Get LISNews via email! Enter Your Email Address:
David Dillard and Rob Yates were kind enough to allow me to reprint this great article that was originally published in law resources such as a law technology discussion group. They cover the ever touchy area of online privacy and internet law. For anyone interested in internet legislation and law this is a must read. If you think what you are doing on the internet is private, think again!
\"These security and privacy concerns are real and must be addressed when building our online communications systems. It is not only a matter of security, but private and confidential communications are what your clients expect. And they will soon expect that they can execute those never-ending agreements, contracts, corporate minutes, consents, correspondence, and other documents requiring a signature with a click of a mouse. And they will. Law firms would be prudent to anticipate business clients\' needs to assure their clients don\'t click elsewhere.\"First the introduction from David P. Dillard
This brief article was originally published in law resources such
as a law technology discussion group. It is reproduced here with the kind
permission of its author. As communication over the internet grows and
professionals such as teachers, psychologists, administrators, counselors,
sport psychologists, athletic trainers, and other education related
professionals send and share personal and confidential information and
communications over the internet or engage in electronic commerce
transactions, including database and internet searches to procure the
information that they need, there is much that they need to be aware of in
terms of security and privacy issues. These concerns are underscored by
the current strong controversy over the FBI reading en masse private email
coming out of any server using their technology program called Carnivore.
Additionally, concern was heightened by the recent controversy over
privacy of personal data in relation to the internet advertising industry
data collection methods and their use of personal data obtained. This
concern was focused on Double-Click and on medical website use of medical
data collected by those medical business websites but also spread in other
directions. There was also legislation just passed that limits and
regulates the collection of data from children under the age of thirteen
and provides stiff penalties for violations. In contexts like these, I
hope that the excellent article below by Bob Yates will spark the
interest, thinking, and concern of professionals regarding just how
transparent our activities are on the internet and in email. It also
invites concern that our communications on the internet be measured and
well worded, as they may well be written in ink that cannot be erased.
Consider the importance of email records of executives in the Microsoft
Antitrust case litigation, for example.
For those wishing to read additional material on the internet
privacy and security issues, there are some excellent resources and
website pointers on the Educational Cyberplayground including these:
PRIVACY INFORMATION: Must See SECURITY
Massive Tracking of Web Users Planned -- Via ISPs!
Child safety on the Internet Try these sites
Dave Farber\'s review of
\"Code : and other laws of cyberspace\"
by Lawrence Lessig
Security: PEOPLE YOU NEED TO KNOW
E-mail has a lengthy afterlife
Teachers, Administrators, Parents, HomeSchoolers: What is Legal?
I hope that the resources above and the excellent Bob Yates
article below are of great help in making us all more aware of the
implications of what we share and send out over the wire.
Check My Articles on Database Searching
Click on Ringleaders and Then Reference
Diversity University Collaboratory Mailing List (DUC)
New York Times, USA Today, MSNBC Hot Site Pick Awards
The Educational CyberPlayGround http://www.edu-cyberpg.com
Diversity University Collaboratory Mailing List ISSN:1529-7861
THE MILLENNIUM DIGITAL COMMERCE ACT
By, ROB YATES
I would have been remiss as the Illinois Paralegal Association\'s
Information Technology Chair if I failed to write on this subject when
asked if I\'d prepare an article for the fall edition of quarterly
newsletter, the Outlook, especially given its theme of New Millennium
Paralegal. Although largely unheralded by the news media, a significant
piece of e-commerce legislation recently went into effect. The
Millennium Digital Commerce Act (the \"Act\"), signed by President Clinton
on June 30th, kicks down the walls to a newly created cyberworld of
online business and legal transactions. Paper is no longer needed!
Already, with the popularity of the Internet, law firms are scrambling to
build web sites and move their business operations and communications
online after years of complacency. But, now, there is even more urgency.
In essence, the entire practice of law can soon be conducted entirely
online, or at least significant portions of it, and with real
quantitative cost saving consequences.
Primarily to accommodate clients\' needs and business practices, more and
more law firms are finally converting to online communications as their
primary means of correspondence and document management. And with the
recent passage of the Act, the enormous advantages of online
communications has never been greater. Just think about the savings in
time and expense by eliminating the need for fed-x and fax machines. No
longer are manual signatures required to execute a legally binding
contract. You can do it with email and Web site agreements.
The Act specifically states that \"in any commercial transaction effecting
interstate commerce, a contract may not be denied legal effect or
enforceability solely because an electronic signature or an electronic
record was used in its formation.\" Eliminating paper will save you, your
clients, and business in general, time and money associated with sending
paper documents to each party for their signatures. It will be possible
for businesses and consumers to complete loans, mortgages, car purchases,
insurance policies, and any other contract, agreement, or transaction
normally requiring paper. And certainly law firms thrive on and serve as
a clearinghouse for numerous types of corporate and commercial
transactions in correspondence and documentation. Think about it.
Some have warned that the revolution will take time and that many hurdles
must be addressed - some psychological, others technical. But let\'s face
it. Technology\'s forward progress is certain. We don\'t go backwards.
And eventually, this technology promises to save mountains of paperwork
and speed up everything from online business-to-business transactions to
buying a house. There are certain to be many holdouts, and we should move
with some caution. But, now, with this very important Act in place,
technology has the potential to save entire forests, and change entire
It is likely that this Act will bring significant changes to the practice
of law as we know it, particularly for practices dealing with corporate,
commercial, and international transactions. And it will bring
significant changes to its clients, and all other business, as we know
it. It may well take time. But it is inevitable. The growth of online
communications, now to include the ability to execute contracts and other
commercial documents, will certainly accelerate the pace of business
growth and the development and sales of goods online, which is already
expected to reach $2.7 trillion among U.S. companies by 2004.
HOW PRIVATE ARE YOUR ONLINE COMMUNICATIONS?
The Millennium Digital Commerce Act now gives digital signatures the same
legal standing as conventional ink-on-paper and is definitely a boom for
further evolution of the Internet and e-commerce operations. As we move
more and more of our important communications and transactions online,
there is a more urgent need to understand and address the privacy issues
inherent with electronic communications. This would seem of particular
concern in a profession such as law, where information and communications
are so vital.
With the passage of the Act, we can expect much more rapid growth of
online communications as people and businesses become more comfortable
with online transactions. But how secure and private are those
confidential emails, chat sessions, bulletin board messages, newsgroup
posts, and web site visits that are becoming so commonplace in our legal
and business worlds?
Before we begin, let us understand what\'s unique about online
communications. First and foremost, it\'s digital. That means our
communications are reduced to bits and bytes and computerized for
recording, storage, indexing, and categorizing. Secondly, digital data
can be exchanged and shared with other computers all over the world via
networks and telephone lines, and other mediums of the telecommunications
infrastructure. Voice, data, sound, video, graphics, ... all mediums of
communication, and all going digital!
Here are a few basics of some of the security and privacy problems that
will accompany the emergence on an online world. These are not new
concerns. They are just more urgent with the implementation of the Act.
For starters, did you know that your computer leaves digital
\"fingerprints\" with all of your online activities and conversations? Did
you know that your IP address is recorded in databases and traffic logs
alongside everything you send over the Internet? The web pages you
visit, contents of your chat sessions, newsgroup posts, and even email
you thought was deleted is permanently recorded and stored on computers,
and made accessible for future retrieval.
And if you think your IP address is the only footprint your leave on your
trips in cyberspace, you\'d be wrong. Try logging on to
http://www.freedom.net/info/diagnostic.html for an eye opening
experience. Just by logging on, I received three pages of data regarding
my computer. Obviously, our email address is often easily translated to
inadvertently reveal our names, employers, or Internet service provider.
(Try to guess my last name and ISP from firstname.lastname@example.org mailto:email@example.com.- Duh!) But the
diagnostics test results showed me much more. For instance, the
disclosed data identified the town from which my online message
originated, my type of web browser, my type of operating system, owners
of my host server, administrative contacts\' address and phone number,
whether I have Java, ActiveX, or VBScript presently enabled. Sheesh, it
even showed me the path my web communication took in cyberspace,
including the IP addresses of each computer along the way and the
milliseconds spent at each before arriving at its final destination in
Canada. It\'s all out there!
Combined with the personal information you casually reveal online, such
as your name and address, your computer\'s IP address can easily be linked
to your real identity. Even if you were to provide false information to
Web site registration forms or use password- protected web services, your
IP address, and thus your personal information, can be traced back to
you. And with that connection, all communications originating from your
computer can be traced to your name and address, and all that other stuff
that goes along with that. Just ask any P.I. what they can do with a
name and address!
Anyway, because it\'s cheap and relatively easy for companies to record
your every mouseclick, the Internet has created an explosion in
profiling. Where you live, what you earn, where you went to school, your
hobbies, your credit history, your marital status... Marketers collect
this kind of information to build a precise portrait of you, so they can
target you with ads. One ad network claims to track 35 million Internet
users and record data in 800 different categories for each.
companies with which you exchange personal information? Well, most
promise not to share your information with others, or at least tell you
how to \"opt out\" of these arrangements. Unfortunately, there is no way of
help by certifying that a company does what it claims in its policy. But
if a privacy breach occurs, these seal programs have no power to compel
corrective action, leaving self-policing susceptible to privacy abuse.
Here\'s another privacy concern. What about hackers that might intercept
and read your confidential online communications? It can happen.
Internet traffic passes through a myriad of computers while it travels
from your computer to its cyberspace destination. And at any point along
the way, hackers can intercept and read your messages. Sensitive
information, such as legal strategy or privileged client-attorney
communications, can be lifted from your message without your knowledge.
Cookies are another potential privacy invader. Cookies are generally
harmless and can enhance your Web experience by displaying customized
content, like your local weather forecast, on a site you regularly visit.
But cookies are also placed on your hard drive to track and profile your
Web visits, sometimes for good reason, and sometimes for bad. It is
possible that some insurance company and employer, and anyone else, can
gain access to your profile and use its contents for purposes of
discrimination or harassment. Impersonation, fraud, and other crimes that
involve theft of personal information from online sources are also on the
rise as cyber-snooping is easier than ever. And easy Internet
surveillance has even led to human rights abuses in countries that do not
protect freedom of speech.
You\'ll get a kick out of this somewhat related virus story. I recently
downloaded a software program called PC Spy 2000. You know, the one they
advertise \"EVERYTHING YOU EVER WANTED TO KNOW ABOUT YOUR FRIENDS, FAMILY,
ENEMIES, EMPLOYEES, EVEN YOUR BOSS!\" I didn\'t expect anything more than
links to online depositories of public records. But that was all I
wanted. Many courts and other governmental agencies are moving files
like criminal records, professional licenses, bankruptcies, divorce
records, and other public domain documents onto the web. And I was
compiling a list of hyperlinks to such online depositories for my own web
Anyway, I got more than public record hyperlinks! For the next two days
after downloading, I received a message box immediately after booting up
that read \"Kagou- Anti Kro$oft says not today!\" and with that, my driver
memory froze, and I had to reboot. Not once, not twice, but several times
before I found a way out of Kagou\'s control. My computer robbing
cyber-thief soon disappeared on its own in a day or two, and although
enlightening, the fact that someone could take over and control my
computer was somewhat unsettling. (And may I say to the makers of PC Spy
2000 that the virus could have come from anywhere, so please don\'t bust
me with libel, slander, or defamation charges.) Interestingly, the
$29.95 software program also included an accessory software program that
allows you to install a cookie on another\'s computer to track its
DIGITAL IDS AND ENCRYPTION FOR LEGAL AND BUSINESS TRANSACTIONS
As more attorneys and their clients send confidential information by
e-mail, it is increasingly important to be sure that documents are not
forged, and to be certain that messages you send cannot be intercepted
and read by anyone other than your intended recipient. How can you be
sure the privacy of important online communications and information is
protected? How can you be sure the author is the person or business they
claim? Digital IDs and encryption are a large part of the answer.
In physical transactions, challenges of identification and authentication
are solved with seals and signatures. In electronic transactions, the
equivalent of a seal must be embedded in the electronic information
itself in the form of a digital ID. Digital IDs can be issued to both
business entities and individuals to help establish a valid digital
signature and online identity.
By using digital IDs, you can prove your identity in electronic
transactions in a way similar to showing your driver\'s license when you
cash a check. A digital ID is composed of a public key, a private key,
and a digital signature. When you digitally sign your messages, you are
adding your digital signature and public key to the message. The
combination of a digital signature and public key is called a
certificate. Before you can start sending digitally signed messages, you
must obtain a digital ID from a independent certification authority. When
you apply for a digital ID at a certification authority\'s Web site, they
verify your identity before issuing your ID.
To verify the validity of a digitally signed message, your computer will
request information from the appropriate certification authority. Similar
to good standing certificates issued by Secretary of States\' offices, the
certification authority will send back information on the status of the
digital ID, including whether the ID has been revoked. There are actually
different classes of digital IDs, each certifying to a different level of
Just as applicants for digital ID\'s must undergo some identity or
credential review, employees of certification authorities often undergo
extensive security and background checks. One certification authority
even claims to have five tiers of physical security using metal keys,
with the last three tiers requiring fingerprint identification. (Kind of
reminds me of the technologically advanced, latest and greatest,
state-of-the-art, 100 percent guaranteed security vaults that all came up
empty one morning just a year after their grand opening. It seems the
vault company owners flew off on a permanent vacation somewhere in South
America the night before. Well, never mind ...)
Another privacy safeguard is encryption. Encryption is a procedure that
makes the contents of a file unintelligible to anyone not authorized to
read it, requiring the recipient to un-encrypt the message at the other
end with an electronic key provided by the sender. One of the most basic
of encryption type band-aids is available in email programs like
Microsoft\'s Outlook and Outlook Express. Though not really encryption,
these types of programs add a certain number of alphabetical letters to
the intended letter making it only difficult, but not impossible to read.
Obviously, a hacker need only count backwards the number of letters the
program adds to the original text.
Real encryption is based upon algorithmic calculations that defy the
imagination, well, hopefully. (At least that\'s why we buy it!) For sites
that exchange highly sensitive and personal information, 128-bit
encryption is recommended, whereas, 40-bit encryption may be sufficient
for less strategically important communications. Until recently, 128-bit
encryption was not even allowed to be exported, and the U.S. Department
of Commerce requires companies to qualify before purchasing such
encryption power. It\'s hot stuff! Two groups of companies and
individuals are not allowed by law to purchase 128-bit encryption, those
being persons listed on the U.S. Government\'s Denied Person\'s List and
customers located in Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan,
These security and privacy concerns are real and must be addressed when
building our online communications systems. It is not only a matter of
security, but private and confidential communications are what your
clients expect. And they will soon expect that they can execute those
never-ending agreements, contracts, corporate minutes, consents,
correspondence, and other documents requiring a signature with a click of
a mouse. And they will. Law firms would be prudent to anticipate
business clients\' needs to assure their clients don\'t click elsewhere.
Rob Yates, Web Communications Consultant
Executive Site Systems, Inc.
\"Home of the Intelligent Web Site\"
The Educational CyberPlayGround http://www.edu-cyberpg.com
New York Times, USA Today, MSNBC Hot Site Pick Awards
[DUC]Diversity University Collaboratory ISSN:1529-7861