embarrassment, or damage to their professional reputations. Financial privacy, in which information about a person's financial transactions is guarded, is important for the avoidance of fraud includingidentity theft. Information about a person's purchases, for instance, can reveal a

great deal about their preferences, places they have visited, their contacts, products (such as medications) they use, their activities and habits etc. Internet privacy is the ability to determine what information one reveals or withholds about oneself over the Internet, who has access to such information, and for what purposes one's information may or may not be used. For example, web users may be concerned to discover that many of the web sites which they visit collect, store, and possibly share personally identifiable information about them. Similarly, Internet email users generally consider their emails to be private and hence would be concerned if their email was being accessed, read, stored or forwarded by third parties without their consent. Tools used to protect privacy on the Internet include encryption tools and anonymizing services like I2P and Tor. Medical privacy allows a person to withhold their medical records and other information from others, perhaps because of fears that it might affect their insurance coverage or employment, or to avoid the embarrassment caused by revealing medical conditions or treatments. Medical information could also reveal other aspects of one's personal life, such as sexual preferences or proclivity. A right to sexual privacy enables individuals to acquire and use contraceptives without family, community or legal sanctions. Political privacy has been a concern since voting systems emerged in ancient times. The secret ballot helps to ensure that voters cannot be coerced into voting in certain ways, since they can allocate their vote as they wish in the privacy and security of the voting booth while maintaining the anonymity of the vote. Secret ballots are nearly universal in modern democracy, and considered a basic right of citizenship, despite the difficulties that they cause (for example the inability to trace votes back to the corresponding voters increases the risk of someone stuffing additional fraudulent votes into the system: additional security controls are needed to minimize such risks).

[edit]Organizational
Governments agencies, corporations, groups/societies and other organizations may desire to keep their activities or secrets from being revealed to other organizations or individuals, adopting various security practices and controls in order to prevent this. Organizations may seek legal protection for their secrets. For example, a government administration may be able to invoke executive privilege[5] or declares certain information to be classified, or a corporation might attempt to protect valuable proprietary information as trade secrets.[3]

[edit]Spiritual

and intellectual

The earliest legislative development of privacy rights began under British common law, which protected "only the physical interference of life and property." Its development from then on became "one of the most significant chapters in the history of privacy law."[6] Privacy rights gradually expanded to include a "recognition of man's spiritual nature, of his feelings and his intellect."[6] Eventually, the scope of those rights broadened

even further to include a basic "right to be let alone," and the former definition of "property" would then comprise "every form of possession -- intangible, as well as tangible." By the late 19th century, interest in a "right to privacy" grew as a response to the growth of print media, especially newspapers. [6]

[edit]History

of privacy

Further information: Privacy laws of the United States - Early years

[edit]Privacy

and technology

Advertisement for dial telephone service available to delegates to the 1912 Republican convention in Chicago. A major selling point of dial telephone service was that it was "secret", in that no operator was required to connect the call.

As technology has advanced, the way in which privacy is protected and violated has changed with it. In the case of some technologies, such as the printing press or the Internet, the increased ability to share information can lead to new ways in which privacy can be breached. It is generally agreed [7]that the first publication advocating privacy in the United States was the article by Samuel Warren andLouis Brandeis, The Right to Privacy, 4 Harvard L.R. 193 (1890), that was written largely in response to the increase in newspapers and photographs made possible by printing technologies.[8] New technologies can also create new ways to gather private information. For example, in the U.S. it was thought that heat sensors intended to be used to find marijuana growing operations would be acceptable. However in 2001 in Kyllo v. United States (533 U.S. 27) it was decided that the use ofthermal imaging devices that can reveal previously unknown information without a warrant does indeed constitute a violation of privacy.[9]

Generally the increased ability to gather and send information has had negative implications for retaining privacy. As large scale information systems become more common, there is so much information stored in many databases worldwide that an individual has no practical means of knowing of or controlling all of the information about themselves that others may have hold or access. Such information could potentially be sold to others for profit and/or be used for purposes not known to or sanctioned by the individual concerned. The concept of information privacy has become more significant as more systems controlling more information appear. Also the consequences of privacy violations can be more severe. Privacy law in many countries has had to adapt to changes in technology in order to address these issues and, to some extent, maintain privacy rights. But the existing global privacy rights framework has also been criticized as incoherent and inefficient. Proposals such as the APEC Privacy Framework have emerged which set out to provide the first comprehensive legal framework on the issue of global data privacy.

[edit]Privacy

and the Internet

Main article: Internet privacy The Internet has brought new concerns about privacy in an age where computers can permanently store records of everything: "where every online photo, status update, Twitter post and blog entry by and about us can be stored forever," writes law professor and author Jeffrey Rosen.[10] This currently has an effect on employment. Microsoft reports that 75 percent of U.S. recruiters and humanresource professionals now do online research about candidates, often using information provided by search engines, social-networking sites, photo/video-sharing sites, personal web sites and blogs, and Twitter. They also report that 70 percent of U.S. recruiters have rejected candidates based on internet information. [10] This has created a need by many to control various online privacy settings in addition to controlling their online reputations, both of which have led to legal suits against various sites and employers. [10] The ability to do online inquiries about individuals has expanded dramatically over the last decade. Facebook for example, as of July 2010, was the largest social-networking site, with nearly 500 million members, or 22 percent of all Internet users, who upload over 25 billion pieces of content each month. Twitter has more than 100 million registered users. The Library of Congress recently announced that it will be acquiring and permanently storing the entire archive of public Twitter posts since 2006, reports Rosen.[10] According to some experts, many commonly used communication devices may be mapping every move of their users. Senator Al Frankenhas noted the seriousness of iPhones and iPads having the ability to record and store users locations in unencrypted files,[11] although Apple denied doing so.[12] Andrew Grove, co-founder and former CEO of Intel Corporation, offered his thoughts on internet privacy in an interview in 2000:[13]

Privacy is one of the biggest problems in this new electronic age. At the heart of the Internet culture is a force that wants to find out everything about you. And once it has found out everything about you and two hundred million others, that's a very valuable asset, and people will be tempted to trade and do commerce with that asset. This wasn't the information that people were thinking of when they called this the information age.

[edit]Right

to privacy

Privacy uses the theory of natural rights, and generally responds to new information and communication technologies. In North America,Samuel D. Warren and Louis D. Brandeis wrote that privacy is the "right to be let alone" (Warren & Brandeis, 1890) focuses on protecting individuals. This citation was a response to recent technological developments, such as photography, and sensationalist journalism, also known as yellow journalism. Warren and Brandeis declared that information which was previously hidden and private could now be "shouted from the rooftops."[14] Privacy rights are inherently intertwined with information technology. In his widely cited dissenting opinion in Olmstead v. United States(1928), Brandeis relied on thoughts he developed in his Harvard Law Review article in 1890. But in his dissent, he now changed the focus whereby he urged making personal privacy matters more relevant to constitutional law, going so far as saying "the government [was] identified .... as a potential privacy invader." He writes, "Discovery and invention have made it possible for the Government, by means far more effective than stretching upon the rack, to obtain disclosure in court of what is whispered in the closet." At that time, telephones were often community assets, with shared party lines and the potentially nosey human operators. By the time of Katz, in 1967, telephones had become personal devices with lines not shared across homes and switching was electro-mechanical. In the 1970s, new computing and recording technologies began to raise concerns about privacy, resulting in the Fair Information Practice Principles.

[edit]Definitions
In recent years there have been only few attempts to clearly and precisely define a "right to privacy." Some experts assert that in fact the right to privacy "should not be defined as a separate legal right" at all. By their reasoning, existing laws relating to privacy in general should be sufficient. [15] Other experts, such as Dean Prosser, have attempted, but failed, to find a "common ground" between the leading kinds of privacy cases in the court system, at least to formulate a definition.[15] One law school treatise from Israel, however, on the subject of "privacy in the digital environment," suggests that the "right to privacy should be seen as an independent right that deserves legal protection in itself." It has therefore proposed a working definition for a "right to privacy": The right to privacy is our right to keep a domain around us, which includes all those things that are part of us, such as our body, home, thoughts, feelings, secrets and identity. The right to privacy gives us the ability to

choose which parts in this domain can be accessed by others, and to control the extent, manner and timing of the use of those parts we choose to disclose.[15]

[edit]An

individual right

Alan Westin believes that new technologies alter the balance between privacy and disclosure, and that privacy rights may limit government surveillance to protect democratic processes. Westin defines privacy as "the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others". Westin describes four states of privacy: solitude, intimacy, anonymity, reserve. These states must balance participation against norms: Each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication of himself to others, in light of the environmental conditions and social norms set by the society in which he lives. - Alan Westin, Privacy and Freedom, 1968[16] Under liberal democratic systems, privacy creates a space separate from political life, and allows personal autonomy, while ensuring democratic freedoms of association and expression. David Flaherty believes networked computer databases pose threats to privacy. He develops 'data protection' as an aspect of privacy, which involves "the collection, use, and dissemination of personal information". This concept forms the foundation for fair information practices used by governments globally. Flaherty forwards an idea of privacy as information control, "[i]ndividuals want to be left alone and to exercise some control over how information about them is used".[17] Richard Posner and Lawrence Lessig focus on the economic aspects of personal information control. Posner criticizes privacy for concealing information, which reduces market efficiency. For Posner, employment is selling oneself in the labour market, which he believes is like selling a product. Any 'defect' in the 'product' that is not reported is fraud.[18] For Lessig, privacy breaches online can be regulated through code and law. Lessig claims "the protection of privacy would be stronger if people conceived of the right as a property right", and that "individuals should be able to control information about themselves".[19] Economic approaches to privacy make communal conceptions of privacy difficult to maintain.

[edit]A

collective value and a human right

There have been attempts to reframe privacy as a fundamental human right, whose social value is an essential component in the functioning of democratic societies.[citation needed] Amitai Etzioni suggests a communitarian approach to privacy. This requires a shared moral culture for establishing social order.[20] Etzioni believes that "[p]rivacy is merely one good among many others",[21] and that technological effects depend on community accountability and oversight (ibid). He claims that privacy laws only increase government surveillance.[22]

Priscilla Regan believes that individual concepts of privacy have failed philosophically and in policy. She supports a social value of privacy with three dimensions: shared perceptions, public values, and collective components. Shared ideas about privacy allows freedom of conscience and diversity in thought. Public values guarantee democratic participation, including freedoms of speech and association, and limits government power. Collective elements describe privacy as collective good that cannot be divided. Regan's goal is to strengthen privacy claims in policy making: "if we did recognize the collective or public-good value of privacy, as well as the common and public value of privacy, those advocating privacy protections would have a stronger basis upon which to argue for its protection".[23] Leslie Regan Shade argues that the human right to privacy is necessary for meaningful democratic participation, and ensures human dignity and autonomy. Privacy depends on norms for how information is distributed, and if this is appropriate. Violations of privacy depend on context. The human right to privacy has precedent in the United Nations Declaration of Human Rights: "Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."[24] Shade believes that privacy must be approached from a people-centered perspective, and not through the marketplace.[25]

[edit]Privacy [edit]Free

protection

market versus consumer protection approaches

Approaches to privacy can, broadly, be divided into two categories: free market, and consumer protection.[26] In a free market approach, commercial entities are largely allowed to do what they wish, with the expectation that consumers will choose to do business with corporations that respect their privacy to a desired degree. If some companies are not sufficiently respectful of privacy, they will lose market share. Such an approach may be limited by lack of competition in a market, by enterprises not offering privacy options favorable to the user, or by lack of information about actual privacy practices. Claims of privacy protection made by companies may be difficult for consumers to verify, except when they have already been violated. In a consumer protection approach, in contrast, it is acknowledged that individuals may not have the time or knowledge to make informed choices, or may not have reasonable alternatives available. In support of this view, Jensen and Potts showed that most privacy policies are above the reading level of the average person .[27] Therefore, this approach advocates greater government definition and enforcement of privacy standards.

[edit]Privacy

law

Main article: Privacy law Privacy law is the area of law concerning the protecting and preserving of privacy rights of individuals. While there is no universally accepted privacy law among all countries, some organizations promote certain concepts be enforced by individual countries. For example, theUniversal Declaration of Human Rights, article 12, states:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks. Europe For Europe, Article 8 of the European Convention on Human Rights guarantees the right to respect for private and family life, one's home and correspondence. The European Court of Human Rights in Strasbourg has developed a large body of jurisprudence defining this fundamental right to privacy.[citation needed] The European Union requires all member states to legislate to ensure that citizens have a right to privacy, through directives such as the 1995 Directive 95/46/EC on the protection of personal data. It is regulated in the United Kingdom by the Data Protection Act 1998 and in France data protection is also monitored by the CNIL, a governmental body which must authorize legislation concerning privacy before them being enacted. Although there are comprehensive regulations for data protection, Some studies show that despite the laws, there is a lack of enforcement in that no institution feels responsible to control the parties involved and enforce their laws.[28] United Kingdom In the United Kingdom, it is not possible to bring an action for invasion of privacy. An action may be brought under another tort (usually breach of confidence) and privacy must then be considered under EC law. In the UK, it is sometimes a defence that disclosure of private information was in the public interest.[29] There is, however, the Information Commissioner's Office (ICO), an independent public body set up to promote access to official information and protect personal information. They do this by promoting good practice, ruling on eligible complaints, giving information to individuals and organisations, and taking action when the law is broken. The relevant UK laws include: Data Protection Act 1998; Freedom of Information Act 2000; Environmental Information Regulations 2004; Privacy and Electronic Communications Regulations 2003. The ICO has also provided a "Personal Information Toolkit" online which explains in more detail the various ways of protecting privacy online.[30] United States Concerning privacy laws of the United States, privacy is not guaranteed per se by the Constitution of the United States. The Supreme Court of the United States has found that other guarantees have "penumbras" that implicitly grant a right to privacy against government intrusion, for example in Griswold v. Connecticut (1965). In the United States, the right of freedom of speech granted in the First Amendment has limited the effects of lawsuits for breach of privacy. Privacy is regulated in the U.S. by the Privacy Act of 1974, and various state laws. Certain privacy rights have been established in the United

States via legislation such as the Children's Online Privacy Protection Act (COPPA),[31]the GrammLeach Bliley Act (GLB), and the Health Insurance Portability and Accountability Act (HIPAA). Canada Canadian privacy law is governed federally by multiple acts, including the Canadian Charter of Rights and Freedoms, and the Privacy Act (Canada). Mostly this legislation concerns privacy infringement by government organizations. Data privacy was first addressed with thePersonal Information Protection and Electronic Documents Act, and provincial-level legislation also exists to account for more specific cases personal privacy protection against commercial organizations. Australia In Australia there is the Privacy Act 1988. Privacy sector provisions of the Act apply to private sector organisations with a link to Australia, including: 1. individuals who collect, use or disclose personal information in the course of a business. For example, a sole trader's business activities will be regulated (unless it's a small business), but information gathered outside business activities won't be; 2. bodies corporate; and 3. partnerships, unincorporated associations and trusts - any act or practice of a partner, committee member or trustee is attributed to the organisation. Organisations outside Australia must comply with the provisions in some circumstances. Sending information out of Australia is also regulated.[32]

[edit]Privacy

on the Internet

Main article: Internet privacy There are many means to protect one's privacy on the internet. For example e-mails can be encrypted[33] and anonymizing proxies or anonymizing networks like I2P and Tor can be used to prevent the internet service providers from knowing which sites one visits and with whom one communicates. Covert collection of personally identifiable information has been identified as a primary concern by the U.S. Federal Trade Commission.[34] Although some privacy advocates recommend the deletion of original and third-party HTTP cookies, Anthony Miyazaki, marketing professor at Florida International University and privacy scholar, warns that the "elimination of third-party cookie use by Web sites can be circumvented by cooperative strategies with third parties in which information is transferred after the Web site's use of original domain cookies."[35] As of December 2010, the Federal Trade Commission is reviewing policy regarding this issue as it relates tobehavioral advertising.[34] Another aspect of privacy on the Internet relates to online social networking. Several online social network sites (OSNs) are among the top 10 most visited websites globally. A review and evalutation of scholarly work regarding the current state of the value of individuals' privacy of online social networking show the following results: "first, adults seem to be more concerned about potential privacy threats than younger users; second, policy makers should be

alarmed by a large part of users who underestimate risks of their information privacy on OSNs; third, in the case of using OSNs and its services, traditional one-dimensional privacy approaches fall short".[36]

[edit]Privacy

and location-based services

As location tracking capabilities of mobile devices are increasing, problems related to user privacy arise, since user's position and preferences constitute personal information and improper use of them violates user's privacy. Several methods to protect user's privacy when using location based services have been proposed, including the use of anonymizing servers, blurring of information e.a. Methods to quantify privacy have also been proposed, to be able to calculate the equilibrium between the benefit of providing accurate location information and the drawbacks of risking personal privacy.[37] Users of such services may also choose to display more generic location information (i.e. "In the City" or "Philadelphia" or "Work") to some of their more casual acquaintances while only displaying specific location information, such as their exact address, to closer contacts like spouse, relatives, and good friends.

[edit]Privacy

by design

The principle of Privacy by Design states that privacy and data protection are embedded throughout the entire life cycle of technologies, from the early design stage to their deployment, use and ultimate disposal.

Internet privacy
From Wikipedia, the free encyclopedia

Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, providing to third-parties, and displaying of information pertaining to oneself via the Internet. Privacy can entail both Personally Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are unique enough to typically identify a specific person. Internet privacy forms a subset of computer privacy. A number of experts within the field of Internet security and privacy believe that privacy doesn't exist; "Privacy is dead get over it"[1] according to Steve Rambam, private investigator specializing in Internet privacy cases. In fact, it has been suggested that the "appeal of online services is to broadcast personal information on purpose."[2] On the other hand, in his essayThe Value of Privacy, security expert Bruce Schneier says, "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance."[3][4]

Contents
[hide]

1 Levels of privacy 2 Risks to Internet privacy

o o o

2.1 HTTP cookies 2.2 Flash cookies 2.3 Evercookies

o o o o o o

2.3.1 Uses 2.3.2 Defense Against Evercookies

2.4 Device Fingerprinting 2.5 Photographs on the internet 2.6 Search engines 2.7 Data logging 2.8 Privacy within social networking sites 2.9 Internet service providers

3 Legal threats 4 Laws for Internet Privacy Protection 5 Other potential Internet privacy risks 6 Specific cases

6.1 Jason Fortuny and Craigslist

7 See also 8 References

o o o o

8.1 Search engine data and law enforcement 8.2 US v. Ziegler 8.3 State v. Reid 8.4 Robbins v. Lower Merion School District

9 References 10 Further reading 11 External links

[edit]Levels

of privacy

People with only a casual concern for Internet privacy need not achieve total anonymity. Internet users may protect their privacy through controlled disclosure of personal information. The revelation of IP addresses, non-

personally-identifiable profiling, and similar information might become acceptable trade-offs for the convenience that users could otherwise lose using the workarounds needed to suppress such details rigorously. On the other hand, some people desire much stronger privacy. In that case, they may try to achieve Internet anonymity to ensure privacy use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information (P.I.I.) of the Internet user. In order to keep their information private, people need to be careful on what they submit and look at online. When filling out forms and buying merchandise, that becomes tracked and because the information was not private, companies are now sending Internet users spam and advertising on similar products. There are many ways to protect individuals and their finances over the Internet, especially in dealing with investments. To ensure safety, meet with a broker in person or over the phone, to know a real person is dealing with the individuals money. Second, ask questions. If the person on the phone seems uninterested, this is a red flag and should tell the individual that this individual is to not be trusted. Thirdly, protect all personal information. Refrain from giving out full name, address, or any other personal information that could be used to easily access your finances. Only give the information if has showed that the company and the individual is legitimate. Do not ask for an e-mail with a finance statement. A written copy shows that individuals are not dealing with hackers. Lastly, investigate about the company individuals are investing with. [5] There are also many government groups that protect our privacy and be safe on the Internet. The Federal Trade Commission (FTC) stresses that protecting individuals social security number while dealing with things on the Internet is very important. Pay attention to the trash and e-mails that are received from the Internet. Hackers can easily access these important e-mails. Make difficult passwords so not just anyone can easily access information. Verify the sources to make sure they are safe and okay to give personal information. The Internet Crime Complaint Center (IC3) works in a partnership with the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center(NW3C) to help and receive criminal complaints related to the Internet. The US Department of State has a mission to reduce the crime on the Internet internationally. An example of this would be scams that happen from different countries on the Internet.[6] Posting things on the Internet can be harmful to individuals. The information posted on the Internet is permanent. This includes comments written on blogs, pictures, and Internet sites, such as Facebook and Twitter. It is absorbed into cyberspace and once it is posted, anyone can find it and read it. This action can come back and hurt people in the long run when applying for jobs or having someone find person information.[7]

[edit]Risks

to Internet privacy

In todays technological world, millions of individuals are subject to privacy threats. Companies are hired not only to watch what you visit online, but to infiltrate the information and send advertising based on your browsing history. People set up accounts for Facebook; enter bank and credit card information to various websites.

Those concerned about Internet privacy often cite a number of privacy risks events that can compromise privacy which may be encountered through Internet use.[8] These methods of compromise can range from the gathering of statistics on users, to more malicious acts such as the spreading of spyware and various forms of bugs (software errors) exploitation. Privacy measures are provided on several social networking sites to try to provide their users with protection for their personal information. On Facebook for example privacy settings are available for all registered users. The settings available on Facebook include the ability to block certain individuals from seeing your profile, the ability to choose your "friends," and the ability to limit who has access to your pictures and videos. Privacy settings are also available on other social networking sites such as E-harmony and MySpace. It is the user's prerogative to apply such settings when providing personal information on the internet. In late 2007 Facebook launched the Beacon program where user rental records were released on the public for friends to see. Many people were enraged by this breach in privacy, and the Lane v. Facebook, Inc. case ensued. Since the year 2000, Internet access worldwide has steadily been increasing. 92.8% of children between ages 12 and 18 report having access to Internet at home and 56% of these teenagers access this Internet alone in their room. The increase in Internet access for teenagers in a separate room or bedroom presents a concern of safety as their use of the Internet becomes unrestricted. [9] The risks that can be encountered through the usage of the Internet include issues of privacy. Children are more likely to disperse personal information to others across the Internet. 70% of children saw no problem in giving someone their home address or email. 12.7% of 10-12 year olds report sending pictures to others across the Internet.[10] Children and adolescents are very susceptible to misusing the Internet and ultimately risking their privacy. There is a growing concern among parents whose children are now starting to use Facebook and other social media sites on a daily basis. Website information collection practices is another growing concern as young individuals are more vulnerable and unaware of the fact that all of their information and browsing can and may be tracked while visiting a particular site. Individuals who use the Internet have to realize that they must play a role in protecting their own privacy. They must be informed about all of the risks involved while surfing the Internet and browsing. For example, if on Twitter, threats include shortened links that lead you to potentially harmful places. When you are in your e-mail inbox threats include email scams and attachments that get you to install malware and give up personal info. If on Torrent sites the threat includes malware hiding in video, music, and software downloads, and even while using your smartphone threats include geolocation, meaning that your phone can detect where you are and post it online for all to see. Certain measures that consumers are called to act upon include: updating virus protection, mind security settings, download patches, install firewalls, screen e-

mail, shut down spyware, control cookies, deploy encryption, fend off browser hijackers, and block all popups.[11]. [12] The main concern that most people have with the options listed above are that they have no idea how to go about doing any of these things to ensure full protection. How can the average consumer who knows nothing about all of the security settings on their computer be expected to know how to run their own network security? This is a tough issue that most people hire professionals to take care of but one that most people should learn to research more about and take the time to increase their understanding of.
[13]

In 1998, the Federal Trade Commission took into account the lack of privacy of children on the Internet, which resulted in the creation of the Children Online Privacy Protection Act (COPPA). COPPA limits the options gather information from children and created warning labels if potential harmful information or content was presented. In 2000, CIPA (Childrens Internet Protection Act) was developed to implement safe Internet policies such rules, and filter software. Aside from the creation of legislation, the awareness campaigns, parental and adult supervision strategies and Internet filters are alternatives in creating a safer Internet environment for children across the world.[14]

[edit]HTTP

cookies

An HTTP cookie is data stored on a user's computer that assists in automated access to websites or web features, or other state information required in complex web sites. It may also be used for user-tracking by storing special usage history data in a cookie. Cookies are a common concern in the field of privacy. As a result, some types of cookies are classified as a tracking cookie. Although website developers most commonly use cookies for legitimate technical purposes, cases of abuse occur. In 2009, two researchers noted that social networking profiles could be connected to cookies, allowing the social networking profile to be connected to browsing habits.[15] Systems do not generally make the user explicitly aware of the storing of a cookie. (Although some users object to that, it does not properly relate to Internet privacy. It does however have implications for computer privacy, and specifically for computer forensics. In past years, most computer users were not completely aware of cookies, but recently, users have become conscious of the detrimental effects of Internet cookies: a recent study done has shown that 58% of users have at least once, deleted cookies from their computer and that 39% of users delete cookies from their computer every month. Since cookies are advertisers main way of targeting potential customers and these customers are deleting cookies, United Virtualities has built a substitute: PIE (persistent identification element). PIEs unlike cookies, cannot be easily deleted or detected and can reinstate any deleted cookie. PIEs also hold a sufficient amount more data than a cookie can. If a website is connected to a PIE, then your browser will be marked with a Flash object. This is very alike to the process of a cookie.[citation needed]

The original developers of cookies intended that only the website that originally distributed cookies to users so they could retrieve them, therefore returning only data already possessed by the website. However, in practice programmers can circumvent this restriction. Possible consequences include:

the placing of a personally-identifiable tag in a browser to facilitate web profiling (see below), or, use of cross-site scripting or other techniques to steal information from a user's cookies.

Cookies do have benefits that many people may not know. One benefit is that for websites that you frequently visit that requires a password, cookies make it so you do not have to sign in every time. A cookie can also track your preferences to show you websites that might interest you. Cookies make more websites free to use without any type of payment. Some of these benefits are also seen as negative. For example, one of the most common ways of theft is hackers taking your user name and password that a cookie saves. While a lot of sites are free, they have to make a profit some how so they sell their space to advertisers. These ads, which are personalized to your likes, can often freeze your computer or cause annoyance. Cookies are mostly harmless except for third-party cookies.[16] These cookies are not made by the website itself, but by web banner advertising companies. These third-party cookies are so dangerous because they take the same information that regular cookies do, such as browsing habits and frequently visited websites, but then they give out this information to other companies. Cookies are often associated with pop-up windows because these windows are often, but not always, tailored to a persons preferences. These windows are an irritation because they are often hard to close out of because the close button is strategically hidden in an unlikely part of the screen. In the worst cases, these pop-up ads can take over the screen and while trying to exit out of it, can take you to another unwanted website. Cookies are seen so negatively because they are not understood and go unnoticed while someone is simply surfing the Internet. The idea that every move you make while on the Internet is being watched, would frighten most users.[17] Some users choose to disable cookies in their web browsers.[18] Such an action eliminates the potential privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) offer the option to clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general, but preventing their abuse. There are also a host of wrapper applications that will redirect cookies and cache data to some other location. The process of profiling (also known as "tracking") assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. Some organizations engage in the profiling of people's web browsing, collecting the URLs of sites

visited. The resulting profiles can potentially link with information that personally identifies the individual who did the browsing. Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of 'typical Internet users'. Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does. Profiling becomes a more contentious privacy issue when data-matching associates the profile of an individual with personally-identifiable information of the individual. Governments and organizations may set up honeypot websites featuring controversial topics with the purpose of attracting and tracking unwary people. This constitutes a potential danger for individuals.

[edit]Flash

cookies

Flash cookies, also known as Local Shared Objects, work the same ways as normal cookies and are used by the Adobe Flash Player to store information at the user's computer. They exhibit a similar privacy risk as normal cookies, but are not as easily blocked, meaning that the option in most browsers to not accept cookies does not affect flash cookies. One way to view and control them is with browser extensions or add-ons. Although browsers such as Internet Explorer 8 and Firefox 3 and added a Privacy Browsing setting, they s till allow Flash cookies to track the user and operate fully. User privacy controls have a hard time blocking flash cookies because they are so flexible. In a recent study, flash cookies are found to be a popular mechanism for storing data on the top 100 most visited sites. [19] Flash cookies are unlike HTTP cookies in a sense that they are not transferred from the client back to the server. Web browsers read and write these cookies and can track any data by web usage. [20] While some users choose to disable http cookies to reduce privacy risks as noted, new cookies had been created. Firms such as United Virtualities implemented Zombie cookies after they learned that 30 % of internet users were deleting http cookies. The zombie cookie, also known as a Persistent Identification Element (PIE) is tagged to the users browser, providing each with a unique ID, similar to traditional cookie coding. [21] The PIE is made up of two cookies. Essentially, the first is an http cookie and the second is the flash cookie. [22]This suggests that the zombie cookie or PIE cannot be easily deleted, since users typically remove html cookies. A study found, Of the top 100 web sites, 31 had at least one overlap between a HTTP and Flash cookie. [23] This study shows how the two different types of cookies commonly exist in popular visited websites. For the users who choose to disable http cookies, flash cookies could very well still exist if the two cookies overlap for a specific visited website.

[edit]Evercookies

Evercookies, created by Samy Kamkar [24], are JavaScript-based applications which produce cookies in a web browser that actively "resist" deletion by redundantly copying themselves in different forms on the user's machine (e.g.: Flash Local Shared Objects, various HTML5 storage mechanisms, window.name caching, etc.), and resurrecting copies that are missing or expired. Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. It has the ability to store cookies in over ten types of storage mechanisms so that once they are on your computer they will never be gone. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.[25]

[edit]Uses
Anti-fraud Some anti-fraud companies have realized the potential of evercookies to protect against and catch cyber criminals. These companies already hide small files in several places on the perpetrators computer but hackers can usually easily get rid of these. The advantage to evercookies is clear; not only do they resist deletion completely they can also rebuild themselves. One such company is Iovation Inc. Iovation Inc. testing this technology as a way to help e-commerce companies detect which customers are good and which are potential fraudsters. [26] Advertising There is major controversy over where the line should be drawn on the use of this technology. Cookies store unique identifiers on a persons computer that are used to predict what you want. Many advertisement companies want to use this technology to track what their customers are looking at online. Evercookies enable advertisers to continue to track a customer regardless of if you delete your cookies or not. Some companies are already using this technology but the ethics are still being widely debated.

[edit]Defense Against Evercookies

Nevercookies Anonymizer nevercookies are part of a free Firefox plugin that protects against evercookies. This plugin extends Firefox's private browsing mode so that users will be completely protected from evercookies. [27] Nevercookies eliminate the entire manual deletion process while keeping the cookies users want like browsing history and saved account information.

[edit]Device

Fingerprinting

Device fingerprinting is a fairly new technology that is useful in fraud prevention and safeguarding any information from your computer. Device fingerprinting uses data from the

device and browser sessions to determine the risk of conducting business with the person using the device.[28] This technology allows companies to better assess the risks when business is conducted through sites that include, e-commerce sites, social networking and online dating sites and banks and other financial institutions. ThreatMetrix is one of the lending vendors of device fingerprinting. This company employs a number of techniques to prevent fraud. For example, ThreatMetrix will pierce the proxy to determine the true location of a device. [29] Due to the growing number of hackers and fraudsters using 'botnets' of millions of computers that are being unknowingly controlled
[30]

, this technology will help not

only the companies at risk but the people who are unaware their computers are being used. It is difficult to surf the web without being tracked by device fingerprinting today. However, for people who do not want device fingerprinting, there are ways to attempt to black fingerprinting. The only ways to stop device fingerprinting cause web browsing be to very slow and websites to display information incorrectly. There are not convenient options for privacy when it comes to device fingerprinting said Peter Eckersely a staff scientist at the Electronic Frontier Foundation and privacy-advocacy group. Trying to avoid device fingerprinting is mostly just impractical and inconvenient. Fingerprints are tough to avoid because they are taken from data that are routinely passed from computers to websites automatically. Even if someone changes something slightly, the fingerprinters can still recognize the machine. There is one way to figure out that a device is being fingerprinted. The software JavaScript can be used to collect fingerprinting data. If it asks a browser for specific information, that could be a clue that a fingerprinter is working. Companies that are most known for conducting fingerprinting are advertisers.
[31]

[edit]Photographs

on the internet

'No photos' tag at Wikimania

Today many people have digital cameras and post their photos online. The people depicted in these photos might not want to have them appear on the Internet.

Some organizations attempt to respond to this privacy-related concern. For example, the 2005Wikimania conference required that photographers have the prior permission of the people in their pictures. Some people wore a 'no photos' tag to indicate they would prefer not to have their photo taken.[citation needed] The Harvard Law Review published a short piece called "In The Face of Danger: Facial Recognition and Privacy Law," much of it explaining how "privacy law, in its current form, is of no help to those unwillingly tagged."[32] Any individual can be unwillingly tagged in a photo and displayed in a manner that might violate them personally in some way, and by the time Facebook gets to taking down the photo, many people will have already had the chance to view, share, or distribute it. Furthermore, traditional tort law does not protect people who are captured by a photograph in public because this is not counted as an invasion of privacy. The extensive Facebook privacy policy covers these concerns and much more. For example, the policy states that they reserve the right to disclose member information or share photos with companies, lawyers, courts, government entities, etc. if they feel it absolutely necessary. The policy also informs users that profile pictures are mainly to help friends connect to each other.[33] However, these, as well as other pictures, can allow other people to invade a persons privacy by finding out information that can be used to track and locate a certain individual. In an article featured in ABC news, it was stated that two teams of scientists found out that Hollywood stars could be giving up information about their private whereabouts very easily through pictures uploaded to the Internet. Moreover, it was found that pictures taken by some phones and tablets including iPhones automatically attach the latitude and longitude of the picture taken through metadata unless this function is manually disabled.[34] Face recognition technology can be used to gain access to a person's private data, according to a new study. Researchers at Carnegie Mellon University combined image scanning, cloud computing and public profiles from social network sites to identify individuals in the offline world. Data captured even included a user's social security number.[35] Experts have warned of the privacy risks faced by the increased merging of our online and offline identities. The researchers have also developed an 'augmented reality' mobile app that can display personal data over a person's image captured on a smartphone screen. [36] Since these technologies are widely available, our future identities may become exposed to anyone with a smartphone and an Internet connection. Researchers believe this could force us to reconsider our future attitudes to privacy. Google Street View, released in the U.S. in 2007, is currently entrenched in an ongoing debate about its possible infringement on individual privacy.[37][38] In an article entitled

Privacy, Reconsidered: New Representations, Data Practices, and the Geoweb, Sarah Elwood and Agnieszka Leszczynski (2011) argue that Google Street View facilitate[s] identification and disclosure with more immediacy and less abstraction. [39] The medium through which Street View disseminates information, the photograph, is very immediate in the sense that it can potentially provide direct information and evidence about a persons whereabouts, activities, and private property. Moreover, the technologys disclosure of information about a person is less abstract in the sense that, if photographed, a person is represented on Street View in a virtual replication of his or her own real-life appearance. In other words, the technology removes abstractions of a persons appearance or that of his or her personal belongings there is an immediate disclosure of the person and object, as they visually exist in real life. Although Street View began to blur license plates and peoples faces in 2008,[37] the technology is faulty and does not entirely insure against accidental disclosure of identity and private property.[38] Elwood and Leszczynski note that many of the concerns leveled at Street View stem from situations where its photograph-like images were treated as definitive evidence of an individuals involvement in particular activities.[39] In one instance, Ruedi Noser, a Swiss politician, barely avoided public scandal when he was photographed in 2009 on Google Street View walking with a woman who was not his wife the woman was actually his secretary.[37] Similar situations necessarily arise from the fact that Street View provides high-resolution photographs and photographs hypothetically offer compelling objective evidence.[39] But as the case of the Swiss politician illustrates, even supposedly compelling photographic evidence is sometimes subject to gross misinterpretation. This example further suggests that Google Street View may provide opportunities for privacy infringement and harassment through public dissemination of the photographs. Google Street View does, however, blur or remove photographs of individuals and private property from image frames if the individuals request further blurring and/or removal of the images. This request can be submitted for review through the report a problem button that is located on the bottom left hand side of every image window on Google Street View.

[edit]Search

engines

Search engines have the ability to track a users searches. Personal information can be revealed through searches including search items used, the time of the search, and more. Search engines have claimed a necessity to retain such information in order to provide better services, protect against security pressure, and protect against fraud.[40] A search engine takes all of its users and assigns each one a specific ID number. Those in control of the database often keep records of where on the Internet each member has traveled to. AOLs

system is one example. AOL has a database 21 million members deep, each with their own specific ID number. The way that AOLSearch is set up, however, allows for AOL to keep records of all the websites visited by any given member. Even though the true identity of the user isnt known, a full profile of a member can be made just by using the information stored by AOLSearch. By keeping record of what people queried through AOLSearch, we can find out so much about someone without even knowing his or her name.[41] Search engines also are able to retain user information such as location and the time spent using the search engine for up to ninety days. Most of the data retained by operators of the search engines use the data to get a sense of where needs must be met in certain areas of their field. People working in the legal field are also allowed to use information collected from these search engine websites. The Google search engine is given as an example to a search engine that retains the information entered for a period of three fourths of year before it becomes obsolete for public usage. Yahoo! follows in the footsteps of Google in the sense that it also deletes user information after a period of ninety days. Other search engines such as Ask! search engine has promoted a tool of "AskEraser" which essentially takes away personal information when requested.[42] Some changes made to internet search engines included that of Google's search engine. Beginning in 2009, Google began to run a new system where the Google search became personalized. The item that is searched and the results that are shown remembers previous information that pertains to the individual. Google search engine not only seeks what is searched, but also strives to allow the user to feel like the search engine recognizes their interests. This is achieved by using online advertising.[43] A system that Google uses to filter advertisements and search results that might interest the user is by having a ranking system that tests relevancy that include observation of the behavior users exude while searching on Google. Another function of search engines is the predictability of location. Search engines are able to predict where your location is currently by locating IP Addresses and geographical locations.[44] Google had publicly stated on January 24, 2012, that its privacy policy will once again be altered. This new policy will change the following for its users: (1) the privacy policy will become shorter and easier to comprehend and (2) the information that users provide will be used in more ways than it is presently being used. The goal of Google is to make users experiences better than they currently are.[45] This new privacy policy is planned to come into effect on March 1, 2012. Peter Fleischer, the Global Privacy Counselor for Google, has explained that if a person is logged into his/her Google account, and only if he/she is logged in, information will be gathered from multiple Google services in which he/she has used in order to be more accommodating. Googles

new privacy policy will combine all data used on Googles search engines (i.e., Youtube and Gmail) in order to work along the lines of a persons interests. A person, in effect, will be able to find what he/she wants at a more efficient rate because all searched information during times of login will help to narrow down new search results.[46] Googles privacy policy explains information they collect and why they collect it, how they use the information, and how to access and update information. Google will collect information to better service its users such as their language, which ads they find useful or people that are important to them online. Google announces they will use this information to provide, maintain, protect Google and its users. The information Google uses will give users more relevant search results and advertisements. The new privacy policy explains that Google can use shared information on one service in other Google services from people who have an a Google account and are logged in. Google will treat a user as a single user across all of their products. Google claims the new privacy policy will benefit its users by being simpler. Google will for example be able to correct the spelling of a users friends name in a Google search or notify a user they are late based on their calendar and current location. Even though Google is updating their privacy policy, its core privacy guidelines will not change. For example, Google does not sell personal information or share it externally.
[47]

Googles new privacy policy raises many concerns and issues for users and public officials. The main concern/issue involves the sharing of data from multiple sources. Because this policy gathers all information and data searched from multiple engines when logged in to Google, and uses it to help assist users, privacy becomes an important element. Public officials and Google account users are worried about online safety because of all this information being gathered from multiple sources.[48] Some users do not like the overlapping privacy policy, wishing to keep the service of Google separate. The update to Googles privacy policy has alarmed both public and private sectors. The European Union has asked Google to delay the onset of the new privacy policy in order to ensure that it does not violate E.U. law. This move is in accordance with other foreign nations, where surveillance is scrutinized more heavily, objections to decreasing online privacy. [49] Canada and Germany have both held investigations into the legality of both Facebook, against respective privacy acts, in 2010. The new privacy policy only heightens unresolved concerns regarding user privacy. [50] [51] An additional feature of concern to the new Google privacy policy is the nature of the policy. One must accept all features or delete existing Google accounts.[52] The update will affect the Google+ social network, therefore making Google+s settings uncustomizable, unlike other

customizable social networking sites. Customizing the privacy settings of a social network is a key tactic that many feel is necessary for social networking sites. This update in the system has some Google+ users wary of continuing service.[53] Additionally, some fear the sharing of data amongst Google services could lead to revelations of identities. Many using pseudonyms are concerned about this possibility, and defend the role of pseudonyms in literature and history. [54]

Consumer Privacy Advocates Seek Search Engine Solution The Troubling Future of Internet Search What Search Engines Know About You Some solutions to being able to protect user privacy on the Internet can include programs such as "Rapleaf" which is a website that has a search engine that allows users to make all your search information and personal information private. Other websites that also give this option to their users are Facebook and Amazon.[55] Other search engines such as DuckDuckGo don't store personal information. Scroogleanonymized Google searches from 2002-2012.

[edit]Data

logging

Many programs and operating systems are set up to perform data logging of usage. This may include recording times when the computer is in use, or which web sites are visited. If a third party has sufficient access to the computer, legitimately or not, the user's privacy may be compromised. This could be avoided by disabling logging, or by clearing logs regularly. (How? Links?) Data logging is commonly used in scientific experiments and in monitoring systems where there is the need to collect information faster than a human can possibly collect the information and in cases where accuracy is essential. Examples of the types of information a data logging system can collect include temperatures, sound frequencies, vibrations, times, light intensities, electrical currents, pressure and changes in states of matter. (ref/Webopedia)

[edit]Privacy

within social networking sites

Prior to the social networking site explosion over the past decade, there were early forms of social network technologies that included online multiplayer games, blog sites, news groups, mailings lists and dating services. These all created a backbone for the new modern sites, and even from the start of these older versions privacy was an issue. In 1996, a young woman in New York City was on a first date with an online acquaintance and later sued for sexual harassment as they went back to her apartment after when everything became too real. This is just an early example of many more issues to come regarding internet privacy. [56]

As technology continues to blossom in our current society, the critical issue of internet users privacy and private-information sharing behavior has been thoroughly researched. The global threat of internet privacy violations should expedite the spreading of awareness and regulations of online privacy, especially on social networking sites. Currently, studies have shown that peoples right to the belief in privacy is the most pivotal predicator in their attitudes concerning online privacy. [57]The most vulnerable victims of private-informationsharing behavior are preteens and early teenagers. There have been age restrictions put on numerous websites but how effective they are is debatable. Findings have discovered that informative opportunities regarding internet privacy as well as concerns from parents, teachers, and peers, play a significant role on impacting the i nternet users behavior towards online privacy. [58]. Additionally, other studies have also found that the heightening of adolescents concern for towards their privacy will also lead to a greater probability that they will utilize privacy-protecting behaviors. [59]. In the technological culture that society is developing into, not only adolescents and parents awareness should be risen, but society as a whole should acknowledge the importance of online privacy. Social networking sites have become very popular within the last five years. With the creation of Facebook and the continued popularity ofMySpace many people are giving their personal information out on the internet. These social networks keep track of all interactions used on their sites and save them for later use.[60] Most users are not aware that they can modify the privacy settings and unless they modify them, their information is open to the public. On Facebook privacy settings can be accessed via the drop down menu under account in the top right corner. There users can change who can view their profile and what information can be displayed on their profile.[61] In most cases profiles are open to either "all my network and friends" or "all of my friends." Also, information that shows on a user's profile such as birthday, religious views, and relationship status can be removed via the privacy settings.[62] If a user is under 13 years old they are not able to make a Facebook or a MySpace account, however, this is not regulated.[61] Another privacy issue with social networks is the privacy agreement. The privacy agreement states that the social network owns all of the content that users upload. This includes pictures, videos, and messages are all stored in the social networks database even if the user decides to terminate his or her account.[61] Additionally, the advent of the Web 2.0, which is the system that facilitates participatory information sharing and collaboration on the World Wide Web, allows for Facebook and other social networking media websites filter through the advertisements, assigning specific ones to specific age groups, gender groups,

and even ethnicities. Web 2.0 has caused social profiling and is a growing concern for Internet privacy.[63] Social networking has redefined the role of Internet privacy. Since users are willingly disclosing personal information online, the role of privacy and security is somewhat blurry. Sites such as Facebook, Myspace, and Twitter have grown popular by broadcasting status updates featuring personal information such as location. Facebook Places, in particular, is a Facebook service, which publicizes user location information to the networking community. Users are allowed to check-in at various locations including retail stores, convenience stores, and restaurants. Also, users are able to create their own place, disclosing personal information onto the Internet. This form of location tracking is automated and must be turned off manually. Various settings must be turned off and manipulated in order for the user to ensure privacy. According to epic.org, Facebook users are recommended to: (1) disable "Friends can check me in to Places," (2) customize "Places I Check In," (3) disable "People Here Now," and (4) uncheck "Places I've Visited.".[53] Moreover, the Federal Trade Commission has received two complaints in regards to Facebooks unfair and deceptive trade practices, which are used to target advertising sectors of the online community. Places tracks user location information and is used primarily for advertising purposes. Each location tracked allows third party advertisers to customize advertisements that suit ones interests. Currently, the Federal Trade Commissioner along with the Electronic Privacy Information Center are shedding light on the issues of location data tracking on social networking sites.[53] Recently, Facebook has been scrutinized for having a variety of applications that are considered to be invasive to user privacy. The Breakup Notifier is an example of a Facebook cyberstalking app that has recently been taken down. Essentially, the application notifies users when a person breaks up with their partner through Facebook, allowing users to instantly become aware of their friend's romantic activities. The concept became very popular, with the site attracting 700,000 visits in the first 36 hours; people downloaded the app 40,000 times. Just days later, the app had more than 3.6 million downloads and 9,000 Facebook likes.[64] There are other applications that border on cyberstalking. An application named "Creepy" can track a person's location on a map using photos uploaded to Twitter or Flickr. When a person uploads photos to a social networking site, others are able to track their most recent location. Some smart phones are able to embed the longitude and latitude coordinates into the photo and automatically send this information to the application. Anybody using the application can search for a specific person and then find their immediate location. This

poses many potential threats to users who share their information with a large group of followers.[65] Facebook recently updated its profile format allowing for people who are not friends of others to view personal information about other users, even when the profile is set to private. However, As of January 18, 2011 Facebook changed its decision to make home addresses and telephone numbers accessible to third party members, but it is still possible for third party members to have access to less exact personal information, like one s hometown and employment, if the user has entered the information into Facebook . EPIC Executive Director Marc Rotenberg said "Facebook is trying to blur the line between public and private information. And the request for permission does not make clear to the user why the information is needed or how it will be used."[66] Similar to Rotenbergs claim that Facebook users are unclear of how or why their information has gone public, recently the Federal Trade Commission and Commerce Department have become involved. The Federal Trade Commission has recently released a report claiming that Internet companies and other industries will soon need to increase their protection for online users. Because online users often unknowingly opt in on making their information public, the FTC is urging Internet companies to make privacy notes simpler and easier for the public to understand, therefore increasing their option to opt out. Perhaps this new policy should also be implemented in the Facebook world. The Commerce Department claims that Americans, have been ill -served by a patchwork of privacy laws that contain broad gaps,.[67] Because of these broad gaps, Americans are more susceptible to identity theft and having their online activity tracked by others. Spokeo - Spokeo is a people-related search engine with results compiled through data aggregation. The site contains information such as age, relationship status, estimated personal wealth, immediate family members and home address of individual people. This information is compiled through what is already on the internet or in other public records, but the website does not guarantee accuracy.[68] Spokeo has been faced with potential class action law suits from people who claim that the organization breaches the Fair Credit Reporting Act. In September, 2010, Jennifer Purcell claimed that the FCRA was violated by Spokeo marketing her personal information. Her case is pending in court. Also in 2010, Thomas Robins claimed that his personal information on the website was inaccurate and he was unable to edit it for accuracy. The case was dismissed because Robins did not claim that the site directly caused him actual harm.[69] On February 15, 2011, Robins filed another suit, this time stating Spokeo has caused him imminent and ongoing harm.[70]

Twitter Case - In January 2011, the government recently obtained a court order to force the social networking site, Twitter, to reveal information applicable surrounding certain subscribers involved in the WikiLeaks cases. This outcome of this case is questionable because it deals with the users First Amendment rights. Twitter moved to reverse the court order, and supported the idea that internet users should be notified and given an opportunity to defend their constitutional rights in court before their rights are compromised. [71] Twitter and Internet Privacy Twitters privacy policy states that information is collected through their different web sites, application, SMS, services, APIs, and other third parties. When the user uses Twitters service they consent to the collection, transfer, storage, manipulation, disclosure, and other uses of this information. In order to create a Twitter account, one must give a name, username, password, and email address. Any other information added to ones profile is completely voluntary.
[72]

Twitters servers automatically

record data such as your IP address, browser type, the referring domain, pages visited, your mobile carrier, device and application IDS, and search terms. Any common account identifiers such as full IP address or username will be removed or deleted after 18 months. [73] Twitter allows people to share information with their followers. Any messages that are not switched from the default privacy setting are public, and thus can be viewed by anyone with a Twitter account. The most recent 20 tweets are posted on a public timeline. [74] Despite Twitters best efforts to protect their users privacy, personal information can still be dangerous to share. There have been incidents of people tweeting about going on vacation and giving the times and places of where they are going and how long they will be gone for. This has led to numerous break ins and robberies. [75]Another issue involving privacy on Twitter deals with leaked tweets. Leaked tweets are tweets that have been published from a private account but have been made public. This occurs when friends of someone with a private account retweet, or copy and paste, that persons tweet and so on and so forth until the tweet is made public. This can make private information public, and could possibly be dangerous. [76] Facebook Friends Study - A study was conducted at Northeastern University by Alan Mislove and his colleagues at the Max Planck Institute for Software Systems, where an algorithm was created to try and discover personal attributes of a Facebook user by looking at their friends list. They looked for information such as high school and college attended, major, hometown, graduation year and even what dorm a student may have lived in. The study revealed that only 5% of people thought to change their friends list to private. For other users, 58% displayed university attended, 42% revealed employers, 35% revealed interests and 19% gave viewers public access to where they were located. Due to the

correlation of Facebook friends and universities they attend, it was easy to discover where a Facebook user was based on their list of friends. This fact is one that has become very useful to advertisers targeting their audiences but is also a big risk for the privacy of all those with Facebook accounts.[77] Several issues pertaining to Facebook are due to privacy concerns. An article titled, Facebook and Online Privacy: Attitudes, Behaviors, and Unintended Consequences, examines the awareness that Facebook users have on privacy issues. This study shows that the gratifications of using Facebook tend to outweigh the perceived threats to privacy. The most common strategy for privacy protection decreasing profile visibility through restricting access to friends is also a very weak mechanism; a quick fix rather than a systematic approach to protecting privacy. [78] This study suggests that more education about privacy on Facebook would be beneficial to the majority of the Facebook user population. The study also offers the perspective that most users do not realize that restricting access to their data does not sufficiently address the risks resulting from the amount, quality and persistence of data they provide. Facebook users in our study report familiarity and use of privacy settings, they are still accepting people as friends that they have only heard of through other or do not know at all and, therefore, most have very large groups of friends that have access to widely uploaded information such as full names, birthdates, hometowns, and many pictures.[79] This study suggests that social network privacy does not merely exist within the realm of privacy settings, but privacy control is much within the hands of the user. Commentators have noted that online social networking poses a fundamental challenge to the theory of privacy as control. The stakes have been raised because digital technologies lack the relative transience of human memory, and can be tolled or data mined for information. [80] For users who are unaware of all privacy concerns and issues, further education on the safety of disclosing certain types of information on Facebook is highly recommended.

Law enforcement prowling the networks - The FBI has dedicated undercover agents on Facebook, Twitter, MySpace, LinkedIn. The rules and guidelines to the privacy issue is internal to the Justice Department and details aren't released to the public. Agents can impersonate a friend, a long lost relative, even a spouse and child. This raises real issues regarding privacy. Although people who use Facebook, Twitter, and other social networking sites are aware of some level of privacy will always be compromised, but, no one would ever suspect that the friend invitation might be from a federal agent whose sole purpose of the friend request was to snoop around. Furthermore, Facebook, Twitter, and MySpace have

personal information and past posts logged for up to one year; even deleted profiles, and with a warrant, can hand over very personal information. One example of investigators using Facebook to nab a criminal is the case of Maxi Sopo. Charged with bank fraud, and having escaped to Mexico, he was nowhere to be found until he started posting on Facebook. Although his profile was private, his list of friends was not, and through this vector, they eventually caught him.[81] In recent years, some state and local law enforcement agencies have also begun to rely on social media websites as resources. Although obtaining records of information not shared publicly by or about site users often requires a subpoena, public pages on sites such asFacebook and MySpace offer access to personal information that can be valuable to law enforcement.[82] Police departments have reported using social media websites to assist in investigations, locate and track suspects, and monitor gang activity.[83][84] Teachers and MySpace - Teachers privacy on MySpace has created controversy across the world. They are forewarned by The Ohio News Association[85] that if they have a MySpace account, it should be deleted. Eschool News warns, Teachers, watch what you post online.[86]The ONA also posted a memo advising teachers not to join these sites. Teachers can face consequences of license revocations, suspensions, and written reprimands. The Chronicle of Higher Education wrote an article on April 27, 2007, entitled "A MySpace Photo Costs a Student a Teaching Certificate" about Stacy Snyder.[87] She was a student of Millersville University of Pennsylvania who was denied her teaching degree because of an allegedly unprofessional photo posted on MySpace, which involved her drinking with a pirate's hat on and a caption of Drunken Pirate". As a substitute, she was given an English degree. Internet privacy and Blizzard Entertainment - On July 6, 2010, Blizzard Entertainment announced that it would display the real names tied to user accounts in its game forums. On July 9, 2010, CEO and cofounder of Blizzard Mike Morhaime announced a reversal of the decision to force posters' real names to appear on Blizzard's forums. The reversal was made in response to subscriber feedback.[88] Internet privacy and Google Maps - In Spring 2007, Google improved their Google Maps to include what is known as "Street View". This feature gives the user a 3-D, street level view with real photos of streets, buildings, and landmarks. In order to offer such a service, Google had to send trucks with cameras mounted on them and drive through every single street snapping photos. These photos were eventually stitched together to achieve a near

seamless photorealistic map. However, the photos that were snapped included people caught in various acts, some of which includes a man urinating on the street, nude people seen through their windows, and apparently, a man trying to break into someone's apartment, etc.; although some images are up to interpretation. This prompted a public outburst and sometime after, Google offered a "report inappropriate image" feature to their website.[89] Internet privacy and Facebook advertisements - The illegal activities on Facebook are very wild, especially phishing attack which is the most popular way of stealing other peoples passwords. The Facebook users are led to land on a page where they are asked for their login information, and their personal information is stolen in that way. According to the news from PC World Business Center which was published on April 22, 2010, we can know that a hacker named Kirllos illegally stole and sold 1.5 million Facebook IDs to some business companies who want to attract potential customers by using advertisements on Facebook. Their illegal approach is that they used accounts which were bought from hackers to send advertisements to friends of users. When friends see the advertisements, they will have opinion about them, because People will follow it because they believe it was a friend that told them to go to this link," said Randy Abrams, director of technical education with security vendor Eset.[90] There were 2.2232% of the population on Facebook that believed or followed the advertisements of their friends.[91] Even though the percentage is small, the amount of overall users on Facebook is more than 400 million worldwide. The influence of advertisements on Facebook is so huge and obvious. According to the blog of Alan who just posted advertisements on the Facebook, he earned $300 over the 4 days. That means he can earn $3 for every $1 put into it.[92] The huge profit attracts hackers to steal users login information on Facebook, and business people who want to buy accounts from hackers send advertisements to users friends on Facebook.

[edit]Internet

service providers

Internet users obtain Internet access through an Internet service provider (ISP). All data transmitted to and from users must pass through the ISP. Thus, an ISP has the potential to observe users' activities on the Internet. However, ISPs are usually prevented from participating in such activities due to legal, ethical, business, or technical reasons. Despite these legal and ethical restrictions, some ISPs, such as British Telecom (BT), are planning to use deep packet inspectiontechnology provided by companies such as Phorm in order to examine the contents of the pages that people visit. By doing so, they can build up a

profile of a person's web surfing habits,[citation needed] which can then be sold on to advertisers in order to provide targeted advertising. BT's attempt at doing this will be marketed under the name 'Webwise'.[citation needed] Normally ISPs do collect at least some information about the consumers using their services. From a privacy standpoint, ISPs would ideally collect only as much information as they require in order to provide Internet connectivity (IP address, billing information if applicable, etc.). Which information an ISP collects, what it does with that information, and whether it informs its consumers, pose significant privacy issues. Beyond the usage of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. In the US and other countries, such a request does not necessarily require a warrant. An ISP cannot know the contents of properly-encrypted data passing between its consumers and the Internet. For encrypting web traffic,https has become the most popular and bestsupported standard. Even if users encrypt the data, the ISP still knows the IP addresses of the sender and of the recipient. (However, see the IP addresses section for workarounds.) An Anonymizer such as I2P The Anonymous Network or Tor can be used for accessing web services without them knowing your IP address and without your ISP knowing what the services are that you access. While signing up for internet services, each computer contains a unique IP, Internet Protocol address. This particular address will not give away private or personal information, however, a weak link could potentially reveal information from your ISP.[93] General concerns regarding Internet user privacy have become enough of a concern for a UN agency to issue a report on the dangers of identity fraud.[94] In 2007, the Council of Europe held its first annual Data Protection Day on January 28, which has since evolved into the annual Data Privacy Day.[95] T-Mobile USA doesn't store any information on web browsing. Verizon Wireless keeps what websites a subscriber visits for up to a year.Virgin Mobile keeps text messages for three months. Verizon keeps text messages for three to five days. None of the other carriers keep texts of messages at all, but they keep a record of who texted who for over a year. AT&T keeps for five to seven years a record of who text messages who and the date and time, but not the content of the messages. Virgin Mobile keeps that data for two to three months.[96]

[edit]Legal

threats

Use by government agencies of an array of technologies designed to track and gather Internet users' information are the topic of much debate between privacy advocates, civil libertarians and those who believe such measures are necessary for law enforcement to keep pace with rapidly changing communications technology. Specific examples

Following a decision by the European Unions council of ministers in Brussels, in January, 2009, the UK's Home Office adopted a plan to allow police to access the contents of individuals' computers without a warrant. The process, called "remote searching", allows one party, at a remote location, to examine another's hard drive and Internet traffic, including email, browsing history and websites visited. Police across the EU are now permitted to request that the British police conduct a remote search on their behalf. The search can be granted, and the material gleaned turned over and used as evidence, on the basis of a senior officer believing it necessary to prevent a serious crime. Opposition MPs and civil libertarians are concerned about this move toward widening surveillance and its possible impact on personal privacy. Says Shami Chakrabarti, director of the human rights group Liberty, The public will want this to be controlled by new legislation and judicial authorisation. Without those safeguards its a devastating blow to any notion of personal privacy.[97]

The FBI's Magic Lantern software program was the topic of much debate when it was publicized in November, 2001. Magic Lantern is aTrojan Horse program that logs users' keystrokes, rendering encryption useless.[98]

[edit]Laws

for Internet Privacy Protection

The concept of online privacy is very broad and tends to cover other aspects of telecommunications and technology. The privacy concerns relate to both the misuse of certain information or the disclosure of this to others. Over the last thirty years, consumer privacy is a public issue that has received substantial attention. These rights protect individuals against the obligations by government. The growth of the Internet in general has produced new concerns about protecting the rights of consumers online. The Privacy Act prohibits the disclosure of personal information, no matter how this information is gathered. The consumers control and knowledge applied to on the internet come under two categories- purchasing and surfing. The legal protection law for individual privacy in the

United States has been passed fairly recently, and limits the protection of data. Data collection methods have raised concerns about consumer privacy. The FTC, in their efforts to ensure success, has developed principles that would protect consumers and the information they choose to display. USA Patriot Act The purpose of this act, enacted on October 26, 2001 by former President Bush, was to enhance law enforcement investigatory tools, investigate online activity, as well as to discourage terrorist acts both within the United States and around the world. This act reduced restrictions for law enforcement to search various methods and tools of communication such as telephone, e-mail, personal records including medical and financial, as well as reducing restrictions with obtaining of foreign intelligence.[99] Many of these expanded powers and lowered standards are not limited to terrorist investigations. [100] The USA Patriot Act, professionally known as the Uniting and Strengthening America by Providing Appropriate Tools Require to Intercept and Obstruct Terrorism Act was put in to effect in reaction to the 9/11 Terrorist attacks. President Bush wanted to prevent terrorism in the United States and he believed that by keeping an eye on communication around the country, terrorism could be diminished. Although many people supported this law because of the September 11 attacks and the desire to keep America safe, many believe that this act interferes with civil liberties. The USA Patriot Act has been described as unjustified infringement of privacy, association, and due process rights. After the act passed, federal law enforcement now has access to additional wiretapping and surveillance. [101] Electronic Communications Privacy Act (ECPA) The Electronic Communications Privacy Act, enacted in 1986, is known as a victory for privacy. This act lays the boundaries for law enforcement having access to person electronic communication and stored electronic records. This includes email, pictures, date books, etc. With the enormous growth in the use of computers, many people store numerous items on servers that can ultimately be visible to many people. The ECPA protects this information from being accessed by law enforcement. There are five parts to the Act. Part I discusses the origin of the ECPA, Part II the law enforcement and the access provisions made involving electronic communication. Part II explains why this Act is needed due to the increase of personal internet use by individuals. Part IV observes the business records cases and pinpoints three principles. Lastly, Part V discusses ECPAs reliance on the business records cases and the points against Part IV of the act.[102]

This act makes it unlawful under certain conditions for an individual to reveal the information of electronic communication and contains a few exceptions. One clause allows the ISP to view private e-mail if the sender is suspected of attempting to damage the internet system or attempting to harm another user. Another clause allows the ISP to reveal information from a message if the sender or recipient allows to its disclosure. Finally, information containing personal information may also be revealed for a court order or law enforcements subpoena.[40] Employees and Employers Internet Regulations When considering the rights between employees and employers regarding internet privacy and protection at a company, different states have their own laws. Connecticut and Delaware both have laws that state an employer must create a written notice or electronic message that provides understanding that they will regulate the internet traffic.[103] By doing so, this relates to the employees that the employer will be searching and monitoring emails and internet usage. Delaware charges $100 for a violation where Connecticut charges $500 for the first violation and then $1000 for the second.[103] When looking at public employees and employers, California and Colorado created laws that would also create legal ways in which employers controlled internet usage.[103] The law stated that a public company or agency must create a prior message to the employees stating that accounts will be monitored. Without these laws, employers could access information through employees accounts and use them illegally.[104] In most cases, the employer is allowed to see whatever he or she pleases because of these laws stated both publicly and privately.[105] Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act (GLB) was signed into law by U.S. President Bill Clinton and repealed part of the Glass-Stegall Act of 1933. The purpose of the legislation was to allow institutions to participate more broadly across investment banking, insurance, and commercial banking. The GLB also includes several provisions that aim to protect consumer data privacy. The Safeguards Rule, which implements the security requirements of the GLB Act, requires financial institutions to have reasonable policies and procedures to ensure the security and confidentiality of customer information.[106] The Childrens Online Privacy Protection Act The Childrens Online Privacy Protection Act prohibits website operators from knowingly collecting personally identifiable information from children under 13 years old without parental consent. It requires site operators to collect only personal information that is reasonably necessary for an online activity. This law was put into action as an act in 1998

and took effect in 2000. Personal information that is not allowed to be obtained from children includes their full name, home or e-mail address, telephone number or social security number. This law was enacted in order to give parental control over the information collected from their children online and to know how that information is used or shared. In order to enforce this law, the FTC actively monitors websites. The FTC recommends that websites screen users if they collect personal information or if children under 13 could potentially be using the website.

[edit]Other

potential Internet privacy risks

Malware is a term short for "malicious software" and is used to describe software to cause damage to a single computer, server, or computer network whether that is through the use of a virus, trojan horse, spyware, etc.[107]

Spyware is a piece of software that obtains information from a user's computer without that user's consent.[107]

A web bug is an object embedded into a web page or email and is usually invisible to the user of the website or reader of the email. It allows checking to see if a person has looked at a particular website or read a specific email message.

Phishing is a criminally fraudulent process of trying to obtain sensitive information such as user names, passwords, credit card or bank information. Phishing is an internet crime in which someone masquerades as a trustworthy entity in some form of electronic communication.

Pharming is hackers attempt to redirect traffic from a legitimate website to a completely different internet address. Pharming can be conducted by changing the hosts file on a victims computer or by exploiting a vulnerability on the DNS server.

Social engineering Malicious proxy server (or other "anonymity" services)

[edit]Specific [edit]Jason

cases

Fortuny and Craigslist

In early September 2006, Jason Fortuny, a Seattle-area freelance graphic designer and network administrator, posed as a woman and posted an ad to Craigslist Seattle seeking a casual sexual encounter with men in that area. On September 4, he posted to the wiki websiteEncyclopdia Dramatica all 178 of the responses, complete with photographs and personal contact details, describing this as the Craigslist Experiment and encouraging others to further identify the respondents.[108]

Although some online exposures of personal information have been seen as justified for exposing malfeasance, many commentators on the Fortuny case saw no such justification here. "The men who replied to Fortuny's posting did not appear to be doing anything illegal, so the outing has no social value other than to prove that someone could ruin lives online," said law professor Jonathan Zittrain,[109] while Wiredwriter Ryan Singel described Fortuny as "sociopathic".[110] The Electronic Frontier Foundation indicated that it thought Fortuny might be liable under Washington state law, and that this would depend on whether the information he disclosed was of legitimate public concern. Kurt Opsahl, the EFF's staff attorney, said "As far as I know, they (the respondents) are not public figures, so it would be challenging to show that this was something of public concern."[109] According to Fortuny, two people lost their jobs as a result of his Craigslist Experiment and another "has filed an invasion-of-privacy lawsuit against Fortuny in an Illinois court."[111] Fortuny did not enter an appearance in the Illinois suit, secure counsel, or answer the complaint after an early amendment. Mr. Fortuny had filed a motion to dismiss, but he filed it with the Circuit Court of Cook County, Illinois, and he did not file proof that he had served the plaintiff.[112] As a result, the court entered a default judgment against Mr. Fortuny and ordered a damages hearing for January 7, 2009.[113]After failing to show up at multiple hearings on damages,[114][115] Fortuny was ordered to pay $74,252.56 for violation of the Copyright Act, compensation for Public Disclosure of Private Facts, Intrusion Upon Seclusion, attorneys fees and costs.[116]

USA vs. Warshak

The case United States v. Warshak, decided December 14, 2010 by the Sixth Circuit Court of Appeals, maintained the idea that an ISP actually is allowed access to private e-mail. However, the government must get hold of a search warrant before obtaining such e-mail. This case dealt with the question of emails hosted on an isolated server. Due to the fact that e-mail is similar to other forms of communication such as telephone calls, e-mail requires the same amount of protection under the 4th amendment.[40] In 2001, Steven Warshak owned and operated a number of small businesses in the Cincinnati area. One of his businesses was TCI Media, Inc, which sold media advertisements in sporting venues. Warshak also owned a dozen other companies that sold herbal supplements. Although all of his companies sold various different products, they were all run as a single business, and were later merged to form Berkeley Premium Nutraceuticals, Inc. Berkeley took orders over the phone, mail and Internet orders.

Customers could only purchase products with credit cards which would later be entered into a database along with all of their other information. During sales calls, representatives would read from a script. Shelley Kinmon (an employee) testified that Warshak had the final word on the content of the scripts.[117] The scripts would include a description of the product, as well as persuasive language to get customers to make additional purchases. Enzytes popularity was due to Berkeleys aggressive advertising campaigns. 98% of their advertising was conducted through television sports.[117]Around 2004, network television was covered with Enzyte advertisements featuring a character called Smilin Bob, whose trademark exaggerated smile was an asset to the result of Enzytes success. [117] Warshak used false advertisement within the media. He claimed that there was a 96% customer satisfaction rating, when in reality it was nowhere near those numbers.[117] Many print and television ads bragged that Enzyte had been created by reputable doctors with Ivy League educations. According to the ads, Enzyte was developed by Dr. Fredrick Thomkins, a physician with a biology degree from Stanford and Dr. Michael Moore, a leading urologist from Harvard.[117] The ads also stated that the doctors had been working on developing such a supplement to stretch and elongate for over 13 years. In reality, the doctors were made up characters who didnt exist nor attended university at Harvard or Stanford.