Reforming Internet Privacy Law

(A Gentle Introduction to the Electronic Communications Privacy Act at 11:00 am)

How much privacy do we enjoy online; when should the need for privacy give way to other societal needs; and how should law guarantee online privacy, if at all? The answers to these questions turn on some first-principles disagreements: Should we protect privacy through a patchwork of statutes and regulations, as we have to date, or should we instead enact omnibus privacy rules which govern across industries and provide uniform standards across the country? When does the need to enable new forms of behavioral marketing outweigh small incursions into user privacy? How can we balance the need for privacy against the government’s need to investigate online crime and protect national security?

Many have criticized the patchwork of federal and state laws which regulate privacy on the Internet. These critics contend that these laws, which govern what both governments and private parties such as businesses can do to track behavior and communications online, are vague and confusing, failing to keep up with breathtaking Internet advances.

Recently, two groups working independently of one another have tried to turn such criticism into action, developing standards, best practices, or model legislation for the reform of some online privacy laws. The Center for Democracy and Technology (CDT) has led a working group of Internet Service Providers and privacy groups to draft an amendment to the federal Stored Communications Act, part of the Electronic Communications Privacy Act (“ECPA”). Meanwhile, a second group of attorneys, chaired by Justice Michael Bender of the Colorado Supreme Court with Professor Stephen Henderson serving as the group’s reporter, has met for two years to draft standards for government access to transactional information, which apply to tracking both online and offline. These two groups have had little opportunity to engage one another, despite trying to achieve similar goals. Much can be gained by bringing these efforts into conversation with one another, especially now, as both groups near completion of their efforts.

On Friday, December 4, 2009, please join the Silicon Flatirons Center for Law, Technology, and Entrepreneurship in Boulder, Colorado, for a conference on Reforming Internet Privacy Law. In our first panel, we will tackle the broader question of Internet privacy protection, seeking first principles. After this broad, general discussion, we will turn to the specific question of when and how the government should be permitted to access private information about online activity. First, representatives from the two reform groups will describe the history, goals, and content of each of their proposals. Next, a panel will look at the substance of Government access reform, debating what type of information the law should govern. The last panel will look both at the procedural law of government access–should the law require a search warrant, court order, subpoena, or something else–and the politics of Internet reform.

Associate Professor and Silicon Flatirons Initiative Director Paul Ohm will moderate the three panels.
A Gentle Introduction to the Electronic Communications Privacy Act

Friday, December 4, 2009, 11:00am – 12:00pm

Wolf Law Building, Wittemyer Courtroom

Associate Professor Paul Ohm will present an hour-long overview of the Electronic Communications Privacy Act, or ECPA, the principal American law regulating the privacy of communications on the Internet and telephone networks. ECPA regulates both private parties and the Government and sets the rules for how these entities can access, intercept, use, and disclose the content of communications and records relating to communications. ECPA is famously complex, and the purpose of this hour is to gently introduce the uninitiated into the law’s mysterious nooks and crannies. The tutorial will also provide a useful background to people interested in the December 4th conference on “Reforming Internet Privacy Law,” as two panels will deal with ECPA, at least in part.