I don't believe that the choice is both privacy and TCPA, or neither. Essentially all privacy violations are abuses of authorised access by insiders. Your employer's medical insurance scheme insists on a waiver allowing them access to your records, which they then use for promotion decisions. The fizx is fundamentally legislative: that sort of behaviour is generally illegal in Europe, but tolerated in the USA. There may be symmetry when we consider the problem as theoretical computer scientists might, as an issue for abstract machines. This symmetry breaks rapidly when the applications are seen in context. As well as the legal aspects, there are also the economic aspects: most security systems promote the interests of the people who pay for them (surprise, surprise). So I do not agree with the argument that we must allow DRM in order to get privacy. Following that line brings us to a world in which we have DRM, but where the privacy abuses persist just as before. There is simply no realistic prospect of American health insurers or HMOs settling for one-time read-only access to your medical records, no matter how well that gets implemented in Palladium Ross