2104
E-Services Privacy
self regulations are enough to protect individual’s
PII.
The European Union has a set of directives
UHODWHGWRHSULYDF\FDOOHG³7KH'DWD3URWHFWLRQ
Directive” (e.g., Directive 2002/58/EC of the
European Parliament and of the Council of 12
July 2002 concerning the processing of personal
data and the protection of privacy in the electronic
communications sector [Directive on privacy
and electronic communications]) (The European
Commission, 2002).
While e-privacy laws and acts may differ
according to the political structure and local
cultures, they share the objective of protecting
3,,WKDWXQLTXHO\LGHQWL¿HVDXVHUHJIXOOQDPH
social security number, e-mail address), or data
WKDWXQLTXHO\LGHQWL¿HVDSDUWLFXODUGHYLFHRUD
location used by a user (e.g., IP address).
A standard e-privacy policy would state:
(a) The purpose for which PII needs to be col
-
lected, and that this purpose shall be made
clear to individuals before the collecting
process begins,
(b) Whether collecting PII will be automatic,
RUZRXOGLQGLYLGXDOVEHQRWL¿HGEHIRUHWKH
collecting process begins,
(c) What PII is collected,
(d) How the collected PII will be used,

(e) If and how cookies are used,
(f) That the collecting organization is respon
-
sible for protecting the PII collected,
(g) What security policies are used, with refer
-
ences to them,
(h) The conditions under which the PII may be
released,
(i) For how long will the collected PII be re
-
tained, and
(j) The privacy act and principles that the policy
is based on.
A few policies will state more enhanced stan-
dards such as:
(a) The collecting organization would provide
information regarding its management of
the collected PII to concerned individuals,
and
(b) Concerned individuals shall be able to access
their PII and challenge the appropriateness
of the PII.
Questions that arise here are whether e-ser-
vices providers really adopt clear e-privacy poli-
cies and whether e-privacy laws and acts really
protect an individual’s e-privacy. An answer may
EHSURYLGHGLQWKHRQOLQHUHSRUW³6XSHU%HZDUH
Personal Privacy and the Internet” by the Elec-
tronic Privacy Information Center (1997). The

U H S R U W V W D W H V ³ 7 K H (O H F W U R Q L F 3 U L Y D F \ , Q IR U P D W L R Q 
C e n t e r ( E P I C ) r e v i e w e d 10 0 o f t h e m o s t f r e q u e n t l y
visited Web sites on the Internet. We checked
whether sites collected personal information, had
established privacy policies, made use of cookies,
and allowed people to visit without disclosing
their actual identity. We found that few Web sites
today have explicit privacy policies (only 17 of our
sample) and none of the top 100 Web sites meet
basic standards for privacy protection.”
While laws and acts are meant to force e-ser-
vices providers to adopt clear e-privacy policies,
they differ from one country to another accord-
ing to culture and political structure. Robert
Lee (1997) was involved in research to focus
on and compare how personal privacy related
regulations in two countries with close ideas of
personal freedom and governmental structures
— the United States of America and Australia
— would affect Internet applications collecting
3,,5REHU WVVW DWHVWKDW³'HVSLWHWKHVLPL-
larities in culture and aspirations for individual
freedom from bureaucracy in the United States
and Australia, this limited research demonstrated
that access to private information on individuals
was more freely available in the United States
than Australia. The difference in individual pri-
vacy protection resulted from the extension of
Australian federal privacy regulations to cover
2105

E-Services Privacy
c o m m e r c i a l b u s i n e s s e s i n a d d i t i o n t o g o ve r n m e n t
databases.”
Section vii will identify some challenges that
may be encountered when adopting and coping
with an e-policy.
CHALLENGES
E-privacy policies consider e-privacy in two
dimensions:
1. Providing the protection for individuals’ PII
against unauthorized collection and usage
when using e-services, and
2. Providing the protection for individuals’
PII, when collected with consent, against
electronic theft or reproduction by a third
party.
:HKDYHIRFXVHGRXUGLVFXVVLRQRQWKH¿UVW
dimension since we believe that the second dimen-
sion would be more related to electronic security
rather than to e-privacy. However, maintaining
the second dimension faces many challenges,
hence it will be included in our discussion in
this section.
Adopting and coping with e-privacy policies
face several challenges. We list some of them
below and classify them into policy and security
challenges:
Policy Challenges
•
Enforcing standards among all collectors

of PII.
$ V Z H FO D U L ¿ H G L Q D Q H D U O L H U V H F W L R Q  O D Z V D Q G 
a c t s d i f f e r f r o m o n e c o u n t r y t o a n o t h e r b a s e d
on culture, beliefs, and political structure.
An organization may provide an e-service to
thousands of individuals across the globe and
may be subject to some e-privacy laws. This
organization’s competitors, based in other
countries and providing the same service
also to thousands of individuals across the
globe, may not be bound by similar laws.
7KLVJDYHULVHWR³6DIH+DUERXU´DJUHHPHQWV
such as the safe harbour agreement between
the U.S. and the EU (U.S. Department of
Commerce, 2000). In such an agreement,
U.S. organizations may voluntarily partici-
pate in the safe harbour and be committed
to cooperate and comply with the European
Data Protection Authorities. This will ease
WKHÀRZRILQIRUPDWLRQIURP(8RUJDQL]D-
tions to participating U.S. organizations.
• Diversity of sectors.
There are differences between public (gov-
ernment) and private sectors. The public
sector often accepts committing to higher
e-privacy standards better than the private
sector. For example, the public sector does
not look to share collected PII outside its
departments, while private sector organiza-
WLRQVPD\¿QGLWQHFHVVDU\WRWUDGHFROOHFWHG

PII with other private sector organizations
for commercial purposes, competition, and
so on.
• Diversity of laws and legislations.
When a multi-national organization has
several branches with several Web sites in
different jurisdictions, to which e-privacy
law would it be subject?
• Diversity of individuals.
Some individuals may accept (reasonable)
risks in giving up their PII for getting an e-
service (e.g., have free access to software).
For example, Yahoo uses Web Beacons to
track Yahoo users (Yahoo). How would an
e-privacy policy balance between those and
other individuals who prefer (total) protec-
tion?
• Internal resistance from organizations
that have to adopt an e-privacy policy,
since violating the policy may have un-
pleasant legal consequences.
• Exceptions.
Almost every e-privacy law or act has some
2106
E-Services Privacy
exceptions that affect the proper implemen-
tation of the e-privacy policies that refer to
that law or act. While one may understand
releasing or hiding PII for legal or security
reasons, other exceptions may be confus-

ing. For example, the Canadian Personal
Information Protection and Electronic Docu-
ments Act (Government of Canada) notes
that an individual may inquire about the
existence, use, or disclosure of his or her
PII and can have access to it. However, the
DFWDOVRVWDWHVWKDW³,QFHUWDLQVLWXDWLRQV
an organization may not be able to provide
access to all the personal information it holds
D E R X W D Q L Q G L Y L G X D O ´ $ Q G  ³ ( [F H S W L R Q V P D \ 
include information that is prohibitively
costly to provide, information that contains
references to other individuals, information
that cannot be disclosed for legal, security,
or commercial proprietary reasons….” But,
who determines that the information is
prohibitively costly to provide? Why did
providing it become costly, while collecting
it was affordable? Also, who determines the
commercial proprietary reasons?
• &RQÀLFWZLWKRWKHUODZV.
$ Q H  S U L Y D F \ O DZ L Q R Q H F R X Q W U \ P D \ F R Q À L F W 
with another law in another country, or even
in the same country. For example, in 2004,
British Columbia’s Information and Privacy
Commissioner released a report warning that
Canadians’ privacy was at risk and that the
USA PATRIOT Act violates British Colum-
bian privacy laws (Information and Privacy
Commissioner for British Columbia, 2004).

7KHUHSRUWFODUL¿HVWKDWQHFHVVDU\FKDQJHV
to the British Columbian privacy laws are
needed to protect British Columbians’ per-
sonal information from being seized under
the controversial American law. A second
H[DPSOHRIFRQÀLFWVRIODZVLVWKHSRWHQWLDO
misuse of the Digital Millennium Copyright
Act (DMCA), passed in the United States in
1998 by Congress (U.S. Government, 1998).
Among other concerns, there is the concern
that this law may be misused by some parties
to violate individuals’ e-privacy. A copyright
holder may use the DMCA subpoena to force
an Internet service provider (ISP) to release
PII of an Internet user based on a claim of
copyright infringement. What if there is no
actual copyright infringement? What if an
irrelevant IP address was released by mis-
take? Could misuse or abuse be involved?
Security Challenges
(Related to Providing Enough
Security for Collected PII)
All e-privacy policies state that a collecting orga-
nization is responsible for protecting PII collected.
7KHLVVXHKHUHLVWKDWW KHUHDUHQRX Q L ¿HGVHFX U LW \
measures. This raises several questions:
• Would senior management in all collecting
organizations equally appreciate and under-
stand the issue of security and be committed
t o s p e n d i n g f o r h i g h s e c u r i t y t e c h n i q u e s a n d

skills?
• What security techniques are enough to
SURWHFWWKHFROOHFWHG3,,¿UHZDOOVDXWKHQWL-
cation, anti-virus software, data encryption,
etc.)?
• Would adopting high security measures
FRQÀLFWZLWK LQGLYLGXDOV¶ULJKWV WRDFFHVV
their stored PII?
• Would adopting some security techniques
(e.g., authentication) undermine e-pri-
vacy?
Authentication r e f e r s t o a s e t o f t e c h n i q u e s t h a t
may be used to verify that the user of a system
is really who he or she claims to be (e.g., using a
password known only to the person logging in).
However, there are experts in breaking down
(simple) passwords; also, there are software pro-
grams that assist in this task. The need for more
secure authentication systems would require col-
2107
E-Services Privacy
lecting more data from the user (e.g., answers for
SULYDWHDQGFRQ¿GHQWLDOTXHVWLRQVRUIRUXVLQJ
cookies that assist in identifying the computer
machine used. While authentication can help
protect e-privacy by making sure that those who
access PII stored electronically are authorized to
do so, it may also undermine e-privacy, as argued
by Kent and Millett (2003), since it could result
in authentication systems that:

• ³,QFUHDVHUHTXHVWVIRULGHQWL¿FDWLRQ
• Increase the collection of personal informa-
tion,
• Decrease the ability of individuals to un-
derstand and participate in data collection
decisions,
• )DFLOLWDWH UHFRUG OLQNDJH DQG SUR¿OLQJ
and
• Decrease the likelihood that individuals will
receive notice of or have the right to object
to third-party access to personal informa-
tion.”
CRITICAL ISSUES IN MANAGING
E-PRIVACY
Adopting an e-privacy policy is not a matter of
choice in some countries; it is a must. There is no
question that more countries will pass laws that
ask e-services providers to adopt clear e-privacy
policies. However, establishing an effective e-pri-
vacy policy that is in compliance with applicable
laws and acts to protect e-privacy requires the
integration of the following guidelines at three
levels: organizational, legal, and technical.
On the organizational level, a deep under-
standing from senior management is needed to
appreciate that having a proper e-privacy policy
ZRXOGDFWXDOO\EHQH¿WLWVHVHUYLFHEXVLQHVV,IDQ
e-service provider is publicly recognized as not
protecting users’ privacy, then this would have
a dramatic, damaging effect on its reputation

and business. Management must be willing to
spend generously on technology and skills to put
e-privacy in place. E-privacy must be seen as an
additional value to the organization’s business and
not as a barrier to it. Hence, the development of the
e-privacy policy, its requirements, and resources
must be integrated within the organization’s
overall business plan. The implications of the
e-privacy policy and its implementation on the
organization must be considered at the early stages
of designing and developing the organization’s
RYHUDOOEXVLQHVVSODQVRWKDWSURSHULGHQWL¿FDWLRQ
of the needed PII and techniques for collecting,
storing, processing, controlling, and transferring
PII are properly implemented. A clerk responsible
for managing the e-privacy policy must be under-
standing to concerned individuals and accept that
a concerned individual is entitled to have access
to his or her PII record at his or her chosen time.
The clerk must help the individual to the largest
extent authorized by the applicable law or act.
On the legal level, a deep understanding of
the applicable laws on e-privacy is needed. Legal
advisors must frequently revise the e-privacy
policy.
On the technical level, proper measures and
technologies for data security must be adopted to
protect PII from improper access while it is being
collected, stored, used, processed, and transferred
between servers and sites. Some guidelines that

may help for data security and protecting e-privacy
are listed next. Some of these guidelines may
help e-services providers that collect, store and
transfer data electronically; others could be help-
ful to individuals to protect their e-privacy while
XVLQJDQHVHUYLFHRUVXU¿QJWKH:HEWKHOLVWRI
guidelines is not intended to be comprehensive
or to guarantee full protection, but suggestions
to consider):
• Use public key encryption (PKE) to collect
sensitive data from individuals (by their
FRQVHQWDQGIRUGDWDÀRZEHWZHHQVLWHV
and servers.
E n c r y p t i o n i s a t e c h n i q u e u s e d t o e n c o d e d a t a
2108
E-Services Privacy
so that it may not be understood by others,
only by the encoder. Public key encryption
has recently become a cornerstone in online
business and e-services concerned with
providing a high level of protection to data
collected and transmitted electronically.
• Use encryption when storing data.
• Use authentication and authorization
techniques for accessing stored data.
• $XWKRUL]DWLRQLV¿QGLQJRXWLIDQDXWKHQ-
ticated person has the privileges to access
VRPHFODVVL¿HGGDWD.
• Use antivirus software, and update it
frequently.

Frequently use antivirus software to scan
and clean computer disks and memory from
viruses, worms, and Trojan horses that can
cause serious damage to data and computer
functioning.
• 8VH¿UHZDOOV.
8VHD¿UHZDOOV\VWHPFRXOGEHKDUGZDUH
software) to enforce an access control policy.
Use it to protect networked computers from
possible intrusion that may compromise
e-privacy by restricting communication
between the internet and a networked com-
puter that contains data to be protected.
• Prevent/control cookies.
Always check for cookies, block them,
or at least be alert when a cookie will be
placed on a computer hard disk, and delete
unwanted ones. Many e-services Web sites
place cookies on an individual’s machine
to recognize those who revisit their sites.
&RRNLHV DUH VPDOO WH[W ¿OHV WKDW FRQWDLQ
some information (e.g., preferences of an in-
dividual when he or she visits that Web site).
In principle, cookies do not automatically
collect PII, but they can save PII provided by
an individual with consent. While cookies
were originally meant to exchange informa-
tion (PII) with the Web site that sent them
and for which the individual has given PII
E\FRQVHQW¿UVWSDUW\FRRNLHRWKHUFRRN-

ies (third-party-cookies) can compromise
e-privacy. Third-party-cookies may track
an individual’s online activities and send
information about him/her to Web sites that
the individual knows nothing about. Cookies
c a n e a s i l y b e b l o c ke d , r e m o v e d , o r p r o t e c t e d
against by using opt-out cookies.
• &RQVLGHUDQRQ\PRXV:HEVXU¿QJ.
$QRQ\PRXVVXU¿QJKHOSVWRSURWHFWHSUL-
YDF\ E\ PDNLQJLW GLI¿FXOW IRU :HE VLWHV
visited to collect PII (e.g., IP address) or to
track an individual’s online activities. The
idea depends on not contacting the intended
Web site directly but through a second site
WKDWXVHVDQDQRQ\PRXVVXU¿QJSUR[\WKDW
will not allow the individual’s particulars to
be passed to the intended site. But can an
individual really trust the second site?
• Consider secure e-mail.
Some tools can help an individual to ac-
cess, store, and send e-mail in an encrypted
environment.
• 8VHSURSHUWRROVWREORFNVSDPDQG¿OWHU
incoming e-mail.
• Secure online communication.
Encrypt TCP/IP communication such as
instant messaging, HTTP, FTP, voicemail
faxes, and streaming audio/video.
• Frequently run privacy/security risk
assessments to identify the greatest risk

associated with unauthorized intrusion
to sensitive stored data.
APPROACHES FOR E-PRIVACY
MANAGEMENT
The increased concerns of individuals accessing
e-services exposing their e-privacy led researchers
to investigate approaches for managing e-privacy.
Specially, individuals are of limited experience
and resources when compared to e-services pro-
viders. The later have enough resources to develop
and enforce their e-privacy policies compared
2109
E-Services Privacy
WRLQGLYLGXDOVZKRPD\HYHQIDFHGLI¿FXOW\LQ
understanding some lengthy e-privacy policies.
One of the leading approaches for e-privacy
management is the Platform for Privacy Prefer-
ences Project (P3P) developed by the World Wide
Web Consortium (W3C) (W3C, 2004). This is
a protocol that may be used as an intermediary
between Web sites and Internet users. A Web site
may express its e-privacy policy requirements for
each of its Web pages using the P3P language,
specifying, for example, what PII to be collected
from a user (e.g., a page may not require to collect
any user’s PII; a second page may need to place
cookies on the user’s machine; a third page may
ask for the user’s e-mail, etc.). A user indicates
what PII he or she is willing to release to Web
VLWHVZKHWKHUKHRUVKHOLNHVWREHQRWL¿HGDWWKH

time of releasing the PII, and other preferences
(e.g., disclosing of PII will take place only over
a secured communication channel) to an agent
(usually a browser) that also understands the P3P
language. The user can visit Web sites and leave
LWWRWKHDJHQWWR³QHJRWLDWH´WKHLQGLFDWHGHSUL-
vacy preferences with the visited Web sites. This
protocol is more like a PII disclosure organizer
than an e-privacy protector. If the user accepts
to disclose his or her e-mail, then whenever a
Web page asks for the user’s e-mail, the agent
provides it and saves the user writing it several
times whenever a Web page requests it. In this
sense, P3P does not eliminate the need for other
e-privacy protection measures (e.g., encryption).
It is not an intelligent agent that would advise a
user whether to trust a Web site or not, or whether
to release PII or not. An increasing number of e-
service providers are adopting the P3P protocol.
Commercial tools have been developed to help
users to declare their e-privacy preferences (e.g.,
The IBM P3P Policy Editor [IBM]).
A second approach for e-privacy is proposed
by Tumer, Dogac, and Toroslu (2003). This ap-
proach introduces a framework where a Web site
FODVVL¿HVDQ\3,,LWUHTXHVWVWRFROOHFWDVPDQGD-
tory or optional. Mandatory means that data is
necessary for the service to take place (e.g., user
name, contact telephone number). Optional means
not necessary, it can also take the form of a rule

(e.g., a cer tain data item such as e-mail is optional
if the user provides a telephone number; otherwise
it becomes mandatory), or it can be absolutely
optional data that will have no affect on the ser-
vice provided. A user can associate one of three
permission levels with each of his or her PII: free
(may be released unconditionally), limited (may
be released only if mandatory), or not-given (may
not be released). Permission levels are declared
in a context ontology. Services are organized in a
hierarchical nodes structure, and there is a collec-
tion of privacy rule sets associated with nodes in
a service ontology. General principles govern the
release of data (e.g., any service node inherits the
SHUPLVVLRQGH¿QLWLRQVDVVRFLDWHGZLWKDKLJKHU
service node in the hierarchy, and specializations
override generalities). The main goal of this ap-
proach is to disclose the minimal data needed by
an e-service provider. A user’s agent would store
the user’s preferences and negotiate with a Web
site visited to disclose minimal data. Again this
framework does not eliminate the need for other
e-privacy protection measures (e.g., encryption),
and it is not an intelligent agent that would advise
a user whether to trust a Web site or not or whether
to release PII or not.
The work in the area of e-privacy protection
and e-privacy agents is active. Other related work
includes authentication services like Microsoft
Passport (Microsoft).

SPAMMING
We have focused in our discussion until now on
e-privacy invasion and protection, in the context
of collecting, using, distributing, or accessing
individuals’ PII without their consent. A second
dimension of e-privacy invasion is spamming.
Spamming is unsolicited e-mail. Commercial
organizations send bulk e-mail for advertising
2110
E-Services Privacy
and business purposes, probably containing
offensive materials to some individuals. What
are the differences between receiving uninvited
advertisements in e-mail inboxes and receiv-
LQJ XQLQYLWHG DGYHUWLVHPHQW À\HUV LQ UHJXODU
mailboxes? It would appear that one difference
is the greater quantity of spam e-mail. Another
difference is that a spam e-mail may contain a
virus (maybe unintended) that can wreak havoc
with a computer. In most cases, spam e-mail
does not include viruses, warms, Trojan horses,
RUVS\ZDUHWKDWVWHDO3,,RUGHVWUR\¿OHVEXWLWLV
still a form of e-privacy invasion, and can cause
several problems such as:
• Wasting an individual’s time reading junk
e-mail,
• Forcing content that may be offending to a
recipient, and
• 4XLFNO\¿OOLQJUHFLSLHQWLQER[TXRWDSURE-
ably causing important e-mail not to be

delivered.
Many spam systems make thorough exami-
nations of the Internet for any visible e-mail ad-
dresses on Web pages. Other systems would use
some descriptive group of users’ names such as
staff@ , faculty@ , users@ and use domains
of large organizations. A third type of spam sys-
tems would depend on hackers who break into
e-mail directories for individuals, organizations,
and newsgroups to copy the e-mail addresses
found. Advertisement materials would then be
sent to the copied addresses. A more harmful
spam system would depend on hackers to take
control of individuals’ computers and use them
to send spam.
Unfortunately there is no guaranteed way
WRIXOO\¿JKWVSDP)LJKWLQJVSDPFDQEHDWDQ
individual level or at an ISP level. Individuals
PD\¿JKWVSDPE\LQVWDOOLQJDQWLVSDPVRIWZDUH
that would just check patterns in e-mail messages
that are frequent in spam e-mail (e.g., lowest
mortgage ever, right time to buy, etc.). The system
would then collect what it believes to be spam,
store it on some area on the e-mail server’s hard
GLVNIRUDSUHGH¿QHGSHULRGRIWLPHHJWZR
weeks), and report the addresses and headers of
the assumed spam to the recipient in a form of a
list. The recipient has to go through the list and
decide whether he or she would like to retrieve
one of the blocked e-mails. This is not effective,

as the recipient still has to waste time checking
WKHOLVWDQGPD\¿QGLWGLI¿FXOWWRPDNHDGHFLVLRQ
regarding an e-mail based on the header. Some
servers would work on protecting their clients
by checking received e-mails before forwarding
them to clients.
,63V¿JKWVSDPE\VHYHUDODSSURDFKHVVXFKDV
XVLQJVSDP¿OWHUV7KHLGHDRIVSDP¿OWHUVGHSHQGV
on blocking e-mails received from IP addresses
known to be spam, blocking e-mails intended for
several recipients (exceeding a maximum num-
ber), or by checking e-mails’ contents for certain
words and structures that are known to be used
E\VSDPPHUV+RZHYHUWKHVSDP¿OWHUDSSURDFK
PD\UHVXOWLQSUREOHPVVXFKDVWKH³IDOVHSRVLWLYH´
where valid e-mails are blocked and not delivered
to their intended recipients. According to Loren
0F'RQDOG0F'RQDOG³$UHFHQWVWXG\E\5HWXUQ
Path indicated that approximately 12% of all e-mail
messages sent to valid e-mail addresses at the top
nine ISPs and Web mail service providers did not
end up in recipients’ inboxes as intended.” This is
EDVLFDOO\GXHWRVSDP¿OWHUV7KHSUREOHPRIIDOVH
positives may be considered a form of e-privacy
invasion. To protect users from spam, which is a
IRUPRIHSULYDF\LQYDVLRQVSDP¿OWHUVDUHXVHG
and may result in not delivering valid intended e-
mail, which is another form of e-privacy invasion
to both the sender and the recipient.
,WVHHPVWKDWWKHUHLVQRHIIHFWLYHZD\WR¿JKW

spam. Spammers use several techniques to trick
,63VDQGPDNHLWGLI¿FXOWIRUUHFLSLHQWVWRLGHQWLI\
and report them to ISPs (e.g., hiding addresses,
decimal/hexadecimal addresses, redirection). In
response to concerns over this increasing prob-
lem, several countries (e.g., U.S., EU) considered
2111
E-Services Privacy
issuing applicable laws. However, it is not clear
KRZWR¿JKWVSDPPHUVRXWVLGHWKHERXQGDULHVRI
those countries, since spammers can send spam
from any location in the world to any other loca-
tion in the world.
INTERNET CENSORSHIP
A third form of e-privacy invasion is Internet
censorship (IC). IC refers to installing software
RQFRPSXWHUVWRUHVWULFW,QWHUQHWVXU¿QJ6RPH
parents would use IC software (e.g., McAfee Of-
¿FH*XDUG'RJWROLPLWWKHLUFKLOGUHQ¶VDFFHVV
to some Web sites that would be considered inap-
propriate (e.g., contains materials that promote
drugs, discrimination, violence, etc.). In addition,
some schools and public libraries would use IC for
similar reasons; this is understandable. However,
IC is used on a wider scale by some authorities
and governments that install software on ISPs’
servers to limit all individuals in a community or
in a country from accessing some special Web sites
(e.g., political Web sites). This may be considered
by some parties (e.g., human rights, liberty) and

individuals as a form of e-privacy invasion.
IC software adopts several techniques such as
blocking Web sites that appear in a list of Web
sites that are known to offer offending material
or blocking Web sites based on a list of banned
words.
7KLVVHFWLRQDLPVDWEULHÀ\KLJKOLJKWLQJVRPH
various aspects of IC and not arguing the appro-
priateness of IC.
Firstly, countries that argue in favor of some
IC adopt applicable laws to restrict access to Web
VLWHVWKDWRIIHU,QWHUQHWFRQWHQWWKDWFRQÀLFWVZLWK
their off-line laws. Electronic Frontiers Australia
(2002) has published a comprehensive report on
Internet censorship laws and policies around the
world.
Secondly, individuals who believe that IC is
violating their e-privacy and their rights to surf
the Internet freely seek techniques to bypass IC.
In addition, restricted Web sites seek techniques
to be accessed, as they consider this restriction a
violation of their e-privacy in online publishing.
Freerk (2003) provides a lengthy and detailed
discussion on methods of censorship and ways
to bypass IC.
Thirdly, technically speaking, the restriction
based on a list of banned words may result in
O L P L W L Q J D F F H V V W R S D J H V W K D W D U H D F W X D O O \ V F LH Q W L ¿ F  
legal in nature, or even for children (e.g., prevent-
ing access to Web pages on sexual harassment

policies based on the word sexual, or on adult
education based on the world adult). There is
an interesting report by the Electronic Privacy
,QIRUPDWLRQ&HQWHUGLVFXVVLQJKRZFRQWHQW¿O-
ters may block access to kid-friendly Web sites
(Electronic Privacy Information Center-1, 1997).
In addition, the banning may result in slowing
down the loading of Web pages that have to be
DQDO\]HG¿UVW
E-PRIVACY IN PRIVATE NETWORKS
E-privacy in private networks is an expression
that is mostly used to mean monitoring employ-
ees’ online activities at their workplaces by their
employers. From the employees’ point of view,
this monitoring is violating their e-privacy. On the
other hand, employers claim that such monitoring
LVHVVHQWLDOIRUWKHEHQH¿WRIWKHZRUNSODFH$F-
cording to a CNN report published in 2000 (CNN,
    ³$ U H F H Q W V X U YH \ E \ W K H $ P H U L F D Q 0 D Q D J H -
P H Q W $ V V R F L D W L R Q ¿ Q G V   RI F R P S D Q L H V V D L G W K H \ 
monitored their employees’ Internet connections,
while 38% said they reviewed worker e-mail
messages.” To the best of my knowledge, there is
QRFXUUHQWVSHFL¿FOHJLVODWLRQWKDWDGGUHVVHVWKLV
FRQÀLFWRILQWHUHVWV+RZHYHUPRVWFRXUWV¶LQWHU-
pretations of privacy laws, which when adopted
and applied to e-privacy cases, support employers.
The employers’ main point is that they purchased
computers to be used by employees who get paid
to work a certain number of hours per working

2112
E-Services Privacy
day. There is no difference between an employee
who is absent and another employee who goes to
ZR U N E X W Z D V W H V K L V R U K H U W L P H V X U ¿ Q J W K H :H E I R U 
personal purposes. In addition, some employees
may use their workplace computers in harassing
activities that may bring their employers under
the law. This area of e-privacy is still evolving
with many debates and many questions: Should
WKHUHEHPRQLWRULQJLQWKH¿UVWSODFH":RXOGWKH
monitoring be occasional or continuous? Should
all employees be monitored or randomly selected,
or only those with low productivity? How about
giving employees relief from monitori ng at lunch
breaks? Is there a difference between monitor-
LQJ :HE VXU¿QJ DQG HPDLO PHVVDJHV" :RXOG
it make a difference if an employee is using his
or her organization’s e-mail account, or if he or
she is using a personal e-mail account? Would
monitoring e-mail focus on content/time taken
to compose it/sender and/or recipient? Would an
employer show some tolerance if an employee is
doing some e-learning online to improve his/her
TXDOL¿FDWLRQVEXWQRWVXU¿QJIRUDGXOWFRQWHQW",Q
the absence of a special law for organizing e-pri-
vacy in private networks, what other laws or acts
may be related or applied either by the employer
or by the employee? Human rights acts? Online
data protection acts for public networks? Com-

munication acts? Information privacy acts?
At this time, and until the matter is settled,
most advice to employers focuses on the need to
have an explicit monitoring policy and on tell-
ing their employees about the intention to start
monitoring them. On the other hand, the best
advice to employees is expect that your online
activities are monitored; be prepared to justify;
or even better — leave your e-privacy outside
before you enter your workplace, and claim it
back when you are out.
FUTURE WORK
The area of e-privacy has three main dimensions:
legal, organizational, and technical. Each of
those dimensions has many aspects that require
further work.
The legal dimension needs emerging laws to
organize the e-privacy issues between employees
and employers. Also, the current laws, since they
are relatively recent, must be assessed for any im-
provements. A framework for international legal
FROODERUDWLRQLVUHTXLUHGWR¿JKWVSDP
The organizational dimension has many
aspects that need further work. It is not enough
for each organization to have a clear e-policy for
monitoring employees, but rather a policy that
balances and caters to both the employee’s and
the organization’s interests. Employees working
under pressure of e-privacy invasion and under
continuous monitoring may not be able to think

and act freely and naturally, and this may affect
work productivity. In addition, some employees
may be spending many hours at work, probably
more than what they spend at home or at private
places, and they would need to access their private
e-mail at their work places. In the same way that
employers show tolerance when employees use
telephones and faxes at work, some tolerance is
also needed for online activities. Future research
could investigate what may be considered an ac-
ceptable limit of tolerance. Future work may also
look at how multinational organizations may cope
with several e-privacy laws and determining a
minimum set of security measures to be recom-
mended and used by all organizations.
The technical dimension is under continuous
development. There is work to improve restrict-
ing software to block only offending sites and
not some of the friendly ones as well. Work is
needed for more accurate blocking techniques
and algorithms. More advanced techniques are
QHHGHGWR¿JKWVSDP3URYLGLQJDGHTXDWHVHFXULW\
to PII collected from unauthorized access during
storage, processing, and transfer is a focus of much
2113
E-Services Privacy
current research (e.g., is it better to provide secu-
rity at applications level or at IP level?). Current
research also focuses on developing software tools
that may be used easily by individuals to enforce

and to guarantee their e-privacy policies.
CONCLUSION
With e-services on the Internet growing at an
unprecedented rate, the issue of e-privacy is
receiving growing attention as well. E-privacy
LVDWHUPWKDWLVGLI¿FXOWWRGH¿QHDVLWLVVHHQ
GLIIHUHQWO\E\YDU LRXVVWDNHKROGHUVRIFRQÀLFWLQJ
interests: governments, individuals, commercial
organizations, legislators, liberty advocates, and
so on. This chapter aimed at introducing various
NH \ D U H D V RI H  S U L Y D F \ W K D W D U H U H F H L Y L Q J V L J Q L ¿ F D Q W 
amounts of research. This includes the nature
and critical need for e-privacy, the relationship
between e-privacy and electronic security, e-
privacy policies, legal and technical aspects and
challenges, e-privacy management approaches
(forms, models), and e-privacy considerations
in public and private networks. As the topic is
still unsettled, one may expect to see increasing
research and debates in the areas mentioned.
REFERENCES
Alberta Government. Personal Information Protec-
tion Act, S.A. 2003, c. P-6.5. (2003). Retrieved Febru-
ary 18, 2005, from />cfm?page=legislation/act/index.html
CNN. (2000). More employers taking advantage of
new cyber-surveillance software. Retrieved Febru-
ary 28, 2005, from />US/07/10/workplace.eprivacy/
Cobb, S., & Cobb, C. (2004). Florida’s ID Theft Kit.
Retrieved February 25, 2005, from b.
FRPKHOSDUWÀRULGDKWP

Cranor, L. (2002). Web privacy with P3P. USA.:
O’Reilly & Associates.
Cranor, L., Langheinrich, M., Marchiori, M., Pre-
sler-Marshall, M., & Reagle, J. (2002). The Platform
IRU3ULYDF\3UHIHUHQFHV33VSHFL¿FDWLRQ.
Retrieved February 24, 2005, from http://www.
w3.org/TR/P3P/
Department of Justice - Canada. (n.d.). Privacy
provisions highlights. Retrieved February 3, 2005,
from />attback2.html
Electronic Frontiers Australia. (2002). Internet cen-
sorship: Law & policy around the world. Retrieved
February 23, 2005, from />sues/Censor/cens3.html#intro
Electronic Privacy Information Center. (1997).
Super beware: Personal privacy and the Internet.
Retrieved February 15, 2005, from c.
org/reports/surfer-beware.html
Electronic Privacy Information Center-1. (1997).
)DXOW\¿OWHUV+RZFRQWHQW¿OWHUVEORFNDFFHVVWR
kid-friendly information on the Internet. Retrieved
February 5, 2005, from />SRUWV¿OWHUUHSRUWKWPO
Federal Privacy Commissioner (Australia). (1988).
Information privacy principles under the Privacy Act
1988. Retrieved February 11, 2005, from http://www.
privacy.gov.au/publications/ipps.html
Freerk, O. (2005). How to bypass Internet censorship.
Retrieved February 12, 2005, from https://ssl-ac-
count.com/zensur.freerk.com/. (European mirror:
/>Government of Canada. (n.d.). The Personal Infor-
mation Protection and Electronic Documents Act

8QRI¿FLDO9HUVLRQ5HWULHYHG)HEUXDU\
from />01_01_e.asp
Go v e r n m e nt o f C a n a d a -1. T h e P e r s o n al I n f o r m a t i o n
3URWHFWLRQDQG(OHFWURQLF'RFXPHQWV$FW2I¿FLDO