IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled



BKINONPR.RVW 20030321

"Internet and Online Privacy", Andrew Frackman/Rebecca C. Martin/Claudia Ray, 2002, 0-9705970-7-X, U$34.95/C$52.95
%A Andrew Frackman
%A Rebecca C. Martin
%A Claudia Ray
%C 105 Madison Avenue, New York, NY 10016
%D 2002
%G 0-9705970-7-X
%I ALM Publishing
%O U$34.95/C$52.95 800-537-2128 www.lawcatalog.com
%O http://www.amazon.com/exec/obidos/ASIN/097059707X/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/097059707X/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/097059707X/robsladesin03-20
%P 233 p.
%T "Internet and Online Privacy: A Legal and Business Guide"

I have, in reviewing other works that deal with online law, noted the limited utility of legal texts which address only, or primarily, the laws of the United States. As one would expect, this book, written by three Americans, and published by an outfit named American Lawyer Media, concentrates on American legislation. (In fact, I find it slightly ironic that a Canadian price is given on the jacket.) However, the analysis is so clearly written, and so rooted in Common Law and general legal principles, that I have very little compunction in recommending this work to anyone interested in the legal aspects of privacy, regardless of jurisdiction.

The introduction states that this work is intended for both the legal professional and the lay audience. Indeed, there is an attempt to point out the business case for attending to privacy. It is noted that Doubleclick's plan to merge the surfing information that it had been collecting with a database of personally identifiable information that it had purchased resulted in a 40% drop in stock price before the plan was abandoned. In addition, there is a serious effort to emphasize the importance of international law, although not all sections of the book addressing the issue are successful.

Chapter one demonstrates that definitions of privacy are problematic. Refreshingly, an understanding of technology itself is considered to be important. Unfortunately, this position is somewhat undermined by a bit of confusion in regard to the possibility of obtaining personally identifiable information from the "clickstream" (activities while surfing the Web), and a minor error when discussing IP addresses. The aforementioned business reasons for respecting privacy are primarily given in chapter two. The development of privacy regulation, in chapter three, is predominately based on US laws and cases, but, as noted, is also conceptual and therefore broadly applicable.

Chapters four to nine deal with specific US legislation. Chapter four details the Children's Online Privacy Protection Act; five outlines the Gramm-Leach-Bliley bill (for financial institutions), the Health Insurance Portability and Accountability Act, Computer Fraud and Abuse, and Electronic Communications Privacy; six looks at state level versus federal jurisdiction; seven reviews case law (concentrating on email interception); eight discusses decisions in some class action civil suits; and nine examines Federal Trade Commission studies and decisions.

The European Union directives are dealt with in depth in chapter ten. The US Safe Harbor program is reviewed in terms of principles, but, unfortunately, details and procedures are not covered. Chapter eleven provides brief but broad outlines of various international regulations. Corporate privacy policies are discussed in chapter twelve. Chapter thirteen has a brief overview of a number of privacy enhancing technologies, but no mention of legal issues that might be involved. Government monitoring, the keyboard logging system (KLS, aka Magic Lantern), Carnivore, and the Patriot Act are examined in chapter fourteen.

This book is concise, readable, and valuable. There are some areas where one could hope for additional coverage and detail, but the concepts and basics are covered well. I would recommend this work to anyone interested in privacy issues, and particularly to those in the security industry who do not have an extensive legal background.

copyright Robert M. Slade, 2003 BKINONPR.RVW 20030321