Subscribe with Bloglines The Privacy Lawyer: 06/01/2004 - 07/01/2004

Wednesday, June 30, 2004

InformationWeek > Parry Aftab > The Privacy Lawyer: Unscrupulous Marketing Practices Of Online Porn Purveyors > March 1, 2004

InformationWeek > Parry Aftab > The Privacy Lawyer: Unscrupulous Marketing Practices Of Online Porn Purveyors > March 1, 2004

American Society of Business Publication Editors Awards

American Society of Business Publication Editors
One of my commentaries for Information Week just received a gold award from this august organization.

“Patriotism, Compliance
and Confidentiality”
Parry Aftab

you can read it at I'll post the link.

I was very very very honored to even be considered. I did not expect to win any award.

Information Week is an incredible pulbication and all of those associated with it are remarkable and talented people. I am honored that they allow me to write for them.

Whitepaper on .xxx and statistics of the porn problem and children online

COPA - The Law and the Decision from Parry's website

COPA - The Law and the Decision

Hello Again...COPA II

I am still puzzled over how newsworthy everyone is seeing the COPA Supreme Court decision on June 29, 2004.

The law became effective in october 1998 and was immediately enjoined. It went up to the US Supreme Court on an expedited appeal and was questioned. The Court of Appeals was asked ot make certain additional findings. It worked its way back to the Supreme Court and is now sent back for a trial in the lower court.

The law is not now and has never been in force. It was passed 6 years ago, in a very different technological environment and legal environment. At the time it was first enacted, the Department of Justice wrote a letter questioning the appropriateness of the law and the enforceability of the law. On top of that, it is still not dead, although in a close slit decision the Supreme Court has raised serious doubt of its constitutionality given the technology available today and the state of the law.

Here are some good links to the ACLU site with the relevant documents. I've linked to them here, and you may also want to read up about this at the site (link from top of the front page).

No matter what your politics, though, we need a practical solution...and the laws no matter how well intentioned, don't provide that.

filtering, paretnal controls, filtered search engines and white lists, coupled with typosquatting legilation, obscentity enforcement and fraud investigations will help. And parents don't need the Supreme Court's decision to uphold their choices.

Letter from the Department of Justice to Congress concerning COPA and problems they see in the law and enforcement of the law

American Civil Liberties Union : Letter from the Department of Justice to Congress concerning ACLU v. Reno II

American Civil Liberties Union : Supreme Court and COPA

American Civil Liberties Union : Supreme Court and COPA
This is a summary of the earlier Supreme Court decision on COPA

The first COPA decision in 2002 by the US Supreme Court

FindLaw for Legal Professionals

The CDA opinion striking down the Communications Decency Act provisions to protect minors from pornography

FindLaw for Legal Professionals
This is the underlying CDA opinion

COPA - what does the decision mean

COPA was signed into law in Fall 1998. It's application was enjoined right away and it never became effective. The June 29, 2004 Supreme Court decision maintained the injunction and sent it back to the trial court to decide certain issues. The Supreme Court also questioned whether the law was constitutional, largely based on two major concerns, free speech and privacy.

Note that before we go further, I have received many media inquiries asking is COPPA (The Children's Online Privacy Protection Act) was still in effect. It is. This decision only deals with COPA, not the similarly sounding law, COPPA. COPA (unlike COPPA that deals with privacy and children under the age of thirteen) was designed to protect children from seeing images that were inappropriate for minors online.

Similar laws exist in real life, and most of us have encountered them if we have seen adult magazines covered in brown paper, or have to show IDs to prove that we are old enough to buy Playboy or other similar magazines. In a video store the adult videos may not be rented to someone under a certain age. These are typically because of the "harmful to minors" laws adopted in some major cities, and some states.

In the United States the First Amendment applies to speech. It prohibits governmental action based on content (other than a few exceptions, called "unprotected speech").

It limits what can be done in outlawing pornography, among other high profile topics, such as hate. But we can still easily regulate the manner of speaking. For example, we can regulate whether someone holds a protest a 3am, and uses loudspeakers in a residential neighborhood.

While we can regulate when and how, we cannot regulate these things based on the kinds of content or speech encountered unless it falls in a special category of "Unprotected Speech." Many legal cases are brought on this fine point, especially when staged protests or gatherings are prohibited and the protesters believe it because of what they are saying, not just where and how they are saying it.

obscenity is unprotected speech. It involves several tests, one of which requires that the speech be measured based on local community values. Essentially if the speech has no socially, scientific or artistic redeeming value and offends the community standards of a certain locale, the content can be regulated and outlawed.

So, which community do we use online? The readers'? The posters? The server hosting the content? The Internet as a whole? The US as a whole? This is a serious issue and part of the problem identified in the decision. Without the community test, our obscenity laws don't work. If we will want to make them apply online, we will have to either find a new test, or rework this one.

The second problem with COPA relates to the mechanisms for proving that you are an adult online. If the websites are required to only permit those who can prove that they are adults and can legally view the pornography, how can we prove who they are online? Typically a creditcard is used. The adult sites themselves have designed adult verification systems which are a subscription service, and a large source of revenue for the pornographers themselves. And every method in use ties back to who you really are. That's the only way they can currently prove adulthood.

But in the same situation offline, if you walk into a newsstand and buy a Playboy you don't usually leave proof of ID behind. You can show your age verification to the cashier to prove that you are over 18 or 21, but you don't sign a form and no records are kept (other than you creditcard receipt and purchase information itself which may or may not identify the magazine you are buying or the video you are renting).

Unless technology improves so that adults can buy legal adult content online without having to give away their identities, this raises serious privacy concerns. And since there are more than 1 million porn sites online, 40% of which are hosted outside of the United States, enforcement would be almost impossible.

Does this leave children and parents unprotected? No, of course not. The best way to protect children from porn and unscrupulous marketing practices of pornographers online is by technology. Filtering, parental controls, white lists and other closed environments are designed to screen out pornography and actually work pretty well. Filtered and child-size search engines, such as Yahooligans! and ask jeeves for kids and google's filtered search, help screen out porn results to innocent searches. The new typosqatting laws that outlaw attempts to defraud children into believing that a porn site is a children's site help as well.

Existing consumer fraud laws can address fraudulent marketing schemes and privacy violations.

We are not yet at the point where we have to infringe on the contitutional rights of adults to protect children.

You can learn more about children's online safety issues at and

and in the meantime, don't worry. For six years this law has laid dormant. It can lay dormant a bit longer. But let's work on the problem while we wait.

You can read the COPA information page at

Saturday, June 26, 2004

Office of Privacy Protection - California Department of Consumer Affairs

Office of Privacy Protection - California Department of Consumer Affairs

This is the site for California consumer privacy protection and education. It's run by an exceptional woman, and a small devoted team that helps everyone with privacy questions and provides a liaison with consumers, governments and business on privacy issues.

A Parry's thumbs up!

Friday, June 25, 2004

July 1st ...the new California Privacy Policy Act goes into effect

Beginning on July 1st all website and online services that collect personal information from California residents must have a conspicuous privacy policy.

While I am not a fan of state Internet regulations (since they make it almost impossible to comply on a nationwide basis), it's time someone required sites to have a privacy policy.

If a site fails to have one, they have thirty days form receiving a formal notice from the state to add one before they face prosecution. Seems pretty fair to me.

Without a special law requiring sites to have a privacy policy, in the United states only certain kinds of sites had to have one. I call these the kids, Cash and Kidney sites. (children's, financial and medical privacy-related laws usually require a privacy policy and full disclosure of your site's privacy practices.)

In 1998 or so IBM and Microsoft each made an announcement that they would no longer buy ad space on sites without privacy policies. And most sites have one now, in one form or another.

It's ironic though that until this recent state law, most websites were less likely to run into legal liability for their privacy practices if they refused to post a policy. The Federal Trade Act under which the FTC functions, treats a privacy policy as a promise or representation and any breach as consumer fraud. So if you don't have a policy (assuming it was not a regulated industry as mentioned above, and California laws didn't apply) you were better protected legally. Now you have to get it right. Say it clearly and accurately and make sure that you follow-through on what you say.

I think it's time for a Federal mandated privacy policy law. It's a matter of respect.


Wednesday, June 23, 2004

Workshops: Cyberspace in the Workplace Coaching

Cyberspace in the Workplace Coaching

Many corporations have difficult time teaching privacu sensitivity.
The workshops make it fun, using a format similar to the muder mystery night events, with people playing different characters and having different scripted information. The employees and maangement learn how things unfold in a real life setting.

Workplace Privacy - an index to the issues

Workplace Privacy

This is the index page to our workplace privacy section. Workplace privacy can involve issues as diverse as whether and how an employer can monitor employee Internet access, to whether a union organizer can use the company e-mail network to try and organize a union, to what a company should be doing with inbound e-mails that solicit help, advice or submit content.

It's a good place to start.

Parry's PowerPoint for a Presentation to HP - Kids, Cash and Kidneys... Privacy and Laws

Kids, Cash and Kidneys� Privacy and Laws
This powerpoint was prepared for a privacy seminar presentation I did for HP in June 2003. It lays out the typical areas when privacy laws impact consumers and businesses. t outlines the major laws in effect at that time, how to approach privacy and workplace privacy issues.

It's an easy way to get started on the topic. Sorry I don't have speaking note to accompany it. I don't use them.

If you want more information, e-mail me directly at

The BT approach to curtailing child | Society | Turning a corner in online abuse? | Society | Turning a corner in online abuse?

In the good old days...when you could actually know about the laws

In the early days of cyberlaw, when five u=of us sat in a chatroom and talked about what cyberlaw should be and what still neede to be decided, things were easy. We could read the handful of cases that had already been determined and watch the new ones develop.

Legislators knew who to call when they need expertise in online privacy and security issues.

These were days before people flew planes into tall buildings. In the simpler days of protecting privacy and building ebtter security. In the days when (at least in the Unitied States) there were fewer tensions between what people wanted and what our government needed.

I am considered a leading legal expert in my field. Called by the media around the world, consulted by government and regulatory agencies worldwide, quoted frequently, I worry that every day the issues become more complex and outside of the ability of any one person to grasp fully.

I went form cyberspace lawyer, covering and writing about all aspects of cyberlaw, from jurisdiction, to consumer protection, to taxation and regulatory oversight, to privacy, to safety, to security, to risk management to compliance...the list goes on and on.

Then I dropped jurisidictional issues, intellectual property issues, tax and a few others, and started focusing on security, safety, risks management and compliance and most of all privacy. Now I wonder how we can even keep track of all the new legislation and rulemaking.

Spyware, local laws, legitimate updating technologies, SPAM, fraud, consumer protection, phishing, spoofing, typosquatting, the PATRIOT act, fair credit reporting and workplace issues...unionized workplaces, blogging, IM, P2P,

sometimes you wish the world would slow down for a few minutes so that everyone could take the time to learn what is out there, what is coming and why.

I will be looking for other real experts out there to start working with. In the olden days I created the first virtual law firm, which we called the virtual law firm network. Perhaps we should do the same here in blogging. finding the right experts and cross-linking to fill in gaps in what the other does and knows.

Wanna network?

let me know.


Monday, June 21, 2004

Parry's Blog

Parry's Blog
Here's my general blog, where I rant, share a myriad of ideas and even a few coherent ones.


Parry Aftab's Privacy and Cyberlaw Site

Parry Aftab's Privacy and Cyberlaw Site

Here's my website. I uses frontpage, but what do you expect from a lawyer? Dreamweaver??? :-)'s got lots of articles I have written about privacy law and policy. Those I wrote years ago have the date of publication and usually also have a warning that they may be out of date. If you're not sure, drop my an e-mail or post a comment here.


The people who started it all - The Internet Society (ISOC)

Internet Society (ISOC)
Many of those who are new to the Internet, or began using it post Web don't know the key players who helped create the Internet and the Web as we know it. They are also creating the Internet we never dreamed could be created, intergalactic and real deep space, not just cyberspace.

It's great to get involved, if you want to contribute to the Internet of your children and their children and their children....and so on and so forth. :-)

Drop by the site, learn, share and help!

a Parry's thumbs up!

The Privacy Lawyer

I write The Privacy Lawyer column for Information Week magazine. It's a combination of legal information, cyberabuse avoidance and fun.

Every once in a while my editor reminds me that I should write more about law and less about cyberdating. So this blog will allow me to write more fun things that affect information and business technology managers as people.

Let me know if there are special things you'd like ot hear about and I will try and accomodate you.

Blogging takes me back to the early days of AOL when several of us became online hosts to avoid having to pay by the minute (really!) for AOL access. Our bills used to run about $200 per month. As online hosts for AOL, we had free access and even more importantly, board tools that let us set up new boards, edit our posts and others post and kick people out who were creating problems. Aside from giving us all God complexes, it allowed us to create our own little world. When you look at AOL today, you never could contemplate what it used to be like.

When you talk with Vint Cerf and other incredible pioneers like him, being able to trace your online origins back to the early days of AOL isn't such a big deal. But heck, it was fun then. And felt just like blogging does now. You can make a name for yourself. You can help people learn and share your ideas.

It feels like 1994 all over again.

I hope it's just as much fun as it used to be...