The Privacy Advocates

Resisting the Spread of Surveillance

Colin J. Bennett

The MIT Press Cambridge, Massachusetts London, England 6 2008 Massachusetts Institute of Technology

All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the publisher.

For information about special quantity discounts, please email [email protected] .edu.

This book was set in Times New Roman and Syntax on 3B2 by Asco Typesetters, Hong Kong. Printed and bound in the United States of America.

Library of Congress Cataloging-in-Publication Data

Bennett, Colin J. (Colin John), 1955– The privacy advocates : resisting the spread of surveillance / Colin J. Bennett p. cm. Includes bibliographical references and index. ISBN 978-0-262-02638-3 (hardcover : alk. paper) 1. Privacy, Right of. 2. Human rights advocacy. 3. Human rights movements. 4. Human rights workers. I. Title. JC596.B46 2008 323.44082—dc22 2008013819

10987654321 Index

Agre, Phillip, 15, 16, 199, 211 British Columbia Freedom of Information Albrecht, Katherine, 46, 69, 72–73, 105, 126 and Privacy Association (FIPA), 18, 34 American Civil Liberties Union (ACLU) Bulgaria, 44, 108–109 campaigns of, 104, 175, 183 Buro Jansen and Janssen, 41 and Clipper chip, 148 and Eli Lilly, 161 Californians against Telephone Solicita- and litigation, 120 tions, 54 mission of, 20, 36–38, 60, 216 Campbell, Duncan, 88 and Real ID, 143 Canada, 6, 8, 34, 39, 44, 103, 114, 180, 214 and symbols of surveillance, 109–110, 112, Canadian Imperial Bank of Commerce, 219, 222 162 Amnesty International (AI), 28, 42 Identity Management policy, 142 Arbeitskreis Vorratsdatenspeicherung Personal Information Protection and Elec- (Working Group on Data Retention), tronic Documents Act, 114–115 184 privacy commissioner of, 26, 115, 117– Arge Daten, 19, 35 118, 162 Australia, 6, 8–9, 26, 54, 87, 103, 122 Canadian Civil Liberties Association and Access Card, 30, 139, 142, 163–164 (CCLA), 39, 95 and Australia Card, 28, 30, 69, 129, 137– Canadian Internet Public Policy Clinic 140, 163–166, 175 (CIPPIC), 65, 95, 114–115, 117–118, Australian Privacy Foundation (APF), 20, 120, 197 28, 30, 34, 60, 65, 82, 103, 138–140, 169, Castells, Manuel, 170 175, 178, 190, 219 CATO Institute, 38 Center for Digital Democracy (CDD), 19, Backscatter X-Ray, 105 20, 52, 156 Barlow, John Perry, 48–49, 130 Center for Democracy and Technology Barney, Darin, 170–171 (CDT) Bendrath, Ralf, 174 campaigns of, 112–113, 124–125, 152–154 Berman, Jerry, 37, 50, 131 mission of, 20, 50–51, 102 Big Brother Awards, 44, 92, 107–109, 112, strategies of, 131, 180, 186–187 123, 160–161 Chaos Computer Club (CCC), 52–53, 92, Bing, Jon, 77 235n76 Bits of Freedom (BoF), 21, 52, 60 Chaum, David, 83 Bowden, Caspar, 52, 102, 212–213 Chief privacy o‰cers (CPOs), 26 Boycotts, 47, 103, 126–127, 136, 149, 152– Children’s privacy, 56–57, 159, 220–221 153 China, 42 Bull, Hans Peter, 77, 135–136 ChoicePoint, 107, 160–161, 165–166, 179 Burkert, Herbert, 77 Civil society, 27, 169 Burnham, David, 88 Clarke, Roger, 4, 15, 82, 137–139, 164– British Columbia Civil Liberties Associa- 165, 173, 190, 219 (see also Australian tion (BCCLA), 39 Privacy Foundation) 256 Index

Clement, Andrew, 206 Electronic panics, 193–194 Clipper chip controversy, 49, 83, 134, 146– Electronic petitions, 149, 175, 186 150, 152–153, 166, 175–176, 180, 186, Electronic Privacy Information Center 194 (EPIC) Coalition Against Unsolicited Commercial campaigns of, 175, 178, 180–181 Email (CAUCE), 54 and Choicepoint, 160 Coalition for Patient Privacy, 182 and Clipper chip, 148 Computer Assisted Passenger Profiling and DoubleClick, 154–156 System (CAPPS), 121 EPIC Alerts, 100 Computers, Freedom and Privacy (CFP) and Intel, 152 conference, 49, 84, 108, 128, 172–173, and Microsoft, 157–159 180 mission of, 19, 30–32, 60 Computer Professionals for Social Privacy and Human Rights,44 Responsibility (CPSR), 31, 145, 149, 175, and Privacy Coalition, 192–193 180, 232n10 strategies of, 80, 105, 120–122, 125, 130– Coney, Lillie, 219 (see also Privacy 131, 186–187 Coalition) and symbols of surveillance, 109–112 Consumer Action, 153 Eli Lilly, 161–162 Consumer Association of Canada, 45 European Civil Liberties Network (ECLN), Consumers Against Supermarket Privacy 40 Invasion and Numbering (CASPIAN), European Digital Rights Initiative (EDRI), 46–47, 60, 69, 72–73, 104–105, 107, 126– 53, 100, 133, 183–184, 187 127 European Union Data Protection Directive, Cranor, Lorrie Faith, 173 8–9, 118, 121, 158 Culnan, Mary, 145 Cryptography, 49, 84–85, 147 Fair Information Practices, 19, 181 Cyber-Rights and Cyber-Liberties, 52 Fair information principles (FIPs), 7–9, 83, Cypherpunks, 49, 83–84 114, 212 Czech Republic, 44, 109 Federal Communications Commission (U.S.), 101, 122 Data breaches, 159–163, 211 Federal Trade Commission (U.S.), 101, Data protection, 6–8, 18, 44, 83 121–122 Data retention, 21, 53, 184 and ChoicePoint, 160–162 Dataveillance, 15–16 and Do Not Call List, 101, 121 Davies, Simon, 18, 28–29, 65, 69–70, 74– and DoubleClick, 154–155 75, 107, 128, 138, 140, 142, 164–165, and Intel, 152 187–188, 218 (see also Privacy and Microsoft, 158–159 International) and Safe Harbor Agreement with EU, Dempsey, Jim, 67, 125, 219 121, 155 Deutsche Vereinigung fu¨r Datenschutz and spyware, 124–125 (German Association for Data Protec- Flaherty, David, 14, 26, 63–64, 77, 134– tion), 19, 35 135, 137 Die Humanistische Union (The Humanist FoeBuD, 92, 108 Union), 40, 103 Forum Informatikerinnen fu¨r Frieden und Di‰e, Whitfield, 76 gesellschaftliche Verantwortung (Forum Digital Privacy and Security Working of Computer Professionals for Peace and Group (DPSWG), 148–149, 175, 180 Social Responsibility), 53 Digital Rights Denmark, 52 Foundation for Information Policy Digital Rights Ireland, 52 Research (FIPR), 52, 102 Dixon, Pam, 34, 87, 219–220 (see also Foundation for Taxpayer and Consumer World Privacy Forum) Rights, 127 DoubleClick, 52, 125, 153–156, 163, 165, Founders’ syndrome, 224 166, 176, 179, 185 Frames and framing, 1–2, 17–18, 192, 210, 212, 221, 225 Elahi, Hassan, 91 France, 9, 14, 44, 142 Electronic Frontier Foundation (EFF), 20, and Commission Nationale de l’Informa- 47–50, 60, 102, 119, 129, 148, 175–176, tique et Liberte´s (CNIL), 26, 44, 141 177, 187 and identity cards, 140–141 Index 257

Freese, Jan, 77 Kapor, Mitch, 48 Frontline, 43 La Ligue des Droits et Liberte´s (Quebec), Gandy, Oscar, 143 25, 44 Gellman, Robert, 51 Latin America, 43, 233n44 Germany, 7, 14, 35, 40, 45, 52, 90, 92, 103, Lawson, Philippa, 65, 95, 114–115, 117 108, 129, 184 Leave Those Kids Alone (LTKA), 57 and census disputes, 129, 135–137, 163, Lexis-Nexis, 194–195 165–166 Coalition, 39 data protection commissioners, 26, 35, Lotus Marketplace, 31, 127, 144–146, 163, 135 194 and Green Party, 135 Lyon, David, 9, 11, 14, 16, 143, 200 Gilmore, John, 48, 84 Givens, Beth, 32–33, 209, 218 Mann, Steve, 12–13 Global Internet Liberty Campaign (GILC), Marx, Gary, 13, 16, 109, 129 19, 175 Medical Privacy Coalition, 56 Goldman, Janlori, 37, 145 Microsoft, 85, 109, 156–159, 163, 165, 166, Google, 1, 42, 52, 63, 156, 175, 176–179, 175, 179, 185 185, 191, 212 Miller, Arthur, 4, 77 Greenleaf, Graham, 8, 65, 69, 137, 140 (see Monty Python, 169 also Australian Privacy Foundation) Motorists Against Detection, 55 Guerra, Robert, 43 Mulligan, Deidre, 77, 186, 218, 220

Hackers and hacking, 52–53 Naming and shaming, 122–128 Haggerty, Kevin, 10, 11, 15, 16–17 National Council for Civil Liberties/ Halperin, Morton, 37 Liberty, 40 Hasbrouck, Ed (The Practical Nomad), Net activism, 185–195 56 Netherlands, 35, 52, 108, 135, 163, 165 Health Privacy Project, 20 Netjus, 52 Hendricks, Evan, 87, 145 Network society, 170–171 Holvast, Jan, 28–29, 135 Neumeister, Rich, 66, 71–72, 102, 220 Hoofnagle, Chris, 67, 100, 101–102, 164, 1984 (Orwell), 3, 89, 93, 107–109 221 NO2ID, 54, 112, 140, 179 Hosein, Gus, 29, 66, 104, 169, 196 Human rights methodology, 95–96 Open Society Institute, 175 Hungary, 44, 108–109 Patient Privacy Rights Coalition, 55 Identity cards, 38, 54, 79, 137–143, 179 Peer monitoring, 13–14 Identity theft, 45, 46, 159–163, 243n40 Platform for Privacy Preferences (P3P), 85, Individual-I.com, 25, 85 130 Imaginons un Re´seau Internet Solidaire Pretty Good Privacy (PGP), 84 (IRIS), 52 Privacy Intel Processor Serial Number, 107, 125, and civil liberties, 35–41 151–153, 163, 165, 166, 176, 179–180, and consumer protection, 33, 45–47 185, 186, 242n19 critique of, 9–10 International Association of Privacy Profes- and digital rights, 47–53 sionals (IAPP), 80, 238n50 dimensions of, 3–6, 21–22 International Campaign Against Mass and environmentalism, 211 Surveillance, 21, 183 framing of, 1–2 International Civil Liberties Monitoring and health, 55–56 Group (ICLMG), 173, 182–183 and human rights, 41–45 International Civil Aviation Authority and information privacy, 4, 6–7, 18– (ICAO), 104 19 Internet Corporation for Assigned Names and libertarianism, 38 and Numbers (ICANN), 32 and public opinion, 79 and religion, 72–73, 236n27 Japan, 45, 129, 141–142, 166 social purposes of, 4–5, 10 Junkbusters, 130, 152–153, 154 Privacy Activism, 33–34, 73, 184, 187 258 Index

Privacy advocacy network, 57–61, 184, 189, Rotenberg, Marc, 31, 63, 66, 122, 131, 145, 195–197, 223–225 176, 199–200, 215 (see also Electronic and cyberactivism, 185–195 (see also Net Privacy Information Center) activism) Rule, James, 5, 10–11 Privacy advocates and academic research, 75–79, 130, 217– Schneier, Bruce, 76, 85, 99, 199 218 Schwartz, Ari, 65, 218 and artistic expression, 89–94 Schwartz, Paul, 5, 135, 136, 160 and campaigns, 175–180 Sieghart, Paul, 5, 77 and conservatism, 181–182, 188 Simitis, Spiros, 76 and consultancy, 79–82 Smith, Robert Ellis, 32, 67, 68–69, 86–87, definitions of, 64–68 97, 170–171, 185, 212 (see also Privacy and equality, 204–205 Journal) and extremism, 74 Social movement theory, 1–2, 200–207 and financing, 132 Society for Worldwide Interbank Financial and ideology, 204 Communications (SWIFT), 108, 117–118 and journalism, 86–89 Solove, Daniel, 3 and literature, 89 Sousveillance, 12–13 (see also Mann, Steve) and lobbying, 101–102 Spam e-mail, 54 and membership, 132 Spyware, 124 and movies, 89–90, 238n68 Statewatch, 40, 104 and pragmatism, 129–130 Steeves, Valerie, 44, 65, 213, 214 and software development, 82–86 Steinhardt, Barry, 99, 219 (see also Ameri- types of advocacy groups, 27–28 can Civil Liberties Union) Privacy Chernobyl, 200, 209–210, 215 Sterling, Bruce, 72, 133 Privacy Coalition, 19, 180–182, 192 Stichtung Waakzaamheid Persoonregistra- Privacy and data protection commissioners, tiie (Privacy Alert), 35, 135 9, 26, 118, 158, 166, 178, 214 Surveillance annual conference of, 173–174, 244n6 definitions of, 11 Privacy-enhancing technologies (PETs), 53, symbols of, 106–111 85 trends toward, 16–17 Privacy impact assessments, 139 types of, 12–15 (PI), 18, 28–29, 60, Surveillance Camera Players, 13, 21, 55, 102, 104, 118, 154, 177–178, 212, 216 93–94, 203 Privacy Journal, 32, 68–69, 86–87, 97, 172 Sweeney, Latania, 76 Privacy Mongolia, 44 Symbolic politics, 106–107 Privacy protection (data protection) laws, 8–9 Tangens, Rena, 92 (see also FoeBuD) Privacy Rights Clearinghouse (PRC), 32– Tarrow, Sydney, 201–205 (see also Social 33, 47, 60, 100, 153, 154, 160, 177 movement theory) Privacy Times, 87, 153 Tien, Lee, 65, 176 Privacy Ukraine, 43–44 Transatlantic Consumer Dialogue, 47 Private Citizen Inc., 54–55, 153 Transnational advocacy networks, 215–217 Privaterra, 43 Processor Serial Number (PSN). See Intel UK National Consumer Council, 45 Processor Serial Number Public Interest Computing Association, 31 and national identity card, 54, 140, 179 (see also NO2ID) Quakers, 183 Information Commissioner of, 173 Regulation of Investigative Powers Act, Radio Frequency Identification Devices 52, 102 (RFIDs), 46–47, 50, 72, 108, 112, 140 United States Real ID, 34, 50, 142–143, 181–182, 185, Administrative Procedure Act, 101 187, 203 Communications Assistance for Law Regan, Priscilla, 10, 218 Enforcement Act (CALEA), 50, 149 Resource mobilization, 95, 207–208 Communications Decency Act, 187–188 Rivest, Ron, 76 Electronic Communications Privacy Act Rodota, Stefano, 77 (ECPA), 149 Index 259

Fair Credit Reporting Act, 160–161 Freedom of Information Act (FOIA), 120–121 Health Insurance Portability and Account- ability Act (HIPAA), 56 Internal Revenue Service, 65 National Security Agency, 120, 146–147 Privacy Act of 1974, 37, 121 USA Patriot Act, 85, 106–107, 177 U.S. Privacy Council, 180 U.S. Public Interest Research Group (USPIRG), 46, 154 Universal Declaration of Human Rights, 41–42

Verbraucherzentrale Bundesverband (Federation of German Consumer Organizations), 45 Video-surveillance, 22, 99, 107, 116 (see also Camera Surveillance Players)

Westin, Alan, 4–5, 68, 77, 144 Whole Earth ‘Lectronic Link (WELL), 186 World Privacy Forum (WPF), 34, 87–88, 177 World Summit on the Information Society (WSIS), 32, 174–175 World Wide Web consortium, 104

Yahoo, 42

Zimmerman, Phil, 84