Public Internet/Private Lives.
The death of 20-year-old Amy Boyer may not be the single reason why advocates for increased Internet privacy are suddenly being heard, but it certainly added impetus to the movement.
On a fall afternoon in October 1999, Boyer was getting ready to pull out of the parking lot near the dentist's office where she worked part-time when she heard someone yell her name.
According to a report filed with the Nashua, N.H., police, Amy turned to her left to see a distraught young man pointing a semiautomatic firearm at her face. He fired at her 11 times before taking his own life.
Citizens of the normally quiet and safe Nashua were horrified by the news of the young woman's death. But to Internet privacy advocates, Boyers' sudden, violent end was a horrendous example of how information gathered over the 'Net can be used for a terrible purpose. Boyers' stalker, 21-year-old Liam Youens, not only obtained her Social security number and workplace address via the Internet, he, incredibly, posted a Web site in which he publicly detailed his intention of killing the young woman.
"I have always lusted for the death of Amy," Youens wrote in one chilling posting. He disclosed how he planned to murder Boyers: "When she gets in, I'll drive up to her car blocking her in, window to window, I'll shoot her with my Glock."
Days after Boyers' death, New Hampshire Senator Judd Gregg announced he was cosponsoring legislation outlawing the on-line sale of Social Security numbers. But the strongest response to Boyers' murder came from her stepfather, Tim Remsberg, who appeared before a Senate subcommittee studying privacy issues last spring and demanded more stringent policing of the 'Net.
"We must show Amy that we care about what happened to her," Remsberg said, "and that we are going to act to see it doesn't happen to another."
At the same time, Remsberg publicly blamed Tripod and Geocities, the service providers that hosted Youens' site, while also filing a wrongful death suit against Docusearch.com, where Youens' received the information about Boyer's whereabouts. He claimed negligence and invasion of privacy.
"They should be monitoring sites where the word 'kill' is used," Remsberg later said of Geocities and Tripod. "Bring up every site that has the word 'murder,' the word 'rape,' the word 'bondage.'"
PROMOTING ON-LINE SAFETY
For many, including a growing number of sites dedicated to promoting on-line safety such as WHOA, Women Halting Online Abuse, the death of Amy Boyer underlines a haunting proposition: Nothing in the new frontiers of cyberspace is really confidential, and everything written or communicated has the potential of being read and misused by others.
"The Internet and cyberspace right now are very much like the wild, wild West," remarks California Senator Debra Bowen, a strong privacy supporter. "There are no rules governing behavior and commerce. And, of course, that is both the wonderful as well as the dangerous thing about it."
Says Emily Hackett, state policy director with the Internet Alliance in Washington, D.C.: "This is a world that remains a big mystery to many people, people who don't know how information about them gets processed, where it goes and how to stop it. It's a new technology that has opened up all sorts of new questions and practices in terms of how people behave and what is or is not legal behavior."
For Ellen Rony, a cyberspace expert and the author of The Domain Name Handbook--High Stakes and Strategies in Cyberspace, the question of Internet privacy is almost beside the point in a world where personal information is casually shared by a variety of entities.
"We have already relinquished a large part of our anonymity," Rony observes. "Every time we cash a check from an employer, vendor, or even a yard sale purchase, our bank account number is written on the back. Everytime we write a check, we are asked for our phone number and driver's license number."
But Rony thinks it's wrong to blame all telecommunications transgressions on the sins or potential sins of the Internet.
"This past year I had my phone number slammed [switching a long-distance carrier without authorization] and an attempt was made to trespass onto my credit card," she says. "But these problems did not arise from my activities in cyberspace."
Yet even the most diehard Internet fans admit that there is just something about it that makes this kind of abuse, unknown in the past through other forms of communication, like the mail or the telephone, somehow more scary.
Andrew Shen blames it all on the architecture of the Internet, which, he says, "facilitates this detailed collection of data."
"If you walk into a bricks-and-mortar bookstore, the bookstore may only know what book you end up buying," explains Shen, a policy analyst with the Electronic Information Center, also in Washington, D.C. "If you buy something from an on-line bookstore, the bookstore definitely knows what book you end up buying, as well as every other book you considered and how long you considered them.
"There are no guarantees or standards of privacy protection on the Internet. In such a free-for-all, consumers are left at the mercy of on-line companies," continues Shen.
And the much-publicized activities of the Federal Bureau of Investigation and DoubleClick.com, have only made things worse.
In the spring of 1999, in an effort to monitor what it called the increasing prevalence of on-line crime, the FBI announced the creation of an e-mail surveillance tool with a name conjuring up the worst 1950's science fiction films: Carnivore.
The tool, according to FBI spokesman Paul Bresson, was long needed. "E-mail is an evolving technology, but like any technological breakthrough it has the potential to be misused by criminals trying to carry Out their activities. So we really had a responsibility to come up with a tool that keeps pace with this new technology."
Bresson adds that if the FBI had made no effort to police the 'Net at all, the symbolism would have been overpowering. "We would have been in essence saying to criminals that this is a safe haven for you."
Carnivore, whose title Bresson now admits was "not the best we could have come up with (California's Bowen thinks "Vegetarian" could have at least conjured up friendlier images) is supposed to be used only to track "to and from" e-mail information, Bresson says, not the content of any correspondence. "We even have filing mechanisms installed to minimize e-mail content."
But according to a report in the Washington Post, Carnivore does indeed have the ability to retrieve "all communications passing through an Internet provider, not just those related to a criminal suspect."
Even the FBI has admitted as much. In one memo released in November, the agency said Carnivore had the ability to "capture and archive all unfiltered traffic to the internal hard drive." But FBI agents nevertheless insisted Carnivore would not be used that way.
The second uproar was created by the founder and chairman of DoubleClick, the world's largest on-line advertising group, which sells advertising space on behalf of some 1,400 Web sites. In January 2000, Kevin O'Connor announced that with the purchase of Abacus, the nation's largest offline database, which contains data on an extraordinary 90 percent of American households, he could share (for a price) the intimate profiles of some 100,000 people to individual advertisers.
The outcry was immediate. DoubleClick users said O'Connor had betrayed them. The Federal Trade Commission promised an investigation. And O'Connor himself--at 39, he is one of the boy wonders of cyberspace--was forced to give up his job as DoubleClick's CEO although he still remains the company's chairman.
"Marketeers have always watched us and kept track of us," says Hackett of the Internet Alliance. "They have made studies of how people move through department stores and stop at certain displays. But what O'Connor proposed (and it was never more than that) seemed to go over the edge, it seemed like an invasion of privacy. That's why the reaction was so swift."
CONCERN ABOUT POTENTIAL MISUSE
Perhaps it is no surprise, given the travails of DoubleClick and the advent of a monster called Carnivore, that some 60 percent of the respondents in a recent Gallup survey said they were "very concerned" about the potential misuse of such things as legal documents and tax records gathered over the Internet. Another 63 percent, in a separate poll, said they were bothered by government agencies that had the ability to tap into personal e-mail.
"Everybody in Washington takes it as a foregone conclusion that something needs to be done," remarked Jason Catlett, founder of Junkbusters, a nonprofit New Jersey-based Web site. "Now, it's not a question whether bills are going to be passed, but which one."
Those concerns, only naturally, have reached the state level, as well. Study commissions to explore how Internet privacy can be protected and what lawmakers can do to help have been established in nearly half the states.
"The states that have so far been the most active in the privacy arena with very active attorneys general are also the states that have big high-technology industries," reports Hackett, before reeling off the names of the top six that are most likely to pass some form of privacy legislation in 2001: Massachusetts, New York, Virginia, Texas, Washington and California.
"The situation in these states right now is very dynamic," he says. "You have a situation where the attorneys general and some lawmakers are very much aware of the industry's concerns and are making certain that they do not do anything to inhibit the growth of the new economy."
In Texas, where a sweeping report on the role of the Internet in economic development has been completed by the legislature, lawmakers have indicated a willingness to move on Internet privacy issues, if that involves nothing damaging to the 'Net in general.
It is a goal shared by Representative Brian McCall, the chairman of the House subcommittee on privacy. "The states can play a vital role in reassuring citizens regarding Internet security," he maintains.
"First and foremost, state government has to be well-informed and kept up-to-date with security and technological advances so they can address citizen concerns effectively and accurately," he says.
But at the same time McCall, the author last year of legislation making it a felony to stalk someone via the 'Net, admits he is uncomfortable with the government taking too large a role with the Internet.
"I am a strong supporter of the Internet. I agree that it's not government's role to unnecessarily 'interfere' with this medium," he says. "But what we must do is make small, specific steps to root out the bad actors. In any legislating that we may do, we should avoid broad-based approaches that ignore and therefore hinder future technological developments or entrepreneurship on the 'Net."
In Arizona, Representative Jeff Hatch-Miller, chairman of a joint legislative study committee on the Internet, recently hosted public hearings on privacy, while also being careful to spell out his own precise mission: "The state," he said as the hearings began last fall, "needs to develop policy that will protect citizens from having sensitive records and information about them easily accessible over the Internet, while at the same time promoting the advantages and efficiency e-government brings to citizens."
In California, Senator Bowen, who has seen most of her previous privacy bills fail, says she is striving to maintain the same balance.
"In the pre-Internet world, that balance was achieved by requiring a judge to issue a warrant for a search and then by limiting the effort," she points out, "making the search as minimally intrusive as possible. I see no reason why those same parameters cannot be applied to the Internet, particularly with programs like Carnivore.
Up to this point, the states have been reluctant to act, waiting either for a model from Washington to follow or worried that any legislation could become dangerously wide-ranging, which could potentially burden the expansion of the 'Net and the economy. But Shen with the Electronic Privacy Information Center is certain now is the time to act.
"There is unprecedented public support for greater privacy protection," Shen argues. "Agencies and governments that have the power to help should do so."
Shen also takes issue with the notion that the states should wait for a clear signal from Washington, but from a different perspective: "State legislators should not wait for the problem to take care of itself. Once you lose your privacy, it's difficult to get it back."
Author Rony, meanwhile, thinks the states could do more good by drawing upon their vast resources to educate the public. "State legislatures should recognize that the Internet provides opportunity for education just as fully as it does for misinformation," she says. "A solid, well-executed informational campaign to combat questionable on-line activities may be far more effective than a contentious intrusion into personal correspondence.
"There is no one-size-fits-all or magic pill solution, and I expect governments will be debating these issues for years," she adds.
There is also the question of how much the Internet industry is capable of responding to change upon request and thus, to an extent, policing itself.
Yahoo, upon the request of the French government, recently prohibited any Web sites promoting Nazism that might be accessed within the borders of France. Amazon and DoubleClick, meanwhile, have both pulled back on sharing user information with outsiders.
"What is so amazing about this industry is that it is able to respond so quickly to complaints," observes Hackett. "And they have done that without any laws to govern them."
Even more interesting, at least two Web sites, zeroknowledge.com and anonymizer.com have been created with the mission of helping Internet users maintain their anonymity, and thus promoting privacy.
"But most of these things in the long run are for people who are pretty sophisticated on the 'Net," says Senator Bowen. "For all of the rest of the people, people who don't often use the 'Net or don't understand all of the issues, who is going to protect them?"
Bowen, who is tech-savvy and was the first lawmaker in California to propose a bill that eventually put the Legislature on-line in 1993, has an answer to her own question.
"It just seems to me that sooner or later the states are going to have to act," Bowen thinks. "When you realize how easily privacy over the Internet can be invaded or how long it may be until Washington does anything at all, I think it becomes imperative that the states jump in and take the lead. We have already waited too long."
Garry Boulard, a frequent contributor to State Legislatures, is a free-lance writer from New Orleans.
WHEN HARASSMENT MOVES ONLINE
Intimidating and harassing messages sent over the Internet ... are they as real a threat as actually being following and watched in your neighborhood or home? News accounts of cyberstalking--repeated threats or harassing behavior sent via the Internet or posted on Web sites--are increasingly common. Examples of just a few of the cases that have been prosecuted make it clear that cyberstalking can be a serious threat:
* A California man posted a woman's telephone number and address on Internet chat rooms with claims that she fantasized about being raped. Several men appeared at her door, saying they wanted to rape her.
* A Massachusetts man sent repeated e-mail messages to a co-worker, attempting to extort sexual favors from the victim by threatening to disclose past sexual activities.
* A California honors student sent hundreds of violent and threatening e-mails to five female university students for more than a year.
All states have criminal stalking laws, but only about half have cyberstalking or anti-harassment laws that specifically apply to the Internet and electronic communications. Stalking is often defined as the willful, malicious and repeated harassment of another. Stalking laws often require that the offense constitute a credible threat against the victim--that is, the perpetrator must have the intent and ability to carry out the threat. But if someone is threatened online, they may have no way of knowing whether the person can carry out the threat. Some laws require simply that the victim believes the threat to be credible or that she is in reasonable fear of physical harm.
State laws that do not include specific references to electronic communications may still apply to cyberstalking, but specific language makes the laws easier to enforce. Enforcement is already a challenge in cyberspace, since it can be impossible to absolutely identify the sender of an e-mail. For example, a person can gain unauthorized access to another person's e-mail account or may use anonymous remailers--online services that guarantee messages can't be traced to their source.
Many states have simply amended existing stalking laws to include electronic communications. Other states include electronic communications in harassment laws outside the stalking statutes.
Law enforcement agencies estimate that electronic communications are a factor in from 20 percent to 40 percent of all stalking cases. And according to a recent report by the U.S. Department of justice, cyberstalking is a serious problem that will unfortunately continue to grow as more people go online.
Pam Greenberg, NCSL