[note: copyright permission not yet secured]
. Judy Jones, Look 1. . Professor of Law, University of Miami School of Law. B.A. Yale, M.Phil Cambridge, J.D. Yale. I am grateful for advice from Caroline Bradley, Patrick Gudridge, and Eugene Volokh, for research assistance from SueAnn Campbel and Julie Dixson, and extraordinary secretarial assistance from Rosalia Lliraldi. The errors that survive are my own. Unless otherwise noted, this article seeks to reflect legal and technical developments as of Feb. 1, 2000. All Internet citations were current as of May 22, 2000. . Deborah Radcliff, A Cry for Privacy, Computer World, May 17, 1999 <http://www.computerworld.com/home/print.nsf/all/990517privacy>. The comment was in response to a question at a product launch. See also Edward C. Baig, Marcia Stepanek & Neil Gross, Privacy: The Internet Wants Your Personal Info., What's in It for You?, Bus. Wk., Apr. 5, 1999, at 84 (quoting McNealy as saying, "You already have zero privacy. Get over it."). . Louis D. Brandeis, Other People's Money and How the Bankers Use It 92 (1914). Brandeis actually intended this comment to include both public and private institutions: "Publicity is justly commended as a remedy for social and industrial diseases. Sunlight is said to be the best of disinfectants; electric light the most efficient policeman." Id. . See Karl G. Heider, Ethnographic Film 11-15, 49-62 (1976) (discussing ways in which the act of filming may distort or misrepresent reality); Shoshana Zuboff, In the Age of the Smart Machine: The Future of Work and Power 344-45 (1988) (describing the phenomenon of "anticipatory conformity" among persons who believe they are being observed). Cf. Estes v. Texas, 381 U.S. 532, 545 (1965) (noting that it is "highly probable that the presence of cameras in the courtroom will influence jurors). . The definition differs from that used in United States constitutional law. The constitutional right to privacy is frequently described as having three components: (1) a right to be left alone; (2) a right to autonomous choice regarding intimate matters; and (3) a right to autonomous choice regarding other personal matters. See Laurence H. Tribe, American Constitutional Law § 15-1 (2d ed. 1988); Ken Gormley, One Hundred Years of Privacy, 1992 Wis. L. Rev. 1335, 1340. . The European Union's Privacy Directive, Council Directive 95/46 of the European Parliament and of the Council on the Protection of Individuals With Regard to the Processing of Personal Data and on the Free Movement of Such Data, 1995 O.J. (L 281) 31, is probably the most comprehensive attempt to protect informational privacy, although experts disagree about its domestic and especially extraterritorial effects. Compare Paul M. Schwartz & Joel R. Reidenberg, Data Privacy Law: A Study of U.S. Data Protection (1996), with Peter P. Swire & Robert E. Litan, None of Your Business World Data Flows, Electronic Commerce, and the European Privacy Directive (1998). . Benjamin Franklin, Poor Richard's Almanac (1735), reprinted in The Oxford Dictionary of Quotations 211 (2d ed. 1959). . See 8 U.S.C. § 1324a(a)(1)(B) (1996) (prohibiting hiring workers without verifying identity and authorization to work in the United States). Employers must complete an INS Form I-9, Employment Eligibility Verification Form, documenting this verification and stating the type of ID they examined. See Verification of Employment Eligibility, 8 C.F.R. § 274a.2 (1999). . See Boehner v. McDermott, 191 F.3d 463, 465 (D.C. Cir. 1999) (describing the taping of a cell phone call including Speaker Gingrich); Office of the Independent Counsel, Referral to the United States House of Representatives pursuant to Title 28, United States Code, § 595(c) § I.B.3 ("The Starr Report") <http://icreport.loc.gov/icreport/6narrit.htm#L7> (describing recording of Lewinsky calls by Linda Tripp); Paul Vallely, The Queen Brings Down The Shutters, The Indep., Aug. 19, 1996, available in 1996 WL 10952752 (noting the taping of intimate conversation of Prince Charles).
Although the phenomenon of ad hoc surveillance and eavesdropping is an interesting one, this article concentrates on more organized corporate and government surveillance and especially profiling. . See Roger Clarke, Information Technology and Dataveillance, 31 Comm. ACM 498 (May 1988) (defining dataveillance as "the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons") <http://www.anu.edu.au/
people/Roger.Clarke/DV/CACM88.html>. . So-called "reality" television programming provides a possible glimpse of this world. The popularity of these shows demonstrates the supply of willing watchers, and there appear to be many willing subjects. See, e.g., Associated Press, Actress Bares All in Santiago Glass House, CNN.com, Jan. 26, 2000 <http://cnn.com/2000/WORLD/americas/01/26/chile.glass.house.ap/> (describing actress "spending two weeks in a house in central Santiago made of nothing but glass"). . David Brin, The Transparent Society (1998). . See, e.g., U.S. GAO, Government and Commercial Use of the Social Security Number is Widespread 1 (1999) (Letter Report, GAO/HEHS-99-28), available in <http://
frwebgate.access.gpo.gov/cgi-bin/useftp.cgi?IPaddress=162.140.64.88&filename=he99028.pdf&
directory=/diskb/wais/data/gao> (noting "the SSN is used for a myriad of non-Social Security purposes, some legal and some illegal"); Flavio L. Komuves, We've Got Your Number: An Overview of Legislation and Decisions to Control the Use of Social Security Numbers as Personal Identifiers, 16 J. Marshall J. Computer & Info. L. 529, 535 (1998) ("SSN use is so important to business and government in this country that a person who is assertive about their privacy rights may find herself in a position in which another will refuse to do business with her unless she furnishes her SSN."). . The phenomenon is everywhere, from the Starr Report to confessional talk shows, from mainstream films to the Internet's 24x7 webcams. Cf. Herbert Marcuse, One-dimensional Man: Studies in the Ideology of Advanced Industrial Society 74-81 (1964) (warning of "repressive desublimation" in which capitalism absorbs sexuality, strips it of threat and danger, drains it of its original meaning, repackages it as a commodity, then sells it back to the masses); see also Anita L. Allen, Privacy and The Public Official: Talking About Sex as a Dilemma For Democracy, 67 Geo. Wash. L. Rev. 1165, 1165 (1999) (noting that public servants now believe that "what takes place in private, unless dull and routine, is likely to become public knowledge anyway"); Clay Calvert, The Voyeurism Value in First Amendment Jurisprudence, 17 Cardozo Arts & Ent. L.J. 273, 274 (1999) (arguing for First Amendment right to "to peer and to gaze into places from which we are typically forbidden, and to facilitate our ability to see and to hear the innermost details of others' lives without fear of legal repercussion"); Andrew Leonard, Microsoft.orgy,
Salon, July 21, 1998 <http://www.salon.com/21st/feature/1998/07/cov_21feature.html> (describing how exhibitionists turned the Microsoft NetMeeting server, which provides means for PC cam video conferencing, into "a 24-hour international sex orgy"). . The extent to which modern ideas of privacy have historic roots is open to debate. While the distinction between the "private" home and the "public" outside is presumed to be ancient, see Jürgen Habermas, The Structural Transformation Of The Public Sphere 4 (1962), it is clear the conception of the home has changed. Peter Ackroyd's description of the home of Sir Thomas Moore, for example, with its numbers of servants, retainers, and even a fool, bears little relation to the home life of even the modern rich. See Peter Ackroyd, The Life of Thomas Moore 255-56 (1998). And, of course, one would not expect a concern with informational privacy in its modern form to predate the privacy-destroying technologies, mass data storage, or modern data-processing to which it is a reaction. . This article thus does not consider suggestions arising from law and economics that privacy is best understood as a mere intermediate good. See Richard A. Posner, The Right of Privacy, 12 Ga. L. Rev. 393, 394 (1978). Treating privacy as an intermediate good, then-Professor Posner concluded that personal privacy is generally inefficient, because it allows persons to conceal disreputable facts about themselves and to shift costs of information acquisition (or the cost of failing to acquire information) to those who are not the least-cost avoiders. Data concealment by businesses is generally efficient, however, since allowing businesses to conceal trade secrets and other forms of intellectual property will tend to spur innovation. See id. Useful correctives to Posner's views include Kim Lane Scheppele, Legal Secrets: Equality and Efficiency in the Common Law 43-53, 111-26 (1988); James Boyle, A Theory of Law and Information: Copyright, Spleens, Blackmail, and Insider Trading, 80 Cal. L. Rev. 1413, 1443-57, 1471-77 (1992), and Edward J. Bloustein, Privacy Is Dear at Any Price: A Response to Professor Posner's Economic Theory, 12 Ga. L. Rev. 429 (1978). . Readers needing persuasion on this point should consult Part I of Jerry Kang, Information Privacy in Cyberspace Transactions, 50 Stan. L. Rev. 1193, 1202-20 (1998).
"In a Wall Street Journal/NBC News poll last fall, Americans were given a list of eight concerns that might face them in the new century and were asked to rank the ones that worry them the most. Loss of personal privacy ranked at the top of the list, cited by 29%." See also Glenn R. Simpson, E-Commerce Firms Start to Rethink Opposition to Privacy Regulation as Abuses, Anger Rise, Wall St. J., Jan. 6, 2000, at A24. In a recent survey, 80% of United States residents, 68% of Britons, and 79% of Germans polled agreed strongly or somewhat with the assertion that "consumers have lost all control over how personal information is collected and used by companies"; however, 59%, 63%, and 55% of Americans, Britons, and Germans respectively also agreed that existing laws and organization practices in the their country provide a reasonable level of consumer privacy protection. IBM, IBM Multi-National Consumer Privacy Survey 22 (1999) <http://ibm.com/services/files/privacy_survey_oct991.pdf>. In a different survey, 92% of Canadians expressed some concern, and 52% were "extremely concerned" about privacy. John D.R. Craig, Invasion of Privacy and Charter Values: The Common-Law Tort Awakens, 42 McGill L.J. 355, 357 (1997). . Due to limitations of space, and of my knowledge, this article also adopts an artificially United States-centric focus, although the problems discussed here are of global importance. . Employers' concern about "cyberslackers" is fanned by consultants' reports that "employees who surf the web from their office PCs are costing Corporate America more than $1 billion a year." Michele Masterson, Cyberveillance at Work: Surfing the Wrong Internet Sites on the Job
Could Get You Fired, CNN.com, Jan. 4, 2000 <http://www.cnnfn.com/2000/01/04/technology/
webspy/>; cf. Eugene Volokh, Freedom of Speech, Cyberspace, Harassment Law, and the Clinton Administration, Law & Contemp. Probs. (forthcoming 2000) (arguing that sexual hostile environment harassment law is now so pervasive and potentially hair-trigger that prudent employer must carefully monitor workplace, including Internet use, for employee access of sexually themed materials). . See Ann Cavoukian, Info. and Privacy Comm'r/Ontario Data Mining: Staking a Claim on Your Privacy (1998) <http://www.ipc.on.ca/web_site.eng/matters/sum_pap/
PAPERS/datamine.htm>:
Data mining is a set of automated techniques used to extract buried or previously unknown pieces of information from large databases. Successful data mining makes it possible to unearth patterns and relationships, and then use this "new" information to make proactive knowledge-driven business decisions. Data mining then, "centres on the automated discovery of new facts and relationships in data. The raw material is the business data, and the data mining algorithm is the excavator, sifting through the vast quantities of raw data looking for the valuable nuggets of business information."
Data mining is usually used for four main purposes: (1) to improve customer acquisition and retention; (2) to reduce fraud; (3) to identify internal inefficiencies and then revamp operations[;] and (4) to map the unexplored terrain of the Internet. The primary types of tools used in data mining are: neural networks, decision trees, rule induction, and data visualization.
Id. (citations omitted) (quoting Joseph P. Bigus, Data Mining with Neural Networks 9 (1996)). . See Oscar H. Gandy, Jr., The Panoptic Sort 91 (1993); Oscar H. Gandy, Jr., Legitimate Business Interest: No End in Sight? An Inquiry into the Status of Privacy in Cyberspace, 1996 U. Chi. Legal F. 77. . See Kang, supra note 16, at 1239. . See Jeff Sovern, Opting In, Opting Out, or No Options at All: The Fight for Control of Personal Information, 74 Wash. L. Rev. 1033, 1033-34 (1999):
[Y]ou can buy lists of people who have bought skimpy swimwear; college students sorted by major, class year, and tuition payment; millionaires and their neighbors; people who have lost loved ones; men who have bought fashion underwear; women who have bought wigs; callers to a 900-number national dating service; rocket scientists; children who have subscribed to magazines or have sent in rebate forms included with toys; people who have had their urine tested; medical malpractice plaintiffs; workers' compensation claimants; people who have been arrested; impotent middle-aged men; epileptics; people with bladder-control problems; buyers of hair removal products or tooth whiteners; people with bleeding gums; high-risk gamblers; people who have been rejected for bank cards; and tenants who have sued landlords. There are lists based on ethnicity, political opinions, and sexual orientation. . See Phil Agre, RRE Notes and Recommendations, Red Rock Eater News Service, Dec.
26, 1999 <http://commons.somewhere.com/rre/1999/RRE.notes.and.recommenda14.html>:
Go to a part of town where your kind isn't thought to belong and you'll end up on a list somewhere. Attend a political meeting and end up on another list. Walk into a ritzy boutique and the clerk will have your credit report and purchase history before even saying hello. . . . The whole culture will undergo convulsions as taken-for-granted assumptions about the construction of personal identity in public places suddenly become radically false. . . .
And that's just the start. Wait a little while, and a market will arise in "spottings": if I want to know where you've been, I'll have my laptop put out a call on the Internet to find out who has spotted you. Spottings will be bought and sold in automated auctions, so that I can build the kind of spotting history I need for the lowest cost. Entrepreneurs will purchase spottings in bulk to synthesize spotting histories for paying customers. Your daily routine will be known to anyone who wants to pay five bucks for it, and your movement history will determine your fate just as much as your credit history does now. . . .
Then things will really get bad. Personal movement records will be subpoenaed, irregularly at first, just when someone has been kidnapped, but then routinely, as every divorce lawyer in the country reasons that subpoenas are cheap and not filing them is basically malpractice. Then, just as we're starting to get used to this, a couple of people will get killed by a nut who [has] been predicting their movements using commercially available movement patterns. . Data mining can be used to generate lists of political preferences. Senator John McCain and Texas Governor George W. Bush each contracted with Aristotle Publishing <http://
www.Aristo.org>, a firm that offered to target web users by matching web browsing habits and web site signup data with voter registration records. See Lauren Weinstein, Web Tracking and Data
Matching Hit the Campaign Trail, Privacy Forum Digest, Dec. 24, 1999 <http://www.vortex.com/
privacy/priv.08.22>. . Of course, disclosure also helps prevent evils that can hide behind the veil of anonymity. See A. Michael Froomkin, Flood Control on the Information Ocean: Living with Anonymity, Digital Cash, and Distributed Databases, 15 J.L. & Com. 395, 404-07, 410-11 (1996). . See Financial Crimes Enforcement Network ("FinCEN"), FinCEN Follows the Money: A Local Approach to Identifying & tracking Criminal Proceeds 5 (1999), <http://www.treas.gov/fincen/followme.pdf>. Approximately 200 staffers plus 40 "long-term detailees" from 21 other regulatory and law enforcement agencies use financial, law enforcement, and commercial databases to operate FinCEN. See id. at 3. Working with foreign "financial intelligence units," FinCEN formed the "Egmont Group," an international cooperation designed to exchange information and expertise. See id. at 6. . See FinCEN, Helping Investigators Use the Money Trail <http://www.treas.gov/
fincen/follow2.html>; see also FinCEN, supra note 26, at 5 (stating that analysts may provide information through FinCEN's Artificial Intelligence System on previously undetected possible criminal organizations and activities so that investigations can be initiated). . See, e.g., David Cay Johnston, New Tools for the I.R.S. to Sniff Out Tax Cheats, NY Times, Jan. 3, 2000, <http://www.nytimes.com/00/01/03/news/financial/irs-tax.html> ("The [data mining] technology . . . being developed for the I.R.S. . . . will be able to feed data from every entry on every tax return, personal or corporate, through filters to identify patterns of taxpayer conduct. Those taxpayers whose returns suggest . . . that they are highly likely to owe more taxes could then quickly be sorted out and their tax returns audited."); see also Steven A. Bercu, Toward Universal Surveillance in an Information Age Economy: Can We Handle Treasury's New Police Technology?, 34 Jurimetrics J. 383, 400-01 (1994) (discussing FinCEN and possible privacy problems). . Air travelers are profiled by a $2.8 billion monitoring system that uses a secret algorithm to compare their personal data to profiles of likely terrorists. See Declan McCullagh, You? A Terrorist? Yes!, Wired, Apr. 20, 1999, <http://www.wired.com/news/news/politics/story/19218.html>:
The CAPS [computer-assisted passenger screening] system operates off the computer reservation systems utilized by the major United States air carriers as well as some smaller carriers. The CAPS system relies solely on information that passengers presently provide to air carriers for reasons unrelated to security. It does not depend on the gathering of any additional information from air travelers, nor is it connected to any law enforcement or intelligence database.
Security of Checked Baggage on Flights Within the United States, 64 Fed. Reg. 19220, 19222 (1999) (to be codified at 14 C.F.R. pt. 108) (proposed Apr. 19, 1999). . Examples of this profiling in the wake of the Columbine shootings include a psychological tool being offered by the FBI to identify "potentially violent" schoolchildren, see Jon Katz, Take the FBI's Geek Profile Test, Slashdot, Nov. 29, 1999 <http://slashdot.org/features/99/11/23/
1712222.shtml>, and Mosaic-2000, a profiling tool developed by the Bureau of Alcohol, Tobacco, and Firearms, see Frances X. Clines, Computer Project Seeks to Avert Youth Violence, N.Y. Times, Oct. 24, 1999. See also Software to Predict "Troubled Youths," Slashdot, Oct. 24, 1999 <http://slashdot.org/yro/99/10/24/1147256.shtml> (open discussion of Mosaic-2000); Gavin de Becker Inc., Mosaic-2000 (1999) <http://www.gdbinc.com/mosaic2000.htm> (analysis of Mosaic-2000). . Clarke, supra note 9. . See 13 U.S.C.A. §§ 8-9 (West Supp. 1999) (census); 26 U.S.C.A. § 6103 (West Supp. 1999) (tax return data). Despite these rules, however, there have been suggestions that because census information is detailed, it could be cross-indexed with other data to identify individuals. For example, if one knows that there is only one person in a particular age group, of a particular ethnicity, or with some other distinguishing characteristic within the census tract, and one can extract the "aggregate" data for all individuals with the characteristic in the area, one has individualized the data. Cf. Robert G. Schwartz, Jr., Privacy In German Employment Law, 15 Hastings Int'l & Comp. L. Rev. 135, 146 (1992) (describing 1983 decision of German Federal Constitutional court striking down census questions that it believed would allow identification of respondents). . See generally Lillian R. Bevier, Information About Individuals in the Hands of Government: Some Reflections on Mechanisms for Privacy Protection, 4 Wm. & Mary Bill Rts. J. 455 (1995) (discussing government's use of data provided by citizens). . 42 U.S.C. § 653 (1996). . See Department of Health and Human Services, What is NECSRS? <http://
ocse.acf.dhhs.gov/necsrspub/Navigation/Questions/Ques.htm#NECSRS1> (stating that the "National Electronic Child Support Resource System . . . is used to identify and electronically index Federal, State, and local resource materials"). . See Electronic Privacy Information Center ("EPIC"), Reno Proposes National DNA Database, EPIC Alert, Mar. 4, 1999 <http://www.epic.org/alert/EPIC_Alert_6.04.html>. . See Megan's Law, N.J. Stat. Ann. § 2C:7-1 to 7-11 (West 1999) (registration of sex offenders); Violent Crime Control and Law Enforcement Act of 1994, Pub. L. No. 103-322, 108 Stat. 2038 (1994) (codified as amended at 42 U.S.C.A. § 14071 (West Supp. 1999)) (federal equivalent of Megan's Law). . See Ian Grayson, Packer Sets up Big Brother Data Store, Australian, Nov. 30, 1999 <http://technology.news.com.au/news/4277059.htm>. . See Financial Action Task Force on Money Laundering, 1997-1998 Report On Money Laundering Typologies ¶ 28, <http://www.ustreas.gov/fincen/typo97en.html> (noting imposition of Geographic Targeting Orders pursuant to Banking Secrecy Act that required certain money transmitters to report all cash transfers to Columbia of over $750 during 360-day period). . See Froomkin, supra note 25, at 449-79. . As a result, health care related data will be part of a giant distributed database. See generally Paul M. Schwartz, Privacy and the Economics of Personal Health Care Information, 76 Tex. L. Rev. 1 (1997); Paul M. Schwartz, The Protection of Privacy in Health Care Reform, 48 Vand. L. Rev. 295 (1995); Spiros Simitis, Reviewing Privacy in an Information Society, 135 U. Pa. L. Rev. 707 (1987); see also U.S. GAO, Medical Records Privacy: Access Needed for Health Research, but Oversight of Privacy Protections Is Limited, GAO/HEHS-99-55 (1999), <http://www.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=gao&docid=f:he99055.txt.pdf>.
HHS is expected to issue medical privacy regulations by February 21, 2000, defining rules for the security and disclosure of health care data. The draft regulations allow disclosure of health information without an individual's authorization for research, public health, oversight, and some other purposes; otherwise written authorization is required. Databases must be kept secure. Collectors of medical data must conform to fair information practices, inform people how their information is used and disclosed, and ensure that people can view information being held about them. The draft rules propose that their protections would attach as soon as information is "electronic" and run with the information as long as the information is in the hands of a covered entity. The proposed rules do not, however, apply to downstream recipients of medical data. See NPRM HHS, Standards for Privacy of Individually Identifiable Health Information, 64 Fed. Reg. 59,918 (1999),
<http://aspe.hhs.gov/admnsimp/pvcnprm.pdf> (technical corrections available in <http://aspe.hhs.gov/
admnsimp/nprm/991215fr.pdf>). . Health Insurance Portability and Accountability Act, Pub. L. No. 104-191, § 264, 110 Stat. 1936 (1996) (codified as amended at 42 U.S.C. § 1320d- 2). . See note Error! Bookmark not defined.. infra and accompanying text. . Cf. Tina Kelley, An Expert in Computer Security Finds His Life Is a Wide-Open Book, N.Y. Times, Dec. 13, 1999, at C4 (describing how a group of "security experts" were able to dig up vast amounts of information on a self-described "average citizen"). . See, e.g., Timothy Egan, Police Surveillance of Streets Turns to Video Cameras and Listening Devices, N.Y. Times, Feb. 7, 1996, at A12 (detailing the methods and equipment of several cities' police departments). . Nick Taylor, Closed Circuit Television: The British Experience, 1999 Stan. Tech. L. Rev. VS 11, ¶ 1, <http://stlr.stanford.edu/STLR/Symposia/Privacy/99_VS_11/article.html>. . See id. ¶¶ 12-14. . Hidden Cameras Solutions, Catalogue <http://www.concealedcameras.com/catalogue/
main.html>. . See City of London Police, Your Help Is Needed . . . , June 18, 1999 <http://
www.cityoflondon.gov.uk/citypolice/j18frame.htm>; City of London Police, Identity Parade, June 18, 1999, <http://www.cityoflondon.gov.uk/citypolice/idparade8.htm> (asking viewers to help "identify any of these people photographed during the June 18 incident in the City of London"; as of December 21, 1999, some photos were missing, labeled "now identified"). . They may also be racist. See Taylor, supra note 46, ¶¶ 26-27. . See, e.g., Teacher Fired for Not Making Kids Wear IDs, Charleston Gazette & Daily Mail, Feb. 5, 1999, available in 1999 WL 6710744 (stating that a teacher objected to a bar code because he believed it to resemble the "mark of the beast"); Americans United For Separation of Church and State, Teacher Who Fears "Mark of the Beast" Fired in West Virginia, Church & State: AU Bull., Mar. 1999 <http://www.au.org/cs3991.htm>. . See, e.g., Visionics, Corp., FaceIT: An Award-Winning facial Recognition Software Engine <http://www.visionics.com/Newsroom/PDFs/Visionics_Tech1.pdf> (describing one such system); Taylor, supra note 47, ¶ 39 (citing TIMES (London), Oct. 15, 1998). . Alex Richardson, TV Zooms in on Crooks' 'Faceprints,' Birmingham Post, Oct. 15, 1998, available in 1998 WL 21493173. For some reason, the police chose to test the system in the poorest part of London. See Taylor, supra note 46. . See Visionics Corp., Visionics' Face Recognition Technology Chosen For Cutting Edge Israeli Border Crossing, Sept. 21, 1999 <http://www.visionics.com/Newsroom/PRs/bazel1.htm>. . See Daniel J. Dupont, Seen Before, Sci. Am., Dec. 1999 <http://www.sciam.com/1999/
1299issue/1299techbus5.html>. . See Image Data, LLC, Application of Identity Verification and Privacy Enhancement to Treasury Transactions: A Multiple Use Identity Crime Prevention Pilot Project 3 (1997) <http://www.epic.org/privacy/imagedata/image_data.html> (document submitted to United States Secret Service proposing to "show the technical and financial feasibility of using remotely stored digital portrait images to securely perform positive identification"); Brian
Campbell, Secret Service Aided License Photo Database, CNN.com, Feb. 18, 1999 <http://
www.cnn.com/US/9902/18/license.photos/>. . See generally J. Bradford DeLong & A. Michael Froomkin, Speculative Microeconomics for Tomorrow's Economy, in Internet Publishing and Beyond: The Economics of Digital Information and Intellectual Property (Brian Kahin & Hal Varian eds., forthcoming 2000) <http://www.law.miami.edu/~froomkin/articles/spec.htm>. . See Alan Sipress, Tracking Traffic by Cell Phone: Md., Va. to Use Transmissions to Pinpoint Congestion, Wash. Post, Dec. 22, 1999, at A1 (stating that Maryland and Virginia will track "anonymous" callers on highways to measure speed of traffic). . See Compatibility of Wireless Services with Enhanced 911, 61 Fed. Reg. 40,348, 40,349 (1996) (codified at 47 C.F.R. pt. 20). The FCC's approach differs from that adopted by some telephone manufacturers who have designed their phones with Global Positioning Satellite ("GPS") receivers. These receivers display the phone's precise latitude, longitude, and elevation, which the user can then relay to the 911 operator, but only if the user is able to speak. See Steve Ginsberg,
Cell Phones Get a Homing Device, S.F. Business Times, Sept. 28, 1998 <http://www.amcity.com/
sanfrancisco/stories/1998/09/28/focus7.html>. . See FCC, Third Report and Order in the Matter of Communications Assistance for Law Enforcement Act, CC Docket No. 97-213, ¶¶ 12, 21, 22, Aug. 26, 1999 <http://www.fcc.gov/
Bureaus/Engineering_Technology/Orders/1999/fcc99230.wp>. . See Watching Me, Watching You, BBC News, Jan. 4, 2000 <http://newsvote.bbc.co.uk/
hi/english/uk/newsid_590000/590696.stm>. . See Daniel Polak, GSM Mobile Network in Switzerland Reveals Location of its Users, Privacy Forum Digest, Dec. 31, 1997 <http://www.vortex.com/privacy/priv.06.18>. . See, e.g., Nicole Krau, Now Hear This: Your Every Move is Being Tracked, Ha'aretz, Mar. 10, 1999, available in 1999 WL 17467375 (stating that Israeli cellular phone records are stored by cellular phone companies and sold to employers who wish to track employees, as well as provided to government when ordered by court); see also Richard B. Schmitt, Cell-Phone Hazard: Little Privacy in Billing Records, Wall St. J., Mar. 16, 1999, at B1 (stating that AT&T wireless unit fields roughly 15,000 subpoenas for phone records per year). . See Gabriel Sigrist, Odilo Guntern: Le Détenteur de Natel Doit Pouvoir Rester Anonyme,
Le Temps July 7, 1998 <http://www.inetone.com/cypherpunks/dir.98.07.1398.07.19/msg00084.html>. . See generally Santa Clara Symposium on Privacy and IVHS, 11 Santa Clara Computer & High Tech. L.J. (1995) (dedicated to privacy and "intelligent vehicle highway systems"). . See Margaret M. Russell, Privacy and IVHS: A Diversity of Viewpoints, 11 Santa Clara Computer & High Tech. L.J. 145, 163 (1995). . See id. at 164-65. . See Andrew Sparrow, Car Tagging May Help Cut Theft, Says Minister, Daily Telegraph (London), Oct. 17, 1998, available in 1998 WL 3053349. . See, e.g., Ontario Info. and Privacy Comm'r, 407 Express Toll Route: How You Can Travel this Road Anonymously (1998) <http://www.ipc.on.ca/web_site.eng/matters/
sum_pap/PAPERS/407.htm> ("A significant amount of work was required to ensure that the 407 ETR toll and billing system did not compromise personal privacy."). . See, e.g., University of Southern California, Novel Neural Net Recognizes Spoken Words Better Than Human Listeners, Sci. Daily Mag., Oct. 1, 1999 <http://www.sciencedaily.com/
releases/1999/10/991001064257.htm> (announcing advance in machine recognition of human speech). . See Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2710 (1968). . See Robert G. Boehmer, Artificial Monitoring and Surveillance of Employees: the Fine Line Dividing the Prudently Managed Enterprise from the Modern Sweatshop, 41 DePaul L. Rev. 739, 739 (1992) ("Except for outrageous conduct and the use of one of a discrete group of techniques that Congress has chosen to regulate, the law supplies employees with precious little protection from the assault on workplace privacy. Similarly, the law provides employers with little guidance concerning the permissible depth of their intrusions."). . Covert video surveillance violates some states' laws. See Quentin Burrows, Scowl Because You're on Candid Camera: Privacy and Video Surveillance, 31 Val. U. L. Rev. 1079, 1114-21 (1997) (collecting cases and statutes). . See Gary Marx, Measuring Everything That Moves: The New Surveillance at Work <http://web.mit.edu/gtmarx/www/ida6.html>. . See Daniel Grotta & Sally Wiener Grotta, Camera on a Chip, ZDNet PC Mag, Oct. 7, 1999 <http://www.zdnet.com/pcmag/stories/trends/0,7607,2349530,00.htm>. . See Stuart Glascock, Stealth Software Rankles Privacy Advocates, TechWeb, Sept. 9, 1999 <http://www.techweb.com/wire/story/TWB19990917S0014>. . See Duncan Campbell, Directorate Gen. for Research, Development of Surveillance Technology and Risk of Abuse of Economic Information: An Appraisal of Technologies for Political Control (1999) <http://jya.com/ic2000-dc.htm> [hereinafter STOA Report]. . Id. at Summary ¶ 2. . "Contrary to reports in the press, effective 'word spotting' search systems automatically to select telephone calls of intelligence interest are not yet available, despite 30 years of research. However, speaker recognition systems--in effect, 'voiceprints'--have been developed and are deployed to recognise [sic] the speech of targeted individuals making international telephone calls." Id. at Summary ¶ 7. . See id. § 3 ¶ 72. . See Patent 5937422: Automatically generating a topic description for text and searching and sorting text by topic using the same <http://cryptome.org/nsa-vox-pat.htm>. . See Suelette Dreyfus, This Is Just Between Us (and the Spies), Independent, Nov. 15, 1999 <http://www.independent.co.uk/news/Digital/Features/spies151199.shtml>. . STOA Report, supra note 77, §1, ¶ 6. . See id. § 2, ¶ 60. . See Madeleine Acey, Europe Votes for ISP Spying Infrastructure, Techweb, May 13, 1999 <http://www.techweb.com/wire/story/TWB19990513S0009>. . See 1994 Pub. L. No. 103-414, 108 Stat. 4279 (1994) (codified as amended at 47 U.S.C §§ 1001-1010 and scattered sections of 18 & 47 U.S.C.); cf. James X. Dempsey, Communications Privacy in the Digital Age: Revitalizing the Federal Wiretap Laws to Enhance Privacy, 8 Alb. L.J. Sci. & Tech. 65 (1997) (arguing that recent changes in communications technology have required reexamination of privacy policy). . See Implementation of the Communications Assistance for Law Enforcement Act, 60 Fed. Reg. 53,643, 53,645 (proposed Oct. 16, 1995). To be fair, the FBI assessment lumped together wiretap needs along with less intrusive forms of surveillance such as pen registers and "trap and trace" operations, which reveal information about who is speaking to whom without disclosing the substance of the conversation. See id. . See Implementation of Section 104 of the Communications Assistance for Law Enforcement Act, 62 Fed. Reg. 1902 (proposed Jan. 14, 1997). . See Center for Democracy and Technology, Brief of Amicus Curiae, Cellular Telecomms. Indus. Ass'n v. United States Tel. Ass'n, No. 1:98CV01036 & 1:98CV0210 (D.D.C. 1999) <http://
www.cdt.org/digi_tele/capacitybrief.shtml>; Center for Democracy and Technology, Comments on the FBI's Second CALEA Capacity Notice, Feb. 18, 1997 <http://www.cdt.org/digi_tele/970218_
comments.html>. . Warrants are not required abroad, either when the United States is wiretapping foreigners, see, e.g., United States v. Rene Martin Verdugo-Urquidez, 494 U.S. 259 (1990) (holding that the Fourth Amendment does not apply to the search and seizure, by United States agents, of property owned by a nonresident alien and located in a foreign country), or even when democratic foreign governments are wiretapping their own citizens. See, e.g., Nick Fielding & Duncan Campbell, Spy
Agencies Listened in on Diana, Sunday Times (London), Feb. 27, 2000 <http://www.the-times.co.uk/
news/pages/sti/2000/02/27/stinwenws02035.html?999> (alleging that "a loophole in the 1985 Interception of Communication Act means intelligence officials can put individuals and organisations [sic] under surveillance without a specific ministerial warrant"). . See Administrative Office of the U.S. Courts, 1998 Wiretap Report 5 (1999) <http://www.uscourts.gov/wiretap98/contents.html;> Associated Press, State Authorities' Wiretapping Up, May 5, 1999 <http://jya.com/wiretap98.htm>. . See Marc Cooper, Wired, NEWSTIMESLA.COM., Jan. 23, 1998 <http://www.
newtimesla.com/archives/1998/081398/feature1-2.html> ("Under the single wiretap authorization that produced the Gastelum-Gaxiola case, a mind-boggling 269 phone lines, including an entire retail cellular phone company, were monitored. Taps on just three pay phones at the L.A. County jail in Lynwood, for instance, yielded about 100,000 conversations in six months, according to the Public Defender's office."). . See id. . Administrative Office of the U.S. Courts, supra note 91, at Table 5. . There is reason to doubt that they do. See, e.g., Cooper, supra note 92 (describing LAPD officers' testimony concerning hundreds of illegal "hand offs" of information, acquired in one wiretap, in order to initiate new cases via fictitious informants); Los Angeles Public Defenders Office, State Wiretap Related Cases <http://pd.co.la.ca.us/cases.htm> (listing known and suspected cases affected by illegal LAPD use of wiretap information). . There are also powerful commercial incentives to privately gather caller information. For example, British Telecom searched its records to find people who were regularly calling competing Internet service providers, and had its sales staff call and encourage them to switch to BT. See Office of Telecomms., OFTEL Acts to Ensures Fair Competition in Marketing of BT Click Internet Services, Sept. 24, 1998 <http://www.worldserver.pipex.com/coi/depts/GOT/coi6043e.ok?> (announcing OFTEL had forced BT to cease practice after complaints). . To find out what your browser says about you, visit Privacy Analysis of Your Internet Connection at <http://privacy.net/anonymizer/>. . See Anonymizer <http://www.anonymizer.com/3.0/index.shtml>. . See generally Netscape, Cookie Central <http://www.cookiecentral.com/>. . See Chris Oakes, Doubleclick Plan Falls Short, Wired News, Feb. 2000 <http://
www.wired.com/news/business/0,1367,34337,00.html>. . E.g., Chris Oakes, Mouse Pointer Records Clicks, Wired News, Nov. 30, 1999 <http://
www.wired.com/news/technology/0,1282,32788,00.html>. . A trojan horse is a "malicious, security-breaking program that is disguised as something benign, such as a directory lister, archiver, game, or . . . a program . . ." FOLDOC, Trojan Horse <http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?query=trojan+horse>. . See Draft Cyberspace Electronic Security Act Bill, Aug. 4, 1999, § 203 (to amend 18 U.S.C. 2713) <http://www.cdt.org/crypto/CESA/draftCESAbill.shtml>. A "back door" is a deliberate hole in system security. See FOLDOC, Back Door <http://wombat.doc.ic.ac.uk/foldoc/
foldoc.cgi?back+door>. . See Robert O'Harrow, Jr., Justice Department Mulls Covert-Action Bill, Wash. Post,
Aug. 20, 1999, at A1 <http://www.washingtonpost.com/wp-srv/business/daily/aug99/encryption20.htm>. . See The Center for Democracy and Technology, A Briefing on Public Policy Issues Affecting Civil Liberties Online, CDT Pol'y Post, Sept. 17, 1999, at 22 <http://www.cdt.org/
publications/pp_5.22.shtml/#3> (noting change in administration position). . For the strange saga of the attempts to censor the Walsh report, see The Walsh Report: Review of Policy Relating to Encryption Technologies <http://www.efa.org.au/Issues/
Crypto/Walsh/>. . See id. § 1.2.33.
Authority should be created for the AFP, the NCA and ASIO to alter proprietary software so that it performs additional functions to those specified by the manufacturer. Such an authority, which clearly should be subject to warranting provisions, would, for example, enable passive access to a computer work station of a LAN and link investigative capability more effectively to current technology. While there are issues of liability, the Review is convinced the effort should be made to accommodate these so that a target computer may be converted to a listening device. This capacity may represent one of the important avenues of accessing plain text.
Id.
The opportunity may present itself to the AFP, NCA or ASIO to alter software located in premises used by subjects of intensive investigation or destined to be located in those premises. The software (or more rarely the hardware) may relate to communication, data storage, encoding, encryption or publishing devices. While some modifications may have the effect of creating a listening device which may be remotely monitored by means of the telecommunications service, for which purposes extant warranting provisions would provide, others may create an intelligent memory, a permanent set of commands not specified in the program written by the manufacturer or a remote switching device with a capacity to issue commands at request. The cooperation of manufacturers or suppliers may sometimes be obtained by agencies. When manufacturers or suppliers are satisfied the modification has no discernible effect on function, they may consent to assist or acquiesce in its installation. It will not always be possible, however, to approach manufacturers or suppliers or the latter may be in no position to consent to modification of proprietary software. When agencies are investigating a high priority target, practising [sic] effective personal and physical security, moving premises and changing telephone/fax regularly, an opportunity to access the target's computer equipment may represent not only the sole avenue but potentially the most productive.
Id. § 6.2.10. . See generally Julie E. Cohen, A Right to Read Anonymously: A Closer Look at "Copyright Management" in Cyberspace, 28 Conn. L. Rev. 981 (1996) <http://www.law.georgetown.
edu/faculty/jec/read_anonymously.pdf>; Julie E. Cohen, Lochner in Cyberspace: The New Economic Orthodoxy of "Rights Management," 97 Mich. L. Rev. 462 (1998) <http://www.law.
georgetown.edu/faculty/jec/Lochner.pdf>; Julie E. Cohen, Some Reflections on Copyright Management Systems and Laws Designed to Protect Them, 12 Berk. Tech. L.J. 161 <http://www.law.
berkeley.edu/journals/btlj/articles/12_1/Cohen/html/text.html>. . See, e.g., Digimark Corp. <http://www.digimarc.com/>. . See note Error! Bookmark not defined.. supra. . See Matt Curtin, Gary Ellison & Doug Monroe, "What's Related?" Everything But Your Privacy, Oct. 10, 1998 <http://www.interhack.net/pubs/whatsrelated/>.
Netscape promises not to misuse the information, and there is no reason to doubt this. See Netscape, Are there Privacy Issues with What's Related? <http://home.netscape.com/escapes/
related/faq.html#12>. Nonetheless, the threat seems particularly acute because Netscape itself sets a fairly detailed cookie before allowing download of browsers containing 128-bit cryptography. Curtin et. al, supra. Furthermore, Netscape's reaction to the Curtin, Ellison, and Monroe report was intemperate at best. Netscape set its "what's related" feature to show the Unabomber manifesto as "related" to the report! See Matt Curtin, "What's Related?" Fallout <http://www.interhack.net/
pubs/whatsrelated/fallout/>. . Bob Van Voris, Black Box Car Idea Opens Can of Worms, Nat'l L.J., June 7, 1999 <http://www.lawnewsnetwork.com/stories/A2024-1999Jun4.html>. . See Stephanie Miles, Intel Downplays Chip Hack Report, Feb. 24, 1999 <http://news.
cnet.com/news/0-1003-200-339182.html?tag=> ("Pentium III's serial code can be retrieved without the user's knowledge or approval."). . See Patrick Gelsinger, A Billion Trusted Computers (Jan. 20, 1999) <http://www.intel.
com/pressroom/archive/speeches/pg012099.htm>; see also Robert Lemos, Intel: Privacy Is Our Concern as Well, ZDNet News, Jan. 20, 1999 <http://www.zdnet.com/zdnn/stories/news/
0,4586,2190019,00.html> (noting Intel's argument that security justifies a loss of some privacy). . See Big Brother Inside Homepage <http://www.bigbrotherinside.com/#notenough>. . See Michael Kanellos & Stephanie Miles, Software Claims to Undo Pentium III Fix, CNET News, Mar. 10, 1999 <http://news.cnet.com/news/0-1003-200-339803.html?tag=> . . DSL stands for "Digital Subscriber Line." See generally John Kristoff, comp.dcom.xdsl Frequently Asked Questions <http://homepage.interaccess.com/~jkristof/xdsl-faq.txt>. . See generally Steve King, Ruth Fax, Dimitry Hasking, Weaken Ling, Tom Meehan, Robert Fink & Charles E. Perkins, The Case for IPv6 4 (1999) <http://www.ietf.org/internet-drafts/draft-iab-case-for-ipv6-05.txt> (touting IPv6's "enhanced features, such as a larger address space and improved packet formats"); Ipv6: The Next Generation Internet! <http://www.ipv6.org>. . See King et al., supra note 118, at 34 (defining IPv6 required header to include "a generic local address prefix to a unique token (typically derived from the host's IEEE LAN interface address)"; see also IEEE, Guidelines for 64-bit Global Identifier (EUI-64) Registration Authority <http://standards.ieee.org/regauth/oui/tutorials/EUI64.html> (explaining ID numbers). . Bill Frezza, Where's All the Outrage About the IPv6 Privacy Threat?, TechWeb, Oct. 4, 1999 <http://www.internetwk.com/columns/frezz100499.htm> . See Thomas Narten, & R. Draves, Privacy Extensions for Stateless Address Autoconfiguration in IPv6 (Internet Draft) 1 (1999) <ftp://ftp.isi.edu/internet-drafts/draft-ietf-ipngwg-addrconf-privacy-01.txt>. . See Yusef Mehdi, Microsoft Addresses Customers' Privacy Concerns, PressPass, Mar. 8, 1999 <http://www.microsoft.com/presspass/features/1999/03-08custletter2.htm> ("The unique identifier number inserted into Office 97 documents was designed to help third parties build tools to work with, and reference, Office 97 documents. The unique indentifier generated for Office 97 documents contains information that is derived in part from a network card . . . ."). Until the most recent revisions, these numbers were then transmitted during the Windows 98 registration process. See Mike Ricciuti, Microsoft Admits Privacy Problem, Plans Fix, CNET News, Mar. 7, 1999 <http://news.cnet.com/news/0-1006-200-339622.html?st.ne.160.head>. . See David Methvin, WinMag Exclusive: Windows 98 Privacy Issue Is Worse than You
Thought, TechWeb, Mar. 12, 1999, <http://www.windowsmagazine.com/news/1999/0301/0312a.htm>.
Users can test for the problem at Pharlap Software, Windows 98 RegWiz Privacy Leak Demo Page <http://security.pharlap.com/regwiz/index.htm>. A patch for Word 97, Excel 97, and PowerPoint 97 is available at <http://officeupdate.microsoft.com/downloadDetails/Off97uip.htm> . Associated Press, Microsoft Promises a Patch for ID Feature, Mar. 9, 1999 <http://
search.nytimes.com/search/daily/homepage/bin/fastweb?getdoc+cyber-lib+cyber-lib+4112+0+
wAAA+microsoft%7EID%7Eprivacy> ("the company also acknowledged it may have been harvesting those serial numbers from customers--along with their names and addresses--even when customers had explicitly indicated they didn't want the numbers disclosed."). . Kathleen Murphy, $4B Sought from Yahoo for Not Sharing Customer Data, Internet World News, Dec. 27, 1999 <http://www.internetworldnews.com/GetThisStory.cfm?Storyid=
746B3487-B95D-11D3-976500A0CC40B49B>. . See John Markoff, Bitter Debate on Privacy Divides Two Experts, N.Y. Times, Dec. 30, 1999 <http://www.nytimes.com/library/tech/99/12/biztech/articles/30privacy.html>. . See Jason Catlett, A Study of the Privacy and Competitiveness Implications of an Annuity Model for Licensing Microsoft Windows 2000, Junkbusters, Mar. 4, 1999 <http://www.
junkbusters.com/ht/en/bill.html>. . See Lauren Weinstein, IDs in Color Copies--A PRIVACY Forum Special Report, Privacy Forum Digest, Dec. 6, 1999 <http://www.vortex.com/privacy/priv.08.18>. . See U.S. Bureau of Engraving and Printing, Counterfeit Deterrence Features <http://
www.bep.treas.gov/countdeterrent.htm>. . See Ny Teknick, Electrolux Demonstrates the Smart Fridge Concept, ETHOS News, Mar. 4, 1999 <http://www.tagish.co.uk/ethosub/lit7/1484e.htm>; see also Joseph 'Jofish' Kaye, Counter Intelligence & Kitchen Sync: White Paper, 3 (June 1999) (unpublished manuscript) <http://www.media.mit.edu/ci/research/whitepaper/cil3.htm> (detailing "Kitchen Sync," the "digitally connected, self-aware kitchen"). . See Joseph Kaye, Niko Matsakis, Matthew Gray, Andy Wheeler & Michael Hawley, PC Dinners, Mr. Java and Counter Intelligence: Prototyping Smart Appliances for the Kitchen (Nov. 1, 1999) (unpublished manuscript submitted to IEEE) <http://www.media.mit.edu/ci/ieee.cga.jofish/
ieee.cga.jofish.htm> ("We predict--even assume, in many of our scenarios--that all products sold will have a digital ID."). . See Alice LaPlante, The Battle for the Fridge: The Food Industry Is Looking to Hook Up Your Home to the Supply Chain, Computerworld, Apr. 5, 1999, at 52(1) <http://www.chic.sri.
com/library/links/smart/fridge.html> ("CIOs in the grocery industry are putting in the proper technical infrastructure to collect and consolidate customer data."). . For a list of possibilities, see Java Card Special Interest Group, Introduction to Biometrics <http://www.sjug.org/jcsig/others/biometrics_intro.htm>. . See generally Ontario Info. & Privacy Comm'r, Consumer Biometric Applications: A Discussion Paper <http://www.ipc.on.ca/web_site.eng/matters/sum_pap/papers/cons-bio.htm> (discussing biometrics, its benefits and concerns, and its effects on privacy); Clarke, supra note 9. . See generally Dutch Data Protection Authority (Registratiekamer), R. Hes, T.F.M. Hooghiemstra & J.J. Borking, At Face Value: On Biometrical Identification and Privacy § 2 (1999) <http://www.registratiekamer.nl/bis/top_1_5_35_1.html> (discussing the various applications of biometrics). . See, e.g., Guy Gugliotta, The Eyes Have it: Body Scans at the ATM, Wash. Post., June 21, 1999, at A1 <http://www.washingtonpost.com/wp-srv/national/daily/june99/scans21.htm>. . See 8 U.S.C.A. § 1101(a)(6) (West Supp. 1999); Theta Pavis, U.S. Takes Immigration in Hand, Wired, Sept. 15, 1998 <http://www.wired.com/news/news/technology/story/15014.html> (describing INSPASS system, which relies on handprints). . See John D. Woodward, Jr., U.S. Dep't of Commerce, Comments Focusing on Private Sector Use of Biometrics and the Need for Limited Government Action § II.B (1998) <http://
www.ntia.doc.gov/ntiahome/privacy/mail/disk/woodward.htm> ("Arizona, California, Connecticut, Illinois, Massachusetts, New Jersey, New York and Texas are using finger imaging to prevent entitlement fraud. Florida, North Carolina and Pennsylvania have biometric operational systems pending."); Connecticut Department of Social Services, Digital Imaging: Connecticut's Biometric Imaging Project <http://www.dss.state.ct.us/digital.htm> (providing links to extended descriptions of biometrical imaging of AFDC and General Assistance recipients for identification purposes). . See Ann Cavoukian, Biometrics and Policing: Comments from a Privacy Perspective § 4, in Polizei und Datenschutz--Neupositionierung im Zeichen der Informationsgesellschaft (Data Protection Authority ed., 1999) <http://www.ipc.on.ca/web_site.eng/matters/
sum_pap/PAPERS/biometric.htm>. . See id. at § 4. In addition, some people, for religious or personal reasons, find submitting to a biometric testing to be unacceptable. Even if the scan does not require a blood sample or other physical invasion, it may encroach on other sensibilities. See Ontario Info. & Privacy Comm's 136 ("Having to give something of themselves to be identified is viewed as an affront to their dignity and a violation of their person. Certain biometric techniques require touching a communal reader, which may be unacceptable to some, due to cultural norms or religious beliefs."); see also note 165 infra. . See Dutch Data Protection Authority (Registratiekamer et al.), supra note 135, §§ 2.2-2.3. . See DNA Fingerprinting, Encyclopedia Britancica Online <http://search.eb.com/
bol/topic?eu=31233&sctn=1&pm=1> (noting that DNA is usually unique with "the only exception being multiple individuals from a single zygote (e.g., identical twins)"). . The FBI Combined Index DNA Indexing System ("CODIS") alone currently contains information on 38,000 people. Approximately 450,000 samples await processing. See EPIC, supra note 36. But see Ng Kang-Chung, South China Morning Post, Feb. 12, 1999, Legislators Fear DNA Test Plans Open to Abuse, available in 1999 WL 2520961 (describing the Hong Kong legislature's fears of "allowing police to take DNA samples from suspects too easily") . . See EPIC, supra note 36. . Mannvernd, Association for Ethical Science, The Health-Sector Database Plans in Iceland, July 7, 1998 <http://www.simnet.is/mannvernd/english/articles/27.11.1998_mannvernd_
summary.html>. . See SPIN-2 High Resolution Satellite Imagery <http://www.spin-2.com/>. . The improved pictures will come from the Ikonos satellite. See Ikonos, Space Imaging - Products - Carterra <http://www.spaceimaging.com/products/Ikonos.html>. . See Joseph Rose, Satellite Offenders, WIRED, Jan. 13, 1999 <http://www.wired.com/
news/news/technology/story/17296.html>. . See Gary Fields, Satellite "Big Brother" Eyes Parolees, Apr. 8, 1999, USA Today, at 10A. . See Satellites in the Driving Seat, BBC News, Jan. 4, 2000 <http://newsvote.bbc.co.uk/
hi/english/uk/newsid_590000/590387.stm> (reporting that half of the users in the test said they would be willing to adopt the system voluntarily). . See Jon Hibbs, Satellite Puts the Brake on Speeding Drivers, Telegraph, Jan. 4, 2000 <http://www.telegraph.co.uk:80/et?ac=000141005951983&rtmo=kLJAeZbp&atmo=kLJAeZbp&pg=/et/00/1/4/nsped04.html>; "Spy in the Sky" Targets Speeders, BBC News, Jan. 4, 2000 <http://
newsvote.bbc.co.uk/hi/english/uk/newsid_590000/590336.stm>. . See Watching Me, Watching You, supra note 61. . See Hibbs, supra note 151. . Semayne's Case, 77 Eng. Rep. 194, 195 (K.B. 1604), quoted with approval in Wilson v. Layne, 526 U.S. 603, 609-10 (1999). . See United States v. Kyllo, 190 F.3d 1041, 1046-47 (9th Cir. 1999) (holding that the use of a thermal imager did not require a warrant because it "did not expose any intimate details" of the inside of a home, and therefore a privacy interest in dissipated heat was not one that society would accept as "objectively reasonable"); United States v. Robinson, 62 F.3d 1325, 1328-29 (11th Cir. 1995) (holding that a thermal imager search does not violate the Fourth Amendment); see also United States v. Ishmael, 48 F.3d 850, 853-55 (5th Cir. 1995); United States v. Myers, 46 F.3d 668, 669-70 (7th Cir. 1995); United States v. Ford, 34 F.3d 992, 995-97 (11th Cir. 1994); United States v. Pinson, 24 F.3d 1056, 1058-59 (8th Cir. 1994); but see United States v. Cusumano, 67 F.3d 1497, 1500-01 (10th Cir. 1995), aff'd en banc, 83 F.3d 1247 (10th Cir. 1996) (raising the possibility that thermal scans without a warrant violate the Fourth Amendment and arguing that other circuit courts have "misframed" the Fourth Amendment inquiry); State v. Young, 867 P.2d 593, 594 (Wash. 1994) (holding that a warrantless thermal image search violates State and Federal Constitutions). For an analysis of the lower courts' thermal imaging cases, see Lisa Tuenge Hale, United States v. Ford: The Eleventh Circuit Permits Unrestricted Police Use of Thermal Surveillance on Private Property Without A Warrant, 29 Ga. L. Rev. 819, 833-45 (1995); Susan Moore, Does Heat Emanate Beyond the Threshold?: Home Infrared Emissions, Remote Sensing, and the Fourth Amendment Threshold, 70 Chi.-Kent L. Rev. 803, 842-58 (1994); Lynne M. Pochurek, From the Battlefront to the Homefront: Infrared Surveillance and the War on Drugs Place Privacy Under Siege, 7 St. Thomas L. Rev. 137, 151-59 (1994); Matthew L. Zabel, A High-Tech Assault on the "Castle": Warrantless Thermal Surveillance of Private Residences and the Fourth Amendment, 90 Nw. U. L. Rev. 267, 282-87 (1995). . See Marcus J. Kuhn & Ross Anderson, Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations <http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf>. . Email from Ross Anderson to ukcrypto mailing list (Feb. 8, 1998) (available at <http://www.jya.com/soft-tempest.htm>). . Tempest-resistant fonts designed by Ross Anderson are available at <http://www.cl.cam.ac.uk/~mgk25/st-fonts.zip>. . See generally Alyson L. Rosenberg, Passive Millimeter Wave Imaging: A New Weapon in the Fight Against Crime or a Fourth Amendment Violation?, 9 Alb. L.J. Sci. & Tech. 135 (1998). . See Millivision, Security Applications <http://www.millivision.com/security.html>; Merrik D. Bernstein, "Intimate Details": A Troubling New Fourth Amendment Standard for Government Surveillance Techniques, 46 Duke L.J. 575, 600-04 (1996) (noting that although Millivision can see through clothes it does not reveal anatomical details of persons scanned). . See Millivision, Concealed Weapon Detection <http://www.millivision.com/cwd.html>. . See Millivison, Contraband Detection <http://www.millivision.com/contband.html> ("As an imaging system, millimeter wave sensors cannot determine chemical composition, but when combined with advanced imaging software, they can provide valuable shape and location information, helping to distinguish contraband from permitted items."). . See id. (containing links to various models). . Deepti Hajela, Airport X-Ray Device Spurs Concerns, AP Online, Dec. 29, 1999 (quoting testimony of ACLU legislative counsel Gregory T. Nojeim). . See <image (reproduced below).
[note: copyright permission not yet secured]
. Judy Jones, Look