DRM and Privacy
Julie E. Cohen* ©
2003, Julie E. Cohen. Copies of this
article may be made and distributed for educational use, provided that: (i)
copies are distributed at or below cost; (ii) the author and the Berkeley
Technology Law Journal are identified; and (iii) proper notice of copyright is
affixed.
I. Introduction
The future of privacy is
increasingly linked to the future of copyright enforcement. In their push to control the proliferation of
unauthorized copies, and to maximize profit from information goods distributed
over the Internet, copyright owners and their technology partners are designing
digital rights management (DRM) technologies that will allow more perfect
control over access to and use of digital files. The same capabilities that enable more
perfect control also implicate the privacy interests of users of information
goods. Although DRM technologies vary
considerably, at the most general level they represent an effort to reshape the
practices and spaces of intellectual consumption. They also create the potential for vastly
increased collection of information about individuals’ intellectual habits and
preferences. Quite apart from the
questions of intellectual property policy that surround DRM technologies, therefore,
the proper balance between DRM and user privacy is an important question in its
own right.
Interrogating the relationship
between copyright enforcement and privacy raises deeper questions about the
nature of privacy and what counts, or ought to count, as privacy invasion in
the age of networked digital technologies.
This Article begins, in Part II, by identifying the different types of
privacy interests that individuals enjoy in their intellectual activities and
exploring the different ways in which DRM technologies threaten these
interests. Part III considers the
appropriate scope of legal protection for privacy in the context of DRM, and
argues that both the common law of privacy and an expanded conception of
consumer protection law have roles to play in protecting the privacy of
information users. Finally, Part IV
considers whether DRM technologies and standards processes themselves might be
harnessed to protect privacy.
II. Privacy Interests in Intellectual Consumption
DRM technologies operate at the
intersection of two complex and powerful constellations of privacy values. They target a set of behaviors, which I will
label intellectual consumption, that often (though not always) take place
within private spaces. These behaviors,
in turn, concern an activity – intellectual exploration – that is widely
regarded as quintessentially private.
Within most non-primitive societies,
tradition and social practice reserve certain types of “private space” to the
individual or the family. Chief among
these is the home, which is conceived as a place of retreat from the eyes of
the outside world. Some privacy skeptics
argue that rules about entitlements to privacy within certain spaces overlap
substantially with property-based entitlements to control access to private
homes or offices.[1] Yet the
correspondence between ownership and spatial privacy is imperfect. Not every invasion of a residential property
interest is an invasion of privacy; for example, most people do not think that
a nuisance, such as excessive noise or noxious fumes, is also a privacy invasion.[2] And
individuals can have privacy expectations in spaces that they do not own or
rent, such as public restrooms, dressing rooms, and telephone booths.[3] Acknowledgment
of these expectations suggests a fairly broad consensus that the interests
protected by “privacy” and “property” are different. Rules and traditions about freedom within
private spaces concern not only property interests, but also guarantees of
breathing space for individual behavior.
One may, for example, walk around nude inside one’s own home, even
though one is not free to do so in public.
In just the same way, spatial privacy allows for metaphorical nudity;
behind closed doors, one may shed the situational personae that one adopts with
one’s co-workers, neighbors, fellow commuters, or social acquaintances, and
become at once more transparent and more complex than any of those personae
allows.[4]
Traditions of privacy in
intellectual exploration are more recent, but equally robust. Within Western societies, a central tenet of
post-Enlightenment thought is the inviolability of each individual’s rights
over her own person.[5] These rights
include not only rights of bodily integrity and other corporeal rights, but
also rights over one’s own thoughts and personality. Surveillance and compelled disclosure of
intellectual consumption threaten these rights in subtle but powerful
ways. Although a person cannot be
prohibited from thinking as she chooses, persistent, fine-grained observation
subtly shapes behavior, expression, and ultimately identity.[6] The inexorable
pressure toward conformity generated by exposure, and by loss of control over
uses of the gathered information, does not so much invade right of
self-determination as it coopts them.
Additionally, surveillance and exposure devalue the fundamental dignity
of persons by reducing the exposed individuals to the sum of their “profiles.”[7] For these
reasons, in other circumstances where records of intellectual consumption are
routinely generated – libraries, video rental memberships, and cable
subscriptions – society has adopted legal measures to protect these records
against disclosure.[8] Just as
spatial privacy guarantees breathing space for behavior, privacy rights in the
information generated by intellectual exploration guarantee breathing space for
thought.
DRM technologies are poised to
affect both the spatial and the informational dimensions of privacy. Both by directly constraining private
behaviors related to intellectual consumption and by enabling creation of
detailed and permanent records of such consumption, these technologies have the
potential to change dramatically the way people experience intellectual
goods. Whether they will do so in a way
that undermines either set of privacy values is an important question. To answer it, we must consider each of the
general types of functions that a DRM technology might perform.
A.
Constraint
Some DRM technologies are designed
to set and automatically enforce limits on user behavior. For example, a music delivery format might
prevent copying, including copying for “space-shifting” purposes, or might restrict
the types of devices that can be used for playback.[9] The “content
scrambling system” (CSS) algorithm used on DVDs does both of these things, and
also implements a “region coding” compatibility system designed to ensure that
DVDs intended for use in one geographic region (e.g., North America) cannot be
played on equipment sold elsewhere.[10]
Technologies that force changes in
user behavior narrow the zone of freedom traditionally enjoyed for activities
in private spaces and activities relating to intellectual consumption. In so doing, they decrease the level of
autonomy that users enjoy with respect to the terms of use and enjoyment of
intellectual goods. Does this
constriction also amount to an invasion (or, more neutrally, a lessening) of
privacy? That depends on how privacy and
its absence are defined.
It is hard to argue that a copy-protection
device “intrudes on seclusion” in the precise manner contemplated by the
Prosserian tort of that name. The tort
theory of spatial privacy envisions “seclusion” as physical isolation from
observation. The sort of intrusion
cognizable as privacy invasion generally involves direct human agency and at
least the possibility of a human observer.
Technologies of direct constraint, in contrast, operate automatically
and without recourse to an external controller.
But to say that, therefore, these technologies cannot “intrude” begs the
question whether standards devised by courts to remedy invasions of private
space in the predigital age should be the touchstone for assessing diminutions
of spatial privacy in the digital age. A
less precedent-bound approach to defining privacy and its absence/loss might
view matters differently.
More abstractly, many philosophers
conceive of “privacy” as a condition of inaccessibility or limited
accessibility to the rest of the world.[11] Invasions of
privacy involve rendering the individual more accessible to others in some
way. Technologies of direct constraint
do not map especially well to this theory, either. Copy-control restrictions and similar
constraints do not render individuals who purchase restricted works more
accessible to others in any particularized way; they simply carry out their
assigned tasks. If I buy a
copy-protected music CD and play it in my living room, I and my living room are
no more accessible to the copyright owners of the various musical works and
sound recordings than the day before I made my purchase.
Conceptualizing loss of privacy in
terms of either intrusion or particularized accessibility, however, misses an
important aspect of the dynamic established by DRM technologies of direct
constraint. There are several possible
ways to respond to the problem of policing under conditions of limited
accessibility. One is to develop DRM
technologies that enable surveillance; those technologies are discussed
below. Another – the strategy of direct
constraint considered here – is to restrict the range of permitted behaviors in
a way that is known ex ante, thereby eliminating any need for intrusive
monitoring.[12] This strategy
subverts the privacy-accessibility dynamic.
I and my living room may be no more accessible to the copyright owners
of the copy-protected music CD than before I bought it, but that does not
matter; the feasible uses of the CD are known, and so the question of
particularized accessibility to me is moot. Yet it is hard to see the result as non-invasive;
if anything, it is more efficiently invasive than a surveillance strategy would
be.
Focusing narrowly on “intrusion” or “accessibility” also ignores the
complex intersectionality of the privacy concerns implicated by DRM
technologies; it emphasizes spatial privacy but excludes consideration of
intellectual privacy values. Some
philosophers argue that “privacy” is not only a condition of (relative)
inaccessibility, but also, in part, a condition of autonomy with respect to
important personal decisions.[13] Although the
usual examples relate to rights in one’s own person (e.g., decisions about
reproduction, or about intimate relationships), one might extend this argument
to encompass rights in one’s own mind.
Particularly where intellectual exploration is involved, privacy
concerns guarantees of “breathing space” for individual choice. Technologies of direct constraint shape
individual practices of intellectual consumption in ways that shift the locus
of choice about those practices away from the individual.
One might object that this argument
makes every product design problem a privacy problem, and that this result does
not square with the realities of the competitive marketplace. According to this view, DRM technologies of
constraint, like any other new consumer product feature, simply create for
users new realities around which to exercise (fewer remaining) choices. This, though, presumes that “product design”
results from a confluence of neutral/technical factors exogenous to social
policy. My point is exactly the
opposite. Product design reflects social
as well as “technical” values – or perhaps more precisely, technical
considerations cannot help but reflect social ones.[14] For an
example, one need look no farther than DRM technologies themselves; design for
maximum constraint reflects commercial and (anti)competitive objectives. There is no reason to say that privacy does
not belong in the calculus of factors that inform and constrain design; quite
the contrary is true. If spatial privacy
and intellectual privacy are important human values, then product design is a
privacy issue, and rightly so. It
follows that sometimes privacy values will receive only partial accommodation;
one cannot say that privacy is the only relevant design consideration. But one can articulate as an explicit norm of
the design process the goal that delivery technologies for information goods
should be designed to minimize privacy-invasive constraints. As I discuss in great detail in Part IV,
injecting this norm into the DRM design process might produce DRM technologies
that look substantially different.
B. Monitoring
Other DRM technologies are designed
to report back to the information provider on the activities of individual
users. Such reporting may occur in
conjunction with a pay-per-use arrangement for access to the work, or it may
occur independently of payment terms.
For example, monitoring functionality might be designed to collect data
about use of web browser software, or about the types of documents created
using word processing or spreadsheet software.[15] Monitoring
also can be used to determine information about related products, such as the
presence of non-copy-protected mp3 files on the user’s hard drive or the other
computer programs a user is running in conjunction with a licensed program.[16]
DRM technologies that monitor user
behavior create records of intellectual consumption. Indirectly, then, they create records of
intellectual exploration, one of the most personal and private of activities. They also create records of behavior within
private spaces, spaces within which one might reasonably expect that one’s
behavior is not subject to observation.
Intuitively, the case for regarding these technologies as
privacy-invasive seems clearer than it did for technologies of direct
constraint.
Compared with DRM technologies of
direct constraint, the monitoring capabilities of DRM technologies fall more
straightforwardly within conventional definitions of privacy invasion. Gathering information about intellectual
consumption renders intellectual preferences accessible, both to the
information provider and to third parties that might purchase it or, in the
case of the government, compel its production.
Much of this record-keeping activity is conducted automatically, without
the direct involvement of a human observer or controller, but the fact of
automation does not neutralize the threat to privacy interests. The relevant question, instead, is whether
information about intellectual consumption is gathered and stored in a form
potentially accessible to others.
Whenever those conditions hold, privacy interests have been
compromised. For the same reasons
already discussed, one might argue, as well, that DRM monitoring technologies
invade privacy interests grounded in decisional autonomy considerations, by
rupturing the breathing space required for intellectual exploration.
DRM monitoring technologies also can
have second-order privacy effects.
Specifically, data gathered through monitoring can later be used to
generate detailed profiles of users’ revealed intellectual preferences. The information provider can use the
resulting profiles to market additional information goods to users, or can sell
it to third parties who may use it for a wide variety of other purposes.[17] DRM monitoring
technologies do not uniquely enable profiling, or even intellectual profiling;
without any information about usage patterns, an information provider can
construct a reasonably detailed profile of intellectual preferences and subject
matter interests based solely on the information generated by initial purchase
records. Nonetheless, the use of data
gathered via DRM monitoring to “enhance” existing profiles renders those
profiles more comprehensive, and thus potentially more invasive from the user’s
perspective for all of the reasons already discussed.
C. Self-Help
Direct restriction protocols can be
designed to encode penalties as well as disabilities. For example, a DRM system could be designed
to disable access to a work upon detecting an attempt at unauthorized use. Such “self-help” technologies – so named
because they are designed to obviate recourse to legal enforcement procedures –
may be directed and controlled externally upon detection of the prohibited
activity. This type of functionality
must be implemented in tandem with some sort of monitoring functionality. Self-help technologies also can operate
automatically upon internal detection of a triggering activity, without
communication with any external system or controller. The extent to which either type of self-help
functionality should be permissible as a matter of contract law has been the
subject of an ongoing dispute,[18] but there appear to be no technical barriers to their
implementation.
DRM self-help technologies present a
special case of the constraint problem, and potentially a special case of the
monitoring problem as well. For all of
the reasons already discussed, I believe that it is analytically sound to
conclude that both types of technologies significantly diminish privacy in
intellectual consumption. There remains
the question whether the inclusion of self-help functionality adds anything
distinct to the privacy dynamic.
The punitive quality of self-help
implicates privacy interests in one way that technologies of direct constraint
do not. The identification of a
particular consumer as a target for self-help measures entails loss of the
(partial) anonymity that individual formerly enjoyed as one among many
customers.[19] Here again,
DRM technologies give the dynamics of enforcement a slightly different
spin. Enforcement, like constraint and
monitoring, can be activated without direct human agency; thus, it is
conceivable that no human need know the specific identities of those singled
out. Here again, though, conceptualizing
loss of privacy in terms of human “attention” misses the distinctive sense in
which the phenomenon of attention operates in the digital age. Attention and anonymity, or at least
fungibility, may coexist. One can remain
an anonymous customer and yet be singled out by a process of automated
decisionmaking for consequences that one would not choose.[20] Whether a
human or a computer directed the decision, one’s ebooks and mp3 files no longer
“work,” and no longer work as a result of actions taken privately. From the individual user’s perspective, the
consequences are the same regardless of whether a human or a computer made the
final call to activate self-help measures.
In addition to the loss of
particularized privacy for targets of self-help measures, the employment of DRM
self-help technologies raises a more general question about the nature and
function of the boundary between public and private spheres.[21] By inserting
automatic enforcement functions into private spaces and activities, DRM
self-help technologies elide the difference between public/rule-governed
behavior and private behavior that is far more loosely circumscribed by
applicable rules and social norms. Some
offenses, most notably crimes against persons, are so severe that they may
justify such elision. In other cases,
however, looseness of fit between public rules and private behavior serves
valuable purposes. Where privacy enables
individuals to avoid the more onerous aspects of societal norms to which they
may not fully subscribe, it promotes tolerance and pluralism. Where the precise contours of legal rules are
unclear, or the proper application of legal rules to particular facts is
contested, privacy shields a range of experimentation that furthers the
value-balancing goals of public policy.
DRM self-help technologies do not permit experimentation, and eliminate
public policy and privacy alike from the calculus of infraction and
enforcement. That these technologies,
represent, at most, a novel form of “distributed totalitarianism” seems cold
comfort.
III. Building Intellectual Privacy Into Law
Articulating legal principles for
protecting the intellectual privacy interests implicated by DRM technologies is
far more complicated than articulating the normative case for such
protection. Normative theories are more
supple than legal ones, which tend to move cautiously along well-trodden paths. Developing a legal theory of intellectual
privacy for the information age requires an act of legal imagination. Because no single branch of legal doctrine
supplies all of the elements necessary for effective protection of intellectual
privacy, such a theory must synthesize elements from a variety of different
legal traditions. It also must confront
directly a problem that each of these doctrinal traditions has steadfastly
avoided: determining what conditions should be necessary for an effective
waiver of intellectual privacy if protection for intellectual privacy is to be
meaningful. At both stages, the theory
must be justified as an act of legal imagination. That is to say, it should be possible to show
(capitulating at least partially to law’s inherent conservatism) that it at
least does not differ too greatly from other such imaginative leaps.
A. Toward a Legal Privacy Standard for the
Information Age
Many different strands of law bear
to some degree on questions of intellectual privacy, but none is exactly
developed to address the unique privacy problems created by DRM
technologies. Several, however, have the
potential to do so. The common law of
privacy, with its emphasis on control over personal spaces and control over commercialization
of image, can be reconfigured for the digital age by drawing on the policy and
normative frameworks embodied in other privacy-regarding areas of law. In addition, because many information goods
are also consumer goods, a more explicitly regulatory approach to
privacy-invasive DRM technologies, grounded in principles of consumer
protection law, can significantly improve levels of privacy protection for
users of information goods.
1. Revitalizing Common Law Privacy Standards
The initial theory of common law
privacy protection articulated by Warren and Brandeis was fairly flexible: a
general “right to be let alone.”[22] The difficulty
with this new right lay precisely in its generality and vagueness; without a
more detailed specification, the right to be let alone could conceivably
encompass almost any kind of unwanted attention. By the mid-twentieth century, and aided by
legal scholarship seeking to subdue Warren and Brandeis’ unruly brainchild, the
common law of privacy had congealed into four distinct torts.[23] The price of
clarity, however, was stasis. Three of
these torts are potentially applicable to the privacy problems created by DRM
technologies, but all have remained firmly focused on the privacy problems of
the predigital age. Yet each is
potentially flexible enough to cover far more – if only courts become convinced
that the expansion is warranted.
Current applications of the common
law privacy torts do not encompass the sorts of incursions worked by DRM technologies. As noted in Part II, the tort of intrusion
upon seclusion has targeted physical or audiovisual intrusions into private
spaces.[24] No court has
considered whether it similarly protects against the insertion of other kinds
of sensors (e.g., DRM monitoring technologies), or sensors that report back to
machines rather than to people, or technologies that drastically constrain
behavior, but without reporting back.
Each of these conclusions requires an additional step away from the
traditional core of the tort. The fit
between current conceptions of the common law privacy torts and informational
privacy concerns is equally imperfect.
The tort of unauthorized appropriation of name or likeness has focused
primarily on misuse of proper names and pictorial images. So far, when asked to apply this tort to the
digital “likenesses” generated by profiling and data mining activities, most
courts have resisted.[25] The tort
prohibiting embarrassing disclosure of private facts has generally been applied
to redress disclosure of sexual or intimate information.[26] All three
torts, however, are capable of a broader and more sensitive application.
Conceptual support for expansion of
the common law privacy torts to cover electronic intrusion and monitoring can
be found in policies derived from two bodies of law more finely attuned to
intellectual privacy concerns: constitutional privacy law and copyright
law. Compared with common law privacy
rights, constitutional privacy rights manifest far greater concern with
intellectual liberty. The liberty with
which the drafters of the Constitution were concerned was liberty against
government, and so constitutional protections for intellectual privacy have no
direct application to the practices of private information providers. These protections are instructive nonetheless,
for they reflect a set of values that our legal culture has identified as
important and worth preserving. In
particular, fourth and first amendment law supply principles designed to
protect the spatial and informational attributes of intellectual privacy. Copyright law, meanwhile, implicitly presumes
a degree of “breathing space,” and of anonymity, for users of intellectual
goods. In different ways, then, each
body of law intersects with and operationalizes (aspects of) the normative
framework developed in Part II.
Application of the intrusion tort to
DRM technologies finds parallels in a rapidly growing body of law that
addresses the fourth amendment status of various types of remote information
gathering. The federal courts have
concluded that at least sometimes, such disembodied intrusions invade
constitutionally protected privacy rights.
Most recently, in Kyllo v. United States,[27] the Court held that extraction of heat signature
information emanating from the defendant’s home constituted a search, and
required a warrant. Kyllo does
not address whether reporting back to a machine should count, yet on the
Court’s reasoning there seems no reason why it should not. The search consists of the act of extraction,
not what may or may not follow it.
Rather, under Kyllo the dispositive factors were the fact that
the extraction technology was “not in general public use” and the fact that it
enabled access to “details of the home that would previously have been
unknowable without physical intrusion.”[28]
As this brief discussion indicates,
fourth amendment law has not embraced a spatialized understanding of
intellectual privacy to the full extent suggested here. First, it remains unclear whether the strong
privacy protection specified by the Kyllo Court is to be limited
specifically to the home.[29] The majority’s
brand of originalism supports this interpretation, but other approaches to
constitutional interpretation and even other brands of originalism might not.[30] In delineating
the legally cognizable scope of intellectual privacy interests, this is a
particularly important question. Homes
are but one kind of private space, and perhaps not even the most significant
where intellectual activity is concerned.[31] Arguably,
one’s desktop or laptop computer, personal data assistant, or portable media
player sits at the center of the zone of intellectual privacy to which
one is entitled, regardless of where in physical space it happens to be
located.[32] Second, the
“general public use” inquiry, like the “reasonable expectation of privacy”
standard on which it builds, renders privacy a moving target. Eventually, the Court will need to confront
the fact that the ultimate consequence of such a standard may be no privacy at
all. Finally, by its own terms, the
fourth amendment cannot even reach the question whether direct constraints,
without any reporting back, invade a legally protectable privacy interest. Whether or not they do so, such constraints
cannot constitute a “search.”
Here it is important to note – both
for fourth amendment purposes and for insight into the lessons that the common
law of privacy should draw from its constitutional cousin – that the text of
the fourth amendment places intellectual privacy front and center. The amendment extends protection against
warrantless search and seizure not simply to the home, but also to individuals’
“papers and effects.”[33] If individuals
have no recourse for warrantless remote extraction of information from digital
analogues to these items, this protection stands to lose much of its
meaning. So too if widespread efforts to
enshrine a new technology, such as DRM, as a commercial standard can displace
privacy rights. Fourth amendment
jurisprudence, like common law privacy jurisprudence, is just beginning to
grapple with these and other difficult privacy problems presented by the
digital age. Even so, its greater
sensitivity to the intersections between spatial privacy and intellectual
privacy is an important guidepost for courts in common law intrusion cases to
follow, if they choose.
The argument that effective privacy
protection should include control over the circumstances of intellectual
consumption finds additional support within copyright law. The fair use doctrine, which sanctions
certain acts of private copying, shields a range of actions that users might
take in private spaces, including time- and space-shifting of copies, loading
and reloading of digital files, and manipulation of digital content.[34] The first sale
doctrine, which establishes the right to dispose of one’s copy of a work
without any obligation to seek the copyright owner’s approval,[35] similarly rests on the belief that a copyright owner
has no cognizable interest in a broad range of post-purchase user activities or
in the spaces where they occur. More
broadly, because copyright law does not give copyright owners the exclusive
right to control all uses of their copyrighted works, it implicitly reserves to
users the right to engage in conduct not encompassed by the statute.[36] Copyright does
not, for example, encompass such acts as reading a copy of a book, viewing a
copy of a movie, or listening to a copy of a musical recording that one owns;
not coincidentally, these are all acts that ordinarily occur within private
spaces.
The net effect of all of these rules
is that copyright law traditionally has honored a version of the public-private
distinction that is extremely robust.[37] Whether a
provider of digital information is honoring or abusing this distinction should
inform application of the common law intrusion tort, even to (at least some)
DRM technologies that simply impose direct constraints on user behavior. From a copyright perspective the difference
between reporting back and simple constraint is less relevant than the
difference between public exploitation and private consumption. When deciding whether particular DRM
constraints rise to the level of an actionable intrusion, courts should take
this perspective into account.[38] The DMCA says nothing about its
interaction with other federal or state privacy laws, just as it says nothing
about its interaction with many other background rules of law, but that does
not mean it negates them. The DMCA says
nothing about its interaction with the background law of contract, either. That users are not authorized to circumvent a
broader range of privacy-invasive measures does not mean that information
providers have carte blanche to employ them.
The most plausible explanation for §§ 1201(i) and 1205 is simply that
interest groups brought specific problems to the drafting committees’
attention. The legislative history does
not suggest that any of the relevant committees ever undertook a more thorough
exploration of the privacy question.
Application of the appropriation and
“embarrassing facts” torts to DRM monitoring technologies finds parallels in
first amendment jurisprudence touching on intellectual privacy. First amendment cases involving the compelled
disclosure of reading matter find intellectual activity quintessentially private
because of the chilling effect on private expressive and political activity
that might result from compelled disclosure of opinions and associations.[39] The chill may
diminish when private compulsion replaces state compulsion, but it does not
disappear. In the age of distributed
databases, the pertinent fact is that a record of the activity exists, and may
be acquired and used by either state or private parties.[40] On similar
reasoning, the “embarrassing facts” tort should encompass disclosure of
information about patterns of intellectual consumption. Arguably, the harms of such disclosure are at
least as great as those resulting from disclosure of information about sexual
activities and preferences, since it is the former rather than the latter upon
which (a democratic/free) society relies to constitute its citizens. And if a profile of intellectual activities
and preferences can chill expressive and associative conduct, it is hard to see
why it should not be deemed a “likeness” – whether flattering or unflattering
is beside the point – of the individual to whom it refers.
Further support for expansion of the
appropriation tort to encompass transactional identity comes, paradoxically,
from privacy’s commercial doppelganger, the common law right of
publicity. Like the privacy tort of
unauthorized appropriation, rights of publicity protect against unauthorized
appropriation of names and likenesses.
Rights of publicity typically are invoked to protect commercially
valuable likenesses, while rights of privacy are not, but both theories seek to
reserve control over commercial exploitation of identity to the individual with
whom that identity is associated. Unlike
courts hearing privacy cases, courts in publicity cases have generously construed
the concept of “likeness,” extending protection to any attribute of personality
that can reasonably be identified as belonging to the plaintiff.[41] Courts and
commentators justify this expansion with reference to both the increasing value
of (celebrity) identity and the many forms that identity can assume in the age
of mass culture and advertising.[42] If it is true
that manifestations of identity have become increasingly protean in the
information age, there seems to be no good reason why the common law of privacy
should not also recognize protectable attributes of identity in commercial
profiles. Indeed, the case for such
protection is far stronger than in the publicity context; data about one’s
transactional history and preferences is far more directly bound up with
identity than attributes that merely seek to trigger some mental association.
Finally, the same copyright rules
that create a presumption of spatial privacy also provide strong implicit
support for informational privacy claims directed toward DRM monitoring. Together, those rules effectively erect a
strong presumption of anonymity around privileged uses. The functions and benefits of anonymity are
clearest in the case of fair use. Fair
use privileges a variety of activities that are deemed socially valuable, but
to which private copyright holders might object. In other cases, the costs and delay involved
in seeking permission may strike the would-be fair user as prohibitive, even if
the overall social value resulting from the use would outweigh these costs.[43] Having to seek
permission from the copyright holder ex ante would chill both types of
uses; anonymity for fair users mitigates the twin problems of private
censorship and high transaction costs, and allows society to receive the
benefit of many controversial and/or spontaneous uses that otherwise would not
occur.[44] But these
benefits of anonymity accrue for other sorts of uses as well.
Synthesis of the intrusion,
appropriation, and embarrassing facts torts with these insights, derived from
conceptually related areas of law, would yield more expansive conceptions of
actionable intrusion, appropriable identity, and sensitive personal
information. This result is broadly
consistent with the normative model of privacy developed in Part II, which
focuses on control of access to self. It
is also broadly consistent with the core policies underlying each tort: to
preserve, respectively, individual control of space, identity, and “face.”
Why, though, should the common law
of privacy make these leaps? For all the
ingrained conservatism of the common law method, recognizing and responding to
changing circumstances by redefining legally cognizable injury and
responsibility is a central role of the courts.
Many legal rules that we take for granted today simply did not exist
forty or fifty years ago. One example is
the law of strict products liability, under which an injured consumer may
recover damages directly from the manufacturer of a defective product even if
there is no privity of contract.[45] Another is the
law of sexual harassment, which recognizes that sex-based hazing in the
workplace can amount to discrimination in violation of federal law.[46] In each
context, the courts gradually came to recognize that new forms of injury
resulting from changed marketplace realities warranted new modes of redress.
In a similar fashion, courts can and
should respond to new forms of injury enabled by the rise of digital network
communications and the attendant transformations of commerce in
information. In copyright circles, this
point is hardly novel, but lawmakers and courts have focused their attention
largely on new sources of injury to information providers. As these historical examples suggest, it is
appropriate to focus, as well, on new sources of injury to information users,
and doing so will not bring commerce in information screeching to a halt. The project of transforming existing doctrine
to accommodate the unprecedented is itself firmly rooted in precedent.
There is one important caveats to
this rather optimistic account of the potential for robust common law standards
of intellectual privacy. Traditionally,
common law privacy protections may be waived.
As long as the contract is otherwise enforceable, one may consent to
audio- or videotaping of the activities inside one’s home, or to commercial
exploitation of one’s name or likeness, or to publication of sensitive
information about one’s sexual habits.
Because the privacy invasions effected by DRM technologies occur in the
context of consensual commercial transactions, the mechanisms for establishing
effective consent can easily be put in place.
Neither copyright law nor
constitutional privacy law offers a clear way out here. Constitutional protections also can be
waived. Copyright law, meanwhile, is
silent about when parties may contract around the rights and limitations that
it specifies. This silence has
engendered an extensive scholarly debate about whether such contracts should be
prohibited, under either a theory of preemption or one of misuse, as violating
fundamental public policy.[47] Detailed consideration
of those debates is outside the scope of this Article; for our purposes, the
important point is that neither preemption nor misuse is well-suited to address
the privacy problems stemming from DRM technologies. The fundamental public policy that both
doctrines seek to preserve is the “copyright balance” between incentives and
access. User privacy serves related
purposes, and a decision striking down a particular contract provision might
have the effect, as well, of promoting privacy, but privacy is not central to
this inquiry. For a specifically
privacy-regarding theory of contract’s limits, we must look elsewhere.
2.
Consumer Protection Law and the Fair Information Practices
Although consumer protection law has
not traditionally been viewed as a significant component of information policy
in the United States, that is changing.
In an era in which mass-distributed information goods are increasingly
bundled with lengthy, complex licenses, the connections between consumer
protection and information policy can no longer be ignored. Although the issue of privacy in intellectual
consumption has not yet received specific attention, both the Federal Trade
Commission (FTC) and intellectual property scholars have begun to focus more
closely on these connections.[48] Where privacy
is concerned, judge-made law and consumer protection regulation have
complementary roles to play. While
properly reformulated common law privacy torts can police the worst excesses of
DRM, consumer protection law operating prospectively can set minimum standards
of protection that all information providers must follow.
One advantage of a consumer
protection approach to the terms of information access and use is that it
allows policymakers to consider consumer welfare directly, rather than parsing
out the implications of a statutory scheme (such as copyright) designed
primarily to accomplish some other purpose.
Whether this change in emphasis might translate into significant
substantive protection for consumers depends on the prevailing standard for
consumer well-being. United States
consumer protection law is not particularly well tailored to safeguard the
intellectual privacy of information users.
Like the common privacy torts, however, it has the potential to be.
Consumer protection law in the
United States has focused primarily, though not exclusively, on maximizing
market-based indicia of consumer welfare.
The FTC has jurisdiction to regulate “unfair or deceptive practices in
or affecting commerce.”[49] In
implementing this mandate, it has largely confined itself to policing
deception, and has been much slower to implement measures designed to provide
other sorts of protection to consumers who are adequately and accurately
informed. Whatever the merits of this
approach in other contexts, as an approach to privacy protection it is
demonstrably inadequate. An extensive
literature supports the conclusion that the idea of a well-functioning “market
for privacy” is irremediably flawed.[50] In many
transactions, retaining control of one’s personal information simply is not an
option. Even when it is, pervasive and
likely incurable information problems prevent individuals from evaluating the
relevant tradeoffs.[51] More
fundamentally, privacy tradeoffs involve incommensurable values, and the
dignitary values at stake in decisions about privacy arguably are not an
appropriate subject for market ordering at all.[52] For the
reasons already discussed, this argument is particularly strong where
intellectual privacy is concerned. Under
the Clinton Administration, the FTC called without success for federal
legislation establishing stronger protection for online privacy.[53] If the FTC
wishes to play a role in safeguarding the intellectual privacy of information
consumers, however, it can begin by rethinking its interpretation of its
statutory mandate.
A somewhat more robust vision of
informational privacy protection is embodied in guidelines issued in 1980 by
the Organization for Economic Cooperation and Development, which outlined a set
of Fair Information Practices (FIPs) based on eight principles: collection
limitation, data quality, purpose specification, use limitation, transparency
of information collection practices, security of stored data, individual
participation, and accountability.[54] Although the
U.S. played an important role in developing the FIPs, the FIPs have never been
fully incorporated into U.S. law. In
part, this is the result of sustained resistance by the information and direct
marketing industries. In part, it is
because the proceduralist understanding of consumer protection already
enshrined within FTC practice pairs more comfortably with a version of fair
information practices based simply on notice and consent. More faithful adherence to the FIPs would
enhance the informational privacy of users of copyrighted works and other
information goods.[55] The FTC has
taken some steps in this direction, but only with respect to narrowly defined
populations.[56] Extending
protection to all consumers is appropriate in an age in which personal
profiling increasingly extends far beyond purchases of durable goods to reach
private intellectual activities.
Even with more rigorous and
inclusive application of the FIPs, however, the problem of privacy in
intellectual consumption is too complex to be resolved by data processing
standards alone, for several reasons.
First, the FIPs do not address spatial privacy, and so have nothing to
say about the sorts of behavioral restrictions effected by DRM
technologies. Thus, even scrupulous
adherence to the FIPs would not address all of the privacy concerns discussed
in Part II. Second, even with respect to
information privacy, the FIPs do not establish minimum substantive thresholds
for privacy protection. At most, they
are designed to facilitate informed contracting and meaningful quality control
by individuals who are the subjects of data transactions. Finally and relatedly, the FIPs do not
address important threshold questions of contract validity. That is, they say nothing about whether
waivers of privacy rights by consumers who are fully informed should
nonetheless be subject to limits.
For consumer protection law to
provide meaningful protection for intellectual privacy (or any other kind of
privacy), the proceduralist standards embodied in the FIPs must be augmented by
substantive privacy standards. Here the
act of legal imagination consists in realizing that although the FTC has not
traditionally involved itself in setting substantive standards of consumer
protection, its mandate to address “unfair” trade practices is broad enough to
encompass such a move. Put differently,
a market-making conception of fairness is not the only possible definition of
that term, nor the only sensible one.
Where consumers cannot play on an equal footing with other market
participants, it serves neither fairness nor markets to pretend they can.
In the context of informational
privacy, one example of a substantive standard of fairness is the European
Union’s data processing directive, which delineates certain kinds of
information as sensitive and allows member states to place them off limits.[57] Similarly, if
intellectual profiling is deemed to create unacceptable risk of harm to
consumers, one might envision a regulation setting limits on the collection,
use, retention, and trading of such information.[58] In the context
of spatial privacy, an example of substantive privacy protection might be a
regulation prohibiting certain kinds of electronic self-help,[59] or preserving a limited degree of freedom to
space-shift digital files. By
establishing these sorts of standards and enforcing penalties for violating
them, consumer protection authorities can ensure that information consumers
retain meaningful control over both the spatial and information dimensions of
their own intellectual consumption. In
addition, as I will discuss in Part IV, the law has an important role to play
in ensuring that substantive protections for privacy are incorporated into the
design of DRM technologies at the outset.
B. Contract and Intellectual Privacy as
Fundamental Public Policy
The single greatest obstacle to
effective legal protection of privacy in intellectual consumption is not
imperfect fit with the available legal theories, but the fact that each
available theory gives way to contract in many, if not all, circumstances. Many believe that this deference to contract
is entirely appropriate. They observe that,
from the information provider’s perspective, the greater power to withhold the
transaction entirely logically includes the lesser power to impose conditions
on the terms of access and use. From the
individual user’s perspective, these conditions may diminish privacy, but users
remain free to accept or reject the terms offered to them. Privacy advocates have persuasively argued
that the argument from contract is far too simplistic, and ignores both
marketplace realities and important non-market considerations. Thus far, however, the law has failed to
translate these challenges into a workable legal theory capable of displacing
contract when threats to privacy reach unacceptable levels.
Some challenges to contractual
ordering of privacy rights focus on imperfections that are likely to prevent
market mechanisms from working smoothly.
These challenges fall into two general categories. First are procedural challenges to the validity
of consent to online adhesion contracts waiving privacy. In the age of “clickwrap,” however, defects
relating to consent are easily cured by requiring the consumer to pass through
a screen displaying license terms and to indicate assent to those terms after
having had the opportunity to review them.[60] A second set
of objections to contractual ordering of privacy rights relates to issues of
market power. If a dominant vendor has
market power, it becomes harder to posit a meaningful level of competition to
satisfy the full range of consumer preferences.
Because the conventional form of this inquiry looks only to the power of
individual market participants, however, and not to the market power that
results from widespread adoption of standard form terms,[61] this argument has weight only in monopoly markets,
and (as a result) very little weight in most markets for online information
goods.
Both types of argument from market
imperfection, however, fit comfortably within a larger conceptual framework
that presumes the rightness of market ordering if only some defect or
other could be brought under control.
Neither challenges the baseline presumption in favor of contractual
ordering in properly functioning markets.
As a result, each rapidly becomes mired in the details of this or that
clickwrap procedure, or this or that market practice. The more fundamental question – whether
market ordering of privacy rights makes sense at all – remains obscured. It is not terribly surprising, then, that
these sorts of arguments have failed to generate the impetus for meaningful
reform of the legal rules governing waiver of privacy rights.
Other challenges to contract step
outside the market framework, and argue that even in perfectly functioning
markets, contract would be ineffective to preserve privacy, or to do so fairly.[62] As discussed
in Part III.A.2, above, some of these arguments rest on the premise that in the
modern mass marketplace, consumer choice about privacy is fictitious; others
point to the insoluble information problems that consumers confront in
assessing privacy tradeoffs; and still others reject a priori the notion that
market resolution of privacy policy is appropriate.[63] On any of
these views, the problem is not market failure, but rather a more systemic failure
of markets.
It is a measure of the degree to
which both academic and policy debates have been captured by the rhetorics of
markets and private ordering that these arguments receive comparatively little
attention. In the current climate,
arguments from human dignity seem both insufficiently rigorous and vaguely
passe. Yet the reluctance to address
privacy in non-market terms is puzzling, for two reasons. As Jessica Litman has pointed out (and as
privacy advocates “in the trenches” have always known), that is the way that
ordinary people think about privacy.[64] Ordinary
people – not academics, technologists, science fiction writers, or other
members of the cyber-literati – react to abuses of privacy with outrage and a
sense of betrayal, and feel that commercial dealings should be accompanied by
privacy obligations.[65] That this
outrage often does not translate into meaningful market resistance
should not surprise us[66]; if markets for privacy are inherently dysfunctional,
there is no reason to expect this result.
If one asks, instead, the more
general question whether there are circumstances in which public policy
overrides contract, one discovers that many public policy-based limits on
contract exist. In fact, the proposition
becomes much less remarkable than the rhetoric of current privacy debates makes
it seem. Most people agree that there
are some public policies that should not be altered by contract. Perhaps the best example is the general
policy that one may not contract into a state of slavery, but there are many
other, less dramatic examples. One is
the rule that one may not sell one’s organs for transplant, research, or any
other use.[67] Two additional
examples are the rules that one may not contract out of medical malpractice
liability or strict products liability by asserting one’s willingness to risk
injury in return for a lower price.[68] Still another,
more recent example is set forth in a New York trial court’s ruling enjoining a
software developer from forbidding licensees to publish critical reviews of its
products.[69] In each of
these situations, the question whether the “free market” might equilibrate in a
way that preserves the default rule is considered irrelevant.
This brief list illustrates two
salient points about the sorts of public policies that are considered
“important” enough to trump contract.
First, these policies bolster noneconomic values that run the gamut from
bodily integrity to freedom of expression to human dignity and
self-determination. Privacy in general,
and intellectual privacy in particular, serve values that fall comfortably
within this spectrum. Second and equally
important, the appeal to public policy is not an appeal to logic or political
theory, but to visceral notions of fairness.
For privacy concerns to trump contract, privacy advocates must establish
not only that privacy values are similar in kind to other public values that
society has sought to preserve, but also that they are similarly
compelling. Once convinced of this,
courts could quite easily develop rules limiting privacy waivers just as they
have done in other contexts.
At bottom, the argument for limiting
waiver of intellectual privacy rights is straightforward, and builds upon the
argument in Parts II and III.A, above, about why intellectual privacy is
important and why the law should recognize harms to intellectual privacy in the
first instance. Sophistry about markets
and market failures aside, intangible invasions of intellectual privacy are
capable of causing great harm to individuals, and of substantially undermining
shared, nonmonetizable values. Such
invasions compromise rights of self-determination and undermine human dignity
by eliminating the “breathing space” for intellectual development. A decision to promote these values in the law
of “privacy” while simultaneously enabling easy evasion of accountability via
“contract” would be nothing short of perverse.
Taking these intangible harms seriously requires more.
IV. Building Intellectual Privacy Into Code
Although legal sanctions for
invasion of intellectual privacy are essential to guarantee respect for the
intellectual privacy rights of information users, as a means of ensuring
effective protection for all users, both judicial and regulatory sanctions are
second-best strategies. A far more
effective method of ensuring that information users actually enjoy the privacy
to which they are entitled would entail building privacy into the design of DRM
technologies in the first instance. In
such a world, legal protection for intellectual privacy would serve as backdrop
to more privacy-regarding conduct by (most) providers of information goods, and
would simply serve to police deviations from an accepted range of privacy
protection. Taking privacy into account
at the outset requires a different approach to designing DRM technologies, and
also requires a process for ensuring that more privacy-protective DRM
technologies are put in place.
A. Value-Centered Design for DRM
The notion of value-centered design
is an outgrowth of the interdisciplinary study of science, technology, and
society. Careful attention to the social
embeddedness of technologies reminds us that technologies themselves are social
artifacts; they constitute and are constituted by social values and interests.[70] In the context
of DRM, this insight suggests that design for maximum control is but one
direction that a DRM infrastructure could take.
Alternatively, one might imagine developing a design process devoted to
identifying the full range of values, both private and public, implicated in
DRM design, and to operationalizing DRM in a way that preserves important
public values. Such a value-centered
design process for DRM technologies would seek, among other things, to create
rights management infrastructures for information goods that respect and seek
to preserve user privacy.[71] Such an
infrastructure would have three components, which map to the three types of
privacy invasion discussed in Part II.
The first component of
value-centered design for DRM involves development of flexible restrictions
that minimize direct constraints on intellectual consumption within private
spaces. The idea that functionality
restrictions might be designed to preserve flexibility for private access and
copying is hardly novel. One example is
the serial copy management system mandated by the Audio Home Recording Act,
which allows the production of perfect first-generation copies but causes
significant quality degradation in subsequent generations.[72] Another
example is the Digital Millennium Copyright Act’s requirement that analog
videocassette recorders be designed to allow consumers to time-shift some kinds
of television programming.[73] Elsewhere, Dan
Burk and I have argued that restrictions similar to these are necessary to
preserve basic user privileges established under copyright law, such as fair
use.[74] Flexible
restrictions on the functionality of digital copies also would operate to
preserve user privacy, for similar reasons.
Such restrictions rest on the presumption that an information provider
has no legitimate interest in controlling or even knowing about certain types
of uses within private spaces.
Value-centered design for DRM also
would build in limits on monitoring and profiling of individual users. Because most businesses need to collect and
retain some information about their customers to manage orders, payments, and
deliveries, technological limits on data collection and use cannot fully substitute
for other, human-implemented rules.
Nonetheless, DRM systems may be designed either to minimize or to
maximize data collection, retention, extraction and use. To preserve the intellectual privacy of
information users, DRM design should incorporate a minimization principle.[75] In the cases
where real-time monitoring of user conduct is deemed to provide some
significant non-privacy-related benefit,[76] designers should consider whether the desired benefit
can be achieved capturing the precise identity of the user, or without tying
users to content. If not, and if the
implementation ultimately chosen must reflect a choice between the benefit and
user privacy, that choice should be made explicitly and documented, so that
later designers, regulators, and courts can understand the tradeoffs involved.
Finally, a privacy-regarding DRM
infrastructure would implement limitations on self-help. This might mean, for example, that digital
files could not be programmed to self-destruct, or to deny access entirely,
upon detecting an impermissible action.[77]
These proposals are necessarily
quite general. Whether they would
operate to guarantee meaningful levels of privacy for information users would
depend upon the specific details of their implementation. Nor are these suggestions necessarily the
only or the best ones; an expert in the relevant technological fields could
undoubtedly think of others. The point
is simply that a focus on value-centered design exposes “DRM” as a concept that
is susceptible of a wide range of meanings.
Understanding the DRM design process as (necessarily) value-driven is an
essential first step to ensuring that in the future, design priorities shift to
include a broader range of values.
B. Creating a Value-Centered Design Process
Identifying the possibility of
value-centered design for privacy is only half the battle. For privacy-regarding DRM technologies to
move from the pages of academic articles onto of the drawing board and
ultimately into the marketplace, those who participate in or underwrite
real-world design processes need incentives to expand their frames of reference. Law has a role to play here as well, although
it is a very different role from that discussed in Part III. Law’s role in structuring DRM
standard-setting processes is to ensure that the formulation of technical
standards by market actors takes public values, including privacy values, into
account.
If, as several advocacy
organizations have urged, the law were to specify a “bill of rights” for users
of information goods, this would constrain DRM development initiatives to focus
on public values as well as the private ones.[78] In particular,
rights of intellectual privacy could be specified at a sufficiently high level
of generality to avoid dictating the choice of technical standards, while still
conveying the necessary information about the substance of the protection to be
afforded. Thus, following the model set
forth above, rights of intellectual privacy would include: the right not to be subjected to intrusive
constraints on the use of intellectual goods within private spaces; rights
against monitoring of intellectual consumption and profiling based on
intellectual preferences; and the right not to be subjected to electronic
self-help that would disable access to lawfully acquired information
goods. Development of technical
standards and processes to effectuate these rights would be the content
industries’ affair.
Vigilant defenders of market
ordering will object that this proposal improperly injects government into a
process – standards development – that is quintessentially of, by, and for the
market. It takes but a moment’s
reflection to see that this objection is simply the first cousin once removed
of the old argument for market ordering of privacy rights. If the first-order “market for privacy”
cannot accurately reflect the variety of values placed on privacy, it is
difficult to imagine how a second-order market for privacy standards, derived
by inference from the first-order market for privacy, could possibly do
so. Even assuming that the first-order
market for privacy actually worked, and that the average consumer could easily
master the complexity of DRM standards terminology, market processes are not
well suited to enable consumers to exert positive, as opposed to negative,
influence on the design of technical standards.
Consumers can refuse to buy, or can switch from one provider to another,
but there are no mechanisms to allow consumers to communicate as a prospective
matter the precise level of functionality that they want. And because DRM technologies are network
technologies,[79] it will become increasingly difficult for dissenting
consumers to opt out.
DRM standards processes offer an
opportunity for more reflective participation in the debate over DRM, but still
are not good vehicles for the incorporation of public values into DRM
design. To the average consumer of
information goods, standards processes are arcane and relatively inaccessible
proceedings. Organizations representing
consumers and other noncommercial interests have begun to take an interest in
DRM standard-setting.[80] At present,
however, their participation in these processes is largely on the sufferance of
the content industries. Not all
standards processes include consumer representation, and even in those that do,
there is no assurance that consumer grievances, once aired, will actually make
their way into the standards that are brought to market.[81]
For a value-centered design process
to succeed, some actor external to the market for DRM technologies must
identify and maintain the centrality of the relevant public values. I do not intend to suggest that the law
should mandate the content of technical standards for DRM technologies, or that
government actors would be good at supervising such a process. Government can be rather good, though, at
mandating non-technical standards.[82] In the
predigital world, we might call these non-technical standards simply
“rights.” In the digital age, rights
state (among other things) the values that technical standards should be
designed to enable. [EXPAND A BIT HERE]
V. Conclusion
TO COME. [NOTES: The key to preserving the benefits of intellectual privacy is that both right-holders and the law must surrender some control over user behavior. But that’s exactly what freedom is. These questions need to be asked while design and implementation are still on the drawing board; it will be much easier to design for privacy now than to retrofit privacy-invasive designs later.]
*Professor of Law, Georgetown University Law Center. Internet: I thank Andrew Crouse for his able research assistance.
[1]See,
e.g., Judith Jarvis Thomson, The Right to Privacy, in Ferdinand David Schoeman, ed., Philosophical
Dimensions of Privacy: An Anthology 272 (1984).
[2]See
Ferdinand David Schoeman, Privacy: Philosophical Dimensions of the
Literature, in Ferdinand
David Schoeman, ed., Philosophical Dimensions of Privacy: An Anthology 1
(1984).
[3]See,
e.g., Katz v. United States, 389 S. Ct. 347 (1967) (holding that a person
has a reasonable expectation of privacy while using a public telephone booth);
Doe by Doe v. B.P.S. Guard Services, Inc., 945 P.2d 1422 (8th Cir.
1991) (holding that surreptitious videotaping of fashion models in their
dressing room was an invasion of privacy); Benitez v. KFC Nat’l Mgmt. Co., 714
N.E.2d 1002 (Ill. App. 1999) (holding that female employees’ allegations that
employer spied on them through hole in ceiling of women’s bathroom stated claim
for invasion of privacy); Harkey v. Abate, 346 N.W.2d 74 (Mich. App. 1983)
(holding that installation of hidden viewing device in public bathroom at
skating rink invaded privacy); People for Ethical Treatment of Animals v. Bobby
Berosini, Ltd., 895 P.2d 1269 (Nev. 1995) (add parenthetical). But see Elmore v. Atlantic Zayre,
Inc., 341 S.E.2d 905 (Ga. App. 1986) (holding that rights of privacy in store
bathrooms may be outweighed by store’s interest in deterring crime); Hougum v.
Valley Memorial Homes, 574 N.W.2d 812 (N.D. 1998) (no invasion of privacy where
employee only unintentionally observed man masturbating in public bathroom).
[4]Cf.
Erving Goffman, The Presentation of Self
in Everyday Life (1959); Alan F.
Westin, Privacy and Freedom (1970).
[5]See,
e.g., cites.
[6]See,
e.g., Anita L. Allen, Coercing Privacy, 40 Wm. & Mary L. Rev. 723, 754-55 (1999); Julie E. Cohen, Examined
Lives: Informational Privacy and the Subject as Object, 52 Stan. L. Rev. 1373, 1424-28 (2000);
Julie E. Cohen, A Right to Read Anonymously: A Closer Look at “Copyright
Management” in Cyberspace, 28 Conn.
L. Rev. 981, 1006-14 (1996); Ruth Gavison, Privacy and the Limits of
Law, 89 Yale L.J. 421 (1980);
Seth F. Kreimer, Sunlight, Secrets, and Scarlet Letters: The Tension Between
Privacy and Disclosure in Constitutional Law, 140 U. Pa. L. Rev. 1, 59-71 (1991).
[7]Cf.
Jeffrey Rosen, The Unwanted Gaze: The
Destruction of Privacy in America (2000) (arguing that privacy protects
the individual interest in not being judged “out of context”); Radhika Rao, A
Veil of Genetic Ignorance? Protecting
Privacy as a Mechanism to Ensure Equality, __ Hastings L.J. (forthcoming 2003) (arguing that privacy is
grounded in equality interests).
[8]See
Video Privacy Protection Act of 1988, 18 U.S.C. § 2710; [title of cable act],
47 U.S.C. §551; Julie E. Cohen, A Right to Read Anonymously: A Closer Look
at “Copyright Management” in Cyberspace, 28 Conn. L. Rev. 981, 1031 n.213
(1996) (collecting state statutes safeguarding the privacy of library patrons).
[9]See
P.J. Huffstutter & Jon Healey, Suit Filed Against Record Firms, L.A. Times, June 14, 2002; Brenda
Sandburg, Milberg Weiss Files Suit Over CDs With No-Copy Technology, The Recorder, June 17, 2002; Amy
Harmon, CD-Protection Complaint Is Settled, N.Y. Times, Feb. 25, 2002, at C8.
[10]See
John Borland, Studios Race to Choke DVD Copying, CNET News.com, Feb. 4,
2002; Matt Lake, How It Works: Tweaking Technology to Stay Ahead of the Film
Pirates, N.Y. Times, Aug. 2,
2001; Doug Mellgren, Acquittal in DVD Decoding: Norwegian Teen Created
Program So He Could View Film on Computer, Charlotte Observer, Jan. 8, 2003.
[11]See,
e.g., Schoeman, supra note __; add others.
[12]Cf.
Lawrence Lessig, Code and Other Laws of
Cyberspace ___ (1999); Joel R. Reidenberg, Lex Informatica: The
Formulation of Information Policy Rules Through Technology, 76 Tex. L. Rev. 553 (1998).
[13]For
some privacy skeptics, the failure of privacy scholars to agree on a single
definition of privacy is a fundamental weakness. Other scholars, however, contend that
recourse to multiple, sometimes overlapping definitions of privacy is entirely
reasonable, and does not weaken the case that “privacy” interests exist. See Daniel J. Solove, Conceptualizing
Privacy, 90 Calif. L. Rev.
1087 (2002) (suggesting a pragmatic, family-of-concepts approach to privacy).
[14]See,
e.g., cites – MacKenzie; others.
[15]See
Specht v. Netscape Communications Corp., 306 F.3d 17 (2d Cir. 2002) (affirming
denial of defense motion to compel arbitration in case alleging invasion of
privacy by use of browser “plug-in” to monitor online activity); In re
RealNetworks, Inc. Privacy Litigation, 2000 WL 631341 (N.D. Ill. 2000)
(rejecting arguments by intervenor in proceeding to compel arbitration of
privacy claims regarding media player software that monitored and stored
information about users’ electronic communications); cf. In re
Pharmatrak, Inc. Privacy Litigation, 220 F. Supp. 2d 4 (D. Mass. 2002) (holding
that Pharmatrak was not liable under federal electronic communications,
wiretap, or computer fraud laws for using “cookies” to collect personal
information about web site users); In re DoubleClick, Inc. Privacy
Litigation, 154 F. Supp. 2d 497 (S.D.N.Y. 2001) (same).
[16]See
Mark Prigg & Avril Williams, Spies Behind Your Screen, The Times
(London), Aug. 6, 2000; add others.
[17]For
good discussions of profiling and its uses, see Oscar H. Gandy, Jr., The Panoptic Sort: A Political Economy of
Personal Information (1993); Jeff Sovern, Opting In, Opting Out, or
No Options at All: The Fight for Control of Personal Information, 74 Wash. L. Rev. 1033 (1999).
[18]See
Unif. Cptr. Info. Transactions Act
(UCITA) §§ 605, 815-816 (as amended 2002); UCITA §§ 605, 815-816 (as amended
2001); UCITA §§ 605, 815-816 (1999); Unif.
Commercial Code (UCC) §§ 2B-310 and 2B-715, Reporter’s Note 3 (Aug. 1,
1998 Draft); UCC §2B-310, -716 (Apr. 1, 1998 Draft); UCC §2B-310, -716 (Feb.
1998 Draft); see also Julie E. Cohen, Copyright and the Jurisprudence
of Self-Help, 13 Berkeley Tech. L.J. 1089 (1998).
[19]See
Ruth Gavison, Privacy and the Limits of Law, 89 Yale L.J. 421 (1980).
[20]For
this reason, it may make more sense to view these activities through the lens
of objectification rather than that of accessibility. See Julie E. Cohen, Examined Lives:
Informational Privacy and the Subject as Object, 52 Stan. L. Rev. 1373 (2000).
[21]“Public”
and “private” are terms with multiple meanings.
I use “private” here not to denote non-state activities, but simply to
denote spaces not open to the general public and behaviors not intended for the
general public, including private intellectual activities, and “public” to
include conduct that occurs outside these realms.
[22]Samuel
D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890).
[23]See William
L. Prosser, Privacy, 48 Calif. L.
Rev. 338 (1960); W. Page Keeton,
et al., Prosser and Keeton on Torts §117 (5th ed. 1984); Restatement (2d) of Torts §652A (1977).
[24]See,
e.g., Miller v. Brooks, 472 S.E.2d 350 (N.C. App. 1996) (holding that
placing a video camera in plaintiff’s bedroom and going through his mail could
constitute intrusion upon seclusion); Association Services, Inc. v. Smith, 549
S.E.2d 454 (Ga. App. 2001) (holding that trespassing upon private property
while conducting surveillance could constitute intrusion upon seclusion);
Clayton v. Richards, 47 S.W.3d 149 (Tex. App. 2001) (holding that placing a
video camera in plaintiff’s bedroom could constitute intrusion upon seclusion).
[25]See,
e.g., Dwyer v. American Express Co., 652 N.E.2d 1351 (Ill. App. Ct. 1995)
(holding that credit card company did not appropriate cardholders’ names or
likenesses by renting lists of their names characterized by purchasing
patterns); Avrahami v. U.S. News & World Report, Inc., 1996 WL 1065557 (Va.
Cir. Ct. 1996) (holding that media company did not appropriate customer’s name
or likeness by selling information about him).
There are some signs, however, that this resistance may be
lessening. See Weld v. CVS
Pharmacy, Inc., 1999 WL 494114 (Mass Super. Ct. 1999) (denying defense motion
for summary judgment on claim that it appropriated plaintiffs’ names and
likenesses by selling information about them); Bodah v. Lakeville Motor
Express, Inc., 649 N.W.2d 859 (Minn. Ct. App. 2002) (holding that employees
stated a claim for appropriation of name or likeness where employer transmitted
their social security numbers to third parties).
[26]See,
e.g., Doe v. Mills, 536 N.W.2d 824 (Mich. App. 1995) (holding that
plaintiff stated prima facie case of public disclosure of embarrassing facts
where anti-abortion protesters displayed her name outside an abortion clinic);
Y.G. v. Jewish Hosp. of St. Louis, 795 S.W.2d 488 (Mo. App. 1990) (holding that
plaintiffs stated claim for public disclosure of embarrassing facts where
information about their participation in hospital in vitro fertilization
program was televised).
[27]533
U.S. 27 (2001); see also United States v. Karo, 468 U.S. 705
(1984). But see Smith v.
Maryland, 442 U.S. 735 (1979). (add parentheticals).
[28]Id.
at 40.
[29]See
Andrew Riggs Dunlap, Fixing the Fourth Amendment with Trade Secret Law: A
Response to Kyllo v. United States, 90 Geo.
L.J. 2175, 2190 (2002).
[30]Cf.
Lawrence Lessig, Fidelity in Translation, 71 Tex. L. Rev. 1165 (1993); Lessig,
supra note __; Michael Adler, Note, Cyberspace, General Searches, and
Digital Contraband: The Fourth Amendment and the Net-Wide Search, 105 Yale L.J. 1093 (1996); Dunlap, supra note
__.
[31]See
Dunlap, supra note __, at 2187 (“Modern America is defined by the
mobility of its people and their information.”).
[32]Perhaps
for this reason, government agents appear to believe that a warrant is required
for searches of these items. See
United States v. Runyan, 290 F.3d 223 (5th Cir. 2002); Muick v.
Glenayre Elec., 280 F.3d 741 (7th Cir. 2002); United States v.
Triumph Capital Group, Inc., 2002 WL 314877 (D. Conn. 2002). But cf. Aronson v. Spectrum, 767 A.2d
564 (Pa. Super. Ct. 2001) (holding that telecommunications company did not intrude
upon customers’ seclusion by allowing third parties to access their account
information).
[33]U.S. Const. amend. IV; see
Dunlap, supra note __, at 2190-93.
[34]17
U.S.C. § 107; see Sony Corp. of Am. v. Universal City Studios, Inc., 464
U.S. 417 (1984); Mattel, Inc. v. Pitt, ___ F. Supp. 2d ___ (S.D.N.Y. 2002); cf.
Recording Indus. Ass’n of Am. v. Diamond Multimedia Sys., 180 F.3d 1072, 1079
(9th Cir. 1999) (add parenthetical).
[35]17
U.S.C. §109(a).
[36]In
this respect, the fair use doctrine is poorly named; the term “fair use” tends
to suggest that if some uses of copyrighted works are fair, then all other uses
must be unfair. Fair use and other
copyright limitations are not outer limits on permissible uses of copyrighted
works and/or the things embodying them.
They are simply outer limits on a copyright owner’s statutory
rights. Uses not covered by any of those
rights, such as reading a copy of a book that one owns, are reserved to users
whether or not the fair use doctrine would apply to them.
[37]See Paul Goldstein, Copyright’s Highway: From
Gutenberg to the Celestial Jukebox (1994) (but argues that copyright
should extend its reach into private spaces).
[38]It may be argued that the Digital Millennium Copyright Act’s (DMCA) protections for DRM technologies threaten to change rather substantially, and as a matter of federal law, the degree of privacy to which users of intellectual goods are entitled. In fact, the language of the DMCA supports the opposite conclusion: Congress did not intend the DMCA to negate the intellectual privacy of information consumers.
An exception to the DMCA’s anti-circumvention provision authorizes users of copyrighted works to circumvent technical measures capable of collecting or disseminating information about their “online activities.” See 17 U.S.C. § 1201(i). Under this provision, users appear free to subvert certain types of DRM monitoring. In addition, a special savings provision of the statute expressly preserves federal and state laws protecting individual privacy “in connection with the individual’s use of the Internet.” 17 U.S.C. §1205 (“Nothing in this chapter abrogates, diminishes, or weakens the provisions of, nor provides any defense or element of mitigation in a criminal prosecution or civil action under, any Federal or State law that prevents the violation of the privacy of an individual in connection with the individual’s use of the Internet.”). This provision is probably best interpreted as preserving information providers’ obligations under the federal Electronic Communications Privacy Act and analogous state laws; thus, for example, a software company caught monitoring customers’ use of its e-mail program could not claim that the DMCA allows it to do so.
[39]See
Denver Area Educational Telecommunications Consortium, Inc. v. FCC, 116 S. Ct.
2374, 2390-96 (1996) [needU.S. cite]; Stanley v. Georgia, 394 U.S. 557,
563-66 (1969); Schneider v. Smith, 390 U.S. 17, 24-25 (1968); Lamont v.
Postmaster General, 381 U.S. 301, 307 (1965); Fabulous Associates, Inc. v.
Pennsylvania Public Utility Comm., 896 F.2d 780, 785 (3d Cir. 1990); see
also; Gibson v. Florida Legislative Investigation Comm., 372 U.S. 539
(1963); Bates v. City of Little Rock, 361 U.S. 516 (1960); NAACP v. Alabama ex
rel. Patterson, 357 U.S. 449, 460-62 (1958). See generally Julie E. Cohen, A
Right to Read Anonymously: A Closer Look at “Copyright Management” in
Cyberspace, 28 Conn. L. Rev.
981 (1996).
[40]See
Tattered Cover, Inc. v. City of Thornton, 44 P.3d 1044 (Colo. 2002); In re
Grand Jury Subpoena to Kramerbooks & Afterwords, Inc., 26 Med. L. Rptr.
1599 (D.D.C. 1998); see also Julie E. Cohen, Privacy, Technology, and
Ideology: A Response to Jeffrey Rosen, 89 Geo. L.J. 2029, 2033 (2001).
[41]See,
e.g., White v. Samsung Elec. Am., 971 F.2d 1395 (9th Cir. 1992)
(game show hostess’s gown and game show setting), petition for reh’g and reh’g
en banc denied, 989 F.2d 1512 (9th Cir.), cert. denied,
508 U.S. 951 (1993); Waits v. Frito-Lay, Inc., 978 F.2d 1093 (9th
Cir. 1992) (imitation of singer’s distinctive voice and singing style); Midler
v. Ford Motor Co., 849 F.2d 460 (9th Cir. 1988) (same); Carson v.
Here’s Johnny Portable Toilets, Inc., 698 F.2d 831 (6th Cir. 1983)
(talk show host’s “trademark” slogan); Motschenbacher v. R.J. Reynolds Tobacco
Co., 498 F.2d 821 (9th Cir. 1974) (race car driver’s distinctively
decorated car).
[42]See
Roberta Rosenthal Kwall, Fame, 73 Ind.
L.J. 1 (1997); add others.
[43]See
Julie E. Cohen, Lochner in Cyberspace: The New Economic Orthodoxy of “Rights
Management”, 97 Mich. L. Rev.
462 (1998); Lydia Pallas Loren, Redefining the Market Failure Approach to
Fair Use in an Era of Copyright Permission Systems, 5 J. Intell. Prop. L. 1 (1997); cf. Mark A. Lemley, The Economics of Improvement
in Intellectual Property Law, 75 Tex.
L. Rev. 989 (1997).
[44]See
Dan L. Burk & Julie E. Cohen, Fair Use Infrastructure for Rights
Management Systems, 15 Harv. L.J.
& Tech. 41 (2001).
[45]See
Escola v. Coca-Cola Bottling Co. of Fresno, 150 P.2d 436, 461 (Cal. 1944)
(Traynor, J., concurring); Sheward v. Virtue, 126 P.2d 345 (Cal. 1942); State
Farm Mut. Auto. Ins. Co. v. Anderson-Weber, Inc., 110 N.W.2d 449 (Iowa 1961);
Carter v. Yardley & Co., 64 N.E.2d 693 (Mass. 1946); McCormack v.
Hankscraft Co., 154 N.W.2d 488 (Minn. 1967); MacPherson v. Buick Motor Co., 111
N.E. 1050 (N.Y. 19__); Ritter v. Narragansett Elec. Co., 283 A.2d 255 (R.I.
1971).
[46]See
Meritor Savings Back v. Vinson, 477 U.S. 57 (1986); Bundy v. Jackson, 641 F.2d
934 (D.C. Cir. 1981); Tomkins v. Public Service Elec. & Gas Co., 568 F.2d
1044 ( 3d Cir. 1977); Berkman v. City of New York, 580 F. Supp. 226 (S.D.N.Y.
1983).
[47]See,
e.g., Mark A. Lemley, Beyond Preemption: The Law and Policy of
Intellectual Property Licensing, 87 Cal.
L. Rev. 111 (1999); David Nimmer et al., The Metamorphosis of
Contract Into Expand, 87 Calif. L. Rev. 17 (1999); J.H. Reichman &
Jonathan A. Franklin, Privately Legislated Intellectual Property Rights:
Reconciling Freedom of Contract with Public Good Uses of Information, 147 U. Pa. L. Rev. 875 (1999); David A.
Rice, Public Goods, Private Contract, and Public Policy: Federal Preemption
of Software License Prohibitions Against Reverse Engineering, 53 U. Pitt. L. Rev. 543 (1992).
[48]See
U.S. Federal Trade Comm’n, Competition and Intellectual Property Law and
Policy in the Knowledge-Based Economy (Feb.-Nov. 2002), <>;
U.S. Federal Trade Comm’n, Warranty Protection for High-Tech Products and
Services (Oct. 26-27, 2000), <>.
[49]15
U.S.C. § 45(a)(1)).
[50]See,
e.g., Gandy, supra
note __; Cohen, supra note __; A. Michael Froomkin, Flood Control on
the Information Ocean: Living with Anonymity, Digital Cash, and Distributed
Databases, 15 J.L. & Com.
395, 492 (1996); Paul M. Schwartz, Privacy and Democracy in Cyberspace,
52 Vand. L. Rev. 1609 (1999); Paul M. Schwartz, Privacy and the Economics of
Personal Health Care Information, 76 Tex.
L. Rev. 1, 47-51 (1997); Sovern, supra note __.
[51]See
Cohen, supra note __, at 1397-99; Froomkin, supra note __,
at 492; Schwartz, Personal Health Care Information, supra note
__, at 47-51; Sovern, supra note __.
[52]See
Cohen, supra note __; Schwartz, Privacy and Democracy, supra
note __. For this reason, it may make
sense to conclude that the law should protect (some aspects of) privacy even
for individuals who would cheerfully trade it away. See Anita L. Allen, Coercing
Privacy, 40 Wm. & Mary L. Rev.
723 (1999); Cohen, supra note __.
[53]See
U.S. Federal Trade Commission, Privacy
Online: Fair Information Practices in the Electronic Marketplace (2000).
[54]See
O.E.C.D., Recommendation of the Council Concerning Guidelines Governing the
Protection of Privacy and Transborder Flows of Personal Data, O.E.C.D. Doc.
C(80) 58 final (1980), <http://www.oecd.org/EN/document/0,,EN‑document‑43‑1‑no‑24‑10255‑43,00.html>.
[55]For
that matter, it would also enhance the functioning of markets in personal
information by ensuring that personal information is accurate and that data
processing operations more completely internalize their costs.
[56]See
U.S. Federal Trade Comm’n, Children’s Online Privacy Protection Rule, 64 Fed.
Reg. 59,887 (Nov. 3, 1999), codified at 16 C.F.R. § 312; see also
U.S. Dep’t of Commerce, Safe Harbor Overview (establishing guidelines
for U.S. companies that process personally identifying information relating to
European Union citizens, and vesting enforcement authority with the FTC for
most industries), <>.
[57]Council
Directive 95/46/EC on the protection of individuals with regard to the
processing of personal data and on the free movement of such data, 1995 O.J.
(L. 281) 31, art. 8.
[58]Such
a regulation might be modeled on the Video Privacy Protection Act of 1988, 18
U.S.C. § 2710, or on state library privacy statutes. See supra note __.
[59]Such
a regulation would also have the beneficial effect of resolving the ongoing
debate among the drafters of UCITA. See
supra note __.
[60]See,
e.g., Unif. Cptr. & Info.
Transactions Act §___; ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th
Cir. 1996). This is not to make light of
what commentators rightly identify as a paradigm shift in prevailing
understandings of the sort of consent required to create a binding contract. See, e.g., Margaret Jane Radin, Humans,
Computers, and Binding Commitment, 75 Ind.
L.J. 1125 (2000). But that
paradigm shift resulted from the rise of consumer mass markets decades
ago. Technologies for indicating
“consent” online simply underscore what we already know to be true: that in
mass markets, the idea of a “meeting of minds” is little more than a pleasant
fiction.
[61]See
Victor P. Goldberg, Institutional Change and the Quasi-Invisible Hand,
17 J.L. & Econ. 461, 468
n.15, 484-91 (1974); Friedrich Kessler, Contracts of Adhesion – Some Thoughts
About Freedom of Contract, 43 Colum.
L. Rev. 629 (1943); Todd D. Rakoff, Contracts of Adhesion: An Essay
in Reconstruction, 96 Harv. L. Rev.
1173 (1984); W. David Slawson, Standard Form Contracts and Democratic
Control of Law-Making Power, 84 Harv.
L. Rev. 529, 538-42 (1971); William T. Vukowich, Lawyers and the
Standard Form Contract System: A Model Rule That Should Have Been, 6 Geo. J. Legal Ethics 799, 800-11
(1993); see also Robert P. Merges, Intellectual Property and the
Costs of Commercial Exchange: A Review Essay, 93 Mich. L. Rev. 1570, 1611-13 (1995) (examining standard form
terms within the narrower context of antitrust-style market power).
[62]See
Cohen, supra note __; Paul Schwartz.
[63]See
supra pp. ___.
[64]Jessica
Litman, Information Privacy/Information Property, 52 Stan. L. Rev. 1283 (2000).
[65]See
id. at ___; Laura J. Gurak,
Persuasion and Privacy in Cyberspace: The Online Protests Over Lotus Marketplace
and the Clipper Chip (1997).
[66]The
lack of market resistance by consumers is routinely invoked by privacy
opponents as purportedly demonstrating a lack of genuine public concern with
privacy. See, e.g., cites.
[67]See,
e.g., 42 U.S.C. § 274e; Newman v. Sathyovaglswaran, 287 F.3d 786 (9th
Cir. 2002). [add more]
[68]See
Tunkl v. Regents of Univ. of Cal., 383 P.2d 441 (Cal. 1963) (holding that
required agreement releasing hospital from malpractice liability was void as
against public policy); Ash v. New York Univ. Dental Ctr., 564 N.Y.S.2d 308
(App. Div. 1990) (same); Westlye v. Look Sports, Inc., 22 Cal. Rptr. 2d 781
(Cal. App. 1993) (holding that “as is” and assumption of risk clauses in ski
rental agreement did not bar recovery for skiing injuries caused by defective
ski); Wheelock v. Sport Kites, Inc., 839 F. Supp. 730 (D. Haw. 1993) (holding
that release agreement barring gross negligence claims against manufacturer and
provider of paraglider was void as against public policy); Henningsen v.
Bloomfield Motors, Inc., 161 A.2d 69 (N.J. 1960) (holding that agreement
disclaiming implied warranty of merchantability was void as against public
policy).
[69]See
Office of New York State Attorney General Eliot Spitzer, Judge Orders
Software Developer to Remove and Stop Using Deceptive and Restrictive Clauses
(Jan. 17, 2003), <>.
[70]For
a helpful exposition of these themes, see Donald
MacKenzie, Knowing Machines: Essays on Technical Change (1996); add
others.
[71]For
an argument that DRM infrastructures also should be designed to preserve user
privileges available under copyright law, see Dan L. Burk & Julie E. Cohen,
Fair Use Infrastructure for Rights Management Systems, 15 Harv. J.L. & Tech. 41 (2001).
[72]17
U.S.C. § 1002.
[73]17
U.S.C. §1201(k)(2).
[74]See
Burk & Cohen, supra note __.
[75]Cf.
Cites re minimization.
[76]A
desire to generate profiles of users’ intellectual preferences, for example, is
privacy-related (albeit inversely) and would not count.
[77]See
Cohen, supra note __.
[78]See,
e.g., I am using the term “law” very generally here
to encompass both legislation and regulation.
A digital consumer’s bill of rights could come from Congress, but it
could also come from the FTC pursuant to its mandate to regulate “unfair”
practices in commerce. See supra
pp. ___.
[79]See
Mark A. Lemley & David McGowan, Legal Implications of Network Economic
Effects, 86 Cal. L. Rev. 479
(1998).
[80]See,
e.g., Berkeley clinic filing with OASIS group.
[81]Discuss
OASIS vs Palladium, etc.
[82]The
research that led to the development of the TCP/IP standard is a less
formalized example of this dynamic. The
government funded much of the initial research, and wanted to researchers
address the problem of building a distributed communications network that could
survive a military “hit” to some part of the network. The result was the extraordinarily robust,
end-to-end architecture that we know today as the Internet. See Janet
Abbate, Inventing the Internet (1999)).