As far as I can tell, law, custom, and technology are the three ways we have to protect our privacy. Cypherpunks are well aware of the technological options, so I won't discuss them further except to note that they probably are not, by themselves, enough. Law has also been discussed, including the European privacy laws and similar laws which have been proposed for the US. One good thing about the European mindset on privacy is that it seems to include resistance to legal suppression of privacy technology. The last is custom. This approach appears in cypherpunk discussions as an emphasis on contractual relations between people and the organizations receiving data. It is this area I would like to discuss. What makes a good privacy contract? What should you expect when you buy something? What is the standard contract? What exceptions must be clearly noted? How does society decide these cultural issues? I strongly believe in standard contracts because they greatly reduce transaction costs. Where the parties need different terms, they can negotiate exceptions. However, we do not have standard privacy contracts which match our new communication and database technologies. We don't even have a good public debate on the issues involved. Unfortunately, it seems that the only way to raise these issues to the radar scope of the news media/public is to have some congresscritter propose a law. Even more unfortunately, said law usually preempts people's right to contract with each other, rather than just setting a framework for the contract negotiations. There must be a better way. ------------------------------------------------------------------------- Bill Frantz | The Internet was designed | Periwinkle -- Consulting (408)356-8506 | to protect the free world | 16345 Englewood Ave. frantz@netcom.com | from hostile governments. | Los Gatos, CA 95032, USA