Reforming Internet Privacy Law

Friday, December 4, 2009, 1:00 PM
@ Wittemyer Courtroom, Wolf Law Building, University of Colorado


To view video recordings of the event, click here.

(A Gentle Introduction to the Electronic Communications Privacy Act at 11:00 am)

How much privacy do we enjoy online; when should the need for privacy give way to other societal needs; and how should law guarantee online privacy, if at all? The answers to these questions turn on some first-principles disagreements: Should we protect privacy through a patchwork of statutes and regulations, as we have to date, or should we instead enact omnibus privacy rules which govern across industries and provide uniform standards across the country? When does the need to enable new forms of behavioral marketing outweigh small incursions into user privacy? How can we balance the need for privacy against the government's need to investigate online crime and protect national security?

Many have criticized the patchwork of federal and state laws which regulate privacy on the Internet. These critics contend that these laws, which govern what both governments and private parties such as businesses can do to track behavior and communications online, are vague and confusing, failing to keep up with breathtaking Internet advances.

Recently, two groups working independently of one another have tried to turn such criticism into action, developing standards, best practices, or model legislation for the reform of some online privacy laws. The Center for Democracy and Technology (CDT) has led a working group of Internet Service Providers and privacy groups to draft an amendment to the federal Stored Communications Act, part of the Electronic Communications Privacy Act ("ECPA"). Meanwhile, a second group of attorneys, chaired by Justice Michael Bender of the Colorado Supreme Court with Professor Stephen Henderson serving as the group's reporter, has met for two years to draft standards for government access to transactional information, which apply to tracking both online and offline. These two groups have had little opportunity to engage one another, despite trying to achieve similar goals. Much can be gained by bringing these efforts into conversation with one another, especially now, as both groups near completion of their efforts.

On Friday, December 4, 2009, please join the Silicon Flatirons Center for Law, Technology, and Entrepreneurship in Boulder, Colorado, for a conference on Reforming Internet Privacy Law. In our first panel, we will tackle the broader question of Internet privacy protection, seeking first principles. After this broad, general discussion, we will turn to the specific question of when and how the government should be permitted to access private information about online activity. First, representatives from the two reform groups will describe the history, goals, and content of each of their proposals. Next, a panel will look at the substance of Government access reform, debating what type of information the law should govern. The last panel will look both at the procedural law of government access--should the law require a search warrant, court order, subpoena, or something else--and the politics of Internet reform.

Associate Professor and Silicon Flatirons Initiative Director Paul Ohm will moderate the three panels.

A Gentle Introduction to the Electronic Communications Privacy Act

Friday, December 4, 2009, 11:00am - 12:00pm
Wolf Law Building, Wittemyer Courtroom

Associate Professor Paul Ohm will present an hour-long overview of the Electronic Communications Privacy Act, or ECPA, the principal American law regulating the privacy of communications on the Internet and telephone networks. ECPA regulates both private parties and the Government and sets the rules for how these entities can access, intercept, use, and disclose the content of communications and records relating to communications. ECPA is famously complex, and the purpose of this hour is to gently introduce the uninitiated into the law's mysterious nooks and crannies. The tutorial will also provide a useful background to people interested in the December 4th conference on "Reforming Internet Privacy Law," as two panels will deal with ECPA, at least in part.

Greeting and Overview
1:00pm - 1:10pm
  • Dale Hatfield
    Spectrum Initiative Co-Director
    Senior Fellow
    Silicon Flatirons
    Adjunct Professor
    University of Colorado
  • Paul Ohm
    Associate Professor of Law
    Associate Dean for Academic Affairs
    University of Colorado
First Principles for Internet Privacy Regulation
1:10pm - 2:25pm
  • Nicholas Allard
    Patton Boggs
  • Jim Dempsey
    Vice President for Public Policy
    Center for Democracy and Technology
  • Phil Gordon
    Chair, Privacy and Data Protection Practice Group
    Littler Mendelson
  • Michael Hintze
    Chief Privacy Counsel and Assistant General Counsel
    Microsoft Corporation
  • Scott Shipman
    Associate General Counsel, Global Privacy Leader
    eBay Inc.
  • Gerry Stegmaier
    Wilson, Sosini, Goodrich & Rosati
Overview of Bender/Henderson Task Force on Transaction Surveillance
2:25pm - 2:35pm
Overview of Digital Privacy and Security Working Group (DPSWG) ECPA Reform Effort
2:35pm - 2:45pm
  • Jim Dempsey
    Vice President for Public Policy
    Center for Democracy and Technology
2:45pm - 3:00pm
What a New ECPA Should Regulate
3:00pm - 4:15pm
4:15pm - 4:30pm
What Protections a New ECPA Should Include and the Politics of Reform
4:30pm - 5:45pm
5:45pm - 6:45pm