2104 E-Services Privacy self regulations are enough to protect individual’s PII. The European Union has a set of directives UHODWHGWRHSULYDF\FDOOHG³7KH'DWD3URWHFWLRQ Directive” (e.g., Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector [Directive on privacy and electronic communications]) (The European Commission, 2002). While e-privacy laws and acts may differ according to the political structure and local cultures, they share the objective of protecting 3,,WKDWXQLTXHO\LGHQWL¿HVDXVHUHJIXOOQDPH social security number, e-mail address), or data WKDWXQLTXHO\LGHQWL¿HVDSDUWLFXODUGHYLFHRUD location used by a user (e.g., IP address). A standard e-privacy policy would state: (a) The purpose for which PII needs to be col - lected, and that this purpose shall be made clear to individuals before the collecting process begins, (b) Whether collecting PII will be automatic, RUZRXOGLQGLYLGXDOVEHQRWL¿HGEHIRUHWKH collecting process begins, (c) What PII is collected, (d) How the collected PII will be used, (e) If and how cookies are used, (f) That the collecting organization is respon - sible for protecting the PII collected, (g) What security policies are used, with refer - ences to them, (h) The conditions under which the PII may be released, (i) For how long will the collected PII be re - tained, and (j) The privacy act and principles that the policy is based on. A few policies will state more enhanced stan- dards such as: (a) The collecting organization would provide information regarding its management of the collected PII to concerned individuals, and (b) Concerned individuals shall be able to access their PII and challenge the appropriateness of the PII. Questions that arise here are whether e-ser- vices providers really adopt clear e-privacy poli- cies and whether e-privacy laws and acts really protect an individual’s e-privacy. An answer may EHSURYLGHGLQWKHRQOLQHUHSRUW³6XSHU%HZDUH Personal Privacy and the Internet” by the Elec- tronic Privacy Information Center (1997). The U H S R U W V W D W H V ³ 7 K H (O H F W U R Q L F 3 U L Y D F \ , Q IR U P D W L R Q C e n t e r ( E P I C ) r e v i e w e d 10 0 o f t h e m o s t f r e q u e n t l y visited Web sites on the Internet. We checked whether sites collected personal information, had established privacy policies, made use of cookies, and allowed people to visit without disclosing their actual identity. We found that few Web sites today have explicit privacy policies (only 17 of our sample) and none of the top 100 Web sites meet basic standards for privacy protection.” While laws and acts are meant to force e-ser- vices providers to adopt clear e-privacy policies, they differ from one country to another accord- ing to culture and political structure. Robert Lee (1997) was involved in research to focus on and compare how personal privacy related regulations in two countries with close ideas of personal freedom and governmental structures — the United States of America and Australia — would affect Internet applications collecting 3,,5REHU WVVW DWHVWKDW³'HVSLWHWKHVLPL- larities in culture and aspirations for individual freedom from bureaucracy in the United States and Australia, this limited research demonstrated that access to private information on individuals was more freely available in the United States than Australia. The difference in individual pri- vacy protection resulted from the extension of Australian federal privacy regulations to cover 2105 E-Services Privacy c o m m e r c i a l b u s i n e s s e s i n a d d i t i o n t o g o ve r n m e n t databases.” Section vii will identify some challenges that may be encountered when adopting and coping with an e-policy. CHALLENGES E-privacy policies consider e-privacy in two dimensions: 1. Providing the protection for individuals’ PII against unauthorized collection and usage when using e-services, and 2. Providing the protection for individuals’ PII, when collected with consent, against electronic theft or reproduction by a third party. :HKDYHIRFXVHGRXUGLVFXVVLRQRQWKH¿UVW dimension since we believe that the second dimen- sion would be more related to electronic security rather than to e-privacy. However, maintaining the second dimension faces many challenges, hence it will be included in our discussion in this section. Adopting and coping with e-privacy policies face several challenges. We list some of them below and classify them into policy and security challenges: Policy Challenges • Enforcing standards among all collectors of PII. $ V Z H FO D U L ¿ H G L Q D Q H D U O L H U V H F W L R Q O D Z V D Q G a c t s d i f f e r f r o m o n e c o u n t r y t o a n o t h e r b a s e d on culture, beliefs, and political structure. An organization may provide an e-service to thousands of individuals across the globe and may be subject to some e-privacy laws. This organization’s competitors, based in other countries and providing the same service also to thousands of individuals across the globe, may not be bound by similar laws. 7KLVJDYHULVHWR³6DIH+DUERXU´DJUHHPHQWV such as the safe harbour agreement between the U.S. and the EU (U.S. Department of Commerce, 2000). In such an agreement, U.S. organizations may voluntarily partici- pate in the safe harbour and be committed to cooperate and comply with the European Data Protection Authorities. This will ease WKHÀRZRILQIRUPDWLRQIURP(8RUJDQL]D- tions to participating U.S. organizations. • Diversity of sectors. There are differences between public (gov- ernment) and private sectors. The public sector often accepts committing to higher e-privacy standards better than the private sector. For example, the public sector does not look to share collected PII outside its departments, while private sector organiza- WLRQVPD\¿QGLWQHFHVVDU\WRWUDGHFROOHFWHG PII with other private sector organizations for commercial purposes, competition, and so on. • Diversity of laws and legislations. When a multi-national organization has several branches with several Web sites in different jurisdictions, to which e-privacy law would it be subject? • Diversity of individuals. Some individuals may accept (reasonable) risks in giving up their PII for getting an e- service (e.g., have free access to software). For example, Yahoo uses Web Beacons to track Yahoo users (Yahoo). How would an e-privacy policy balance between those and other individuals who prefer (total) protec- tion? • Internal resistance from organizations that have to adopt an e-privacy policy, since violating the policy may have un- pleasant legal consequences. • Exceptions. Almost every e-privacy law or act has some 2106 E-Services Privacy exceptions that affect the proper implemen- tation of the e-privacy policies that refer to that law or act. While one may understand releasing or hiding PII for legal or security reasons, other exceptions may be confus- ing. For example, the Canadian Personal Information Protection and Electronic Docu- ments Act (Government of Canada) notes that an individual may inquire about the existence, use, or disclosure of his or her PII and can have access to it. However, the DFWDOVRVWDWHVWKDW³,QFHUWDLQVLWXDWLRQV an organization may not be able to provide access to all the personal information it holds D E R X W D Q L Q G L Y L G X D O ´ $ Q G ³ ( [F H S W L R Q V P D \ include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons….” But, who determines that the information is prohibitively costly to provide? Why did providing it become costly, while collecting it was affordable? Also, who determines the commercial proprietary reasons? • &RQÀLFWZLWKRWKHUODZV. $ Q H S U L Y D F \ O DZ L Q R Q H F R X Q W U \ P D \ F R Q À L F W with another law in another country, or even in the same country. For example, in 2004, British Columbia’s Information and Privacy Commissioner released a report warning that Canadians’ privacy was at risk and that the USA PATRIOT Act violates British Colum- bian privacy laws (Information and Privacy Commissioner for British Columbia, 2004). 7KHUHSRUWFODUL¿HVWKDWQHFHVVDU\FKDQJHV to the British Columbian privacy laws are needed to protect British Columbians’ per- sonal information from being seized under the controversial American law. A second H[DPSOHRIFRQÀLFWVRIODZVLVWKHSRWHQWLDO misuse of the Digital Millennium Copyright Act (DMCA), passed in the United States in 1998 by Congress (U.S. Government, 1998). Among other concerns, there is the concern that this law may be misused by some parties to violate individuals’ e-privacy. A copyright holder may use the DMCA subpoena to force an Internet service provider (ISP) to release PII of an Internet user based on a claim of copyright infringement. What if there is no actual copyright infringement? What if an irrelevant IP address was released by mis- take? Could misuse or abuse be involved? Security Challenges (Related to Providing Enough Security for Collected PII) All e-privacy policies state that a collecting orga- nization is responsible for protecting PII collected. 7KHLVVXHKHUHLVWKDWW KHUHDUHQRX Q L ¿HGVHFX U LW \ measures. This raises several questions: • Would senior management in all collecting organizations equally appreciate and under- stand the issue of security and be committed t o s p e n d i n g f o r h i g h s e c u r i t y t e c h n i q u e s a n d skills? • What security techniques are enough to SURWHFWWKHFROOHFWHG3,,¿UHZDOOVDXWKHQWL- cation, anti-virus software, data encryption, etc.)? • Would adopting high security measures FRQÀLFWZLWK LQGLYLGXDOV¶ULJKWV WRDFFHVV their stored PII? • Would adopting some security techniques (e.g., authentication) undermine e-pri- vacy? Authentication r e f e r s t o a s e t o f t e c h n i q u e s t h a t may be used to verify that the user of a system is really who he or she claims to be (e.g., using a password known only to the person logging in). However, there are experts in breaking down (simple) passwords; also, there are software pro- grams that assist in this task. The need for more secure authentication systems would require col- 2107 E-Services Privacy lecting more data from the user (e.g., answers for SULYDWHDQGFRQ¿GHQWLDOTXHVWLRQVRUIRUXVLQJ cookies that assist in identifying the computer machine used. While authentication can help protect e-privacy by making sure that those who access PII stored electronically are authorized to do so, it may also undermine e-privacy, as argued by Kent and Millett (2003), since it could result in authentication systems that: • ³,QFUHDVHUHTXHVWVIRULGHQWL¿FDWLRQ • Increase the collection of personal informa- tion, • Decrease the ability of individuals to un- derstand and participate in data collection decisions, • )DFLOLWDWH UHFRUG OLQNDJH DQG SUR¿OLQJ and • Decrease the likelihood that individuals will receive notice of or have the right to object to third-party access to personal informa- tion.” CRITICAL ISSUES IN MANAGING E-PRIVACY Adopting an e-privacy policy is not a matter of choice in some countries; it is a must. There is no question that more countries will pass laws that ask e-services providers to adopt clear e-privacy policies. However, establishing an effective e-pri- vacy policy that is in compliance with applicable laws and acts to protect e-privacy requires the integration of the following guidelines at three levels: organizational, legal, and technical. On the organizational level, a deep under- standing from senior management is needed to appreciate that having a proper e-privacy policy ZRXOGDFWXDOO\EHQH¿WLWVHVHUYLFHEXVLQHVV,IDQ e-service provider is publicly recognized as not protecting users’ privacy, then this would have a dramatic, damaging effect on its reputation and business. Management must be willing to spend generously on technology and skills to put e-privacy in place. E-privacy must be seen as an additional value to the organization’s business and not as a barrier to it. Hence, the development of the e-privacy policy, its requirements, and resources must be integrated within the organization’s overall business plan. The implications of the e-privacy policy and its implementation on the organization must be considered at the early stages of designing and developing the organization’s RYHUDOOEXVLQHVVSODQVRWKDWSURSHULGHQWL¿FDWLRQ of the needed PII and techniques for collecting, storing, processing, controlling, and transferring PII are properly implemented. A clerk responsible for managing the e-privacy policy must be under- standing to concerned individuals and accept that a concerned individual is entitled to have access to his or her PII record at his or her chosen time. The clerk must help the individual to the largest extent authorized by the applicable law or act. On the legal level, a deep understanding of the applicable laws on e-privacy is needed. Legal advisors must frequently revise the e-privacy policy. On the technical level, proper measures and technologies for data security must be adopted to protect PII from improper access while it is being collected, stored, used, processed, and transferred between servers and sites. Some guidelines that may help for data security and protecting e-privacy are listed next. Some of these guidelines may help e-services providers that collect, store and transfer data electronically; others could be help- ful to individuals to protect their e-privacy while XVLQJDQHVHUYLFHRUVXU¿QJWKH:HEWKHOLVWRI guidelines is not intended to be comprehensive or to guarantee full protection, but suggestions to consider): • Use public key encryption (PKE) to collect sensitive data from individuals (by their FRQVHQWDQGIRUGDWDÀRZEHWZHHQVLWHV and servers. E n c r y p t i o n i s a t e c h n i q u e u s e d t o e n c o d e d a t a 2108 E-Services Privacy so that it may not be understood by others, only by the encoder. Public key encryption has recently become a cornerstone in online business and e-services concerned with providing a high level of protection to data collected and transmitted electronically. • Use encryption when storing data. • Use authentication and authorization techniques for accessing stored data. • $XWKRUL]DWLRQLV¿QGLQJRXWLIDQDXWKHQ- ticated person has the privileges to access VRPHFODVVL¿HGGDWD. • Use antivirus software, and update it frequently. Frequently use antivirus software to scan and clean computer disks and memory from viruses, worms, and Trojan horses that can cause serious damage to data and computer functioning. • 8VH¿UHZDOOV. 8VHD¿UHZDOOV\VWHPFRXOGEHKDUGZDUH software) to enforce an access control policy. Use it to protect networked computers from possible intrusion that may compromise e-privacy by restricting communication between the internet and a networked com- puter that contains data to be protected. • Prevent/control cookies. Always check for cookies, block them, or at least be alert when a cookie will be placed on a computer hard disk, and delete unwanted ones. Many e-services Web sites place cookies on an individual’s machine to recognize those who revisit their sites. &RRNLHV DUH VPDOO WH[W ¿OHV WKDW FRQWDLQ some information (e.g., preferences of an in- dividual when he or she visits that Web site). In principle, cookies do not automatically collect PII, but they can save PII provided by an individual with consent. While cookies were originally meant to exchange informa- tion (PII) with the Web site that sent them and for which the individual has given PII E\FRQVHQW¿UVWSDUW\FRRNLHRWKHUFRRN- ies (third-party-cookies) can compromise e-privacy. Third-party-cookies may track an individual’s online activities and send information about him/her to Web sites that the individual knows nothing about. Cookies c a n e a s i l y b e b l o c ke d , r e m o v e d , o r p r o t e c t e d against by using opt-out cookies. • &RQVLGHUDQRQ\PRXV:HEVXU¿QJ. $QRQ\PRXVVXU¿QJKHOSVWRSURWHFWHSUL- YDF\ E\ PDNLQJLW GLI¿FXOW IRU :HE VLWHV visited to collect PII (e.g., IP address) or to track an individual’s online activities. The idea depends on not contacting the intended Web site directly but through a second site WKDWXVHVDQDQRQ\PRXVVXU¿QJSUR[\WKDW will not allow the individual’s particulars to be passed to the intended site. But can an individual really trust the second site? • Consider secure e-mail. Some tools can help an individual to ac- cess, store, and send e-mail in an encrypted environment. • 8VHSURSHUWRROVWREORFNVSDPDQG¿OWHU incoming e-mail. • Secure online communication. Encrypt TCP/IP communication such as instant messaging, HTTP, FTP, voicemail faxes, and streaming audio/video. • Frequently run privacy/security risk assessments to identify the greatest risk associated with unauthorized intrusion to sensitive stored data. APPROACHES FOR E-PRIVACY MANAGEMENT The increased concerns of individuals accessing e-services exposing their e-privacy led researchers to investigate approaches for managing e-privacy. Specially, individuals are of limited experience and resources when compared to e-services pro- viders. The later have enough resources to develop and enforce their e-privacy policies compared 2109 E-Services Privacy WRLQGLYLGXDOVZKRPD\HYHQIDFHGLI¿FXOW\LQ understanding some lengthy e-privacy policies. One of the leading approaches for e-privacy management is the Platform for Privacy Prefer- ences Project (P3P) developed by the World Wide Web Consortium (W3C) (W3C, 2004). This is a protocol that may be used as an intermediary between Web sites and Internet users. A Web site may express its e-privacy policy requirements for each of its Web pages using the P3P language, specifying, for example, what PII to be collected from a user (e.g., a page may not require to collect any user’s PII; a second page may need to place cookies on the user’s machine; a third page may ask for the user’s e-mail, etc.). A user indicates what PII he or she is willing to release to Web VLWHVZKHWKHUKHRUVKHOLNHVWREHQRWL¿HGDWWKH time of releasing the PII, and other preferences (e.g., disclosing of PII will take place only over a secured communication channel) to an agent (usually a browser) that also understands the P3P language. The user can visit Web sites and leave LWWRWKHDJHQWWR³QHJRWLDWH´WKHLQGLFDWHGHSUL- vacy preferences with the visited Web sites. This protocol is more like a PII disclosure organizer than an e-privacy protector. If the user accepts to disclose his or her e-mail, then whenever a Web page asks for the user’s e-mail, the agent provides it and saves the user writing it several times whenever a Web page requests it. In this sense, P3P does not eliminate the need for other e-privacy protection measures (e.g., encryption). It is not an intelligent agent that would advise a user whether to trust a Web site or not, or whether to release PII or not. An increasing number of e- service providers are adopting the P3P protocol. Commercial tools have been developed to help users to declare their e-privacy preferences (e.g., The IBM P3P Policy Editor [IBM]). A second approach for e-privacy is proposed by Tumer, Dogac, and Toroslu (2003). This ap- proach introduces a framework where a Web site FODVVL¿HVDQ\3,,LWUHTXHVWVWRFROOHFWDVPDQGD- tory or optional. Mandatory means that data is necessary for the service to take place (e.g., user name, contact telephone number). Optional means not necessary, it can also take the form of a rule (e.g., a cer tain data item such as e-mail is optional if the user provides a telephone number; otherwise it becomes mandatory), or it can be absolutely optional data that will have no affect on the ser- vice provided. A user can associate one of three permission levels with each of his or her PII: free (may be released unconditionally), limited (may be released only if mandatory), or not-given (may not be released). Permission levels are declared in a context ontology. Services are organized in a hierarchical nodes structure, and there is a collec- tion of privacy rule sets associated with nodes in a service ontology. General principles govern the release of data (e.g., any service node inherits the SHUPLVVLRQGH¿QLWLRQVDVVRFLDWHGZLWKDKLJKHU service node in the hierarchy, and specializations override generalities). The main goal of this ap- proach is to disclose the minimal data needed by an e-service provider. A user’s agent would store the user’s preferences and negotiate with a Web site visited to disclose minimal data. Again this framework does not eliminate the need for other e-privacy protection measures (e.g., encryption), and it is not an intelligent agent that would advise a user whether to trust a Web site or not or whether to release PII or not. The work in the area of e-privacy protection and e-privacy agents is active. Other related work includes authentication services like Microsoft Passport (Microsoft). SPAMMING We have focused in our discussion until now on e-privacy invasion and protection, in the context of collecting, using, distributing, or accessing individuals’ PII without their consent. A second dimension of e-privacy invasion is spamming. Spamming is unsolicited e-mail. Commercial organizations send bulk e-mail for advertising 2110 E-Services Privacy and business purposes, probably containing offensive materials to some individuals. What are the differences between receiving uninvited advertisements in e-mail inboxes and receiv- LQJ XQLQYLWHG DGYHUWLVHPHQW À\HUV LQ UHJXODU mailboxes? It would appear that one difference is the greater quantity of spam e-mail. Another difference is that a spam e-mail may contain a virus (maybe unintended) that can wreak havoc with a computer. In most cases, spam e-mail does not include viruses, warms, Trojan horses, RUVS\ZDUHWKDWVWHDO3,,RUGHVWUR\¿OHVEXWLWLV still a form of e-privacy invasion, and can cause several problems such as: • Wasting an individual’s time reading junk e-mail, • Forcing content that may be offending to a recipient, and • 4XLFNO\¿OOLQJUHFLSLHQWLQER[TXRWDSURE- ably causing important e-mail not to be delivered. Many spam systems make thorough exami- nations of the Internet for any visible e-mail ad- dresses on Web pages. Other systems would use some descriptive group of users’ names such as staff@ , faculty@ , users@ and use domains of large organizations. A third type of spam sys- tems would depend on hackers who break into e-mail directories for individuals, organizations, and newsgroups to copy the e-mail addresses found. Advertisement materials would then be sent to the copied addresses. A more harmful spam system would depend on hackers to take control of individuals’ computers and use them to send spam. Unfortunately there is no guaranteed way WRIXOO\¿JKWVSDP)LJKWLQJVSDPFDQEHDWDQ individual level or at an ISP level. Individuals PD\¿JKWVSDPE\LQVWDOOLQJDQWLVSDPVRIWZDUH that would just check patterns in e-mail messages that are frequent in spam e-mail (e.g., lowest mortgage ever, right time to buy, etc.). The system would then collect what it believes to be spam, store it on some area on the e-mail server’s hard GLVNIRUDSUHGH¿QHGSHULRGRIWLPHHJWZR weeks), and report the addresses and headers of the assumed spam to the recipient in a form of a list. The recipient has to go through the list and decide whether he or she would like to retrieve one of the blocked e-mails. This is not effective, as the recipient still has to waste time checking WKHOLVWDQGPD\¿QGLWGLI¿FXOWWRPDNHDGHFLVLRQ regarding an e-mail based on the header. Some servers would work on protecting their clients by checking received e-mails before forwarding them to clients. ,63V¿JKWVSDPE\VHYHUDODSSURDFKHVVXFKDV XVLQJVSDP¿OWHUV7KHLGHDRIVSDP¿OWHUVGHSHQGV on blocking e-mails received from IP addresses known to be spam, blocking e-mails intended for several recipients (exceeding a maximum num- ber), or by checking e-mails’ contents for certain words and structures that are known to be used E\VSDPPHUV+RZHYHUWKHVSDP¿OWHUDSSURDFK PD\UHVXOWLQSUREOHPVVXFKDVWKH³IDOVHSRVLWLYH´ where valid e-mails are blocked and not delivered to their intended recipients. According to Loren 0F'RQDOG0F'RQDOG³$UHFHQWVWXG\E\5HWXUQ Path indicated that approximately 12% of all e-mail messages sent to valid e-mail addresses at the top nine ISPs and Web mail service providers did not end up in recipients’ inboxes as intended.” This is EDVLFDOO\GXHWRVSDP¿OWHUV7KHSUREOHPRIIDOVH positives may be considered a form of e-privacy invasion. To protect users from spam, which is a IRUPRIHSULYDF\LQYDVLRQVSDP¿OWHUVDUHXVHG and may result in not delivering valid intended e- mail, which is another form of e-privacy invasion to both the sender and the recipient. ,WVHHPVWKDWWKHUHLVQRHIIHFWLYHZD\WR¿JKW spam. Spammers use several techniques to trick ,63VDQGPDNHLWGLI¿FXOWIRUUHFLSLHQWVWRLGHQWLI\ and report them to ISPs (e.g., hiding addresses, decimal/hexadecimal addresses, redirection). In response to concerns over this increasing prob- lem, several countries (e.g., U.S., EU) considered 2111 E-Services Privacy issuing applicable laws. However, it is not clear KRZWR¿JKWVSDPPHUVRXWVLGHWKHERXQGDULHVRI those countries, since spammers can send spam from any location in the world to any other loca- tion in the world. INTERNET CENSORSHIP A third form of e-privacy invasion is Internet censorship (IC). IC refers to installing software RQFRPSXWHUVWRUHVWULFW,QWHUQHWVXU¿QJ6RPH parents would use IC software (e.g., McAfee Of- ¿FH*XDUG'RJWROLPLWWKHLUFKLOGUHQ¶VDFFHVV to some Web sites that would be considered inap- propriate (e.g., contains materials that promote drugs, discrimination, violence, etc.). In addition, some schools and public libraries would use IC for similar reasons; this is understandable. However, IC is used on a wider scale by some authorities and governments that install software on ISPs’ servers to limit all individuals in a community or in a country from accessing some special Web sites (e.g., political Web sites). This may be considered by some parties (e.g., human rights, liberty) and individuals as a form of e-privacy invasion. IC software adopts several techniques such as blocking Web sites that appear in a list of Web sites that are known to offer offending material or blocking Web sites based on a list of banned words. 7KLVVHFWLRQDLPVDWEULHÀ\KLJKOLJKWLQJVRPH various aspects of IC and not arguing the appro- priateness of IC. Firstly, countries that argue in favor of some IC adopt applicable laws to restrict access to Web VLWHVWKDWRIIHU,QWHUQHWFRQWHQWWKDWFRQÀLFWVZLWK their off-line laws. Electronic Frontiers Australia (2002) has published a comprehensive report on Internet censorship laws and policies around the world. Secondly, individuals who believe that IC is violating their e-privacy and their rights to surf the Internet freely seek techniques to bypass IC. In addition, restricted Web sites seek techniques to be accessed, as they consider this restriction a violation of their e-privacy in online publishing. Freerk (2003) provides a lengthy and detailed discussion on methods of censorship and ways to bypass IC. Thirdly, technically speaking, the restriction based on a list of banned words may result in O L P L W L Q J D F F H V V W R S D J H V W K D W D U H D F W X D O O \ V F LH Q W L ¿ F legal in nature, or even for children (e.g., prevent- ing access to Web pages on sexual harassment policies based on the word sexual, or on adult education based on the world adult). There is an interesting report by the Electronic Privacy ,QIRUPDWLRQ&HQWHUGLVFXVVLQJKRZFRQWHQW¿O- ters may block access to kid-friendly Web sites (Electronic Privacy Information Center-1, 1997). In addition, the banning may result in slowing down the loading of Web pages that have to be DQDO\]HG¿UVW E-PRIVACY IN PRIVATE NETWORKS E-privacy in private networks is an expression that is mostly used to mean monitoring employ- ees’ online activities at their workplaces by their employers. From the employees’ point of view, this monitoring is violating their e-privacy. On the other hand, employers claim that such monitoring LVHVVHQWLDOIRUWKHEHQH¿WRIWKHZRUNSODFH$F- cording to a CNN report published in 2000 (CNN, ³$ U H F H Q W V X U YH \ E \ W K H $ P H U L F D Q 0 D Q D J H - P H Q W $ V V R F L D W L R Q ¿ Q G V RI F R P S D Q L H V V D L G W K H \ monitored their employees’ Internet connections, while 38% said they reviewed worker e-mail messages.” To the best of my knowledge, there is QRFXUUHQWVSHFL¿FOHJLVODWLRQWKDWDGGUHVVHVWKLV FRQÀLFWRILQWHUHVWV+RZHYHUPRVWFRXUWV¶LQWHU- pretations of privacy laws, which when adopted and applied to e-privacy cases, support employers. The employers’ main point is that they purchased computers to be used by employees who get paid to work a certain number of hours per working 2112 E-Services Privacy day. There is no difference between an employee who is absent and another employee who goes to ZR U N E X W Z D V W H V K L V R U K H U W L P H V X U ¿ Q J W K H :H E I R U personal purposes. In addition, some employees may use their workplace computers in harassing activities that may bring their employers under the law. This area of e-privacy is still evolving with many debates and many questions: Should WKHUHEHPRQLWRULQJLQWKH¿UVWSODFH":RXOGWKH monitoring be occasional or continuous? Should all employees be monitored or randomly selected, or only those with low productivity? How about giving employees relief from monitori ng at lunch breaks? Is there a difference between monitor- LQJ :HE VXU¿QJ DQG HPDLO PHVVDJHV" :RXOG it make a difference if an employee is using his or her organization’s e-mail account, or if he or she is using a personal e-mail account? Would monitoring e-mail focus on content/time taken to compose it/sender and/or recipient? Would an employer show some tolerance if an employee is doing some e-learning online to improve his/her TXDOL¿FDWLRQVEXWQRWVXU¿QJIRUDGXOWFRQWHQW",Q the absence of a special law for organizing e-pri- vacy in private networks, what other laws or acts may be related or applied either by the employer or by the employee? Human rights acts? Online data protection acts for public networks? Com- munication acts? Information privacy acts? At this time, and until the matter is settled, most advice to employers focuses on the need to have an explicit monitoring policy and on tell- ing their employees about the intention to start monitoring them. On the other hand, the best advice to employees is expect that your online activities are monitored; be prepared to justify; or even better — leave your e-privacy outside before you enter your workplace, and claim it back when you are out. FUTURE WORK The area of e-privacy has three main dimensions: legal, organizational, and technical. Each of those dimensions has many aspects that require further work. The legal dimension needs emerging laws to organize the e-privacy issues between employees and employers. Also, the current laws, since they are relatively recent, must be assessed for any im- provements. A framework for international legal FROODERUDWLRQLVUHTXLUHGWR¿JKWVSDP The organizational dimension has many aspects that need further work. It is not enough for each organization to have a clear e-policy for monitoring employees, but rather a policy that balances and caters to both the employee’s and the organization’s interests. Employees working under pressure of e-privacy invasion and under continuous monitoring may not be able to think and act freely and naturally, and this may affect work productivity. In addition, some employees may be spending many hours at work, probably more than what they spend at home or at private places, and they would need to access their private e-mail at their work places. In the same way that employers show tolerance when employees use telephones and faxes at work, some tolerance is also needed for online activities. Future research could investigate what may be considered an ac- ceptable limit of tolerance. Future work may also look at how multinational organizations may cope with several e-privacy laws and determining a minimum set of security measures to be recom- mended and used by all organizations. The technical dimension is under continuous development. There is work to improve restrict- ing software to block only offending sites and not some of the friendly ones as well. Work is needed for more accurate blocking techniques and algorithms. More advanced techniques are QHHGHGWR¿JKWVSDP3URYLGLQJDGHTXDWHVHFXULW\ to PII collected from unauthorized access during storage, processing, and transfer is a focus of much 2113 E-Services Privacy current research (e.g., is it better to provide secu- rity at applications level or at IP level?). Current research also focuses on developing software tools that may be used easily by individuals to enforce and to guarantee their e-privacy policies. CONCLUSION With e-services on the Internet growing at an unprecedented rate, the issue of e-privacy is receiving growing attention as well. E-privacy LVDWHUPWKDWLVGLI¿FXOWWRGH¿QHDVLWLVVHHQ GLIIHUHQWO\E\YDU LRXVVWDNHKROGHUVRIFRQÀLFWLQJ interests: governments, individuals, commercial organizations, legislators, liberty advocates, and so on. This chapter aimed at introducing various NH \ D U H D V RI H S U L Y D F \ W K D W D U H U H F H L Y L Q J V L J Q L ¿ F D Q W amounts of research. This includes the nature and critical need for e-privacy, the relationship between e-privacy and electronic security, e- privacy policies, legal and technical aspects and challenges, e-privacy management approaches (forms, models), and e-privacy considerations in public and private networks. As the topic is still unsettled, one may expect to see increasing research and debates in the areas mentioned. REFERENCES Alberta Government. Personal Information Protec- tion Act, S.A. 2003, c. P-6.5. (2003). Retrieved Febru- ary 18, 2005, from http://www.psp.gov.ab.ca/index. cfm?page=legislation/act/index.html CNN. (2000). More employers taking advantage of new cyber-surveillance software. Retrieved Febru- ary 28, 2005, from http://archives.cnn.com/2000/ US/07/10/workplace.eprivacy/ Cobb, S., & Cobb, C. (2004). Florida’s ID Theft Kit. Retrieved February 25, 2005, from http://www.cobb. FRPKHOSDUWÀRULGDKWP Cranor, L. (2002). Web privacy with P3P. USA.: O’Reilly & Associates. Cranor, L., Langheinrich, M., Marchiori, M., Pre- sler-Marshall, M., & Reagle, J. (2002). The Platform IRU3ULYDF\3UHIHUHQFHV33VSHFL¿FDWLRQ. Retrieved February 24, 2005, from http://www. w3.org/TR/P3P/ Department of Justice - Canada. (n.d.). Privacy provisions highlights. Retrieved February 3, 2005, from http://canada.justice.gc.ca/en/news/nr/1998/ attback2.html Electronic Frontiers Australia. (2002). Internet cen- sorship: Law & policy around the world. Retrieved February 23, 2005, from http://www.efa.org.au/Is- sues/Censor/cens3.html#intro Electronic Privacy Information Center. (1997). Super beware: Personal privacy and the Internet. Retrieved February 15, 2005, from http://www.epic. org/reports/surfer-beware.html Electronic Privacy Information Center-1. (1997). )DXOW\¿OWHUV+RZFRQWHQW¿OWHUVEORFNDFFHVVWR kid-friendly information on the Internet. Retrieved February 5, 2005, from http://www2.epic.org/re- SRUWV¿OWHUUHSRUWKWPO Federal Privacy Commissioner (Australia). (1988). Information privacy principles under the Privacy Act 1988. Retrieved February 11, 2005, from http://www. privacy.gov.au/publications/ipps.html Freerk, O. (2005). How to bypass Internet censorship. Retrieved February 12, 2005, from https://ssl-ac- count.com/zensur.freerk.com/. (European mirror: http://www.zensur.freerk.com/). Government of Canada. (n.d.). The Personal Infor- mation Protection and Electronic Documents Act 8QRI¿FLDO9HUVLRQ5HWULHYHG)HEUXDU\ from http://www.privcom.gc.ca/legislation/02_06_ 01_01_e.asp Go v e r n m e nt o f C a n a d a -1. T h e P e r s o n al I n f o r m a t i o n 3URWHFWLRQDQG(OHFWURQLF'RFXPHQWV$FW2I¿FLDO . Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector [Directive on privacy and electronic. software, and update it frequently. Frequently use antivirus software to scan and clean computer disks and memory from viruses, worms, and Trojan horses that can cause serious damage to data and. This includes the nature and critical need for e-privacy, the relationship between e-privacy and electronic security, e- privacy policies, legal and technical aspects and challenges, e-privacy