Stanford Center for Internet and Society
Stay up to date with CIS: Like our
, follow our 
and subscribe to our videos 
.
Featured
Consumer Privacy Project
Website Design as Contract
Few website users actually read or rely upon terms of use or privacy policies. Yet users regularly take advantage of and rely upon website design features like privacy settings. Could these designs be part of the contract between websites and users? A draft of my new article argues just that by developing a theory of website design as contract. This article is coming out in Volume 60 of the American University Law Review later this year. In sum, I argue that in an age where website interactivity is the hallmark for many sites, courts must re-think what constitutes an online agreement. This is particularly true with respect to user privacy.
Do Not Fool Will Make the Internet Explode
Joint post with Jonathan Mayer.
Earlier today Mozilla announced support for Do Not Fool, a proposed mechanism for opting out of April Fools' pranks. We cannot support this misguided effort.
A Response to Commissioner Rosch on Do Not Track
Late last week FTC Commissioner Rosch penned a column in which he repeated a number of hackneyed criticisms of Do Not Track. Senators McCaskill and Pryor articulated similar concerns at a recent hearing. This piece sequentially deconstructs Rosch's column and replies to each of his substantive critiques.
What happens online stays online: Comments on "Do Not Track"
You've Been Tagged
An interesting case with big privacy implications looming: A Kentucky Court of Appeals holds you don’t need a person’s permission to tag them in a Facebook photo (LaLonde vs. LaLonde).
Against Notice Skepticsm In Privacy (And Elsewhere)
Requiring notice is an extraordinarily popular way to regulate. In online privacy, for instance, giving notice about their practices is among the only affirmative obligations websites face. The strategy is also one of the most heavily criticized. Not only does no one read privacy policies, skeptics rightly point out, but many believe that their mere existence guarantees certain base level protections that may or may not exist.
Should we give up on notice? My recent draft paper argues: maybe not. We should explore two possibilities, at any rate, before we do. The first is that regulators may sometimes select the wrong form of notice for the job. Today most website “terms” say that the company “may disclose data pursuant to lawful requests.” That does very little to further user understanding or action. But maybe it could work to:
Wikileaks and Freedom, Autonomy and Sovereignty in the Cloud
I have written an article on the future of sovereignty in the age of Wikileaks. I welcome Your comments.
"The hidden power structures and the inner workings of these states within the state are exposed by another imperium in imperio, a secretive organization, whose agenda is far from transparent, whose members, resources are unknown, holding back an indefinite amount of information both on itself and on its opponents. The mantra of Wikileaks supporters and the mantra of state and corporate executives are shockingly identical: “We share no information on ourselves; we gather information on everyone else. Only our secrets are valid secrets.” The Eye of Providence on the reverse side of the Great Seal of the United States, surrounded by the words Annuit Cœptis (He approves our undertakings), and Novus Ordo Seclorum, (New Order of the Ages) could very well be the seal of Wikileaks as well."
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1780519
http://www.warsystems.hu/fokuszban/wikileaks-and-freedom-autonomy-and-sovereignty-in-the-cloud/
The Problems with Requesting Access to Online Communities
In the past few weeks a few potential employers and schools were reported to have asked for access to the Facebook profile of an applicant or student. These reports are starting to feel like a trend. I think these requests are problematic not just for the Facebook user, but also the employer or administrator asking for access. In short, anyone asking for access to Facebook profiles and/or login credentials is asking users to betray the trust of their network and subjecting all parties involved to the potential deactivation of their Facebook account.
Do Not Track, Meet IETF
Do Not Track is on its way to becoming an Internet standard. In collaboration with Sid Stamm at Mozilla we've submitted an Internet-Draft to the IETF, specifying both the HTTP header syntax and the requirements for compliance.
This is just the beginning of the IETF's process and the evolution of the draft. But it's a transformative moment for web privacy: Do Not Track is now a formal standards proposal. Every browser, advertising network, analytics service, and social plug-in provider has a clear instruction manual on how to implement Do Not Track.
We owe a tremendous debt of gratitude to the colleagues and friends whose efforts have made Do Not Track a reality: Alissa Cooper, Peter Eckersley, Alex Fowler, John Mitchell, Ashkan Soltani, Lee Tien, and Harlan Yu. And we particularly thank Chris Soghoian, Do Not Track's unflagging champion for nearly two years.
Our Issues
anti-circumvention copyright copyright law Creative Commons defamation DMCA donottrack drm Fair Use first amendment Fourth Amendment Future of Ideas Google Hearsay Culture internet libel IP reform journalism libel network neutrality Privacy robots surveillance tcblog Testimony trademarks