Privacy and the Internet: Traveling in Cyberspace Safely The Internet enables us to improve communication, erase physical barriers, and expand our education. Its absorption into our society has been extraordinary. The “Net” touches nearly every part of our lives from how we apply for jobs and where we get our news, to how we find friends. A few Web sites have virtually replaced some things, like the encyclopedia and the phone book. But with acceptance comes a decrease in skepticism. You may assume that the same laws or societal rules that protect your privacy in the physical world apply to the digital world as well. But the Internet remains largely unregulated and the policies governing it underdeveloped. As you continue to embrace the technology it is important to be aware that in many ways it is still uncharted territory. Knowing how to navigate through cyberspace, even if that means proceeding at your own risk, is essential to using the Internet. Throughout this guide is a feature called “In the news.” We use current events to explain how something works or why it is important. Contents: Part 1: What Internet Activities Reveal My Personal Information? * Signing up for Internet service * E-mail and list-serves * Browsing the Internet * Interactive use: Instant messages and social networks * Personal Web sites and blogs * Managing your financial accounts and online bill payments Part 2: How Do Others Get Information about My Online Activity? * Marketing * Official use: Court records / employers / government (law enforcement and foreign intelligence) * Illegal activity and scams * Other common scams Part 3: Tips for Safeguarding Your Privacy Online * Three steps you should take now! * Top three myths about the Internet * Frequently asked questions Part 4: Additional Resources * Other nonprofit privacy organizations * Government agencies * Resources for parents and children * Links to glossaries Part 1: What Internet Activities Reveal My Personal Information? When traveling in cyberspace, you provide information to others at almost every step of the way. Often this information is like a puzzle that needs to be connected before your picture is revealed. Information you provide to one person or company may not make sense unless it is combined with information you provide to another person or company. Below is a summary of the more common ways you give information to others when using the Internet. Signing up for Internet service If you pay for the Internet yourself, you signed up with an Internet Service Provider (ISP). Your ISP provides the mechanism for connecting your computer to the Internet. There are thousands of ISPs around the world offering a variety of services. They vary from well-known ones like AOL, EarthLink, and your cable and telephone providers, to small ones that may be located offshore. Each computer connected to the Internet, including yours, has a unique address, known as an IP address (Internet Protocol address). It takes the form of four sets of numbers separated by dots, for example: 123.45.67.890. It’s that number that actually allows you to send and receive information over the Internet. Your IP address by itself doesn’t provide personally identifiable information. However, because your ISP knows your address, it is a possible weak link when it comes to protecting your privacy. Most ISPs work to protect your privacy, but each has its own privacy policy. It’s up to you to read the privacy policy and understand it. Laws concerning your privacy on the Internet are still being developed. The three branches of government view the Internet’s potential and pitfalls differently. To date, the Supreme Court has taken a hands-off approach to regulating the Internet in favor of free speech. However, the federal government is increasingly interested in regulating the Internet, for example through child pornography and gambling laws. On the other hand, the White House appears to welcome the lack of restriction on data sharing and surveillance. One important thing to keep in mind when relying on the law to protect you is that if U.S. law is broken in another country, prosecuting the criminal may prove difficult or impossible. E-mail and list-serves E-mail. When you correspond through e-mail you are no doubt aware that you are giving information to the recipient. You might also be giving information to any number of people, including your employer, the government, your e-mail provider, and anybody that the recipient passes your message to. The federal Electronic Communications Privacy Act (ECPA) makes it unlawful under certain circumstances for someone to read or disclose the contents of an electronic communication (18 USC § 2511). But, the ECPA is a complicated law and contains many exceptions. It makes a distinction between messages in transit and those stored on computers. Stored messages are generally given less protection than those intercepted during transmission. Here are some exceptions to the ECPA: * The ISP may view private e-mail if it suspects the sender is attempting to damage the system or harm another user. However, random monitoring of e-mail is generally prohibited. * The ISP may legally view and disclose private e-mail if either the sender or the recipient of the message consents to the inspection or disclosure. Many ISPs require a consent agreement from new members when signing up for the service. * If the e-mail system is owned by an employer, the employer may inspect the contents of employee e-mail on the system. Therefore, any e-mail sent from a business location is probably not private. Several court cases have determined that employers have a right to monitor e-mail messages of their employees. (See PRC Fact Sheet 7 on employee monitoring, www.privacyrights.org/fs/fs7-work.htm .) * Services may be required to disclose personal information in response to a court order or subpoena. A subpoena may be obtained by law enforcement or as part of a civil lawsuit. The government can only get basic subscriber information with a subpoena. The government needs a search warrant to get further records. A subpoena as part of a private civil lawsuit may disclose more personal information. * The USA PATRIOT Act, passed by Congress after the terrorist attacks of September 11, 2001, and amended in 2006, makes it easier for the government to access records about online activity. In an effort to increase the speed in which records are acquired, the Act eliminates much of the oversight provided by other branches of the government. And it expands the types of records that can be sought without a court order. For additional information about the USA PATRIOT Act, visit the Web sites of the American Civil Liberties Union, www.aclu.org, the Center for Democracy and Technology, www.cdt.org, the Electronic Frontier Foundation, www.eff.org, and the Electronic Privacy Information Center, www.epic.org . In the news: In 2003 the Federal Trade Commission sued a credit counseling company and its founder, Andris Pukke, for failing to use customers’ money to pay their creditors. Pukke settled with the FTC, but the court was having difficulty locating his assets. A San Francisco judge granted a subpoena ordering Google to turn over all of Pukke’s e-mails in his Gmail account, including deleted messages. E-mail discussion lists and list-serves. When participating in online discussion groups, which are sometimes called "list-serves," remember that either the sender or the recipient can consent to the inspection or disclosure of the e-mail. Additionally, if you are concerned about junk e-mail, forwarded messages, or other unsolicited mail, you should note that you are giving your e-mail address to numerous people. On many of these discussion lists, the e-mail address of members is readily available, sometimes on the e-mails sent and often through the group’s Web site. Although a subscription and sometimes a password is required to use the list, there’s nothing to prevent another member of the list to collect and distribute your e-mail address and any other information you post. Some message boards and list-serves are archived. For example, Google Groups has saved discussions going back to 1981. http://groups.google.com/intl/en/googlegroups/about.html Browsing the Internet Browsers. Although it may not seem like you are giving very much information, when you browse the Internet you are relaying personal information to Web sites. Your browser likely provides your IP address and information about which sites you have visited to Web site operators. The major browser is Microsoft Internet Explorer, which is used by about 90 percent of Internet users. Competitors have entered the Web browser market and are offering improved privacy policies. A Forbes news article suggested that the newer and smaller browsers may do more to protect your privacy than the bigger, more popular browsers. Firefox offers the Clear Private Data tool, which allows users, with a single click, to delete all personal data, including browsing history, cookies, Web form entries and passwords. (For a definition of cookies, see the Links to Glossaries at the end of this guide.) To see a demonstration of the kind of information that can be captured about your computer via your browser when you surf the Web, visit http://network-tools.com/analyze/ (scroll down). Almost all browsers give you some control over how much information is kept and stored. Generally, you can change the settings to restrict cookies and enhance your privacy. Note that if you choose a high privacy setting, you may not be able to use online banking or shopping services. It is important to update your browser with security patches. If you do not update the browser it may be tricked into reporting your default e-mail address, phone number, and other information in the "address book" if the browser also handles your e-mail. Search engines. Most of us navigate the Internet by using search engines. Search engines have and use the ability to track each one of your searches. They can record your IP address, the search terms you used, the time of your search, and other information. A CNET News survey in 2006 reported on the type of information search engines retain. The survey found a considerable amount of variation between the major four — Google, MSN, Yahoo, and AOL — in terms of your ability to delete search histories, length of time histories are stored, and the amount of information collected. We encourage you to closely review each search engines’ privacy policy. Ixquick, a metasearch engine based in The Netherlands, deletes all users’ personal search details from its log files. The privacy policy was partially in response to fears that if the company retained the information, it would eventually be misused. The company concluded, “If the data is not stored, users privacy can't be breached.” To recap, if you have signed up for Internet service, you have an ISP. Your ISP provider can connect your IP address with information you provided at registration to reveal the person behind the IP address. Your search history can be tracked and stored using your IP address. It is possible that a search engine could reveal the IP address behind a particular search or series of searches. If your ISP revealed the account information behind the IP address your identity could be linked to your search history. In the news: In January 2006 the U.S. Department of Justice issued a subpoena asking popular search engines to provide a "random sampling" of 1 million IP addresses that used the search engine, and a random sampling of 1 million search queries submitted over a one-week period. The government wanted the information to defend a child pornography law. Microsoft, Yahoo, and AOL reportedly complied with the request, while Google fought the subpoena. The government and the search engines that complied with the request maintain that the IP addresses do not reveal personal information. However, this situation raises the question of why the data is being collected and stored by the search engines. The best defense against the subpoena would have been not to have the information in the first place. In addition to the possibility that your IP address would reveal your identity, the World Privacy Forum points out that you may inadvertently reveal information through your search strings. For example, if you do an Internet search to determine if your Social Security number appears on any Web sites, the search you might enter would be " Jane Doe 123-45-6789." A Google search string will look like this: http://www.google.com/search?hl=en&q=Jane+Doe+123-45-6789&btnG=Google+Search If this search were part of the 1 million searches turned over to the government, your personal information would have been revealed. Learn more on this and read tips at www.worldprivacyforum.org/searchengineprivacytips.html . In the news: In August 2006, AOL posted nearly 20 million of its users’ search histories. AOL thought that the information might be useful to academic researchers and attempted to protect users’ privacy by replacing their names with numbers. What AOL did not account for was that the individual histories could reveal the searcher’s identity. Newspapers determined the correct identity of at least two people. Further, at least 100 people had entered their Social Security numbers into AOL’s search engine. For more information on search engines: * www.google-watch.org * www.searchenginewatch.com Cookies. When you visit different Web sites, many of the sites deposit data about your visit, called "cookies," on your hard drive. Cookies are pieces of information sent by a Web server to a user's browser. Cookies may include information such as login or registration identification, user preferences, online "shopping cart" information, and so on. The browser saves the information, and sends it back to the Web server whenever the browser returns to the Web site. The Web server may use the cookie to customize the display it sends to the user, or it may keep track of the different pages within the site that the user accesses. For example, if you use the Internet to complete the registration card for a product, such as a computer or television, you generally provide your name and address, which then may be stored in a cookie. Legitimate Web sites use cookies to make special offers to returning users and to track the results of their advertising. These cookies are called first-party cookies. However, there are some cookies, called third-party cookies, that communicate data about you to an advertising clearinghouse which in turn shares that data with other online marketers. Your Web browser and some software products enable you to detect and delete cookies, including third-party cookies. To opt-out of the sharing of cookie data with members of the Network Advertising Initiative. go to www.networkadvertising.org/consumer/opt_out.asp . Interactive use: Instant messages and social networks Instant messages. Of the millions of teens who use the Internet, 75 percent use instant messaging (IM), according to a 2005 report by the Pew Internet and American Life Project. www.pewinternet.org/pdfs/PIP_Teens_Tech_July2005Web.pdf . IM conversations have a feel of casualness about them, which can lead some to let down their guard. Although seemingly informal, IM conversations can be archived, stored, and recorded on your computer as easily as e-mails. The rule that “delete does not mean delete” applies to IM conversations as well as e-mail. Virtually all IM programs have the ability to archive and the IM program may automatically turn this feature on. Archiving IM conversations simply means saving the conversation in a text file just like you would any other file, such as a Word document. Google Talk, AOL Instant Messenger, Yahoo Messenger, and Microsoft Live Messenger, all allow users to save IM conversations. Some of these services automatically save your chats unless you select otherwise. It is important to realize that your conversation can be saved onto a computer even if only one person agrees. When you are talking to a person over IM, they do not need to tell you if they are “recording” and saving your conversation. If you want to make sure that your Google Talk conversation partner is not saving your chat on their computer you can select the feature called "off the record." Twenty-one percent of IM users also use IM at work. Similar to e-mail, workplace IM can be monitored by your employer. More on workplace monitoring can be found in our Fact Sheet 7, www.privacyrights.org/fs/fs7-work.htm . IM has become a new target for spammers. “Spim,” usually involves get-rich-quick scams or pornography. Often the spimmer will include a link in the message, which could cause spyware to be installed on your computer if you click on the link. You can avoid spim by adjusting your IM account to only allow messages from specified people. Social networks. Internet social networking sites work similarly to ordinary face-to-face networking where people with similar hobbies or interests are introduced to other people through their friends. One of the first Internet social networks was classmates.com. On this Web site people were able to communicate with former classmates. MySpace.com is an extremely popular Web site that allows people to set up profiles, pictures, and blogs. Members can invite current friends to join and can look for new friends within the network. Often you may not know all of the people who belong to your network. The profiles, pictures, and blogs are a way of communicating your interests to the other members of the social network. Services vary depending on what social network Web site you are using, but many enable users to e-mail and instant message other members, join interest groups, and send pictures and music throughout the network. Popular social networking Web sites include Friendster, MySpace, and Facebook. These sites have attracted the attention of police and lawmakers because of the ease with which sexual predators have targeted minors. In addition to those risks, social networking sites pose the same problem as blogs, message boards, and personal Web sites. You never know who will read your profile or look at your pictures. Employers, friends, dates, and parents can all access your information with little difficulty. Even sites like Facebook that are supposed to be restricted to college students are being accessed by others. A news article reported that an employer used an intern’s college e-mail account to access the social network and look up a potential applicant. Privacy settings are not a guarantee that other Internet users will not read information you post. According to news reports, a security hole in a popular networking site allowed users to view messages marked private for months before the problem was realized and fixed. In the news: Reports indicate an increase in employers who “google” prospective employees. The employer thinks of this as a cheap and convenient “background check.” Unfortunately for the job applicant, this type of “background check” is not covered by the Fair Credit Reporting Act (FCRA). The FCRA only covers background checks done by a third party. Since the employer is doing the check itself, the law does not require disclosure to the applicant. Perhaps most unsettling, the employer does not have any legal obligation to tell the applicant that the Internet search led to their disqualification. For more on “Digital Dirt” visit, http://www.abilitiesenhanced.com/digital-dirt.pdf . Information you post in social profiles, Web sites, or other areas of the Internet could get you into trouble with your school or employer. Social networks may seem intimate and your words the sort you might put into a diary or a yearbook inscription. However, employers and school officials are increasingly sensitive to the messages you convey. Even if you are only logging onto social networking Web sites outside of school grounds, the messages you post may be subject to discipline if it "materially disrupts classwork or involves substantial disorder or invasion of the rights of others." This standard was developed from a landmark court decision, Tinker v. Des Moines Independent Community School District, 393 U.S. 503 (1969). The decision is available at http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=US&vol=393&invol=503 . Free speech and First Amendment issues related to social networks, Web sites, and blogs are still unclear. The ACLU has been defending several students who were expelled or suspended for content created off school grounds, but about school officials. Until the legal issues are resolved you should be aware of potential discipline for content you post. Note that the law is only unclear about legal content posted on the Internet. Evidence of drug use, hate crimes, or other illegal activity would not be protected under the First Amendment. In the news: In 2005 a Pennsylvania high school student was suspended for 10 days and transferred into an alternative education program after making an unflattering MySpace profile for his principal. The ACLU is currently representing the student in a lawsuit against the school district. When you post information or pictures on one of these sites, remember that if you want to remove it later there is no law protecting your decision. Unlike a note passed in class, which can be torn in a million little pieces, an Internet posting may not be so easily destroyed. Currently, companies are required to honor posted privacy policies. If a site’s privacy policy says it will remove information and the site refuses, you should file a complaint with the Federal Trade Commission. www.ftc.gov . Personal Web sites and blogs Domain names. Many individuals obtain their own Web site address or URL (Uniform Resource Locator), called domain names. For example, our domain name is www.privacyrights.org . Individuals may use their own name or a variant, such as www.johndoe.com . Domain registrations are public information unless you pay an additional fee to make your domain name private. (Search on private domain registration to find providers of this service). Anyone can look up the owner of a domain name online by using a service such as www.checkdomain.com or www.internic.net/whois.html . To see how easy it is to find out who owns a Web address, use one of these services to check our domain name, privacyrights.org . If you set up your own Web site, you will need to provide an address where the registration service can reach you. You may be able to use a P.O. Box which would reduce the amount of information someone sees if they look up your domain name. In addition you may want to choose an e-mail account that does not reveal unnecessary information, such as where you attend school. An e-mail address from a free Webmail service might be preferable to one with a .edu domain for example. Blogs. More than half of all teen Internet users have created their own blog and have posted videos or photography online. Additionally, about 8 million adults have created blogs according to a 2004 Pew Internet & American Life Project report. Web logs, or “blogs,” are journals (or newsletters) that are frequently updated and intended for general public consumption. Depending on the service you use to post your blog, your private information may be available. Generally blog services will allow you at least some control over how much personal information you make public. Read the service agreement carefully to determine exactly what is required and what will be revealed. Most blogs also allow comments by readers. Although some allow you to comment anonymously, others require registration and at least an e-mail address. Consider carefully how much information you’re willing to give and if you want your personal information linked to your comments or posts forever. In addition to information you may be providing through signing up for the blog, the contents of your blog are published for everyone, including employers, to see. There have been numerous reports of employers firing employees for blogging. The content does not even necessarily have to be about the employer. Attempts at anonymity have not protected the employee. Newspapers have reported blogging-related firings at three dozen companies, including Starbucks, Delta Air Lines, Wells Fargo, Friendster, and Kmart. Tip: Determine who you want your audience to be. If you are writing only for friends and family consider making your blog accessible only by password. Using a pseudonym can help hide your identity, but if your blog becomes popular people may try to uncover your true identity. To limit this possibility you can keep Google and other search engines from listing your blog. To find out how and for other tips, read the Electronic Frontier Foundation’s (EFF) tips on safe blogging, available at www.eff.org/Privacy/Anonymity/blog-anonymously.php . EFF has also written a free legal guide for bloggers, at www.eff.org/bloggers/lg . Managing your financial accounts and online bill payments Online banking. Being able to check your balances, transfer money between accounts, and track your checks online is a great convenience. But online banking requires you to transmit a lot of sensitive information over the Internet. While it makes sense for the bank to have that information, you don’t want anyone else to get it. Most banks use a system of passwords and encryption to safeguard your login and other information. When managing your financial accounts online be careful that you are giving your information to the proper institution. Many fraudulent Web sites have been set up to look like the real thing. Beware of “phishing” e-mails, which typically ask you to update your account information, but are really looking to steal your personal information. Never respond to unsolicited requests for passwords or account numbers, no matter how realistic they look. Each bank has its own privacy policy. It’s up to you to determine if that policy meets your needs. Some banks will share some of your information with others for marketing purposes unless you specifically notify them not to. Generally this is referred to as an “opt out” option. To read more about these options and financial privacy, check out Fact Sheet 24: Protecting Financial Privacy in the New Millennium: The Burden Is on You, available at www.privacyrights.org/fs/fs24-finpriv.htm . Part 2: How Do Others Get Information about Me Online? * Marketing * Official use: Court Records / employer / government (law enforcement and foreign intelligence) * Illegal activity and scams * Other common scams Marketing The Internet can be useful to businesses for marketing purposes. Through the Internet, businesses can sell and communicate with customers. The Internet also allows businesses to identify and learn about their customer base. Additionally, many customers expect that a company they interact with in the physical world will also have an online presence. What consumers may not be aware of is how all of these purposes interact. When a business meets your need of having a Web site with store hours and directions, it may also meets its need of determining how many customers may want to go to a particular store branch. Web bugs. Many Web sites use Web bugs to track who is viewing their pages. A Web bug (also known as a tracking bug, pixel tag, Web beacon, or clear gif) is a graphic in a Web site or a graphic-enabled e-mail message. The Web bug can confirm when the message or Web page is viewed and record the IP address of the viewer. An example you might be familiar with is an electronic greeting card. Hallmark and other companies allow you to request that you be notified when the recipient views your card. The Web sites likely employ Web bugs to tell them when the recipient viewed the card. You can defeat Web bugs by reading your e-mail while offline, an option on most e-mail programs. Some e-mail systems avoid Web bugs by blocking images that have URLs embedded in them. These systems include Gmail, Yahoo!, SpamCop/Horde Web mail, Mozilla Thunderbird, Opera, and recent versions of Microsoft Outlook and Kmail. You might have seen the message “To protect your privacy, portions of this e-mail have not been downloaded.” This message refers to Web bugs. You can choose to allow these images to be downloaded, but be forewarned that they likely contain Web bugs. Direct marketing. Consumers may notice that online newspapers and other businesses have friendly boxes asking you if the Web site can save your account information for future transactions. Whether it asks you for permission to save your information or not, you can bet that your information is being stored and used by the marketing department. Web sites have increased their use of direct marketing. Direct marketing is a sales pitch targeted to a person based on prior consumer choices. For example, Amazon may recommend books that are similar to others you have purchased. In the news: Pranksters manipulated a large online bookstore’s recommendations to make it seem that buyers who bought an evangelical minister’s book also bought a book on gay-related issues. The pranksters reportedly manipulated the technology by clicking on each book many times. (December 2002) Another example is Google’s e-mail service, Gmail. Gmail scans incoming e-mails and places relevant advertisements next to the e-mail. For example, if your grandmother sends you an e-mail with a chicken noodle soup recipe, when you open your inbox you can read your grandmother’s e-mail and also see advertisements for www.cooks.com or Chicken Little stuffed animals. If your recipient uses Gmail, Google will scan your message and provide advertisements to the recipient even if you, the sender, do not use Gmail. Use of your information for marketing is not limited to companies you do business with. Many companies sell or share your information to others. If you sign up for a free magazine subscription, the company may share your information with affiliates. This is similar to what happens with traditional junk mail, but since you have entered the information yourself into an electronic system, sharing with other businesses can be done rapidly and cheaply. To avoid spam laws, most Web sites ask your permission to send you future information and offers. However, this permission is often presumed and the permission box already checked. To avoid the use of your information this way, always uncheck boxes that state that you agree to receive periodic offers and information. Official use: Court records / employers / government (law enforcement and foreign intelligence) Court records. When you file a lawsuit for divorce or are a party to a civil lawsuit or criminal case, court records are accessible to the public. As the government increasingly moves to eliminate paper records in favor of electronic records, your personal information could end up on the Internet. There are two ways public records are accessible electronically. Some jurisdictions post them on their government Web sites, thereby providing free or low-cost access to records. Government agencies and courts also sell their public files to commercial data compilers and information brokers. They in turn make them available on a fee basis, either via Web sites or by special network hookups. The following are examples of public records containing personal information available remotely via electronic access. * Property tax assessor files. Typical records contain name of owner, description of property, and the assessed value for taxation purposes. Some systems even provide blueprints and photographs of the property. * Motor vehicle records. Registration, licensing, and driver history information (varies by state). * Registered voter files (restricted in some states). * Professional and business licenses. * Court files: * Case indexes * Tax liens and judgments * Bankruptcy files * Criminal arrest and conviction records, and warrants * Civil court recordings. You should also be aware that old newspaper articles are often available online. One potential risk is that an article containing inaccuracies about you may be found, but a corresponding correction or later article will not be readily apparent. As the public becomes aware of the information contained in public records, efforts have been made to redact sensitive information, such as your Social Security number. Recently there has been a push for laws restricting the use of such records for marketing purposes. South Carolina, for example, prohibits the use of public records of marketing purposes (political fundraising is exempted). In the news: Betty "BJ" Ostergren has Washington’s number – its public officials’ Social Security numbers, that is. Since 2002, Ostergren has worked to publicize the risk of making public records, such as deeds of trust, federal tax liens, and affidavits, available on the Internet. To get the public’s attention, she has legally found and posted the SSN of lawmakers, generals, celebrities, and governors. Her Web site is www.thevirginiawatchdog.com . Employers. Individuals who access the Internet from work should know that employers are increasingly monitoring the Internet sites that employees visit. According to the 2005 Electronic Monitoring & Surveillance Survey from the American Management Association and The ePolicy Institute, www.amanet.org/press/amanews/ems05.htm : * 76% of employers monitor employees' Web site connections; * 65% use technology to block connections to banned Web sites; and * 55% monitor e-mail. Be sure to inquire about your employer's online privacy policy. If there is none, recommend that such a policy be developed. If you are unsure of what the policy is or if there is no policy, assume everything you do on your work computer is being monitored. In most states there is no law requiring your employer to tell you if it monitors e-mail or Internet usage. In Delaware and Connecticut, an employer must advise employees in a “conspicuous manner” that monitoring is occurring. In Connecticut there is a limited exception for investigations of illegal activity. However, in most states, arguing that you were unaware of the monitoring will not necessarily prevent you from being fired. According to the American Management Association and the consulting firm ePolicy Institute, 26 percent of the organizations surveyed fired workers for misusing the Internet. Another 25 percent have terminated employees for e-mail abuse, and 6 percent have canned them for misusing office phones. See these PRC guides for more info: * Employee monitoring, www.privacyrights.org/fs/fs7-work.htm . * Responsible information-handling practices, www.privacyrights.org/fs/fs12-ih2.htm . Government. The government may want your personal information for law enforcement purposes as well as for foreign intelligence investigations. Various laws govern these procedures. Below is an overview of some of the ways the government may obtain your personal information. Many of the laws are in flux and are being reinterpreted. Additionally, news reports have alleged that the National Security Agency has been wiretapping phone calls and e-mails without specific statutory authority. The legal implications of this program are unclear at this time. For more information, see www.eff.org/Privacy/Surveillance/NSA . Law enforcement access. Law enforcement generally can access your electronic communications and records in two ways: through wiretapping or through subpoena. According to a New York Times article (published February 4, 2006), AOL receives more than 1,000 subpoenas each month seeking information about AOL users. Most of these subpoenas come from law enforcement and generally ask for the user’s name, address, records of when the individual signed on and off of the Internet, and the IP address. Law enforcement can also get a search warrant or a special court order to obtain more information. You most likely will not know if law enforcement has obtained your information through these methods because they will be dealing with your ISP. The federal Electronic Communications Privacy Act (ECPA) requires law enforcement to obtain a court order before it intercepts electronic communication. A court will issue a wiretap order if it finds probable cause to believe that a person is committing a crime, and is using the Internet to communicate about the crime. The wiretap will intercept these communications. Establishing that there is a reasonable belief, substantial chance, or fair probability that a crime is being committed can show probable cause. Law enforcement can also use a pen/trap tap to get the following information from your ISP: * e-mail header information other than the subject line, * your IP address, * the IP address of computers you communicate with, and * possibly a list of all Web sites you visit. A pen/trap is defined in the Patriot Act as “a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication.” To read more on the definition go to www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00003127----000-.html . In order to use a pen/trap wiretap, law enforcement only needs to establish that such information is relevant to an ongoing investigation. This is a lower standard than the probable cause standard required for a search warrant. It is unclear if law enforcement needs a court order to get information from search engines, because the ECPA governs records held by companies that offer the public the ability to send and receive communications. Search engines do not fit in this category. To learn more about how the Patriot Act has expanded the power of the government and law enforcement, go to the ACLU’s Web site at www.aclu.org/safefree/general/17326res20030403.html . Foreign intelligence investigations. Under the Foreign Intelligence Surveillance Act of 1978 (FISA) the government is supposed to get a search warrant from a secret court for this type of surveillance. The government is required to show that the target of the surveillance is a foreign power or the agent of a foreign power. For more on FISA visit the Electronic Frontier Foundation’s FAQ at www.eff.org/Censorship/Terrorism_militias/fisa_faq.html . Illegal activity and scams Criminals can capture your information online in various ways, but one distinguishing factor is that in some cases you give them the information yourself. And sometimes criminals use technology to steal your personal information without your knowledge. It is important to recognize that theft occurs both ways. Even if you pride yourself on being wary of scams and never give your personal information to strangers, you should not overlook security steps for your computer. Approximately 80 percent of Windows computers used in the home have been infected with viruses, worms, or other malicious software, according to a study by American Online and the National Cyber Security Alliance, available at www.staysafeonline.info/pdf/safety_study_2005.pdf . Increasingly these attacks lead to financial losses. Losing money from computer crime can be especially devastating because often it is very difficult to get the money back. Because of the remote nature of the Internet, computer crime presents at least three challenges: (1) locating the criminal, (2) obtaining personal jurisdiction, and (3) collecting the money. In fact many cyber criminals operate in other countries. Although law enforcement is becoming increasingly aware of computer crime, you should largely rely on yourself for protection. Spyware. Spyware is software that secretly gathers your information through your Internet connection without your knowledge. Sometimes it is also called “adware” and “malware.” The original use was to collect information about users for advertising purposes. However, spyware can have more malicious uses. It can be used to track your keystrokes, which can reveal passwords and financial numbers. Since spyware is software, it does not come with your new computer, but must be installed. This can be done either with your consent or without. Often spyware programs will be included with other software you want. When you consent to download the program you want, such as a music sharing program, you are also consenting to download spyware. CNET, a popular site for downloading software, now only keeps files that pass inspection by Ad-Aware and Spyware Doctor. The Ad-Aware product is a free spyware removal utility that scans your computer's memory, registry, and hard drives for known spyware components and lets you remove them, www.lavasoftusa.com . Other spyware-fighting tools can be found at the PRC's links page, www.privacyrights.org/links.htm#tools . Knowing that you will not download programs that advertise themselves as spyware, some spyware actually advertises itself as an anti-spyware program. A list of programs that are possibly actual spyware, although they advertise as anti-spyware, is available at www.spywarewarrior.com/rogue_anti-spyware.htm . There are also Web sites that, when you visit, will automatically download spyware without your knowledge. You need to keep your browser up to date since many updates are designed to close security holes, a common entry for spyware. Spyware takes advantage of the security hole by attacking the browser and forcing it to download and install spyware. You should be cautious about clicking on pop-up boxes. Most browsers prevent Web sites from uninitiated downloads. To simulate an initiation, spyware will create a pop-up box where you can click “yes” or “no” to a particular question. If you click on either choice your browser will be tricked into thinking you initiated a download. To avoid these types of attacks you should install a firewall and an antivirus program. The Kim Komando Show offers links to many free security programs, available at www.komando.com/downloads/categories.aspx?cat=Security . The Electronic Privacy Information Center also has a listing of computer security resources available at www.epic.org/privacy/tools.html . Microsoft was accused of installing spyware by many and was sued over its Windows Genuine Advantage (WGA) program. The program is designed to ensure that you are using a genuine copy of Windows. In order to verify that your copy of Windows is legitimate, the program, among other things, checks your: * IP address * hard drive * serial number * language version of the operating system * operating system version * PC manufacturer * user locale setting * validation and installation results * Windows or Office product key * Windows XP product ID You can avoid installing WGA by setting your automatic updates to "Notify," and not checking the box for the WGA download. If you have already installed the program you can find instructions here on how to uninstall the program: www.staysecurepc.com/removing_genuine_advantage_notification.html . “Phishing” and “pharming.” Phishing and pharming are names for scams that deceive you into revealing your personal information. Phishing scams occur when criminals lure you into providing financial data. In pharming scams, criminals plant programs in your computer which re-direct you from legitimate Web sites to scam look-alike sites. Gartner Research estimates that in 2003, in the U.S. alone, over 57 million people received phishing e-mails and almost 5% of the recipients responded with personal information. (www.gartner.com/press_releases/asset_71087_11.html) The easiest way to prevent a successful phishing scam is not to reply to the e-mail or click on the link in the e-mail. In the news: Starting in 2005 an e-mail began circulating promising a refund from the IRS. The e-mail directs consumers to a link that requests personal information supposedly required to collect the refund. Despite IRS warnings that this e-mail is a scam and extensive media attention, this e-mail still circulates around the Internet. The PRC published an alert on this phishing scam, available at www.privacyrights.org/newsletter/051218.htm#3. Pharming is not as prevalent as phishing, and some question whether it has led to financial harm. Because it shares similar characteristics with other Internet scams, you should be aware of the possible threat. Pharming can be viewed as criminals’ response to increasing awareness about phishing. The common advice to avoid phishing is to not click on links in an e-mail but to go directly to the Web site. This is because phishing e-mails link to Web site addresses that are spelled virtually identical to legitimate sites and that look the same. Pharming works by re-directing you to a fraudulent site after you have gone to the legitimate site. Currently this is only possible with Web sites accessed via “http”. If you are using a “https” site, you are safe from pharming attacks at this time. The ‘s’ in https means that it is a secure site. All of these scams are complicated, and criminals are always likely to come up with new tricks to stay ahead of the law. For the most part, no legitimate business will request personal information via e-mail. If you are buying over the Internet or setting up online accounts, be aware that these risks are out there. Use a credit card for online financial transactions. Debit cards do not provide as much protection from fraud as credit cards. If a criminal uses your debit card, your entire checking account can be wiped out. With a credit card you are able to see the charges before you pay for them, which gives you an opportunity to dispute the charges. For more online shopping tips and to learn more about the dangers of debit cards, read our guide: www.privacyrights.org/fs/fs23-shopping.htm . Other common scams Online auctions. Online auction fraud was the top complaint registered with the FBI's Internet Crime Complaint Center in 2005. www.ic3.gov/media/annualreport/2005_IC3Report.pdf . Not only is online auction fraud extremely common, it takes all forms. Some forms of fraud are difficult to avoid, while others can be avoided by taking smart precautions. Fraud can occur when the seller doesn’t ship what was bought or the product is not as good as promised. This type of fraud can be frustrating and hard to avoid. Buyers should pay close attention to fraud alerts posted by the online auction companies. If you pay with a credit card, your credit card company may be able to reimburse you for the fraud. Never use a wire transfer to pay for something from an online auction site. The FTC issued an alert warning about the dangers of wire transfers. The full alert is available at www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt169.pdf . Fraud also occurs when a buyer sends a seller a check for more than the amount of the product and asks the seller to wire the buyer the difference. This fraud can be particularly devastating. As the FTC points out in its alert, once you wire money it is virtually impossible to get the money back – even in the event of fraud. To protect yourself, never accept a check for more than the cost of the product. Even if the bank “clears” your check and deposits the funds in your account, that does not mean the check is legitimate. If it turns out the check is fraudulent, your bank will expect you to cover the funds that were put into your account. Consumers who suspect an online auction transaction is fraudulent should report it to the FTC at www.ftc.gov and to the auction company. In the news: One scam artist was sentenced to prison in 2004 after his online auction scam defrauded people out of more than $180,000. The scam artist promised his victims Fiesta Bowl tickets. After purchasing the tickets online, the fans showed up at the game to receive their tickets. The scam artist never met them at the game with the tickets and the victims were forced to watch the game on TV. They never got their money back. Nigerian 419 letters. Nigerian 419 letters, also called advance-fee scams, are sent via e-mail to millions of people. The letters typically relay a story of a foreign person who has inherited a windfall of money, but needs help in getting the money out of the country. The sender offers the recipient a share of the money for help in transferring the money. The assistance required is usually to front money to pay for "taxes," "attorneys costs," "bribes," or "advance fees.” Although this scam sounds far-fetched the FBI reports that the average financial loss from these scams is $3,000. The FTC has an alert warning of these scams at www.ftc.gov/bcp/conline/pubs/alerts/nigeralrt.htm . You can also find information at www.lookstoogoodtobetrue.co Part 3: Tips for Safeguarding Your Privacy Online * Three steps you should take now! * Top three myths about the Internet * Frequently asked questions Three steps you should take now! 1. Learn how to tell if a Web site is secure. When you provide your credit card account number to a shopping site, you want to be sure that the transmission is secure. Look for the unbroken padlock at the bottom right of the screen. You can right click on the padlock to make sure the security certificate is up-to-date. If it is not, you should not order from that Web site. Also make sure the Web address has the letter 's' after http in the address bar at the top of the page. The ‘s’ indicates that your financial information will be encrypted during transmission. For additional online shopping tips, read the PRC's e-commerce guide at www.privacyrights.org/fs/fs23-shopping.htm . 2. Learn how to secure your personal computer. Every user of a personal computer should be familiar with firewalls, anti-virus programs, and anti-spyware programs. The Kim Komando Show offers links to many free security programs, available at www.komando.com/downloads/categories.aspx?cat=Security . The Electronic Privacy Information Center also has a list of computer security resources available at www.epic.org/privacy/tools.html . 3. Start reading privacy policies. Get in the habit of reading a Web site’s privacy policy. A link to the privacy policy is usually found at the bottom of the home page. This policy should alert you to how your information is shared and sold. Additionally, the policy outlines what rights you have. If a company violates its own privacy policy you can complain to the FTC. Top three myths about the Internet Myth 1. Pressing the delete key prevents anyone from accessing your file again. FALSE: Deleting a file or e-mail opens up space on your computer to store more information. Until that space is written over, your file can still be recovered. There are software programs that will write over the empty space until the file is actually deleted. For PC users you can download the free Eraser program at www.heidi.ie/eraser/download.php . If you use a Mac, you simply need to choose “secure empty trash” from the Finder menu. Remember that just because you have deleted files from your computer that does not mean third parties who have handled your files have deleted them from their storage. Google's privcy policy says that although you may delete messages from your view, your deleted e-mail messages may remain in Google’s offline backup systems for an unspecified period of time. Myth 2. The law requires that a Web site remove your information, profile, old resume, or pictures if you make a written request. IT DEPENDS: According to the FTC, a Web site must honor its privacy policy. So, if the Web site has a procedure for requesting removal, it must honor that procedure. However, many Web sites do not have a policy granting requests for removal of information. In addition a Web site may change its privacy policy at any time. You should know that anything you put on the Internet might never be removed. In cases of threats to your life or harassment, contact the police. If you believe that information on a Web site is libelous (false), contact an attorney. Myth 3. Unsubscribing from spam e-mails will reduce the amount of spam you receive. FALSE: Often a link to unsubscribe in a spam e-mail is a means for the sender to know that the e-mail reached an actual recipient. You should just delete the spam. You can find tips on how to reduce unsolicited e-mail messages at www.spamcop.net . The PRC's Fact Sheet 20 provides a list of additional Web sites that provide spam-fighting tips, www.privacyrights.org/fs/fs20-spam.htm . To learn about state and federal spam laws, go to www.spamlaws.com . Frequently asked questions What is encryption? Encryption is a method of scrambling an e-mail message or file so that it is gibberish to anyone who does not know how to unscramble it. The privacy advantage of encryption is that anything encrypted is virtually inaccessible to anyone other than the designated recipient. Thus, private information may be encrypted and then transmitted, stored, or distributed without fear that it will be read by others. Strong encryption programs such as PGP (Pretty Good Privacy) are available online. PC World offers a free download at www.pcworld.com/downloads/file/fid,3178;order,1;page,1;c,All%20Downloads/description.html . What are privacy policies and Web seals? The Federal Trade Commission urges commercial Web site operators to spell out their information-collection practices in privacy policies posted on their Web sites. Most commercial Web sites now post policies about their information-collection practices. Look for a privacy "seal of approval," such as TRUSTe (www.truste.org), on the first page of the Web site. TRUSTe participants agree to post their privacy policies and submit to audits of their privacy practices in order to display the logo. Other seals of approval are offered by the Council of Better Business Bureaus (BBB) www.bbbonline.org, and VeriSign www.verisign.com . Are cybercafes, airports, libraries and other publicly-available Internet terminals safe? For some things. We advise that you do not use public terminals to access your bank account, check your credit card statement, pay bills, shop, or access any other personally or financially sensitive information. Publicly available Internet terminals are not likely to be closely supervised to ensure online privacy and security. In addition, they are used by many individuals every day. Ask the company that operates the public terminal how often they check their computers for spyware. Find out if they have installed a program that deletes cookies, erases surfing history, removes temporary files, and clears Internet caches. If the program does not automatically activate when users logoff, find out how you can run the program before you end your session. (Cache is a file on the computer’s hard drive used by the browser to store Web pages you have visited, documents you have retrieved, and graphics from sites you’ve recently visited. When you use the BACK feature, or any other means to revisit a document or Web site, the browser first checks to see if it is in cache and will retrieve it from there because it is much faster than retrieving it from the server.) Is WiFi and other wireless access more dangerous than other types of connections? Coffee shops, libraries, bookstores and many universities offer free WiFi (wireless fidelity) or wireless connections to the Internet. Additionally, more and more households are setting up wireless networks whose signals spill over and allow access from down the street. Although using these free signals is appealing, please remember that unless you’ve created it yourself, you cannot be sure of the security on a wireless connection. Wireless connections to the Internet are relatively new and security is an issue that’s being addressed by many experts. We suggest you be extremely cautious when accessing the Internet wirelessly. Getnetwise.org offers some great tips on using wireless Internet safely, at spotlight.getnetwise.org/wireless . Is there a way to browse the Internet with more anonymity? Yes. Tor, The Onion Router, sponsored by the Electronic Frontier Foundation, helps anonymize your Web traffic by bouncing it between volunteer servers. It masks the origins and makes it easier to evade filters, such as those installed by schools or government officials. Because of the extra stops the data makes, the search process can be slower. You can download Tor at tor.eff.org . There are other browsing services that offer anonymity, including Anonymizer. It offers both a free version and one with more features that it sells. Reports indicate that the free browser is slow. However, it seems the demand for such services are strong and innovations are likely to continue. Anonymizer is available at www.anonymizer.com . If you are concerned with hiding your browsing history, you can use a free program such as The Cloak (www.the-cloak.com) . According to its Web site The Cloak sits between your computer and any Web sites you visit. It prevents the Web sites you visit from finding out who you are. And it can use the standard SSL protocol to encrypt all communication from your browser, so that no one (except for The Cloak) knows where you are surfing. However this program does not work with Web sites that require you to login, such as a bank or Web-based mail site. Anonymouse.org also provides a free anonymous browsing service. Is there a way to search the Internet with more anonymity? Yes. Ixquick, a search engine based in the Netherlands, promises it will permanently delete all users’ personal search details from its log files. With this privacy policy, established in June 2006, Ixquick stands heads taller than its peers. To date all of the other search engines store users’ search details for at least some time. Google, which is preferred by just under half of all users, stores search data indefinitely. Other popular search engines, including MSN, Ask, and Yahoo all have policies indicating that they store user data from at least some period of time. Ixquick will delete the IP address and has designed a cookie that will not identify an individual user. It will delete all personal information within 48 hours. Switching to Ixquick does not mean you have to give up the other search engines. Ixquick is a metasearch engine, which means that it returns the top-ten results from multiple other search engines. It uses a unique star system to rank its results -- by awarding one star for every result that has been returned from another search engine. Thereby, the top search results are the ones that have been returned from the maximum number of search engines. You can search the Internet in private at www.ixquick.com . Is there a way to enhance the privacy of my e-mail? Yes. There are several Webmail services that offer free encryption of e-mail. Hushmail, MailVault and S-Mail are some of the companies that offer free e-mail accounts. The catch is that both the recipient and sender have to use one of the services in order to decrypt the messages. If you use an e-mail program, such as Outlook or Mozilla Thunderbird, you can add on a program that encrypts your e-mail. Enigmail, a free service, works with Thunderbird and Netscape. PGP Desktop Home is fee-based and works with Outlook, Outlook Express, Thunderbird, Eudora, and Apple Mail. For PGP freeware information visit www.pgpi.org/products/pgp/versions/freeware . Public use of encryption software is far from widespread, potentially making it difficult to use. But you should be aware of its privacy protections and the programs that are out there. How can I make sure I have a good password? Create passwords with nonsensical combinations of upper and lower case letters, numbers and symbols, for example tY8%uX. Do not use the same or variations of the same password for different applications. One way to create a password that is easier to remember is to use the first or last letters in a favorite line of poetry. Intermingle these letters with numbers and punctuation marks. "Mary had a little lamb" becomes m*ha2ll or y!dae5b. Or create a story that gives you the clues you need to remember the password. One privacy advocate we know uses the first letter of the names of all the pets she’s had in chronological order, and intersperses numbers and symbols in between the letters with some letters in caps and some in lower case. Microsoft recommends that virtually “uncrackable” passwords have at least 14 characters and use upper and lower case letters plus numbers and symbols. Change your password often. Don't let others watch you log in. Don't print your password on a post-it note and attach it to your video monitor. If you must write down or record your password, take steps to secure or disguise the information. There are services and software packages that will help you keep track of your passwords. Most are free and are worth considering. You can get these programs at www.download.com . * Password Assistant 2.0 * Password Manager Plus * RoboForm Is it safe to post my resume online? Yes, with precautions. You should omit personal information, such as your SSN, physical address, and phone number from your online resume. You should consider creating a separate e-mail account for your job search. The World Privacy Forum offers tips on how to post a resume safely, available at www.worldprivacyforum.org/resumedatabaseprivacytips.html . If for any reason you need to safeguard your identity, for example if you are a victim of stalking, don't create an online resume. In these situations, ask the system operator of your ISP to remove you from its online directory. What is an anonymous remailer? Anonymous remailers are intermediaries that receive e-mail, strip off all identifying information, then forward the mail to the appropriate address. E-mails can still be vulnerable if the server through which they are sent is corrupted by a virus or other malware. Be aware that most anonymous remailers are only designed to protect the privacy of your e-mail address. So if you send someone your address or Social Security number in the body of the e-mail, that information would not be anonymous. Also some files you might attach, such as a Word document, may have had identifying information embedded in the file during the save process. Anonymous remailers can offer some protection, but do not offer complete e-mail anonymity. You should not rely solely on such services for your protection. A search on the term “anonymous remailer” will produce several useful links, including Andre Bacard’s FAQ at www.andrebacard.com/remail.html . Can an online service access information stored in my computer without my knowledge? Yes. Many of the commercial online services such as AOL automatically download graphics and program upgrades to the user's home computer. The subscriber is notified of these activities. But other intrusions are not so evident. We explained Microsoft’s WGA earlier. News reports have documented that some services have admitted to both accidental and intentional prying into the memory of personal computers. Companies typically explain that they collect information such as users' hardware, software, and usage patterns to provide better customer service. It is difficult to detect these types of intrusions. You should be aware of this potential privacy abuse and investigate new services thoroughly before signing on. Always read the privacy policy and the service agreement of any online service you intend to use. How can I ensure my files are stored securely? USB flash drives -- also called thumb drives, jump drives, or memory sticks -- have become a popular and convenient means of storing and transferring data. Because of the large amount of data that can be stored on such a small device, you need to take precautions to ensure that the data cannot be used if the USB drive is lost or stolen. Many USB drives come with software allowing you to password protect and encrypt your files. Take advantage of password protection on all of your software. The process varies depending on what operating system you are using. Windows ME and 98 require additional software, but the newer operating systems, such as Windows XP, include the option within the system. In the news: At the open-air market in Afghanistan the U.S. military was in no position to bargain. Soldiers offered generous amounts of cash to merchants in an attempt to recover stolen USB flash drives, which reportedly contained classified military assessments of enemy targets, named corrupt Afghan officials and described American defenses. Because of the small size of the drives, many had been easily stolen from a nearby U.S. base. (April 2006) Part 4: Additional Resources * Other nonprofit privacy organizations * Government agencies * Resources for parents and children * Links to glossaries Other nonprofit privacy organizations Several nonprofit public interest groups advocate on behalf of online users. They also provide extensive information about privacy issues on their Web sites. Several offer e-mail newsletters you can subscribe to. American Civil Liberties Union Find your local ACLU chapter: www.aclu.org/affiliates/ Web : www.aclu.org Center for Democracy and Technology 634 Eye Street NW #1100, Washington DC, 20006 Voice: (202) 637-9800. E-mail: info@cdt.org Web : www.cdt.org Electronic Frontier Foundation 454 Shotwell St., San Francisco, CA 94110 Voice: (415) 436-9333 E-mail: information@eff.org Web : www.eff.org. Electronic Privacy Information Center 1718 Connecticut Ave. N.W., Suite 200, Washington, DC 20009 Voice: (202) 483-1140 E-mail: epic-info@epic.org Web : www.epic.org. PrivacyActivism E-mail: info@privacyactivism.org Web : www.privacyactivism.org Privacy Rights Clearinghouse 3100 - 5th Ave., Suite B, San Diego, CA 92103 Voice: (619) 298-3396 Contact: www.privacyrights.org/preinquiry.htm Web: www.privacyrights.org. World Privacy Forum Voice: (760) 436-2489 E-mail: info2005@worldprivacyforum.org PGP Key is available here: securee-mail.html Web: www.worldprivacyforum.org Government agencies The Federal Trade Commission is the federal government's primary agency for online privacy oversight. Its Web site provides a great deal of information on public policy matters as well as consumer tips. Federal Trade Commission 600 Pennsylvania Ave. N.W., Washington, DC 20580 Web : www.ftc.gov/privacy/index.html Federal government consumer Web site: www.consumer.gov The FTC’s Onguard Online Web site offers tips for avoiding Internet fraud, securing your computer and ways to protect your personal information. www.onguardonline.gov Read the FTC's guide "Site-Seeing on the Internet: The Savvy Traveler," www.ftc.gov/bcp/conline/pubs/online/sitesee.htm . Several federal agencies and public interest groups have sponsored the online Consumer Computer Privacy Guide at www.consumerprivacyguide.org. This site offers extensive tips, a glossary of terms, and video tutorials with step-by-step instructions on how to take advantage of privacy settings for the programs you use online. Federal law enforcement and industry representatives have joined together to produce a Web site called Looks Too Good to Be True, which educates consumers about Internet scams. www.lookstoogoodtobetrue.com Resources for parents and children The Internet Education Foundation in cooperation with consumer groups and industry associations, has developed GetNetWise, a Web site for parents, children, and anyone wanting basic information on Internet safety. Visit this useful resource at www.getnetwise.org . If your children are online users, request the free brochure, "Child Safety on the Information Highway," from the National Center for Missing and Exploited Children. Phone: (800) 843-5678. Web: www.safekids.com/child_safety.htm The FBI publishes a Parent’s Guide to Internet Safety, available at www.fbi.gov/publications/pguide/pguidee.htm . The Federal Trade Commission offers extensive resources for children and parents. Visit www.ftc.gov/bcp/conline/edcams/kidzprivacy/index.html. To learn more about the Children's Online Privacy Protection Act, go to www.ftc.gov/privacy/index.html. Read "Take a Bite Out of Cyber Crime" by McGruff the Crime Dog, at www.bytecrime.org/PDF/McG_booklet_screen.pdf . See also PRC Fact Sheet 21, "Children in Cyberspace" at www.privacyrights.org/fs/fs21-children.htm . Links to glossaries * GetNetWise, www.getnetwise.org/glossary * UC Berkeley Library, www.lib.berkeley.edu/TeachingLib/Guides/Internet/Glossary.html * CNET, www.cnet.com/Resources/Info/Glossary/index.html * WebMonkey, www.Webmonkey.com/guides/glossary/ * FTC, www.ftc.gov/bcp/conline/pubs/online/sitesee.htm Please note: We have provided the names and Web addresses of several commercial and freeware products in this guide. Such mention does not imply endorsement.