1. Introduction 3

2 Definitions 5
2.1 Privacy 5
2.1.1. Relational privacy 5
2.1.2 Informational privacy 5
2.2 Internet 5
2.2.1 World Wide Web 7
2.2.2 E-mail 7
2.2.3 Newsgroups 8
2.2.4 Encryption 8
2.2.5 Anonymous remailers 9

3. Theoretical framework 10
3.1 Ethics 10
3.1.1 Consequentionalism and deontology 10
3.1.2 Moral choice 10
3.2 Technique 11
3.2.1 Ellul and technique 11
3.2.2 Technique of the internet 12

4 Privacy threats on the internet 13
4.1 Conversation 13
4.2 Consultation 14
4.3 Registration 15
4.4 Allocution 16

5 Three kinds of solutions 17
5.1 Technical solutions 17
5.2 Juridical solutions 19
5.3 Self-regulatory solutions 20

6 Three scenario's 22
6.1 Technology will do the job 22
6.2 Law and order 22
6.3 Self-regulation 22
6.4 Give-up privacy 22
6.5 Conclusion 22
Literature 24

1. Introduction
In the digital age everyone's privacy is continuously threatened but also secured by computers. Since data no longer come in the shape of atoms but in bits, it's more difficult to keep track of it. Negroponte calls this shift from the importance of atoms to bits in his book 'Being Digital' the most important phenomenon in our era.
In the atoms age someone's file is a physical cardboard folder with paper sheets.In the digital age the data is reduced to a number of bits with a difficult to define physical location.The moment the data exists in a digital shape it begins to live its own life. Paper decays, bits don't (maybe the carrier of the bits). Duplicating paper files is labour intensive and costly. A copy from digital data can't be distinguished from the original, copying it is as easy as the push of a button. Paper doesn't like to travel, you need to carry it to make it move. Bits travel with the speed of light, across frontiers, no sea is to big and no mountain too high. Paper data doesn't easily mix, binary data can stand any complex manipulation. Digital data wants to escape from control, they want to go their own way...
It seems inherent to the digital technique that data needs to be free. This raises the question whether we need to be happy with such an 'immortal' digital alter ego. How to keep it in your control? The possible conflict between you and your transparent digital alter ego is often the basis for a thrilling Hollywood plot. Are you the one you should be according to your digital alter ego? Did mankind create a sort of Frankenstein that will come to haunt us?
This paper focuses on the privacy of the citizen on the internet. The issue is: Can the privacy of the citizen be sufficiently guaranteed in a digital future on the internet? This will be explored by answering the three following questions. Which definitions are being used? Which threats can be defined? And which solutions are offered?
First of all, before we can explore the central question certain elements need to be defined and a theoretical framework chosen. What perspective regarding privacy will be used in this context? In what ways is information technology, and more specifically the internet, related to this issue? What is 'the internet'? Chapter two will deal with these definitions. Chapter three will relate ethics and technology to the issue of privacy on the internet.
Secondly, the perceived threats are dealt with in chapter four according to an information traffic flow model from Bordewijk en van Kaam (van Dijk, 1991, p. 81) with a lot of related real life examples. Where do the threats come from, which forces are at work?
The last question in chapter five gives an overview of the reactions to the threats to the privacy at this moment.Both from the technical and juridical field as well as from professional and ordinary internet users.
Finally, possible scenario's will be formulated in chapter six. How can the threats to privacy on the internet best be dealt with based on the preceding descriptions? The answer will be presented from a juridical and technical perspective together with the ethical problems that come along for computerprofessionals, legislators and ordinary users. 2 Definitions
Before relating internet with the privacy issue these phenomena need to be clearly described separately and in relation to each other.
2.1 Privacy
'The right to bet let alone' Warren en Brandeis wrote back in 1890 as the essence of privacy. This implies two aspects, isolation and self-determination. Isolation is part of the right on selective contact, the right to be let alone, called relational privacy. This is primarily meant physically. This self-determination is the implication of the autonomy of human beings, a universal right. A guarantee to protect one's autonomy is the right on selective disclosure. This is a less material, physical kind of privacy called informational privacy. The individual has control over information about himself and therefore on the conclusions based upon this information (Holvast, 1986, pp. 22).
2.1.1. Relational privacy
Selective contact stems from the universal need of human beings for a private place. Somewhere others don't intrude upon, you're left alone. It's a claim from one on another about a certain space where the other may not enter. This kind of privacy is very little endangered by the internet, it may even increase the isolation of individuals. It's hard to claim a certain part of 'cyberspace' since this is a virtual space by definition. This abstract dimension is exclusively open to individuals by the manifestation of thoughts and ideas in the shape of texts, sounds and images through input devices translated into representations on displays. The choice to leave this space is always there, unlike real life certain people can be filtered out technically or when this fails one can always pull the plug. In this context one often cites the phrase 'one doesn't live on at an e mail address'. The internet is a blessing for that matter .
2.1.2 Informational privacy
The second theme, the selective disclosure, is the main concern. Informational privacy is a claim from one on another that the other doesn't need to know all about the first, thereby protecting knowledge about ourselves against others. Everybody has a fundamental need for private experiences. Nobody likes to have his personal information made public without insistence. Since this has to do with the protection of information and not some kind of physical territory, it's much harder to notice possible intrusions of this kind of privacy and to exercise control over the way your information flows. Finally the intrusion of informational privacy may lead to a violation of the physical, relational privacy.
2.2 Internet
Whenever 'internet' is written in this paper any other digital information network with the same characteristics which might evolve out if in the future can be read. The internet as we know it makes possible synchronous and a-synchronous communication digitally between individuals and groups of individuals. It can take the shape of a publication or broadcast but it can just as well be informal interpersonal communication. Policy-makers in government and corporate business often call such a global broadband digital network the 'information superhighway' in succession of vice-president Al Gore who popularised this notion. It's an abstract concept that promises employment, entertainment, education and complete self-realization for everybody thanks to the digital technique (Torrès, 1995). It currently seems that all efforts are directed towards the realization of this optimistic goal.
The internet, and probably it's successor 'the information superhighway' too, has certain characteristics that are particularly threatening where privacy is concerned. The object of study in this paper is the actual internet as we know it today. Meanwhile (some of) the findings of this exploration could possibly lead to generalisations equally applicable to future digital networks. Predictions about technological developments have proven to be generally highly inaccurate, therefore I restrain myself to the internet as it manifests itself in 1996: a network of private, academic or governmental data-communication networks. This whole agglomerate of networks around the world is called 'the internet'.
Characteristic of the internet is its openness. It's both the guarantee for it's popularity and it's biggest shortcoming. The internet's technical protocol enables all possible computersystems to communicate with each other if their data output is translated to this protocol (Moore, 1993, p. 58). Initially this open structure was not a problem since it started as a small scale academic network for the exchange of research material between four universities (Moore, 1993, p. 8). Furthermore, back in 1970 not many more computers then the few mainframe machines available existed. Who could predict the widespread availability of computer processing power connected by a global datacommunication infrastructure accessible by virtually anybody with low-cost domestic equipment?
2.2.1 World Wide Web
The most common manifestation of information dissemination through the internet is what is called the World Wide Web. This consists of a vast collection of decentrally stored documents around the world associated and linked to each other through the infrastructure of the internet. The linking of these pages is done by using 'hypertext'. Most subjects in any give document on the World Wide Web (WWW) are linked to related pages with this method. By choosing such a link one gets access to the linked document which can be stored on any computer on the world provided it is part of the internet. It is very simple for any individual to make such a document public without the need of large amounts of capital nor a professional publishing organisation. If a number of pages are presented structured by its content it's easily referred to as a 'site'. Many users equal the WWW with the internet because of its manifestation. In the user-friendly interface of hypertext documents most older structures of information dissemination through the internet are being integrated and thus it becomes a sort of all inclusive shell. The software which is needed locally on the computer of the user is called a 'browser.' One 'browses' the pages on the internet by following the hypertext links. To let yourself lead through the different documents just by going with the flow of information is popularly called 'netsurfing' or just 'surfing'.
2.2.2 E-mail
E-mail is an abbreviation for 'electronic mail'. The internet's infrastructure is not only used to get access to documents elsewhere out there, but also for the transport of data between the users themselves. Little notes or huge documents, sound, images or software, anything can be send as long as it's in a digital format. The sending is done by the 'store-and-forward' principle. The internet consists of global network of big computers, so called servers, connected with each other, where personal computers can connect to so the user can browse, send e-mail or do other activities using the network. A message is first send from the personal computer to the local networkserver (or in a lot of cases the personal computer is already a part of the network thus this step is not necessary). This server assigns a unique number to the data and sends it (in chunks) to another server on the network. This stores the data, looks at the addressing, much like in a postal system, and then forwards it to the nearest connected server in the direction of the destination. This server, also called a node in the network, stores it again temporarily until it has sorted out the addressing and a way to send it there before forwarding it. It takes a message somewhere between a couple of seconds until weeks in rare cases to arrive. This depends on the route the message takes through the network. The process of storing and forwarding will continue just as long until all the parts of the message have arrived their destination. Technically it's feasible, though not often the case, to intercept an e-mail at one of the nodes. This is why it's often said that 'sending a message by e mail is theoretically as save as communication by postcard'.
The difference between public and private e-mail is sometimes somewhat diffuse. With the same ease as sending a message to one person it can also be send or forward a message to a group of persons. Either accidentally or on purpose the harm is done by the push of a button. Big scale publication by e-mail happens structurally through so-called mailing lists. For this purpose a dedicated computer (server) is always open to send messages to. It then automatically forwards the message to all subscribers to a certain mailing list it has in it's database (publicly readable by the way). In general anyone with an e-mail address can subscribe or unsubscribe himself to a e mailing list. These mailing-lists are usually set up for mass-announcements or group discussions (electronic forums). Though publicly accessible mailing lists are less public, and should not be confused with, newsgroups. Mailing lists messages will come by e-mail, newsgroup messages should be consulted on the server.
2.2.3 Newsgroups
Newsgroups share their functionality to a large extend with mailing lists but differ in it's distribution method an degree of openness. Newsgroups can be best compared with a bulletin board, where a newsgroup is the sorting by subject of discussions on a certain topic. The contributions to the list are posted to a dedicated machine, a news server, which stores it and forwards copies to other newsservers around the world during it's frequent contacts with other servers. To read a message the internet user must make a connection to the news server and select it from thousands, if not millions of other messages. In theory a message posted to a newsgroup (unless it's strictly local and content specific) can be read by virtually any internet user around the world. Many servers around the world, though not all, carry 'newsfeed' and register the contributions made to the newsgroups. Because this practise demands a considerable amount of storage space the newsgroups are given a certain expiration date by the server manager. Postings older than for example two weeks are deleted. Until recently all postings in newsgroups were meant to disappear. Recently new (commercially run) internet services, so called 'search engines', are offered through the World Wide Web that enable anybody to look up old newsgroup postings by keyword.While most people regard newsgroups as a place for informal chat, one has to bear in mind that everything you write in a newsgroup is registered and can be used against you.
2.2.4 Encryption
A much acclaimed technique for privacy protection is called encryption, the mathematical coding of data. Especially the 'public key encryption' like PGP (Pretty Good Privacy) is often mentioned. This technique is meant to enable safe communication (by e-mail). An e-mail message will be unrecognizably altered by a coding with mathematical formulas of the digital data of the message. Two keys to this code are needed: a public and a private key, one for encoding and one for decoding. Anybody who wants to receive his e-mail in a safe fashion has to spread his public key amongst those who are to sent a message. The messages with the public key encoded can only be decoded with the use of the private key which is only in the possession of the receiver. Sending messages with the private key is useless since the other key is publicly available, instead the public key of the receiver always needs to be acquired first before sending e-mail.
2.2.5 Anonymous remailers
Anonymous remailers offer the possibility to send e-mail or post to newsgroups anonymously. A few of these service are publicly available through the internet. A message posted (in the case of a newsgroup posting) or mailed (in the case of e-mail) through the anonymous remailer gets stripped from all its technical information which could trace it back to the sender. A new unique number is assigned to the message which will be lead it back to the sender through the anonymous remailer only. The remailer will compare the number of the message with its database of users and forward it to the associated internet-user. (Wired 2.06). Thus in theory it's possible to disclose someone's anonymity by looking in the database. Only the system operator of the anonymous remailer can do this. 3. Theoretical framework
3.1 Ethics
Ethics is the critical studying of norms. What the norm is in a certain community is determined by the ruling morale. "In practise ethics means the systematic reflection - structural reflection - about moral norms and values that act up in all kinds of behaviour- and decision situations. Usually this reflection takes place because of some concrete issue that puts us for a moral problem. (...) We call this a moral problem because this problem can only be 'solved' by making a normative choice (about what 'may' or 'may not') with certain norms and values at stake." (van Willigenburg, 1993, p. 7). Privacy is such a moral problem. Norms and values are important for these moral problems, like behaviour prescriptions and attainable situations.
3.1.1 Consequentionalism and deontology
Intuitively moral conduct is based on the assumption that the consequences of all actions must be taken in consideration. "An act is morally just when it leads to the best consequences compared to other acts (van Willigenburg, 1993, p. 28). This is a consequentionalist norm. This raises the question what should be the goal standard to all conduct.
The deontologist approach takes it one step further. The starting-point are norms, apart from its consequences, formulate criteria about what's morally just. The obligation with regards to this moral, the deon, exists in two approaches: intuitionism, one should feel what's just, and rule deontology which claims the rules can be extracted from the social agreements that exist it in any given community (Hamelink, 1996). Deontologist norms are concerned with the essence of the acts of the conduct as such, not limited to the consequences (van Willigenburg, 1993, p. 30). The essence of a morally just act must be in accordance with the norm.
3.1.2 Moral choice
The problem with moral choices is that one can't act conform some prescribed theory. Each singular situation confronts the individual with certain moral choices which are resolved differently depending on the given context. Ground rules one initially agrees on can conflict with other such rules, depending on the concrete situation (Hamelink, 1996). Based on the moral principle, though culturally defined, that one should respect the autonomy of any individual privacy can be considered as a norm. This is potentially conflictory with other basic principles. It sometimes needs to be put in a hierarchy related to the respect for human life for instance, in a case where a life can be saved if somebody's privacy is invaded.
If it's not possible to foretell in advance which choices will be made, in retrospect it's possible to analyze a moral choice. In three steps: firstly, define which moral problem is the issue, secondly, consider the alternatives between which the choice is made, and finally, what's the justification for this choice.
Given the issue of this paper, one extra element should be accounted for. The digital technique in combination with the open, public characteristics of the internet influences the perceived consequences of individual conduct on the internet. Data made public in an insignificant context can show up later to be extremely revealing in a different setting. The user didn't make the choice to reveal information in a casual, near private conversation while the technique didn't to nothing but what it's designed for: register, store and transport data.Who is to blame?
3.2 Technique
The preceding paragraph stressed the importance of the technology. It seems necessary to isolate this important factor instead of regarding upon it as a given fact. Raising the subject of the technology threat one can't avoid ending up in the debate between the techno-optimists versus the techno-pessimists. Is the technology a neutral means or will it inevitably attack the autonomy of individuals? The argument of most techno-pessimists (though they don't like to be called like this) is, and I quote the French scholar Ellul: "everything which is technique is necessarily used as soon as it is available, without distinction of good or evil." (Ellul, 1964, p. 99). The technique undergoes a autonomous development which should and can not be stopped. It's perceived as progressive and liberating (by techno-optimists). In the digital information age one can for example often hear the credo 'information needs to be free'. Extending the first quote to this would mean: 'information shall be free' whether this is good or bad (for our privacy).
3.2.1 Ellul and technique
Without going to deep into the matter it's nevertheless useful to briefly mention the ideas of Ellul relating to the autonomy of the technique. In the definition of Ellul technique is "a whole set of mutually related, separate techniques; being part of an entity, a system. The second characteristic of this set of techniques is it's independency, autonomy." (Ellul, 1992, p. 12). "The totality of methods rationally arrived at and having absolute efficiency in every field of human activity." (Ellul, 1964, p. xxv). "What characterises technical action with within a particular activity is the search for greater efficiency. Completely natural and spontaneous effort is replaced by a complex of acts designed to improve, say, the yield." (Ellul, 1964, p. 20). The choice for the means to achieve an end is hereby determined being it the most efficient one, regardless of it's consequences or it's moral nature, to apply the vocabulary of the ethical choices to this. "Therefore it's absurd to make a distinction between the technique and the application of technique since the presence of technique inevitably implies its application." (Holvast on Ellul, 1986, p. 116). The technique is therefore a neutral means according to Ellul: "Forces are present in the technique that determine it's direction and solely that direction" (Ellul, 1992, p. 13). Taking this extremely deterministic vision further to the issue dealt with in this paper it would imply that in today's digital network an autonomous force is present directed at making all users of this network transparent individuals...
A recurring theme in Ellul's work, according to Achterhuis, is the technical phenomenon, in this case the digital technique, as an undividable unit (Achterhuis, p. 52-53). One can't distinguish between for example the technique and it's usage, be it positive or negative. If you want to distinguish between the technique and it's abuse by humans, the technique is merely reduced to the machine itself while it's more than that. Achterhuis quotes a nice example by Ellul about the motorcar to illustrate the absoluteness of technique. "The motorcar fulfils the function to contribute to the mobility of people. Connected to this desired function is the undesired effect of thousands of deaths and hundreds of thousands casualties in Western Europe alone from traffic accidents. Those who advocate the motorcar, because it brings the forest and the beach near, saves labour time etc., can't ignore the sacrifices to human life, the waste of natural resources, the burden on the environment and the costs of traffic jams and the like. A conductor of a motorcar can get outraged with aggressive tendencies in traffic while unfamiliar with this as a peaceful pedestrian. These effects - desired, predicted, unpredicted - are given effects of the reality of the car. Many of these can't be influenced by the technical design" (Achterhuis, 1992, p. 53). While the effects of the motorcar are widely known to all of us, little is widely known, nor thought about, related to the technique of the internet.
3.2.2 Technique of the internet
The characterising technique of the internet - and according to Negroponte to our age and the future's (Negroponte, 1995, p. 11) - is the digital technique. The essential feature of this technique is that it's registering. It's all pervasive up to the smallest constituent element of it's whole: the bit. Every last bit in a byte contains information about all bits in a byte. This propriety can't be undone since it's the fundamental basis of this technique.
The structure of the internet is different of any other information technology. While databases register personal ID information centrally, data storage on the internet happens decentrally. The objectives for setting up databases is completely different from registration that might happen on the internet. While databases from government or most organisations have some kind of control functions, the internet is primarily used for communication and publication in a public space, although it still has the same registration capabilities. 4 Privacy threats on the internet
To structure the different uses of the internet I use the information flow patterns as distinguished by Bordewijk and van Kaam (Cuilenburg, 1992, p. 26). The major threats to privacy will be discussed in relation to the following four uses of the internet: conversation, consultation, registration and allocution.
individual information filecentral informationfile
individual chooses subject and timeconversationconsultation
centre chooses subject and timeregistrationallocution

This scheme has it's shortcomings in relation to the internet. In most cases the aspect of time is not as significant anymore as it is with the older media like radio or television since the experience of time is almost always a-synchronous and chosen by the user. Furthermore, it's difficult to distinguish between central and decentral information storage since the network is by definition decentral. The degree of accessibility might be a better measure as where the more private and decentral the information storage is, the less accessible it is - or should be. A possible tendency to more central, less private that is, information storage currently takes shape in the marketing of so called Network Computers (NC's). To increase the ease of use and relieve the average user from the burden of the labour intensive and complex task of maintaining and upgrading a PC continuously, the concept of a cheap, 'dumb terminal' is promoted. The intelligence and storage is moved to a central server where the NC has to connect to before it can operate. "With network computers software and data would be stored on huge network servers administered by a system operator such as a telephone or cable television company" (Reuter, 8/3/96). Needless to say that this development can be considered as disastrous privacy wise as it can turn out commercially successful.
4.1 Conversation
Most of the debate about privacy infringements on the internet e-mail at the moment concentrates on the 'wire-tapping' of e-mail messages between users. This attracts the attention because it's a real, grand scale threat that affects everybody. The analogy with older means of communication (letters, phone calls) also help to popularize this concern. Daily practise also puts it on the agenda; in most organisations every once in a while somebody accidently sends a message to the wrong person.
The perceived danger of other people reading your e-mail before you do is real. As explained earlier, this is due to the open structure of the internet. The store-and-forward principle makes it easy and attractive to intercept a copy on any of the nodes on the network that a message passes on its way to the addressee. It's often said that sending an e-mail message is as confidential as sending a post-card to somebody. Not only the systemoperators of the nodes the e-mail passes have the possibility to intercept message. The security procedures can also be broken by a third party thanks to either gross neglect, bribes, high technical skills or any combination of these.
But also after the arrival of the message it's not safe. In the case of a network in an organisation most messages are stored centrally, freely accessible by the organisation's systemoperator. Furthermore the mailbox of any employee individually is as safe as the password for it. This is notoriously unsafe because of the easy to remember never altered passwords most people choose, general nonchalance and unattended terminals.
A situation with a PC that downloads the e-mail from the mailserver isn't much of an improvement either. One should keep in mind that the function of system operator is not restricted to the professionally trained conscientious engineers with obligations to their professional ethical code. The helpdesk employees of most internet service providers often have, due to their function, the same access rights as a 'real' system operator. Meanwhile there is a large turnover in helpdesk employees who are usually young, underpaid, part-time employed, with no formal education and with very little loyalty to their company let alone high ethical standards.
A less visible danger is the one provided for by the digital technique; its tendency to register indiscriminately and never forget. A well-intended but nevertheless confidential message for instance, will be registered on both the computer of the sender and the computer of the receiver. While it perhaps remains confidential at the time of the electronic conversation the recording of it might be leading its own life later on. Storage or retrieval doesn't cost much labour or resources compared to the benefits it might have in the long run. Recording all your telephone conversations will be considered incriminating or paranoid, this is not the case with the automatic storage of all e-mail messages. Meanwhile these old messages can still do harm. If not by itself when they turn up in the wrong hands, then perhaps when the accumulation of messages is quantitively analyzed with a lot of intelligent processing power seeking for certain patterns or elements.
The danger of a personal message that accidently or intentionally is spread amongst thousands of people will be further explored in the chapter about allocution. The margin between conversation and publication is marginally small if it's not completely blurred sometimes, while the responsibilities accompanied with it remain the same in both cases.
4.2 Consultation
Another extremely popular use of the internet is the World Wide Web. The WWW is a construction in which consultation often goes hand in hand with registration. Whenever a user consults the WWW he leaves a digital footprint on his way (Daily Planet, 11/12/95). In most cases this is not easily retraceable to the individual user and only used in an aggregated way. Though theoretically it's feasible. The so-called 'cookies' are a much debated new element. Cookies are little add-on functionalities to the webbrowser that run decentrally on the user's machine. When executed they can sort of 'open-up' the contents of the users machine to outsiders.
Whether or not and to what extent it's technically possible to invisibly register WWW consultations I won't explore any further. I would only like to point once more to the habit of registration of everything by the digital technique. Instead I will focus on two widespread registration practices during consultation.
The first is the phenomenon of 'closed sites'. Many corporations fear a loss of earnings when information can be freely obtained through their websites. Therefore the user is asked to fill in a form with all kinds of personal information in order to obtain a login-name and password for that particular site. This enables the publisher of the information to trace in detail all the consultations on their site. Besides using this data for internal use these databases can off-course be sold to others. National privacy legislation can be bypassed thanks to the difficulty to determine the physical location of data on the internet.
The second phenomenon goes even further, though on a smaller scale. An internet specific kind of consultation are the so-called 'agents'. By filling in a lengthy registration form one can learn the agent certain personal preferences, tastes in music, film or information. The artificial intelligence of the machine that functions as the agent then recommends certain products that the user is likely to appreciate. In most cases one can also get an overview of other users with the same tastes. This is a case of centrally gathered information about a number of individuals. The database can off course be sold to others (de Volkskrant, 22/1/96). Also in this case the sensitive data can be easily moved to the country in the world with the most permissive legislation in this matter.
4.3 Registration
As demonstrated in the previous paragraph the dangers of registration become very real with the digital technology. Especially for governments and organisations the possibilities this technology opens up is appealing. To avoid risks in favour of the long term survival of organisations for instance, or in the case of governments for fighting fraud and exercising law and-order. The first will become more important with the privatisation of social security and generally growing health care costs. An alarming fact in this respect is that "of any citizen electronic records are being kept at least four hundred different locations." (de Volkskrant, 14/09/95). Through the combination of these different databases (including the database called internet) a citizen can become more transparent and therefore loses his privacy. Borking calls this 'data mining' (Borking, J. 1995, p. 96). This can be done by means of 'data matching', 'front end verification' and 'computer profiling' which will be explained below.
"Data matching involves the comparison of two or more sets of systems of computerized records to search for individuals who may be included in more than one file." (Borking, J. 1995, p. 97). On the internet this is possible by using a publicly available 'search engine' in order to find everything made public by or about a certain individual. The combination of all the accumulated different notes, publications and the like can contain reasonably sensitive information, more than what the individual had taken in account at the time of making the separate documents public.
"Front-end verification is used to certify the accuracy and completeness of personal information by checking it against similar information held in computerized databases, generally of a third party." (Borking, J. 1995, p. 97). Larger organisations or governmental bodies with closed databases it is now possible to compare or update their records with public information from the internet. The missing link of evidence in a case against some criminal pervert can be obtained by analysing his newsgroup postings for example.
"In computer profiling, record systems are searched for a specific combination of historical data elements, i.e. the profile." (Borking, J. 1995, p. 96). Certain psychological insights and/or statistics can be combined with data obtained through the internet or collected by others through certain dedicated digital 'agents' for example.
Considering the previous arguments the concept of registration from the information traffic flow scheme can be adjusted. Registration is no longer restricted to the data given by an individual in answer to a question in order to update or expand a centrally stored database. The answers to decentrally stored different questions can now be associated together with other questions imposed upon them.
4.4 Allocution
Allocution in the sense of a communication process whereby the receiver has no say in the when it wants to consume hardly exists on the internet except for a few radio-broadcasts (due to bandwidth constraints TV broadcasts are not yet possible). The only more or less timed broadcasts are the news publications by e-mail (and/or the WWW equivalent consultable on the receiver's initiative). What desk-top-publishing did for the democratisation of the production process of publishing, did the internet for the distribution process. This made it possible for one person to both produce and distribute a news outlet without the aid of a complex organisation and huge capital investments. However, the absence of these obstacles has an important impact on the content of the publication.
The distinction between a conversation and a broadcast has become blurred. A remark made in a newsgroup can reach thousands of readers. The technical delay of a printing press has gone and is replaced by the push of a button. In the case of a one-man newspaper, the collectively reasoned considerations amongst the editors in a newsroom before publication also disappeared. The usual double-checking of sources can easily be forgotten. This raises the question of responsibility. In the case of a privacy sensitive story the harm is easily done and, due to the nature of the medium, irrevocable. Once the button is pushed it can't be undone.
On the internet a central responsibility doesn't exist. Whereas a newspaper publisher is liable for the paper's contents this is not the case for the internet. Though some claim that the internet service providers are to be held responsible for all the internet content they pass through, this can be considered as a difficult to pursue stand because it's impossible to monitor all the data.
In the end only the individual publishing has to take responsibility. The possible negative repercussions of his action, if any, are therefore also exclusively personal. Where an organisation will take great care not to endanger the future of its existence an individual will make different considerations. An individual can easily hide his identity and physical location while an organisation can't do this because it will cease to exist by doing so. How to market a consumer product without a brand-name for instance?
In the digital age the reproduction of information is surprisingly easy. This doesn't only have an impact on the distribution but also on the reliability of information. Any reliable source can easily be slightly altered and forwarded around the globe.
5 Three kinds of solutions
The kinds of solutions for the threats to privacy on the internet can be categorized in three: technical solutions, juridical solutions and voluntary codes and self-regulations.
5.1 Technical solutions
The most debated and most attractive solutions are the technical solutions. Solutions of this kind also have the confidence of 'techno-optimist' Borking: "There is no reason for pessimism. Negative attitudes from the general public may act as a brake on the progress of science and technology, but public concern over privacy intrusion may also serve as a stimulus for the introduction of new technologies." (Borking, 1995, p. 91). The dangers of the new technologies need to be acknowledged in order to implement new privacy protecting techniques to prevent negative effects on social behaviour. (Borking, 1995, p. 95). "The IC-technology may cause severe data and personal privacy problems, it also has the ability to fix these problems." Borking, 1995, p. 104).
Borking sees four criteria that should be taken in account during the design of information systems: control, feedback, data security (encryption) and the possibility to prevent the collection of data (Borking, 1995, p. 107).
The control criterium, the possibility for the user to determine who registers what and when, is perhaps attainable in closed information systems like video-surveillance on the workfloor. For the internet this is only possible to a limited extend. One can for instance disable the automatic archival of newsgroup postings by certain search engines. Note that the user should actively find out how to bar this registration. In general the openness of the internet is conflictory to this. Another counter development to this criterium is the increase in speed between en admission time to the household and network. This development will make transfer the data momentarily decentrally stored to the memory of the network. Storage on personal equipment offers more control possibilities than central storage. In extreme cases one can always cut the connection to the network to protect data as a last resort.
The feedback criterium, 'the beep tone during recording' is rather pointless since - in theory - all internet mediated activities are recorded in one way or another. Although this is invisible and not felt threatening. At least one can popularize the notion of the digital technique that always registers.
The data security criterium is the most viable option. It's manifestation through the employment of encryption techniques is strongly advocated by those concerned about privacy matters. This certainly is a sufficient measure in most cases where secure communication between two individual users is of crucial importance. This off course can't be a solution to privacy threats in registration, consultation and allocution communication situations. Remember that one needs two keys, a private and a public key to encrypt en decrypt the message. Joel McNamara states in his essay 'e-mail privacy and crypto-elitism' that cryptography currently tends to crypto-elitism and still has a long way to go before it gets popular. It's difficult to use in practise and the public at large is not aware of the dangers. The first major important obstacle for a wide-spread use of cryptography are governmental restrictions. But even when these problems are solved it will then take a long while before it becomes accepted use by all internet users. The default in notes to strangers will remain unencrypted.
The last criterium, limiting the possibilities of information collection is completely in the hands of the user. When asked to fill in forms, use bogus credentials, in discussions with a sensitive subject, use anonymous remailers. The biggest danger lies in the fact that any person usually only has a limited view on the extend to which an expression can be become public and the consequences this might have. Much like the phenomenon that one often forgets the recording of a telephone conversation even when it's explicitly announced. No matter how small scale the conversation in some obscure electronic forum, the moment it becomes public it can be found by anybody using search engines regardless of context, time and place. The consequences of this are hard to anticipate.
Summarizing the possible technical solutions it can be stated that they can't overcome the registration automatism of the digital technique. Except for a differentiation in security by the kind of communication, where e-mail is probably the best to protect, technical solutions don't help.
5.2 Juridical solutions
Laws can be invented in favour of the good cause but the effectuation of these laws will be tough, if not impossible, due to the technical properties of the internet. Since it's a global network, the laws of the most permissive country in the world connected to the internet will govern most practises, like water will flow the lowest point. The only way how national laws can be effective is in those cases where the violations can be traced down to the perpetrator. To complicate matters further it's difficult to link the proof of the crime to the suspect in this digital age. In such a case a single individual will have a weaker position than any transnational organisation. The transnational organisation can transfer the evidence data around the world between countries and let it hang 'in cyberspace', in the case of the individual with bad luck a copy of the evidence can be found on his personal computer.
Take for example the Dutch law on person registration (WPR). It requires all databases with sensitive personal data to have a predefined exclusive purpose. The contents of it must be open for verification and correction by those registered in it, and the entire database may not be sold to a third party without the explicit consent of those concerned. Now relate this to the internet and you'll find two problems. First of all, the physical location nor the responsibility of the database can't be determined. Even the databases with users of closed sites or agents can be easily moved around through the internet. The location can only be defined as 'in cyberspace'. Secondly, in most cases the persons registered were not aware of the registration as such. Users voluntarily made information public about themselves (tastes, hobbies, possessions, ideological or religious orientations) without considering it as handing over information to an organisation, but more like a conversation with peers. Any business, abroad if necessary, can freely gather information on the net like it can scan the pages of a telephone directory. What is the juridical status of this information? The database can now be automatically updated, while the victim in question remains ignorant what happens just by reposting in his favourite newsgroup. The purpose of the database can be altered at any point in time.
In short, one can say that cyberspace is difficult to capture in national laws, unless the perpetrator can be localized in relation to the digital evidence. The medium doesn't need new laws, national privacy, copyright and libel laws apply to this medium as well as for any other. It's the transnational character and the speed of data that makes law-enforcement difficult. Cooperation between nations might be the only way out to overcome this obstacle.
5.3 Self-regulatory solutions
The importance of technology in this matter might obscure the fact that the internet is about human-beings who communicate with each other, not computers. The most obvious solution is to make an appeal to the users to help solve this problem. In those areas where laws aren't much of a solution, only the moral dilemma for the individual remains. Everybody has to decide for himself which choice to make when faced with a problem of this kind. In these concrete cases it's most useful for everybody if an existing guideline can be consulted.
These codes already exists for the internet. Firstly, there's the practical code for the internet community designed to overcome misunderstandings by promoting a common set of behaviourial rules, usually referred to as the 'netiquette'. Secondly, there's a code for computer professionals the 'Association for Computing Machinery Code of Ethics and Professional Conduct' (Forrester & Morrisson, 1995, p. 261). The code is a guideline for all professional computer users like system operators. Due to the open structure and the availability of equipment, self-taught independent individuals can acquire the same skills and access to sensitive data as the professionals have.
The netiquette in this respect can be more fruitful. Once everybody feels it can benefit from it and deviation from it becomes incriminating it will be the de facto law. Situations in which an ethical code is most effective are in closed (professional) groups with some means of expulsion (for instance in medicine one can be put out of practise).
Before working this out the characteristics of successful self-regulations need to be analyzed. Five characteristics can be distinguished (Hamelink, seminar spring 1996): firstly, the group should be recognizable and autonomous; secondly, the reliability and trustworthiness is at stake; thirdly, decent behaviour needs to be achieved; fourthly, an instrument of arbitration needs to be agreed upon by all parties in case a conflict needs to be settled, and finally it all should be open for evaluation by the general public.
Though historically originating from professional groups like doctors, it might be projected on the situation at hand surprisingly well. Take for example the first characteristics. The internet community can be easily distinguished from those who are not 'on-line' and the objective is indeed to increase the reliability so one need not to worry about abuse of personal information. In theory there's the difference between the on-line digital world (cyberspace) and 'real life'. But how can somebody be expelled from the net? The power to cut somebody off from the net lies in the hands of the internet service provider and in the case of an internet connection at work, through the employer. In most cases when somebody signs up for an internet connection, one has to sign the conditions of use. Often the existence of 'netiquette' as a guideline is mentioned. This is the point where the netiquette can be put into power. Whenever the ethical code is broken, one risks expulsion from the net on these grounds. The third characteristic is achieved: decent behaviour is promoted. Only the last two needs can't be met so far. Especially the last condition is hard to fulfil. How can somebody evaluate or protest against a decision if he's not connected.
The big advantage of such a code is it's universal applicability, independent of national law systems and technical circumstances. The realisation will stumble on some major obstacles: first of all the need for such a code needs to be generally be felt. This won't happen until serious abuses have happened. How will the arbitration institution be appointed and what shape should it have? Individual users will be worse off compared to large organisations (or employees backed by their employer).
For as far as human action is concerned the code might do some good. It still won't change the fact that the digital technique registers so much. Off course, at the end of the line there will allays be a human being who chooses to infringe somebody's privacy. But if the borderline is small, just a button-push away, the harm is easily and irreversibly done. 6 Three scenario's
Three possible scenario's can be distilled from this paper. Though the proposed scenario's are not mutually exclusive, it might offer a framework for further investigations.
6.1 Technology will do the job
The proposed solution of encrypted digital data won't undo the massive registration capacities. Encryption will certainly be reasonable maybe sufficient solution for safe communication b
etween two parties, it's useless for the other communication patterns.In general all technical inventions will be continuously under fire by other inventions. The net effect of this arms race will be minimal.
6.2 Law and order
Unable to control what's happening in cyberspace, national and international governments might seek refuge to oppressive laws out of incompetence to deal with the unprecedented characteristics of the internet. In the long run legislators around the world will come back from this when it has proven to be ineffective.
6.3 Self-regulation

Self-regulation might be a helpful aid to combat privacy infringement excesses. Though promising as a concept it won't be successful unless certain conditions are met: first of all, the need for regulation need to be strongly felt concern with support from the majority of the internet community. Secondly, the chosen structure in which the arbitration institute will function will be crucial to the success of self-regulation. Either organised nationally or net-wide in cyberspace, composed out of (an alliance of) internet service providers and/or netizens and optionally, supported by national laws obliging a license to internet access much like a license to practise medicine.
6.4 Give-up privacy

The most pessimistic and radical way to prevent privacy infringements is to abstain from it altogether. Either by not going on-line or, once on the internet, assume complete transparency for everybody and consider all conversation and publication as public speech remembered and indexed for years to come. David Brin states that privacy protective techniques or laws only serve those in power and therefore complete transparency of all parties is justified (Wired, 2.03 UK, p. 73).
6.5 Conclusion
It seems that any new technology needs some decades before the negative consequences can be pictured to pursue the analogy with the example from Ellul about the motorcar to the internet. Not before the negative effects are generally felt far reaching measures can be taken. Evidently the digital technique and especially when globally interconnected has it's negative effects, like for instance in the case of one's privacy.
Achterhuis, H.(ed.), van Dijk, P., Tijmes, P. (1992). De maat van de techniek: zes filosofen over techniek. Baarn: Ambo.
Borking, J. (1995). Privacy technology, a new challenge in cyberspace. In Pieter Ippel (red.), Privacy Disputed. Den Haag: SDU.
Cuilenburg, J.J., Scholten, O., Noomen, G.W., (1992) Communicatiewetenschap. Muidenberg: Dick Coutinho, 3e druk.
Daily Planet http://www.pi.net.
Davies, S. (1996) Follow the Mondex. Wired, UK edition, 2.02, p. 48.
Forester, T. & Morrison, P. (1995). Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing. (2nd edition) London: MIT Press.
Groei databanken brengt privacy burgers steeds meer in gevaar. de Volkskrant 14/9/1995.
'Agents' wijzen gebruiker weg in informatiejungle. de Volkskrant 22/1/1996.
Dijk, J.A.G.M. van (1991). De netwerkmaatschappij: sociale aspecten van nieuwe media. Houten/Zaventem: Bohn Stafleu van Loghum.
Ellul, J. (1990). The Technological Bluff. Michigan: William B. Eerdmans Publishing Company.
Ellul, J. (1964). The Technological Society. New York: Vintage books.
Het verraad van de techniek: tekst van een televisie-interview met Jacques Ellul uitgezonden op 8 oktober 1992. IKON-televisie.
Glasvezel PTT Telecom eerst voor bedrijven. NRC Handelsblad 23/2/1996.
Hamelink, C.J. (1995). B-Seminar Beleidsstudies Internationale Communicatie: Bescherming van de privacy. Een collegedictaat: http://huizen.dds.nl/intcom/bsem.html
Holvast, J. (1986). Op weg naar een risicoloze maatschappij: De vrijheid van de mens in het informatietijdperk. Schoonhoven: Academic Service.
Negroponte, N. (1995). Being Digital. London: Hodder and Stoughton.
Rose, L. (1994). Electronic Privacy. In Morrow, C. (red.), The Internet Unleashed (pp. 1065 1073). Indianapolis: Prentice Hall - Sams.
Tate, P. (1996) E-tax. Wired, UK edition, 2.02, p. 21.
Torrès, A. (1995). A tombeau ouvert, sur les autoroutes de l' information. Le Monde Diplomatique, Avril 1995, http://www.ina.fr
Weizenbaum, J. (1975). Computer power and human reason. San Fransisco: W.H. Freeman and company.
Willegenburg, T. van, Beld, A. van den, Heeger, F.R., Verweij, M.F., (1993), Ethiek in de praktijk, Assen: Van Gorcum.