Subj: Online Privacy: Perspectives of Privacy Right
From: Paul Sholtz, Chief Technology Officer, PrivacyRight Inc., c/o Amy Hanson, 
703- 299-9470
To: Internet Caucus Advisory Committee

WHAT ARE THE LEGAL PRIVACY PROTECTIONS FOR INTERNET USERS?

The 1998 COPPA Act, which protects children's privacy online, is the only 
significant piece of U.S. legislation concerning Internet privacy. Currently, most 
privacy violations on the Internet are relatively benign, and are often limited 
only to behavior tracking for purposes of direct marketing (e.g., DoubleClick). 
Credit card theft via the Internet is extremely difficult. This is because credit card 
numbers are protected with SSL at 128 bits which is currently impossible to break. 
While there is every reason to believe that increasingly serious attacks on 
privacy could occur on the Internet, the most serious privacy violations remain in 
the offline world.

Identity theft is the most serious privacy invasion in today's society. However, this 
is a problem that is perpetuated in the offline world, not on the Internet. Identity 
theft occurs when someone gathers enough personal information on some 
other individual to assume that person’s identity. Often, the criminal will use the 
Internet to learn personally identifying information about the victim, such as 
victim's name, address, social security number and mother's maiden name. With 
this information, the criminal will apply for credit cards using the victim's identity 
and purchase goods at will, leaving the victim to pay the bill. At present, there 
are no significant laws against this form of identity theft. When it occurs, the 
burden of “fixing” the problem lies with the victimized consumer whose identity 
was stolen. It often takes years for the consumer to reestablish a decent credit 
rating. It would be more appropriate for the laws to be rewritten so that the 
burden of absorbing the cost of identity theft lay with the credit card 
companies, not with consumers.