Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

REVIEW: "Internet and Online Privacy", Andrew Frackman/Rebecca C. Martin/Claudia Ray

From: InfoSec News <isn () c4i org>
Date: Wed, 30 Apr 2003 01:10:12 -0500 (CDT)
Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKINONPR.RVW   20030321

"Internet and Online Privacy", Andrew Frackman/Rebecca C.
Martin/Claudia Ray, 2002, 0-9705970-7-X, U$34.95/C$52.95
%A   Andrew Frackman
%A   Rebecca C. Martin
%A   Claudia Ray
%C   105 Madison Avenue, New York, NY   10016
%D   2002
%G   0-9705970-7-X
%I   ALM Publishing
%O   U$34.95/C$52.95 800-537-2128 www.lawcatalog.com
%O  http://www.amazon.com/exec/obidos/ASIN/097059707X/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/097059707X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/097059707X/robsladesin03-20
%P   233 p.
%T   "Internet and Online Privacy: A Legal and Business Guide"

I have, in reviewing other works that deal with online law, noted the
limited utility of legal texts which address only, or primarily, the
laws of the United States.  As one would expect, this book, written by
three Americans, and published by an outfit named American Lawyer
Media, concentrates on American legislation.  (In fact, I find it
slightly ironic that a Canadian price is given on the jacket.) 
However, the analysis is so clearly written, and so rooted in Common
Law and general legal principles, that I have very little compunction
in recommending this work to anyone interested in the legal aspects of
privacy, regardless of jurisdiction.

The introduction states that this work is intended for both the legal
professional and the lay audience.  Indeed, there is an attempt to
point out the business case for attending to privacy.  It is noted
that Doubleclick's plan to merge the surfing information that it had
been collecting with a database of personally identifiable information
that it had purchased resulted in a 40% drop in stock price before the
plan was abandoned.  In addition, there is a serious effort to
emphasize the importance of international law, although not all
sections of the book addressing the issue are successful.

Chapter one demonstrates that definitions of privacy are problematic. 
Refreshingly, an understanding of technology itself is considered to
be important.  Unfortunately, this position is somewhat undermined by
a bit of confusion in regard to the possibility of obtaining
personally identifiable information from the "clickstream" (activities
while surfing the Web), and a minor error when discussing IP
addresses.  The aforementioned business reasons for respecting privacy
are primarily given in chapter two.  The development of privacy
regulation, in chapter three, is predominately based on US laws and
cases, but, as noted, is also conceptual and therefore broadly
applicable.

Chapters four to nine deal with specific US legislation.  Chapter four
details the Children's Online Privacy Protection Act; five outlines
the Gramm-Leach-Bliley bill (for financial institutions), the Health
Insurance Portability and Accountability Act, Computer Fraud and
Abuse, and Electronic Communications Privacy; six looks at state level
versus federal jurisdiction; seven reviews case law (concentrating on
email interception); eight discusses decisions in some class action
civil suits; and nine examines Federal Trade Commission studies and
decisions.

The European Union directives are dealt with in depth in chapter ten. 
The US Safe Harbor program is reviewed in terms of principles, but,
unfortunately, details and procedures are not covered.  Chapter eleven
provides brief but broad outlines of various international
regulations.  Corporate privacy policies are discussed in chapter
twelve.  Chapter thirteen has a brief overview of a number of privacy
enhancing technologies, but no mention of legal issues that might be
involved.  Government monitoring, the keyboard logging system (KLS,
aka Magic Lantern), Carnivore, and the Patriot Act are examined in
chapter fourteen.

This book is concise, readable, and valuable.  There are some areas
where one could hope for additional coverage and detail, but the
concepts and basics are covered well.  I would recommend this work to
anyone interested in privacy issues, and particularly to those in the
security industry who do not have an extensive legal background.

copyright Robert M. Slade, 2003   BKINONPR.RVW   20030321

-- 
====================== 
rslade () sprint ca  rslade () vcn bc ca  slade () victoria tc ca p1 () canada com
"If you do buy a computer, don't turn it on."     - Richards' 2nd Law
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
      or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs:     [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews:   [Base URL]mnbk.htm
                [Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to techbooks-subscribe () egroups com



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: