* © Copyright 1996 A. Michael Froomkin. All Rights Reserved. Associate Professor, University of Miami School of Law. B.A. 1982, Yale College; M.Phil. 1984, Cambridge University; J.D. 1987, Yale Law School. Internet: froomkin@law.miami.edu. I received significant advice, comments , suggestions, and in several cases careful readings of earlier drafts, from Phil Agre, Caroline Bradley, Mary Coombs, Hal Finney, Oscar H. Gandy, Jr., Lucky Green, Patrick Gudridge, Richard Field, Trotter Hardy, Lili Levi, Mark Lemley, Tim May, Marcel van der Peijl, David Post, Peggy Radin, Steve Schnably, Bill Stewart, Peter Swire, Stephen F. Williams, and Eugene Volokh. I also benefited from the ideas posted by members of the cyberia-l, cypherpunks, and e-cash mailing lists. SueAnn Campbell and Nora de la Garza provided library support. Rosalia Lliraldi provided secretarial assistance. Portions of this paper, particularly in Part II, are a revised version of an electronically published paper, A. Michael Froomkin, Anonymity and its Enmities, 1 J. Online L. Article 4 (1995), available online http://www.law.cornell.edu/jol/froomkin.html.

I particularly wish to thank Dean Peter Shane and Pam Samuelson for inviting me to participate in the panel entitled "The Regulation of Computing and Information Technology" at the Conference for the Second Century of the University of Pittsburgh School of Law at which an earlier draft of this paper was presented. Unless otherwise stated, this article attempts to reflect legal and technical developments up to January 1, 1996.

1. Actually, "the Internet" is not one thing, but a set of tools. I. Trotter Hardy, Government Control and Regulations of Networks, paper presented at Symposium on The Emerging Law of Computer Networks, Austin, TX, May 19, 1995 (on file with author). The Internet provides the best example because it exists today. The analysis will, I hope, scale up to any successor network although there is good reason to believe that it does not scale down to discussions that occur entirely within a forum owned and operated by a single Internet Service Provider such as America OnLine or Compuserve, at least absent common carrier status. Cf. Pacific Gas And Elec. Co. v. Public Utils. Comm'n of Calif., 475 U.S. 1 (1986); PruneYard Shopping Ctr. v. Robins, 447 U.S. 74 (1980).

2. See 1995 Pa. S.B. 655, 179th Gen. Assem., 1995-96 Reg. Sess. (enacted June 13, 1995) (amending 18 Pa. Const. Stat. § 910(a)(1)). Proposed federal legislation sought to prohibit all anonymous electronic messages intended to "annoy, abuse, threaten, or harass any person . . . who receives the communication." S. 314, 104th Cong., 1st Sess. § 2(a)(1)(B) (1995). A similar proposal was introduced in Connecticut, see Larry Lessig, The Path of Cyberlaw, 104 Yale L.J. 1743, 1750 n.20 (1995).

3. I use "privacy" in this article to mean "the control of information about oneself." See, e.g., Alan Westin, Privacy and Freedom 7 (1970). By using "privacy" in this sense I do not mean to suggest that there is necessarily a "privacy right" to control information about oneself. That is, for the purposes of this article, a question of policy that needs debate. For arguments that if there is a "right" to privacy it means something other than the right to control information about oneself, see, e.g., Judith Jarvis Thompson, The Right To Privacy, 4 Phil. & Pub. Aff. 295 (1975).

William A. Parent, Privacy: A Brief Survey of the Conceptual Landscape, 11 Santa Clara Comp. & High Tech. L.J. 21 (1995), gives a useful survey of the various ways in which the term privacy can be deployed, including: "the right to be let alone," Samuel D. Warren & Louis B. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193, 205 (1890), "control of personal information about oneself," Charles Fried, Privacy, 77 Yale L.J. 475, 483 (1968), "limitation of access to oneself," Ruth Gavison, Privacy and the Limits of the Law, 89 Yale L.J. 421, 428 (1980), "having control of [one's] entire realm of intimate decisions," Julie C. Inness, Privacy, Intimacy, and Isolation 7 (1992), and Dean Prosser's four privacy torts, William L. Prosser, Privacy, 48 Cal. L. Rev. 383 (1960).

4. Privacy Act of 1974, 5 U.S.C. § 552a (1977).

5. 15 U.S.C. § 1681 (1995). Several other nations have data protection laws. See infra text accompanying note 354.

6. See A. Michael Froomkin, The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution, 143 U. Pa. L. Rev. 709 (1995).

7. See Joel R. Reidenberg, Setting Standards for Fair Information Practice in the U.S. Private Sector, 80 Iowa L. Rev. 497, 500-01 (1995) ("In democratic society, information standards reflect specific conceptions of governance. . . . For private interactions and the relationship between citizens, both law and practice set the balance between dignity and free flows of information.").

8. Martin Gottlieb, Pattern Emerges in Bomber's Tract, N.Y. Times, Aug. 2, 1995, at A1.

9. Note, The Constitutional Right to Anonymity: Free Speech, Disclosure and the Devil, 70 Yale L.J. 1084, 1109 (1961) (collecting cases) [hereinafter Anonymous Note].

10. Id. at 1111.

11. Id. at 1112-13.

12. Viereck v. United States, 318 U.S. 236, 251 (1943) (Black, J., dissenting).

13. Richard A. Posner, The Right of Privacy, 12 Ga. L. Rev. 393, 394 (1978).

14. Richard A. Posner, Privacy, Secrecy, and Reputation, 28 Buff. L. Rev. 1 (1979); Posner, supra note 13.

15. See Posner, supra note 13, at 294-97.

16. Posner, supra note 13.

17. See Kim Lane Scheppele, Legal Secrets 43-53, 111-26 (1988); see also James Boyle, A Theory of Law and Information: Copyright, Spleens, Blackmail, and Insider Trading, 80 Cal. L. Rev. 1413 (1992) (arguing that most law and economic analysis of markets for information are based on fundamentally contradictory assumptions).

18. See, e.g., New York v. Duryea, 351 N.Y.S.2d 978, 996 (1974) (arguing that people tend to apply an appropriate discount to anonymous writing).

19. See Francis Auburn, Usenet News and the Law, [1995] 1 Web J. Current Legal Issues, available online URL http://www.ncl.ac.uk/~nlawwww/articles1/auburn1.html (discussing the failure of the Western Australia Supreme Court in Rindos v. Hardwick (No. 1994 of 1993, judgment delivered 31 March 1994) to understand USENET and measure damages accordingly).

20. See RC4 Source Code, available online URL http://www.hks.net/cpunks/cpunks-[fr7/1369].html (entry in cypherpunks list archives). A spokesman for RSA Data Security stated that it has been informed by third parties that the code produces output identical to RC4, but has not confirmed this for itself. Telephone interview with Kurt Stammberger, Director of Technologies Marketing, RSA Data Security, Inc. (Nov. 22, 1995) [hereinafter Stammberger Interview].

21. Interestingly, RSA itself suggested that the public posting of the purported RC4 source code did not affect sales of licensed products because clients who want cryptographic products want to purchase them from vendors they can trust to provide a genuine and reliable product. Stammberger Interview, supra note 20.

22. Sissela Bok, Secrets: On the Ethics of Concealment and Revelation 16, 28 (1982).

23. See infra text at note 46.

24. Wall St. J., Jan. 26, 1995, at B1, available online URL http://www.clas.ufl.edu/~avi/NII/wsjFno-anon.html.

25. Anne Wells Branscomb, Anonymity, Autonomy, and Accountability: Challenges to The First Amendment in Cyberspaces, 104 Yale L.J. 1639, 1675 (1995); cf. George P. Long, III, Comment, Who Are You?: Identity and Anonymity in Cyberspace, 55 U. Pitt. L. Rev. 1205 (1994) ("if law enforcement authorities are precluded from obtaining the identities of anonymous users, illegal activities will proliferate").

26. On traditional rural ideas of the personal relationships required as a prerequisite to a commercial relationship, see Anne-Mari Sellerberg, On Modern Confidence, 25 Acta Sociologica 39 (1982).

27. Niklas Luhmann, Trust and Power 39 (Howard Davis et al. trans., 1979).

28. Georg Simmel, The Sociology of Georg Simmel 319 (Kurt H. Wolff trans. & ed., 1964); see also Georg Simmel, The Sociology of Secrecy and of Secret Societies, 11 Am. J. Soc. 441 (1906).

29. See Carol M. Rose, Trust in the Mirror of Betrayal, 75 B.U. L. Rev. 531 (1995), for delightful examples.

30. Luhmann, supra note 27, at 94; see also Francis Fukuyama, Trust: The Social Virtues & the Creation of Prosperity (1995). Jon Elster defines trustworthiness as the ability to make credible promises. Jon Elster, The Cement of Society 274-75 (1989).

31. See Steven L. Nock, The Costs of Privacy (1993).

32. Id. at 1.

33. 489 U.S. 656 (1989); see also Skinner v. Railway Labor Executives' Ass'n, 489 U.S. 602, 634 (1989) (finding drug and alcohol tests mandated by Federal Railroad Administration regulations reasonable under the Fourth Amendment); Marshall v. Barlow's, Inc., 429 U.S. 1347, 1347 (1977) (granting stay of injunction against further warrantless searches of workplaces permitted under the Occupational Safety and Health Act of 1970, Pub L. No. 91-596, 84 Stat. 1590 (codified as amended in scattered sections of 5 U.S.C., 15 U.S.C., 18 U.S.C., 29 U.S.C., and 42 U.S.C. (1988 & Supp. V 1993))). But see Camara v. Municipal Court, 387 U.S. 523, 540 (1967) (finding that the defendant had a constitutional right to deny a housing inspector entry into a leasehold without a warrant in a non-emergency situation).

34. 115 S. Ct. 2386 (1995) (upholding suspicionless mandatory drug testing of all student athletes in high school). The case is shocking not for the authoritarian principle of law it reiterates, that in the absence of a "clear" 18th century "practice" to guide Fourth Amendment analysis of the reasonableness of a warrantless "administrative" search, the reasonableness "is judged by balancing its intrusion . . . against its promotion of legitimate governmental interests." Id. at 2390 (quoting Skinner v. Railway Labor Executives' Ass'n, 489 U.S. 602, 619 (1989)), but for how the test was applied: Justice Scalia concluded that because student athletes have a lower expectation of privacy given the nature of the high school locker room, and because by volunteering for sports they "subject themselves to a degree of regulation even higher than that imposed on students generally," id. at 2392-93, their privacy interest could be overbalanced by a school district's "perhaps compelling," id., desire to deter drug use in school by making examples of what it perceived to be student leaders, despite an absence of any particularized suspicion that those students used drugs.

35. The result in Vernonia seems at least partly influenced by the District Court's finding that the school was "in a state of rebellion" that "was being fueled by alcohol and drug abuse as well as by the student's misperceptions about the drug culture." Id. at 2395. Justice Scalia described this as "an immediate crisis of greater proportions than existed in Skinner" id. where the showing of drug use by railroad employees was based on national data, rather than data particularized to a single railroad. Id. Nevertheless, while it may not have been particularized, the danger in Skinner affected railway safety, a field in which accidents can kill hundreds; it is difficult to see a "crisis of greater proportions" in a rebellious classroom.

36. N.J.S.A. 2C:7-1 (1996).

37. There is no doubt, for example, that the home is permeable to sense-enhanced searches by the police and possibly others. See, e.g., Florida v. Riley, 488 U.S. 445, 451-52 (1989) (plurality opinion) (holding valid a warrantless aerial surveillance of a greenhouse from four hundred feet); California v. Ciraolo, 476 U.S. 207, 215 (1986) (holding valid a warrantless aerial surveillance of a yard enclosed by a 10-foot fence). Cf. Jeff Cole, Eyes in the Skies: New Satellite Imaging Could Soon Transform The Face of the Earth, Wall St. J., Nov. 30, 1995, at A1 (describing new generation of ultra-high-quality satellite images offered for sale).

The government can use satellites to spy in the home's windows. Lisa J. Steele, Comment, The View from on High: Satellite Remote Sensing Technology and the Fourth Amendment, 6 High Tech. L.J. 317, 327-33 (1991) (discussing warrantless searches by satellite and the applicable constitutional implications). It may use heat-detection gear to monitor heat emanations from the home. See United States v. Pinson, 24 F.3d 1056, 1059 (8th Cir.) (holding that a warrantless use of infrared sensing devices did not violate the Fourth Amendment because any defendant's subjective expectation of privacy in heat emanating from her house is not one that society is prepared to recognize as objectively reasonable), cert. denied, 115 S. Ct. 664 (1994); but see State v. Young, 867 P.2d 593 (Wash 1994) (holding that warrantless use of infrared thermal detection device violates state constitution); United States v. Cusamano, 67 F.3d 1497 (10th Cir. 1995) (holding that warrantless use of thermal imager upon home violates Fourth Amendment).

Given the wide range sense-enhanced searches outside the reasonable expectation of privacy for Fourth Amendment purposes, see Scott E. Sundby, "Everyman's" Fourth Amendment: Privacy or Mutual Trust Between Government and Citizen?, 94 Colum. L. Rev. 1751, 1758-63 (1994) (explaining how the Supreme Court has used increasing permeability of home to enhanced intrusion as a reason to find no reasonable expectation of privacy for Fourth Amendment analysis), one can reasonably ask what sort of intrusions other than a simple Peeping Tom is actionable as common law trespass or invasion of privacy. Of course, unofficial invasions of privacy can be statutory offenses.

38. See infra Part IV.

39. "[A]ctual instances of the deterrent impact of disclosure laws are legion." Anonymous Note, supra note 9, at 1107.

40. Cf. Dirk Johnson, Chinese in U.S. Lament Bush Victory, N.Y. Times, Jan. 27, 1990, § 1, at 10 (describing fears of Chinese students in U.S. that protests against the Beijing government would lead to persecution if they returned home and retaliation against their families).

41. For a celebration of such "digital personalities," see Curtis E.A. Karnow, The Encrypted Self: Fleshing Out the Rights of Electronic Personalities, 13 J. Computer & Info. L. 1 (1994).

42. Or, it may not. See supra text at note 10.

43. There is probably a great deal more to be said on this subject. One need only to consider the enormous weight that our "identity-conscious society and legal world," Clark Freshman, Were Patricia Williams and Ronald Dworkin Separated at Birth?, 95 Colum. L. Rev. 1568, 1576 (1995) (book review), places on factors such as race, see Christopher A. Ford, Administering Identity: The Determination of "Race" in Race-Conscious Law, 82 Cal. L. Rev. 1231 (1994), to imagine the effects.

44. NAACP v. Alabama ex rel. Patterson, 357 U.S. 449 (1958).

45. 115 S. Ct. 1511 (1995).

46. Id. at 1537 (Scalia, J., dissenting). On the link between identity and accountability see, e.g., Sally Engle Merry, Manipulating Anonymity: Streetwalkers' Strategies for Safety in the City, 45 Ethnos 157, 158 (1980) (stating that prostitutes seek to reduce their risks by "finding out as much as possible about the identities of those they encounter while hiding clues to their own identity").

47. 115 S. Ct. at 1537. There is some irony in Justice Scalia being so concerned that every private harm have a private remedy, when he so firmly rejects the idea that public harms necessitate a remedy. See, e.g., Webster v. Doe , 486 U.S. 592, 661-71 (1988) (Scalia, J., dissenting).

48. Pa. S.B. 655, supra note 2.

49. U.S. examples include the copyright law, 17 U.S.C. § 102 et seq. and the International Traffic in Arms Regulations. See 22 C.F.R. § 121.1 (XIII)(b)(1) (1994).

50. See supra note 2 (proposals to censor the Internet).

51. I owe the metaphor of an information ocean to Rishab A. Ghosh. See E-mail to Michael Froomkin (Jan. 11, 1995) (on file with author) (quoting from his article in Asian Age magazine of Jan. 2, 1995).

52. See gopher://ncic.merti.edu:7043/11/statistics/nsfnet/history/hosts for a recent count of computers connected to the Internet. Today's Internet is an amalgam of many government and academic networks. An increasing number of commercial and nonprofit information service providers have joined these networks, including Dow Jones, Telebase, Dialog, CARL, the National Library of Medicine, and RLIN. Benard Aboba, How the Internet Came to Be, in The Online User's Encyclopedia (1993), available online URL gopher://gopher.isoc.org:70/00/Internet/history/how.Internet.came.to.be. The relationship between the Internet and commercial consumer information providers such as America OnLine (AOL), CompuServe and Prodigy continues to evolve. At their inception these services provided no Internet connectivity. They then began to offer limited gateways for the exchange of electronic mail. Now they are expanding their gateways to allow their users to gain access to the World Wide Web, and sometimes to other Internet services as well. The number of subscribers is also growing rapidly. Subscriber growth is estimated at 25% or more per year. During the first three months of 1995, U.S.-based PC online services added more than 1 million subscribers. Testimony of William. W. Burrington, Assistant General Counsel and Director of Government Affairs, America OnLine, Inc before the Senate Subcommittee on Terrorism, Technology, and Government Information 6 (May 11, 1995), available online LEXIS library Nexis, Curnws File [hereinafter Burrington Testimony]. However, the commercial access provided by large national ISPs is primarily one-way, and it is unclear to what extent commercial ISPs desire to allow persons outside their service to have Web or FTP access to information generated by subscribers. Market pressures, notably the desire of users to have their Web pages widely read, appear to be promoting this development.

53. More than 93% of U.S. households had telephones in 1990. Warren G. Lavey, Universal Telecommunications Infrastructure for Information Services, 42 Fed. Comm. L.J. 151 (1990) (citing FCC News No. 723: Preliminary Domestic Information from Statistics of Communications Common Carriers Released by FCC, at Table 9 (1989)). Thirty percent of U.S. households have a computer. David Bender, The Microsoft Antitrust Wars, Practicing Law Institute, Patents, Copyrights, Trademarks, and Literary Property Course Handbook Series (No. G4-3942) June 22-23, 1995 (available online WESTLAW tp-all database).

Currently the Internet reaches more than 90 countries; at least 160 have e-mail connectivity. Burrington Testimony, supra note 52, at 7.

The Clinton Administration has stated that it intends to make widespread access a cornerstone of its National Information Infrastructure policy. "Because information means empowerment, the government has a duty to ensure that all Americans have access to the resources of the Information age . . . [the NII will attempt to] Extend the 'universal service' concept to ensure that information resources are available to all at affordable prices." The National Information Infrastructure: Agenda for Action, 58 Fed. Reg. 49,025, 49,027-28 (1993).

54. See Eugene Volokh, Cheap Speech and What It Will Do, 104 Yale L.J. 1805 (1995). Consider too Karl Marx's remark that, "A relatively thinly populated country, with well-developed means of communication, has a denser population than a more numerously populated country, with a badly-developed means of communication." Karl Marx, Capital (quoted in Mark Poster, The Mode of Information 1 (1990)).

55. Compare Owen Fiss, Silence on the Street Corner, 26 Suffolk U. L. Rev. 1, 3 (1992) (cautioning that radical dissent is becoming relegated to the "last desperate forum"--the street corner) with Owen Fiss, In Search of a New Paradigm, 104 Yale L.J. 1613 (1995); see also Jerry Berman & Daniel J. Weitzner, Abundance and User Control: Renewing the Democratic Heart of the First Amendment in the Age of Interactive Media, 104 Yale L.J. 1619, 1623 (1995); Volokh, supra note 54, at 1833-36.

56. See, e.g., available online URL http://dgsys.com/~cgriffin/netFgde.html (detailing how to use the net for political organizing and opposition research); MIT's Political Participation Project, available online URL http://www.ai.mit.edu/projects/ppp/home.html; Mark S. Bonchek, Grassroots in Cyberspace: Using Computer Networks to Facilitate Political Participation (Working Paper 95-2.2: Presented at the 53rd Annual Meeting of the Midwest Political Science Association in Chicago, IL on April 6, 1995), available online URL http://www.ai.mit.edu/projects/ppp/pubs/95-2-2.html.

57. See Cass Sunstein, The First Amendment in Cyberspace, 104 Yale L.J. 1757, 1783 (1995).

58. E.g., Mancur Olson, The Logic of Collective Action (1971). For a quick summary of some positive critiques of pluralism, see A. Michael Froomkin, Climbing the Most Dangerous Branch: Legisprudence and the New Legal Process, 66 Tex. L. Rev. 1071 (1988) (book review).

59. Statistics on Internet usage vary. A recent study found that 34% of users are female, but that females account for only 23% of measurable usage. Donna L. Hoffman & Thomas P. Novak, Measuring the Internet: Preliminary Results of the Commerce/Nielsen Internet Demographics Survey, http://www2000.ogsm.vanderbilt.edu/novak/CN.prelim.results.oct30.html. The most commonly quoted statistic before this study suggested that fewer than 20% of the users of the Internet in 1994 were female. See, e.g., Cabinet Office (OPSS) Press Office, Cyberspace is for Women Too, available online URL http://www.coi.gov.uk/coi/depts/GCO/coi8119a.ok (quoting UK Science Minister John Horam) (OPSS 1[fr85/95], June 21, 1995); Males Predominate on Internet, But Women are Making Headway, available online URL http://www.dgsys.com/~editors/woman.html (citing Georgia Institute of Technology Survey showing 82% of Internet users are male). Presumably, most users of the Internet are at least wealthy enough to have use of a computer, not to mention some basic literacy, which also makes the user community less representative of the population as a whole.

60. See Vartan Gregorian, A Place Elsewhere: Reading the Age of the Computer, Bull. Am. Acad. Arts & Sci. 56 (Jan. 1996); Sunstein, supra note 57, at 1787; Volokh, supra note 54, at 1835.

61. See Volokh, supra note 54, at 1834.

62. For an example of a service that helps web author/publishers list their works on multiple indices, see Submit It!, available online URL http://www.submit-it.com/.

63. On Caller ID, see Robert Asa Crook, Sorry, Wrong Number: The Effect of Telephone Technology on Privacy Rights, 26 Wake Forest L. Rev. 669 (1991); Consuelo Lauda Kertz & Lisa Boardman Burnette, Telemarketing Tug-of-War: Balancing Telephone Information Technology and the First Amendment with Consumer Protection and Privacy, 43 Syracuse L. Rev. 1029 (1992); Glenn C. Smith, We've Got Your Number! (Is it Constitutional to Give it Out?): Caller Identification Technology and the Right to Informational Privacy, 37 UCLA L. Rev. 145 (1989); Steven P. Oates, Caller ID: Privacy Protector or Privacy Invader?, 1992 U. Ill. L. Rev. 219; cf. Smith v. Maryland, 442 U.S. 735, 745-46 (1979) (no expectation of privacy in telephone numbers dialed because this information is available to the telephone company).

64. Some intentionally insecure remailers are intended to let the sender have a little fun. These typically insert clues in the detailed headers (which are rarely displayed by commercial e-mail packages unless the user specifically instructs the software to show them) that reveal the origin of the message. A particularly cheerful example of this was a World Wide Web page called, "Why Send E-Mail when You Can Send FakeMail?," available online URL http://www.netcreations.com/fakemail, which, among other things, sent my mother birthday greetings from various real and fictitious dignitaries. The system ran until the owner shut it down because of "a few really nasty, harmful, hateful messages" sent via the service. Id.

65. A list of remailers and their features, as well as current information about their recent performance statistics, can be found at the University of California at Berkeley available online URL http://www.cs.berkeley.edu/~raph/remailer-list.html.

66. Public-key encryption technology is widely available on the Internet. Pretty Good Privacy (PGP) is available online by FTP from many sites including available online URL ftp://net-dist.mit.edu/pub/, available online URL ftp://ftp.ox.ac.uk/pub/crypto/pgp, or a German server: available online URL ftp://ftp.informatik.uni-hamburg.de:/pub/virus/crypt/pgp. For a good description of the technical and political workings of PGP, see Simson Garfinkel, PGP: Pretty Good Privacy (1995).

67. See infra text following note 75.

68. The expense of hiring foreign legal counsel, and possible language difficulties are only some of the problems. Many legal systems require that an act be an offense in both jurisdictions before allowing a prosecution, or in some cases even discovery, to proceed. The recent successful effort by the Church of Scientology to get information from a remailer operator succeeded because the remailer was a "traceable pseudonymous" remailer, see infra text at note 80, not a true anonymous remailer.

69. For a description of a prototype anonymizing WWW browser, see Annonymizer FAQ, available online URL http://anonymizer.cs.cmu.edu:8080/faq.html.

70. The URL is http://www.c2.org.

71. For an example of the dangers of conflatation, see Long, supra note 25. The author states that "[i]nevitably, each user [of a remailer] is subject to the integrity and trustworthiness of the server's administrator." Id. at 1184. In fact, as described in the text below, this is true only of traceable anonymity and pseudonymity; untraceable anonymity, for example, does not require that the author trust any individual, only that the message be routed through a large enough number of remailers to ensure that there is one trustworthy person somewhere in the chain.

72. But see the discussion of the anonymous remailer "anon.penet.fi," infra text accompanying note 78.

73. See Lance Cottrell's home page on Mixmaster: available online URL http://obscura.com/~loki/Mixmaster.FAQ.html; Remailer-Essay, available online URL http://nately.ucsd.edu/~loki/remailer-essay.html (explaining that some remailers intentionally introduce delays ("latency") to make it more difficult for any eavesdropper to link outgoing traffic with incoming messages).

74. In a public-key system, each user creates a public key, which is published, and a private key, which is secret. Messages encrypted with one key can be decrypted only with the other key, and vice-versa. For a fuller description, see Whitfield Diffie & Martin E. Hellman, New Directions in Cryptography, IT-22 IEEE Transactions Info. Theory 644 (1976), and Ralph C. Merkle, Secure Communication over Insecure Channels, Comm. ACM, Apr. 1978, at 294; Bruce Schneier, Applied Cryptography 29 (1994); Whitfield Diffie, The First Ten Years of Public-Key Cryptography, 76 Proc. IEEE 560 (1988) (discussing the history of public key cryptography).

A strong public-key system is one in which possession of both the algorithm and one key provides no useful information about the other key. The system gets its name from the idea that the user will publish one key, but keep the other one secret. The world can use the public key to send messages that only the private key owner can read; the private key can be used to send messages that could only have been sent by the key owner.

Thus, if Alice wants to send a secure e-mail message to Bob, and they both use compatible public-key cryptographic software, Alice and Bob can exchange public keys on an insecure line. If Alice has Bob's public key and knows that it is really Bob's, then Alice can use it to ensure that only Bob, and no one pretending to be Bob, can decode the message. A strong public key system makes it possible to establish a secure line of communication with anyone who is capable of implementing the algorithm. (In practice, this is anyone with a compatible decryption program or other device.) Sender and receiver no longer need a secure way to agree on a shared key. If Alice wishes to communicate with Bob, a stranger with whom she has never communicated before, Alice and Bob can exchange the plaintext of their public keys. Then, Alice and Bob can each encrypt their outgoing messages with the other's public key and decrypt their received messages with their own secret, private key. The security of the system evaporates if either party's private key is compromised, that is, transmitted to anyone else.

75. "PGP" stands for "Pretty Good Privacy." See supra note 66. It is a type of robust encryption, which when used with a long key is unbreakable in any reasonable period of time by currently known techniques.

76. Not being a political dissident, I confess that I have never used more than a single remailer myself (primarily in order to post to public newsgroups without fear of getting requests for free legal advice), and have never bothered to encrypt any of my e-mail messages; I created my own PGP key, available online URL http://www.law.miami.edu/~froomkin/mykey.htm, purely for demonstration purposes.

77. See supra note 43 (discussing the importance of identity in contemporary society).

78. The anon.penet.fi help file is available online URL http://chaos.taylored.com:1000/0Z/Anonymous-Mail/Remailers/Instructions/Help-file -from- anon.penet.fi.gz.

79. Douglas Lavin, Finnish Internet Fan Runs Service Allowing Anonymous Transmissions, Wall St. J., July 17, 1995, at A7 (reporting 8,000/day figure).

80. See available online URL http://www.cybercom.net/~rnewman/scientology/home.html#PENET (describing incident). Differing descriptions of the Scientologists' legal efforts can be found at The Church of Scientology vs. the Net, available online URL http://www.cybercom.net/~rnewman/scientology/home.html (critical view); UK Scientology Critics, available online URL http://mail.bris.ac.uk/~plmlp/scum.html (even more hostile); Church of Scientology International, available online URL http://www.theta.com/goodman/csi.htm (Scientologists' view).

81. Public-key systems allow users to append a digital signature to an unencrypted message. A digital signature uniquely identifies the sender and connects the sender to the message. Because the signature uses the plaintext as an input to the encryption algorithm, if the message is altered in even the slightest way, the signature will not decrypt properly, showing that the message was altered in transit or that the signature was forged by copying it from a different message. A properly implemented digital signature copied from one message has only an infinitesimal chance of successfully authenticating any other message. See Schneier, supra note 74, at 35.

82. Comments of computer security consultant Hal Finney, available online URL http://chaos.taylored.com: 1000/0Z/Anonymous-Mail/Issues/Background-Information.gz.

83. So long as the private key in a key pair is not shared with anyone, a digital signature uniquely identifies the author of a document. For a short description of digital signatures, see Froomkin, supra note 6, at 895.

84. "The citizen who is truly free in forming her identity should have the opportunity to experiment with roles she does not wish to adopt in public." Seth F. Kreimer, Sunlight, Secrets, and Scarlet Letters: The Tension Between Privacy and Disclosure in Constitutional Law, 140 U. Pa. L. Rev. 1, 69 (1991) (citing Foucault and Goffman). For a suggestion that nyms be granted the legal right to own and borrow money, to transact, and to communicate, see Karnow, supra note 41, at 12-13.

85. See supra note 66.

86. See supra note 73 (discussing concept of "latency").

87. This risk is reduced by the provision of a "remailer pinging service" that regularly checks to see if remailers are forwarding their mail. See supra note 65.

88. In addition, remailers do not defend against traditional methods of acquiring information. Encryption may foil a wiretap on the sender's telephone line, but the use of a remailer to send plaintext will not do so, since the message is captured at the source.

89. See infra Part III.

90. See supra text following note 75.

91. To understand why this is so requires some background in how an ordinary e-mail message is transmitted from Alice's machine to Bob's via the Internet. Ordinarily the two computers do not communicate directly. Instead Alice's machine sends the message to a machine that it hopes is in Bob's general direction, and the message passes from machine to machine until it finds one that is in regular communication with Bob's. Each machine that handles the message appends "path" information to the e-mail that identifies it as having taken part in the communication. The final recipient receives the entire path data along with the text of the message, but most commercial e-mail packages are designed to avoid displaying this path information to the reader unless she asks for it.

Victor can instruct his computer to lie about its identity, and indeed can forge information suggesting that the message originated elsewhere far away, but he has no way to persuade the machine to which he sends the message to cooperate. As a result, it is possible for a sufficiently motivated Internet detective to identify the first machine to which Victor sent the message, especially if she has several messages to work with. See Spam FAQ or "Figuring out Fake E-Mail and Posts," available online URL http://digital.net/~gandalf/spamfaq.html. I f the machine that communicated with Victor keeps records of its e-mail handling, or if its operator can be persuaded to do start doing so, the Internet detective can identify Victor's machine, and perhaps even Victor, as the source of the remailed message.

92. See supra note 80.

93. The circuits conflict as to whether a defendant must agree to "personally commit" the predicate acts in a RICO conspiracy but none of the circuits have done away with the need for some sort of agreement between the parties to the conspiracy. The Third, Fourth, Fifth, Sixth, Ninth, and Eleventh Circuits hold that the defendant's agreement to personally commit RICO predicate acts is not required. See United States v. Carter, 721 F.2d 1514, 1529 (11th Cir.), cert. denied sub nom. Morris v. United States, 469 U.S. 819 (1984); United States v. Adams, 759 F.2d 1099, 1116 (3d Cir.), cert. denied, 474 U.S. 971 (1985); United States v. Pryba, 900 F.2d 748, 760 (4th Cir.), cert. denied, 498 U.S. 924 (1990); United States v. Elliot, 571 F.2d 880, 902 (5th Cir), cert. denied, sub nom. Hawkins v. United States, 439 U.S. 953 (1978); United States v. Joseph, 781 F.2d 549, 554 (6th Cir. 1986), appeal after remand, 835 F.2d 1149 (6th Cir. 1987); United States v. Neapolitan, 791 F.2d 489, 494 (7th Cir.), cert. denied, 479 U.S. 940 (1986); United States v. Kragness, 830 F.2d 842, 860 (8th Cir. 1987); United States v. Tille, 729 F.2d 615, 619 (9th Cir.), cert. denied, 469 U.S. 848 (1984). According to these circuits, the government need only prove that the defendant directly or indirectly conspired to conduct RICO activity. The First, Second, and Tenth Circuits require the government to prove that the defendant agreed to "personally commit" two or more predicate acts in a RICO conspiracy. See United States v. Winter, 663 F.2d 1120, 1136 (1st Cir. 1981), cert. denied, 460 U.S. 1011 (1983); United States v. Ruggiero, 726 F.2d 913, 921 (2d Cir.), cert. denied sub nom. Rabito v. United States, 469 U.S. 831 (1984); United States v. Killip, 819 F.2d 1542, 1548 (10th Cir.), cert. denied, 484 U.S. 987 (1987).

94. Traffic analysis is the study of the sources and recipients of messages, including messages that the eavesdropper cannot understand. See Froomkin, supra note 6, at 747.

95. See supra note 2.

96. Pseudonymity differs from anonymity in a number of ways. Perhaps the most important difference is that pseudonymity allows for the creation and continuity of a "nym"--an alternate identity. See supra text accompanying note 82. In the case of the Federalist Papers, "Publius" was in fact three collaborators. On the Internet, "John" may be Jane, or little Johnny.

97. NAACP v. Alabama ex rel. Patterson, 357 U.S. 449 (1958); for a forceful assertion of a moral right to associational or group privacy, see Edward J. Bloustein, Group Privacy: The Right to Huddle, 8 Rut.-Cam. L.J. 219 (1977).

98. I discuss the U.S. hypersensitivity to conspiracy in Froomkin, supra note 6, at 850-62.

99. See, e.g., Hustler Magazine v. Falwell, 486 U.S. 46 (1988).

100. McIntyre v. Ohio Elections Comm'n, 115 S. Ct. 1511, 1518 (1995).

101. See First Nat. Bank of Boston v. Bellotti, 435 U.S. 765, 776-77 (1978).

102. New York Times Co. v. Sullivan, 376 U.S. 254, 270 (1964).

103. McIntyre, 115 S. Ct. at 1516.

104. For a contrary view that "McIntyre will prove to be dispositive" in providing First Amendment protections to anonymous political speech, see Richard K. Norton, Note, McIntyre v. Ohio Elections Comm'n: Defining the Right to Engage in Anonymous Political Speech, 74 N. Cal. L. Rev. 553 (1996).

105. McIntyre,115 S. Ct. at 1521-24; Talley v. California, 362 U.S. 60 (1960).

106. See, e.g., Brown v. Socialist Workers' 74 Campaign Comm., 459 U.S. 87, 91 (1982) (holding that the "Constitution protects against the compelled disclosure of political associations"); Hynes v. Mayor of Oradell, 425 U.S. 610, 623-28 (1976) (Brennan, J., concurring in part) (asserting that a disclosure requirement puts an impermissible burden on political expression); Shelton v. Tucker, 364 U.S. 479, 485-87 (1960) (holding invalid a statute that compelled teachers to disclose associational ties because it deprived them of their right of free association); Talley v. California, 362 U.S. 60, 64-65 (1960) (voiding an ordinance that compelled the public identification of group members engaged in the dissemination of ideas); Bates v. City of Little Rock, 361 U.S. 516, 522-24 (1960) (holding, on freedom of assembly grounds, that the NAACP did not have to disclose its membership lists); NAACP v. Alabama ex rel. Patterson, 357 U.S. 449, 462 (1958) ("It is hardly a novel perception that compelled disclosure of affiliation with groups engaged in advocacy may constitute . . . restraint on freedom of association . . . ."); Joint Anti-Fascist Refugee Comm. v. McGrath, 341 U.S. 123, 145 (1951) (Black, J., concurring) (expressing the fear that dominant groups might suppress unorthodox minorities if allowed to compel disclosure of associational ties). But see Communist Party of the United States v. Subversive Activities Control Bd., 367 U.S. 1, 85 (1961) (declining to decide whether forced disclosure of the identities of Communist Party members was an unconstitutional restraint on free association); New York ex rel. Bryant v. Zimmerman, 278 U.S. 63, 77 (1928) (holding that a required filing of group members' names with the state constituted a legitimate exercise of police power).

107. See Board of Directors of Rotary Int'l v. Rotary Club of Duarte, 481 U.S. 537, 544 (1987); see also New York State Club Ass'n v. City of New York, 487 U.S. 1, 13 (1988) (stating that freedom of expression is a powerful tool used in the exercise of First Amendment rights); Roberts v. United States Jaycees, 468 U.S. 609, 617-19 (1984) (recognizing that an individual's First Amendment rights are not secure unless those rights may be exercised in the group context as well).

108. 115 S. Ct. at 1519.

109. 424 U.S. 1 (1976).

110. Id. at 23-29, 60-84.

111. Id. at 19.

112. Cf. Los Angeles v. Taxpayers for Vincent, 466 U.S. 789 (1984) (upholding ban on posting any signs, including political ones, on utility poles). Justice Stevens held, however, that the utility poles were not public fora, id. suggesting that the court might not extend this idea to public fora and that Vincent may come to be seen as simply a decision upholding a particular time, place, and manner restriction.

113. 435 U.S. 765 (1978).

114. Id. at 792 n.32. The Supreme Court again noted the communicative importance of the identity of a speaker, albeit in a different context, in City of Ladue v. Gilleo, 114 S. Ct. 2038, 2046 (1994) (noting that a poster in front of a house associates speech with the identity of the speaker).

115. 47 U.S.C. § 317 (1995). See also 47 C.F. R. § 73.1212 (1995).

116. 47 U.S.C. § 317(c) (1995). The D.C. Circuit held that the FCC did not abuse its discretion by ruling that a licensee could satisfy this obligation in the face of undocumented accusations that the apparent sponsor was a front group for tobacco lobbyists by accepting an undocumented assertion from the apparent sponsor that he was the real sponsor in the absence of documentary evidence to the contrary. Loveday v. FCC, 707 F.2d 1442 (D.C. Cir. 1983).

117. Griset v. Fair Political Practices Comm'n, 884 P.2d 116, 126 (Cal. 1994) (upholding Cal. Gov't Code § 84305 (West 1994)), cert. denied, 115 S. Ct. 1794 (1995)).

118. Id. at 125.

119. Id. at 123.

120. 361 U.S. 516 (1960).

121. 357 U.S. 449 (1958).

122. See supra note 109; see also Citizens Against Rent Control v. Berkeley, 454 U.S. 290, 298 (1991); id. at 299-303 (Blackmun, J., concurring); id. at 308-09 (White, J., dissenting). All Justices agreed that identification requirements in political campaigns could be appropriate.

123. Loveday v. FCC, 707 F.2d 1443 (1983) (upholding 47 U.S.C. § 227(d)(2) (1995) against constitutional challenge), cert. denied, 464 U.S. 1008 (1983). Loveday might be explained as relying on a special feature of radio and television such as shortage of spectrum, cf. Turner Broadcasting, 114 S. Ct. 2445 (1994), but the rule has been extended to cable television also. See 47 C.F.R. § 68.318(c)(3) (1995). For arguments in favor of such regulation, see generally Peter F. May, Note, State Regulation of Political Broadcast Advertising: Stemming the Tide of Deceptive Negative Attacks, 72 B.U. L. Rev. 179 (1992).

124. My first year Torts teacher derided slippery slope arguments as "fear of doing the right thing today for fear of being forced to do the right thing tomorrow."

125. Burdick v. Takushi, 504 U.S. 428 (1992) (upholding law forbidding campaign-related speech within 100 feet of the entrance to polling place).

126. Cf. Working Group on Intellectual Property Rights, Intellectual Property and the National Information Infrastructure (1995) [hereinafter White Paper on Copyright] (proposing a new chapter of the Copyright Act that would prohibit "tampering" with "copyright management information"). This proposal could include information relating to attribution as well as, e.g., devices that charge for access to the work.

127. See, e.g., McIntyre v. Ohio Elections Comm'n, 115 S. Ct. 1511, 1518 (1995) (describing political speech as core speech for First Amendment purposes).

128. See Talley, 362 U.S. at 64; see also McIntyre, 115 S. Ct. at 1517.

129. If the government seeks to regulate commercial speech that is not false or misleading and concerns a lawful activity a reviewing court must determine whether the regulation promotes a substantial governmental interest, directly advances that interest, and is not more extensive than necessary. Central Hudson Gas & Elec. Corp. v. Public Serv. Comm'n, 447 U.S. 557 (1980). For a discussion of the limits to the Central Hudson test see generally Commercial Speech, 107 Harv. L. Rev. 224 (1992); for criticism of the case, see David F. McGowan, Comment, A Critical Analysis of Commercial Speech, 78 Cal. L. Rev. 359 (1990).

130. See, e.g., Ronald Coase, The Economics of the First Amendment: The Market for Goods and the Market for Ideas, 64 Am. Econ. Rev. 384 (1974); Burt Neuborne, The First Amendment and Government Regulation of Capital Markets, 55 Brook. L. Rev. 5 (1989); Alex Kozinski & Stuart Banner, Who's Afraid Of Commercial Speech?, 76 Va. L. Rev. 627 (1990).

131. See Virginia State Bd. of Pharmacy v. Virginia Citizens Consumer Council, Inc., 425 U.S. 748, 771 n.24 (1976). The Court has also stated that the overbreadth doctrine is inapplicable in various commercial speech contexts. See Village of Schaumburg v. Citizens for a Better Env't, 444 U.S. 620, 638-39 (1980).

132. The lines between speech, expressive conduct, mere conduct, and hybrid forms of these things have generated much litigation and commentary. See, e.g., Laurence H. Tribe, American Constitutional Law 789, 930 (2d ed. 1988); United States v. O'Brien, 391 U.S. 367, 376 (1968) (rejecting First Amendment challenge to law prohibiting the destruction of draft cards); Cox v. Louisiana, 379 U.S. 559 (1965) (calling demonstration a form of "speech plus" entitled to less protection than pure speech).

133. Pub. L. No. 100-690, 102 Stat. 4181, 4485-4503 (1988).

134. Pub. L. No. 101-647, 104 Stat. 4789, 4816-17 (1990), codified at 18 U.S.C. § 2257(b)(1) (1995).

135. American Library Ass'n v. Reno, 33 F.3d 78 (D.C. Cir. 1994), reh'g en banc denied, 47 F.3d 1215 (D.C. Cir. 1995), cert. denied, 115 S. Ct. 2610 (1995).

136. "Actual sexually explicit conduct," 18 U.S.C. § 2557(a)(1) (1995), is defined by reference to 18 U.S.C. § 2256, which defines "sexually explicit conduct" as any visual depiction of sexual intercourse, bestiality, masturbation or sadistic or masochistic abuse. Id. at § 2256(2)(A)-(D) (1995).

137. The implementing regulations provide that "secondary" producers, (e.g., a magazine editor and publisher) may discharge this duty by accepting copies of a "primary" producer's records. 28 C.F.R. § 75.2(1)(b) (1995). The regulations define primary producers as "any person who actually films, videotapes, or photographs a visual depiction of actual sexually explicit conduct." 28 C.F.R. § 75.1(c)(2) (1995).

138. The requirement of a photo ID appears only in the Attorney General's implementing regulations, 28 C.F.R. § 75.2(a)(1) (1995), issued pursuant to 28 U.S.C. § 2257(g) (1995).

139. 18 U.S.C. § 2257(b)(1) (1995).

140. American Library Assoc. v. Reno, 47 F.3d 1215, 1217 (D.C. Cir. 1995) (Tatel, J., dissenting from denial of suggestion for rehearing in banc).

141. 18 U.S.C. § 2257(h)(3) (1995).

142. Id.

143. 18 U.S.C. § 2257(b)(2)-(3) (1995).

144. 18 U.S.C. § 2257(i) (1995). Cf. White Paper on Copyright, supra note 126, at 235-36 (relating to regulation of "copyright management information").

145. "This requirement is satisfied if the producer asks the performer for the information." H.R. Doc. No. 100-129, 100th Cong., 1st Sess. 65 (1987) (President's message transmitting 1988 act to Congress); 33 F.3d at 92 (relying on this limiting construction). Presumably, however, a performer who showed obviously phony ID that was accepted as genuine by a producer who knew it was false would face some risk of a conspiracy charge.

146. See American Library Ass'n v. Barr, 794 F. Supp. 412, 419 (D.D.C. 1992), rev'd sub nom. American Library Ass'n v. Reno, 33 F.3d 78 (D.C. Cir. 1994).

147. American Library Ass'n, 33 F.3d at 94. Given that there have been suggestions that some actors are forced to perform at gunpoint, it seems fair to wonder if Judge Buckley's assertion is as self-evident as he thought it was. See, e.g., Linda Lovelace & Michael McGrady, Ordeal (1980); see also Laura Lederer, Then and Now: An Interview with a Former Pornography Model, in Take Back the Night: Women on Pornography 57 (Laura Lederer ed., 1980) (describing rape and other threats from producers); Robin L. West, The Feminist-Conservative Anti-Pornography Alliance and the 1986 Attorney General's Commission on Pornography Report, 1987 Am. B. Found. Res. J. 681, 686-88 (summarizing testimony to Meese Commission on Pornography challenging assertion that pornography is "consensually produced by voluntary participants in a voluntary market").

Performers acting for hire who fear their employers may be able to work under a pseudonym; nothing in the social security regulations, for example, appears to prohibit this. Cf. 60 Fed. Reg. 42,431 (1995) (amending 20 C.F.R. § 422.120 to state that agency will attempt to contact worker before contacting employer in cases where employees name in wage report differs from name in Social Security records, but that IRS will assess penalty only if social security number is absent or invalid). In such cases the requirement that they give their real name may add to their risks. The effect on a hypothetical unpaid performer engaged in social commentary is, perhaps, even greater.

148. 28 C.F.R. § 75.2(b) (1995).

149. This result as applied to obviously adult performers is particularly anomalous given that the purpose of the Act is to combat child pornography. See American Library Ass'n, 794 F. Supp. at 417-18 (noting anomaly). The D.C. Circuit alluded to this issue in a discussion of the problems the Act creates for "appropriationist artists," that is, "photographers who create distinct works that incorporate photographs taken by others--typically without permission." American Library Ass'n, 33 F.3d at 93. Although the court suggested that "application of the Act to [appropriationist artists] would raise a serious First Amendment problem because of the difficulty they may encounter in securing the information" that the Act requires them to keep on file, it concluded that the record was inadequate to present the issue in "clean-cut and concrete form." Id. In contrast, the D.C. Circuit gave short shrift to the District Court's suggestion that the Act "will effectively ban foreign produced images of sexually explicit conduct," even when the performers are adults. 794 F. Supp. at 418. "Foreign producers who wish to peddle their products in the United States should be expected to abide by our laws," the court stated, warning that to rule otherwise would create "a loophole" for domestic child pornographers to send their wares abroad for re-export to the United States. 33 F.3d at 93. By defining the problem as one of "foreign producers trying to peddle their products" rather than one of domestic parties seeking to purchase and re-use, re-package or re-distribute products that can plausibly be defined as speech, the court evaded a constitutional problem posed by the Act.

150. 18 U.S.C. § 2257(c) (1995); 28 C.F.R. § 75.5 (1995).

151. 18 U.S.C. § 2257(f)(4) (1995) (making it an offence "knowingly to sell or otherwise transfer, or offer for sale or transfer" any "book, magazine, periodical, film, video, or other matter, produce[d] in whole or in part with materials which have been mailed or shipped in interstate or foreign commerce or which is intended for shipment in interstate or foreign commerce" but lacking the affixed information about the location of the records).

152. A person selling or giving covered materials has a duty to ensure that the statement has been affixed to the materials, but no duty to determine the accuracy of the contents of the statement or the records required to be kept. 18 U.S.C. § 2257(f)(4) (1995).

153. American Library Ass'n v. Reno, 33 F.3d 78, 81, 84-85. The District Court had found the Act unconstitutional, see American Library Ass'n v. Barr, 794 F. Supp. 412, 418 (D.D.C. 1992).

154. 33 F.3d at 85 (citing City of Renton v. Playtime Theaters, 475 U.S. 41 (1986)).

155. Boos v. Barry, 485 U.S. 312, 334 (1988) (Brennan, J., concurring in part and concurring in judgment).

156. Burson v. Freemen, 112 S. Ct. 1846, 1850 (1992); Boos, 485 U.S. at 319; Arkansas Writers' Project, Inc. v. Ragland, 481 U.S. 221, 230 (1987); Heffron v. Int'l Soc. for Krishna Consciousness, 452 U.S. 640, 648 (regulation "may not be based upon either the content or subject matter of speech"); Consolidated Edison Co. v. Public Serv. Comm'n, 447 U.S. 530, 537-38 (1980); Carey v. Brown, 447 U.S. 455, 462 n.6 (1980).

157. 33 F.3d at 85 (citing Renton and Boos).

158. Renton, 475 U.S. at 46-48.

159. United States v. O'Brien, 391 U.S. 367, 376 (1968) (rejecting First Amendment challenge to law prohibiting the destruction of draft cards).

160. American Library Ass'n, 33 F.3d at 84-85. Cf. New York v. Ferber, 458 U.S. 747 (1982) (noting compelling governmental interest in eradicating evils associated with child pornography).

161. 18 U.S.C. § 2257(d) (1993).

162. American Library Ass'n, 33 F.3d at 94-95 (Reynolds, J., dissenting). In his later dissent from the denial of rehearing en banc, Judge Tatel, who was not a member of the original panel, argued that,

The only class of producers whose behavior this statute is likely to influence--those who ignore the age of their models but would nonetheless refuse to employ individuals they knew were minors--could be equally deterred, with no corresponding regulatory burden on protected speech, by rewriting the child pornography statutes to impose criminal liability upon those who recklessly or negligently violate them. . . . While such an approach might allow a few individuals to escape liability by establishing that they had made a reasonable mistake about the age of the model, "even as compelling a societal interest as the protection of minors must occasionally yield to specific constitutional guarantees." United States v. U.S. District Court, 858 F.2d 534, 543 (9th Cir. 1988).

American Library Ass'n v. Reno, 47 F.3d 1215, 1216-17 (D.C. Cir. 1995) (Tatel, J., dissenting from denial of suggestion for rehearing en banc).

163. See American Library Ass'n, 713 F. Supp. at 475. An earlier version of the record-keeping requirements of the Act was held to be unconstitutional in American Library Ass'n v. Thornburg, 713 F. Supp 469 (D.C. Cir. 1989), vacated as moot sub nom. American Library Ass'n v. Barr, 956 F.2d 1178, 1186 (D.C. Cir. 1992).

164. 115 S. Ct. 2610 (1995).

165. Bans on anonymous publication are not unprecedented. England banned anonymous pamphlets between 1637 and 1694, when licensing laws required that all books bear the name of the author and printer. W.S. Holdsworth, Press Control and Copyright in the 16th and 17th Centuries, 29 Yale L.J. 841, 848-49 (1920).

As detailed in Anonymous Note, supra note 9, at 1084-93 (giving examples from English, French and U.S. practice), a number of state and federal statutes have sought to restrict anonymous speech or the freedom of anonymous association. The Supreme Court has upheld restrictions on anonymous speech and association on several occasions. In Lewis Publishing Co. v. Morgan, 229 U.S. 288 (1913), the Court upheld a requirement that mailers wishing second class mailing status publish a list of editors and proprietors twice annually, but relied on a "now-outdated view of the first amendment," Anonymous Note, supra note 9, at 1089. In Viereck v. United States, 318 U.S. 236 (1943), the Supreme Court upheld a pre-WW I statute requiring foreign agents to register with the Secretary of States, but several subsequent decisions, culminating in NAACP v. Alabama ex rel. Patterson, 357 U.S. 449 (1958), suggested that the Supreme Court had turned away from the analysis in Viereck, see Anonymous Note, supra note 9, at 1093-1102.

In United States v. Harris, 347 U.S. 612, 625 (1954), the Supreme Court upheld the Federal Regulation of Lobbying Act, 2 U.S.C. § 267 (1994), which requires those engaged in lobbying to divulge their identities. More recently, lower courts have sustained similar private identification requirements in other regulatory settings involving the workplace, see, e.g., Big Bear Super Market No. 3 v. I.N.S., 913 F.2d 754 (9th Cir. 1990) (upholding worker identification provisions of Immigration Control Act, 8 U.S.C.A. § 1324 against a void for vagueness challenge).

166. See 713 F. Supp. at 477 (giving similar examples as one reason to hold that Act was unconstitutional). See supra text accompanying note 115 (describing FCC requirement that broadcast paid political advertisements identify sponsor).

167. The Telephone Consumer Protection Act of 1991 (TCPA), Pub. L. No. 102-243, 105 Stat. 2394, codified at 47 U.S.C. § 227(d)(2) (1995), requires the FCC to make rules requiring that fax machines mark the name and telephone number of a business or individual sending the fax on the first page of every transmission. 47 C.F.R. § 68.318 (1995) makes it unlawful

for any person within the United States to use a computer or other electronic device to send any message via a telephone facsimile unless such message clearly contains, in a margin at the top or bottom of each transmitted page or on the first page of the transmission, the date and time it is sent and an identification of the business, other entity, or individual sending the message and the telephone number of the sending machine or of such business, other entity, or individual. The telephone number provided may not be a 900 number or any other number for which charges exceed local or long distance transmission charges. Telephone facsimile machines manufactured on and after December 20, 1992 must clearly mark such identifying information on each transmitted message. Facsimile modem boards manufactured on and after December 13, 1995 must comply with the requirements of this section.

For arguments supporting such regulation, see Michael M. Parker, Fax Pas: Stopping the Junk Fax Mail Bandwagon, 71 Ore. L. Rev. 457 (1992).

168. The primary reason why Judge Buckley's analysis is questionable is the one pointed to in the dissents: that as the Act itself barred the government from using the information in the records against anyone, there was little grounds to believe that the statute was capable of accomplishing its purported objective.

169. See, e.g., Boos v. Barry, 485 U.S. 312, 334-36 (1988) (Brennan, J., concurring); Tribe, supra note 132, at § 12-3 n.17 (Renton "ill-advised . . . . Carried to its logical conclusion, the doctrine could gravely erode first amendment protections."); Geoffrey R. Stone, Content-Neutral Restrictions, 54 U. Chi. L. Rev. 46, 115 (1987) (calling decision a "disturbing, incoherent, and unsettling precedent"). Keith Werhan, The Liberalization of Freedom of Speech on a Conservative Court, 80 Iowa L. Rev. 51, 68 (1994) ("A content-neutral reading of the Renton ordinance is hard to justify. Literally, the ordinance was content-based."). The Supreme Court, 1985 Term, 100 Harv. L. Rev. 1, 195 (1986) ("The Renton ordinance was content-based regulation of the first order."). But see Cass R. Sunstein, Pornography and the First Amendment, 1986 Duke L.J. 589, 612-17 (1986) (defending use of Renton analysis in First Amendment/pornography cases).

170. See Sunstein, supra note 169, at 602-08 (arguing that pornography is low-value speech and hence entitled to diminished First Amendment protection); see also Tribe, supra note 132, at 930 (listing near-obscene speech as one of five special types of speech receiving a lower level of First Amendment protection). For a suggestion that the problem with eroticized speech is that judges and legislators dislike it, see Gianni P. Servodidio, The Devaluation of Nonobscene Eroticism as a Form of Expression Protected by the First Amendment, 67 Tul. L. Rev. 1231 (1993); see also David Cole, Playing By Pornography's Rules: The Regulation of Sexual Expression, 143 U. Pa. L. Rev. 111 (1994).

171. Tribe, supra note 132, at 930.

172. Compare Martin Rimm, Marketing Pornography on the Information Superhighway, 83 Geo. L.J. 1849 (1995) with Donna L. Hoffman & Thomas P. Novak, A Detailed Analysis of the Conceptual, Logical, and Methodological Flaws in the Article: "Marketing Pornography on the Information Superhighway" July 2, 1995 (version 1.01), available online URL http://www2000.ogsm.vanderbilt.edu/rimm.cgi; Jim Thomas, Some Thoughts on Carnegie Mellon's Committee of Investigation, available online URL http://sun.soci.niu.edu/~cudigest/rimm/rimm2 (discussion o f ethical lapses in Rimm study); Jim Thomas, The Ethics of Carnegie Mellon's Cyber-porn Study, available online URL http://sun.soci.niu.edu/~cudigest/rimm/ethics.cmu; The Cyberporn Report, available online URL http://www.cybernothing.org/cno/reports/cyberporn.html (collecting URLs criticizing Rimm study); see also supra note 56.

173. See supra text following note 75.

174. For a suggestion that the Renton approach might be extended to political speech, see Susan H. Williams, Content Discrimination and the First Amendment, 139 U. Pa. L. Rev. 615, 633 (1991) ("Although this question has not yet definitively been answered, the recent case of Boos v. Barry [485 U.S. 312] indicates that an affirmative response by a majority of the Court may not be far off.").

175. "[T]he widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." Associated Press v. United States, 326 U.S. 1, 20 (1945) (upholding application of Sherman Act to newsgathering agency), quoted with approval in Metro Broadcasting v. FCC, 497 U.S. 547, 567 (1990).

176. This is by no means a unique example of the Internet making a legal rule obsolete. See, e.g., Ethan Katsh, Rights, Camera, Action: Cyberspatial Settings and the First Amendment, 104 Yale L.J. 1681, 1695 n.43 (1995) (describing irrelevance of prior restraint doctrine in age of mass near-instantaneous communication).

177. A packet switching network is method by which data can be broken up into standardized packets which are then routed to their destination via an indeterminate number of intermediaries. See Bruce Sterling, Short History of the Internet (Feb. 1993), available online URL gopher://gopher.isoc.org:70/00/Internet/history/short.history.of.Internet.

Multiple packets originating from a single long data stream may use more than one route to reach a far destination where they will be reassembled. This decentralized, anarchic, method of sending information appealed to the Internet's early sponsor, the Defense Department, which was intrigued by a communications network that could continue to function even if a major catastrophe (such as a nuclear war) destroyed a large fraction of the system. Id.

178. Penthouse Magazine's World Wide Web site announces that the web site is "not available" in Ecuador, Egypt, Fiji Island, Formosa, India, Japan, Kenya, Korea, Malaysia, Malta, Mexico, Nigeria, Okinawa, Pakistan, Philippines, Saudi Arabia, Singapore, South Africa, Spain, St. Lucia, Thailand, Trinidad, Turkey, United Kingdom and Venezuela because these nations "prohibit adult material." Penthouse Magazine, Not Available in These Countries, available online URL http://www.penthousemag.com/resource/nothere.html. Nevertheless, I am reliably informed that the materials on this web site are accessible from a domain in the United Kingdom whose address ends in ".uk".

179. Even currency controls may not prevent users from establishing foreign Internet accounts since some accounts, on "freenets," are free to the public.

180. Thus, Eugene Volokh's radical predictions about the demise of private speech regulation in the U.S., see Volokh, supra note 54, at 1836, actually may be too mild because they do not take account of the international nature of the Internet.

181. Redefining Community, Info. Wk., Nov. 29, 1993, at 28 (quoting Gilmore). Of course, nothing prevents individual users or system operators from blocking the direct receipt of messages from unwanted sources. See Branscomb, supra note 25, at 1676. Users, however, will not find it difficult to circumvent these restrictions. See, e.g., Katsch, supra note 176, at 1695 n.43.

The discussion in the text applies to Internet functions such as e-mail or World Wide Web requests. In contrast, so long as the number of remailers remains small, it might be technically feasible to eliminate anonymous postings from the USENET (a distributed bulletin board system). See Long, supra note 25, at 1186-87 (describing operation of "Automatic Retroactive Minimal Moderation").

182. See supra text accompanying note 92.

183. For a suggestion that the People's Republic of China may attempt to achieve information autarchy, see Joseph Kahn & Kathy Chen, Chinese Firewall, Wall St. J., Jan 31, 1996, at 1.

184. The Canadian Copyright Act guarantees the right of an author to write under a pseudonym. See Canadian Copyright Act § 14.1.

185. See supra text accompanying note 2.

186. Philip Shenon, 2-Edged Sword: Asian Regimes On the Internet, N.Y. Times, May 29, 1995, § 1, at 1.

187. Id. (quoting Tran Ba Thai, sysop of NetNam).

188. Jeremy Grant, Vietnamese Move to Bring the Internet Under Control May Backfire, Fin. Times, Sept. 19, 1995, at 6 (quoting Nghiem Xuan Tinh, deputy director of Vietnam Data Communications Company, a subsidiary of Vietnam Post and Telecommunications).

189. Id. This may be a reference to the campaign by anti-Communist emigres based in California who sought to overwhelm the Vietnamese Prime Minister's e-mail mailbox. See Shenon, supra note 186 (describing attempt).

190. Grant, supra note 188.

191. Shenon, supra note 186.

192. See, e.g., Philip Taubman, Cyberspace in Singapore, N.Y. Times, Nov. 8, 1995, at A24.

193. Peng Hwa Ang & Berlinda Nadarajan, Censorship and the Internet: A Singapore Perspective, available online URL http://info.isoc.org/HMP/PAPER/132/txt/paper.txt (The lead author is a professor at the School of Communication Studies, Nanyang Technological University.) [hereinafter Singapore Perspective].

The Chinese government is also seeking to limit Internet access by keeping costs of local service artificially high, although Internet usage is growing quickly through both campus and commercial servers. Shenon, supra note 186. China's post and telecommunications minister, Wu Juchuan, announced that China will exercise control of the information it allows in. "By linking with the internet, we do not mean the absolute freedom of information." Johanna Son, Asia-communication: Bumps Lie Ahead In Information Superhighway, Inter Press Service, available on line LEXIS, library News, file Curnws.

China has also announced plans to build a state-owned Internet network called Chinanet. China Plans own Internet, Fin. Times, Nov. 7, 1995, at 7; see also Kahn & Chen, supra note 183.

194. Singapore Perspective, supra note 193.

195. Shenon, supra note 186. As this article was going to press, the government of the People's Republic of China announced new limits on the exchange of market information regarding the Chinese economy. News reports suggested that the spread of the Internet was one of the government's major concerns. See Kahn & Chen, supra note 183.

196. See supra text accompanying note 46.

197. Technical counter-measures, akin to salting each telephone book with unique false entries to pinpoint the source of any copies, promise to reduce this danger considerably. In addition, customers may prefer to buy products from vendors they know and trust. See supra note 21 (statement by RSA spokesman that posting of RC4 source code to the Internet has not slowed sales of RSA licensed products using RC4).

198. A ban on cryptography can be circumvented, at some cost to ease of use, by employing steganography:

Steganography is the art and science of communicating in a way which hides the existence of the communication. In contrast to cryptography, where the "enemy" is allowed to detect, intercept and modify messages without being able to violate certain security premises guaranteed by a cryptosystem, the goal of steganography is to hide messages inside other "harmless" messages in a way that does not allow any "enemy" to even detect that there is a second secret message present.

Markus Kuhn, Steganography Mailing List, available online URL http://www.thur.de/ulf/stegano/announce.html.

199. See, e.g., Lisa A. Barbot, Comment, Money Laundering an International Challenge, 3 Tul. J. Int'l & Comp. L. 161, 164 (1994) (suggesting money laundering continues to grow despite international efforts).

200. United Nations Convention Against Illicit Traffic in Narcotic Drugs and Psychotropic Substances, Dec. 19, 1988 (E/Conf./82/15), reprinted in 28 I.L.M. 493 (1989).

201. See, e.g., Scott E. Mortman, Note, Putting Starch In European Efforts To Combat Money Laundering, 60 Fordham L. Rev. S429 (1992) (discussing EC directive on money laundering); Phyllis Solomon, Note, Are Money Launderers All Washed Up in the Western Hemisphere? The OAS Model Regulations, 17 Hastings Int'l & Comp. L. Rev. 433 (1994) (discussing money laundering provisions of Inter-American Drug Abuse Control Commission's Model Regulations Concerning Laundering Offenses Connected to Illicit Drug Trafficking and Related Offenses).

202. See Office of Technology Assessment, Information Technologies for the Control of Money laundering 113 (1995) (OTA-ITC-630) [hereinafter Money Laundering].

203. See id. at 115-17.

204. The leading study of "how cryptographic systems fail in practice" concluded that "many products are so complex and tricky to use that they are rarely used properly. As a result, most security failures are due to implementation and management errors." Ross Anderson, Why Cryptosystems Fail, 37 Comm. ACM 32-41 (Nov. 1994), available online URL ftp://ftp.cl.cam.ac.uk:/users/ria14/wcf.ps.Z.

205. On the fate of the War on Drugs in the U.S., see Steven B. Duke & Albert C. Gross, America's Longest War: Rethinking Our Tragic Crusade Against Drugs (1993).

206. See ITAR page, available online URL ftp://ftp.cygnus.com/pub/export/export.html. Anonymous communication will be less effective in undermining the ITAR to the extent that its true goal is to restrict the emergence of a standard mass-market encryption product. Until anonymous digital cash is wide-spread, no commercial software publisher in the U.S. will risk violating the ITAR since there is no effective means for them to charge for their products and yet maintain the anonymity they would require to avoid any risk of prosecution.

207. Note that one does not need to own a computer; one simply needs access to a machine one can trust not to log one's communications. In the United States, for example, such a computer might be located in a public library.

208. Where E-Cash Will Take Off, Bus. Wk., June 12, 1995, at 70. Another estimate suggests more than $200 billion in Internet commerce within five years. John Kavanagh, Purchases on the Internet 'Could Potentially Exceed $200bn by Year 2000,' Fin. Times, Nov. 1, 1995, at 12 FT-IT (quoting wide variety of estimates). Internet purchases in 1994 were estimated at $240 million. Id. See also Edward Mozley Roche, Business Value of Electronic Commerce Over Interoperable Networks, Paper Presented at Freedom, Forum, July 6-7, 1995 (Rosalyn, Va.), available online URL http://www.commerce.net/information/reference/roche.txt (projecting huge increases in Internet commerce).

209. See, e.g., Walter R. Baranger, Taking In The Sites; Car Parking Areas Grow Around the Web, N.Y. Times, Sept. 11, 1995, at D8 (describing home pages of auto manufacturers who offer prototype interactive sales information, querying customer on color, cost and other preferences).

210. The implications of Internet-based price discrimination are substantial, but they are beyond the scope of this article. Professor Gandy argues that profiling will enable new forms of invidious discrimination. See Oscar H. Gandy, Jr., Legitimate Business Interest. No End In Sight?, 1996 U. Chi. Legal F. (forthcoming). One might, however, argue that the Internet empowers consumers more than it empowers those who would take advantage of them since it will put information of how firms treat similarly situated consumers at their fingertips.

211. This discussion uses "credit card" loosely to include debit cards. Although the differences between credit and debit cards are significant in other contexts, the Internet aspects of the transactions are not materially different.

212. See 15 U.S.C. § 1643(a)(1)(B) (1994); 12 C.F.R. § 205.6 (1995) (limiting consumer liability to $50 for most unauthorized electronic funds transfers).

213. See First Virtual, Welcome to First Virtual, available online URL http://www.fv.com:80/info/intro.html.

214. See supra note 74.

215. For a survey of many of these problems, see Mary Elizabeth Matthews, Credit Cards--Authorized And Unauthorized Use, 13 Ann. Rev. Banking L. 233 (1994). Claims of fraud that hinge on forgery or on factual determinations of identity may change if commerce begins to rely on digital signatures. Unless a user loses control of the digital signature (or, more commonly, the passphrase used to get access to the encrypted digital signature), a message signed with a digital signature is undeniably the user's and not a forgery.

One additional issue of importance to the merchant is whether the credit card clearer will regard the transaction as one in which the card is "present" or "not present." Merchants typically have to pay a higher commission, and in some countries may bear more risk, in a transaction where they cannot physically examine the card.

216. Regulation E, 12 C.F.R. § 205.6 (1995).

217. Cf. John Mason, Bank's Security Chains Failed, Fin. Times, Sept. 20, 1995, at 12 (describing banks' fears that hackers will use electronic means to rob banks).

218. See Arnold Kling, Banking on the Internet, available online URL http://www- e1c.gnn.com/gnn/meta/finance/feat/archives.focus/bank.body.html.

219. See, e.g., Report § 1.1, available online URL http://www.nri.reston.va.us:3000/XIWT/documents/digFcashFdoc/Part1.html. The average U.S. credit card purchase today is $60. Id.

220. Steve Glassman et al., The Millicent Protocol for Inexpensive Electronic Commerce, available online URL http://HTTP.CS.Berkely.EDU/~gauthier/millicent/millicent.html, argues that even digital coins are too expensive for micro-transactions, and that a new form of "scrip" needs to be deployed for micro-transactions. Proposals for two schemes that may meet the exacting requirements of efficient micro-transactions can be found in Ronald L. Rivest & Adi Shamir, Payword & MicroMint: Two simple Micropayment Schemes (Nov. 8, 1995), available online URL http://theory.lcs.mit.edu/~rivest/RivestShamir-mpay.ps.

221. See generally Gandy, supra note 210.

222. See the long list of companies at the E-cash Index, available online URL http://ganges.cs.tcd.ie/mepeirce/Project/proposed.html.

223. Whether a corporation that provides electronic cash services is necessarily required to be licensed as a bank is a question beyond the scope of this article. The provision of digital cash creates obvious issues regarding the backing of currency by electronic banks, control of the money supply, and wonderful new forms of bank fraud.

224. For a far more detailed discussion of the possible participants and their requirements, see generally Mihir Bellare et al., ikp--A Family of Secure Electronic Payment Protocols (July 12, 1995), available online URL http://www.zurich.ibm.ch/Technology/Security/publications/1995/ikp.ps [hereinafter IBM Research].

225. "Mallet" is the name cryptographers give to a malicious active attacker. See, e.g., Schneier, supra note 74, at 31.

226. See IBM Research, supra note 224, at 4. Unlike the case where Alice offers paper money, Alice's proffer of digital cash does not provide the necessary assurances, because Bob needs to confirm that the digital cash has not been spent previously.

227. See IBM Research, supra note 224, at 4-6.

228. If the parties have no prior contact, then the digital signatures need to be backed by some evidence of authenticity. This can be provided by either a "web of trust" model, in which the party proffering a signature produces attestations of identity or reliability signed by one or more persons known to the other party or, failing any common acquaintances, by some chain of authenticators culminating in a person known to the other party. Alternately, the digital signature can be backed by a "certificate" by some trusted third party, e.g., the Post Office, attesting to identity. See Office of Technology Assessment, Congress of the United States, Information Security and Privacy in Network Environments 55-56 (1994) (OTA-TCT-606) [hereinafter OTA Information Security] (describing Post Office's proposed certification service); Michael Baum, National Institute of Standards and Technology, Federal Certification Authority Liability and Policy: Law and Policy of Certificate-Based Public Key and Digital Signatures (1994) (surveying legal and policy issues involved in setting up and running a certification authority); A. Michael Froomkin, The Essential Role of Trusted Third Parties in Electronic Commerce, 75 Or. L. Rev. 49 (1996).

229. For a taxonomy of smart card types, see David Chaum, Prepaid Smart Card Techniques: A Brief Introduction and Comparison, available online URL http://ganges.cs.tcd.ie:80/mepeirce/Project/Chaum/cardcom.html.

230. Note, however, that parties wishing to exchange digital coins without clearing them through the bank must have much greater trust in each other than would otherwise be required. Id. In contrast, electronic wallet systems, such as Mondex, which do not store "coins" but instead have a meter that records the value held, lend themselves easily to third-party transferability. See infra text accompanying note 256.

231. This, in essence, is the strategy behind CyberCash's Money Payments Service (TM), see Moneypayments, available online URL http://www.cybercash.com/technical/moneympayments.html, and also the "Checkfree Wallet," see http://www.checkfree.com, available online URL http://www.mc2-csr.com/vmall/checkfree/v20/faq.html. Members of the Money Payments program include Wells Fargo Bank, American Express and Mellon Bank. Id. A similar strategy, involving the use of a prepaid VISA ATM/debit card (and a five percent commission charge!) is employed by the (unchartered) "First Bank of Internet." See Announcement, available online URL http://ganges.cs.tcd.ie/mepeirce/Project/Press/foi.html.

232. See, e.g., Stefan A. Brands, Centrum voor Wiskunde en Informatic (CWI), Off-line Electronic Cash Based on Secret-Key Certificates 1-2 (1995) (Report CS-R9506) [hereinafter Brands 1995], available online URL http://www.cwi.nl/ftp/brands/CS-R9506.ps.Z.

233. As discussed in more detail below, see infra, it may be easier for regulators to control the transaction data in the bank's possession than the information kept by Alice and Bob.

234. A simple example of this procedure in action is the Netcash "coupon." See What is Virtual Cash?, available online URL http://www.teleport.com/~netcash/nvasch.html, NetCash Quick Start Guide, available online URL http://www.teleport.com/~netcash/ncquick.html.

235. See David Chaum, Achieving Electronic Privacy, Sci. Am., Aug. 1992, at 96, 96-97 (discussing electronic cash), available online URL http://ganges.cs.tcd.ie/mepeirce/Project/[ju] Chaum/sciam.html.

236. As a general matter, it is possible to convert coin-based off-line electronic payment systems to allow transferability, but this has practical disadvantages that make that development unlikely. See Sefan Brands, An Efficient Off-Line Electronic Cash System Based on the Representation Problem 7-8, 52 (1993), available online ftp://ftp.cwi.nl:/pub/CWIreports/AA/CS-R9323.ps.Z [hereinafter Brands 1993]; David Chaum & Torben Pryds Pedersen, Transferred Cash Grows In Size, Advances in Cryptology: Eurocrypt '92 390 (proving that it is impossible to construct a transferrable digital coin system "without property that money grows when transferred").

237. Note that if the transaction is not consummated on-line, e.g., in a catalog sales model, Bob can assess the validity of Alice's payment at his leisure.

238. See supra text accompanying note 232.

239. Chaum, supra note 235.

240. Suppose that before the introduction of digital cash, the money supply can be represented by,

M = ((1+c)H)/(e+c), where

H = high-powered money, i.e., the quantity of money held by banks as reserves;

e = the fraction of deposits that banks hold as reserves; and

c = the fraction of deposits held as pocket cash.

If the introduction of digital cash results in a substitution of digital cash for pocket cash, c will decrease. So long as e < 1, i.e., so long as banks hold less than all their deposits as reserves, any decrease in c increases the money supply. See Robert J. Gordon, Macroeconomics 451, 452 n.4 (1978).

A central bank such as the Federal Reserve Board can offset this effect, however, by increasing the reserve requirement (forcing banks to increase e) for banks that issue electronic cash.

241. According to the pre-Keynsian quantity theory of money, MV=PQ, where

M = money supply

V = velocity of money, i.e., the average number of times per year that the money stock is used in making payments for final goods and services.

P = price level

Q = real output.

242. For a description of the blinding protocol, see Bruce Schneier, Applied Cryptography 112-15 (2d ed. 1996).

243. See Chaum, supra note 235; Hal Finney, Detecting Double-spending (long), available online URL http://ganges.cs.tcd.ie/mepeirce/Project/Double/dsarticles.html.

244. The odds of two customers choosing the same serial number are remote if the bank requires that customers choose sufficiently large (e.g., 100 digit) random numbers. When it does happen, it should produce an interesting lawsuit.

245. See DigiCash, Ecash and Crime, available online URL http://www.digicash.com/ecash/aboutcrime.html.

246. Markus Jakobsson & Moti Yung, Revokable and Versatile Electronic Money, available online URL http://www-cse.ucsd.edu/users/markus/revoke.ps.

247. Id.

248. Cf. Froomkin, supra note 6 (discussing Clipper chip).

249. See Ernie Brickell et al., Trustee-based Tracing Extension to Anonymous Cash and the Making of Anonymous Change (Sandia National Labs print, on file with author, copies available by e-mail from psgemme@cs.sandia.gov).

250. "The blinding operation is a special kind of encryption that can only be removed by the party who placed it there. It commutes with the public key digital signature process, and can thus be removed without disturbing the signature." DigiCash, An Introduction To Ecash, available online URL http://www.digicash.com/publish/ecashFintro/ecashFintro.html#flow; see also Brands 1993, supra note 236, at 4; Chaum, supra note 235; David Chaum, Security without Identification: Card Computers to Make Big Brother Obsolete, available online URL http://www.digicash.com/publish/bigro.html.

251. Chaum, supra note 235; David Chaum et al., Untraceable Electronic Cash, in Advances in Cryptology--Proceedings of CRYPTO 88 at 319 (1990).

252. See Mark Twain Bank, First Bank to Launch Electronic Cash, available online URL http://www.marktwain.com/press1.html. Bank customers download software to hold their coins on their PC. Id.

253. Digicash and Mark Twain Bank have promised to make a technical description of the system public. Full details should be available online URL http://www.digicash.com/ecash/protocol.html by the time this article is published.

254. Mark Twain Bank, supra note 252.

255. See supra text following note 236. There is no danger that Alice will just make up a data stream and claim it is a coin, since Bob can check the bank's digital signature.

256. Chaum and his colleagues have developed a challenge-response protocol in which the bank asks the person redeeming a coin a mathematical "question" that reveals no identifying data if a coin is being spent for the first time. See Chaum, supra note 235; see also Chaum et al., supra note 251; Ecash Homepage available online URL http://www.digicash.com/ecash/ecash-home.html.

Brands has developed a complicated "cut and choose" protocol that protects Alice's identity if Alice spends the coin once, but creates a very significant probability that multiple spending will reveal her identity if the parties who have been given the same coin can compare notes. This protocol is better suited to off-line clearing systems than the basic DigiCash model, but it still requires that the victims of multiple spending be able to communicate with each other or the bank reasonably frequently. See Brands 1993, supra note 236, at 4-5. If the coin is spent a second time, however, a second reply to the question elicits an answer that, when combined with the answer given on first spending, reveals sufficient data for the bank to identify the party to whom it originally gave the coin. See Chaum, supra note 235. Hal Finney's excellent, brief, but somewhat mathematical explanation of Stefan Brands' optimizations to this procedure can be found available online URL http://ganges.c.tcd.ie/mepeirce/Project/Mlists/brans4.html.

Information about the payee can also be encoded on a coin when it is spent, although this is not a necessary part of the protocol.

257. Brands 1993, supra note 236, at 4-5.

258. See, e.g., Shamir et al., supra note 220 (describing payword and micromint, two new efficient off-line clearing systems).

259. Brands 1993, supra note 236, at 5-7. One way to look at this is that the electronic wallet model places the blinded coin in a digital purse. Cf. Brands 1993, supra note 236, at 2; infra text accompanying note 264 (describing digital purse).

260. Brands 1993, supra note 236, at § 2.2.

261. See Jean-Paul Boly et al., The ESPRIT Project CAFE--High Security Digital Payment Systems (1994), available online URL http://www.informatik.uni-hildesheim.de/FB4/Projekte/sirene/publ/BBCM1F94CafeEsor ics.ps; see also CAFE--Conditional Access For Europe, available online URL http://www.informatik.uni-hildesheim.de/FB4/Projekte/sirene/projects/cafe/index.h tml; The CAFE Project, available online URL http://www.cwi.nl/cwi/projects/cafe.html; Digicash, DigiCash products-- the CAFE project, available online URL http://www.digicash.com/products/projects/cafe.html.

262. See Brands 1995, supra note 232, at 8.

263. Brands 1993, supra note 236, at 50-52. The danger of "linking by complementary amounts" is reduced if a customer groups refund requests together. Id. at 52.

264. See Mondex, If My Card is Lost or Stolen, Do I Lose the Money on It?, available online URL http://www.mondex.com/mondex/lost.htm. If the smart card has some form of password protection, then a stolen card is of little value to a thief, id. unless the thief can somehow guess or extort the passphrase.

265. On the English field test, see, e.g., Leslie Helm, Cashless Society Gets Closer With Plans For Electronic Currency, L.A. Times, Sept. 6, 1995, at D4, and Revenue to accept Mondex: Tax payments, Fin. Times, July 8, 1995, at 4 (noting that British tax authorities plan to accept payment via Mondex). On a far more modest U.S. trial, see Jeffrey Kutler & Valerie Block, Mondex Gains U.S. Foothold With Smart Card Test at Wells, Am. Banker, Aug. 3, 1995, at Credit/Debit/ATMs 1 (describing issuance of 90 cards to Wells Fargo Bank employees).

Although the Mondex system appears to be the closest to market in the English-speaking world, "Portuguese banks launched a national electronic purse in February, and more than 500,000 cards are expected to be issued this year." Richard Wolffe, Banks Unzip The First £20m 'Electronic Purse', Fin. Times, July 3, 1995, at 5.

266. Mondex, How Secure is Mondex?, available online URL http://ww.mondex.com/mondex/secure.htm.

267. Tim Jones, Mondex Chairman, Security and Security Policy in Internet Payment Systems, Remarks at Worldwide Electronic Conference, Bethesda, MD (Nov. 19, 1995) [hereinafter Jones Remarks].

268. Mondex, What About Privacy?, available online URL http://www.mondex.com/cmondex/anon.htm.

269. See Stefan Brands, Centrum voor Wiskunde en Informatica (CWI), Off-line Cash Transfer by Smart Cards 2 (1994) (CS-R9455), available online URL http://www.cwi.nl/ftp/brands/CS-R94tt.ps.Z; Steven Levy, E-Money, Wired, Dec. 1994, at 174, 177 (quoting David Chaum).

270. Gavin Clarke & Madeleine Acey, Mondex Blows Users Anonymity, Network Wk., London, Oct. 25, 1995 at 1.

271. Id.

272. There have been suggestions that the system is programmed to copy this information, and the card's internal error log, every time a card is used to contact the bank. "Rev. Mark Grant," Mondex, 18 July 1995 (posting to cypherpunks@toad.com).

273. [cfi]Cf. European Commission, DGXV, Study on the legal and regulatory aspects of the issue and use of pre-paid cards (multi-sector electronic purses and wallets), available online URL http://www.cec.lu/en/comm/dg15/paystud.html (describing planned study).

274. The effect will be within the power of central banks to control so long as Mondex money is issued by banks whose reserve requirements can be increased. See supra note 240. If, however, Mondex money were to be issued by a poorly monitored non-bank financial institution or one not subject to reserve requirements, the effect on the money supply could become more pronounced.

275. Paul Rodgers, Banks in Cash Card Warning; Fears of Abuse by Forgers and Money Launderers, The Independent, July 9, 1995, at B1.

276. Interestingly, if the issuing bank treats the transaction as a purchase of digital cash, rather than a deposit, then there is no need for an abeyance account, or even deposit insurance. Aside from issues of risk management if there is a run on digital cash or a catastrophic failure of the card encryption scheme, it would seem the bank might be able to escape the effects of abandoned property laws that require untouched accounts to escheat to the state after a period of time. A lost Mondex card is thus pure profit to the bank. See Richard Field, Re: E-Cash: Mondex, e-mail to list e-cash@nptn.org, 18 Aug. 1995.

Nevertheless, whether the transaction in which a customer exchanges pocket cash for digital cash counts as a "deposit" to the bank or a "sale" of a product by the bank is of little macroeconomic relevance if the central bank is able to adjust reserve requirements to require banks to hold reserves for any digital cash they issue.

On the other hand, the Chairman of Mondex has suggested that the loss of seignorage alone will cause governments to nationalize his operations within 20 years. Jones Remarks, supra note 267.

277. Unless Alice is a business with a floating charge on her account, in which case she has in effect borrowed against it.

278. This is a short period. See generally 12 C.F.R. § 236 (1995).

279. Note that this is a wholly separate and potentially larger effect than the relatively trivial effect that electronic cash which is cleared might have on the velocity of money.

280. Mondex has signed agreements with banks in Hong Kong, Canada and the United States. None of these jurisdictions is notorious for its relaxed banking regulation, but Hong Kong will become part of the Peoples Republic of China in 1997.

281. Indeed, the technology now exists to track the movement of unmarked bills through the banking system simply by recording their serial numbers. E-Mail from John Gilmore to Michael Froomkin (19 Sept. 1995) (on file with author).

282. See supra note 220.

283. Finney, supra note 243.

284. See supra text accompanying note 252 (discussing Mark Twain Bank).

285. 28 U.S.C. § 6050(i) (1995) requires any person who receives more than $10,000 in cash in the course of a trade or business to file a Form 8300 declaration stating the cash payor's name and other identifying information. This requirement applies to all transactions, even payments to lawyers, and has survived constitutional challenges that it pierces the client's Sixth Amendment right to consult a lawyer anonymously and the client's Fifth Amendment right to consult counsel without self-incrimination. See, e.g., United States v. Goldberger & Dubin, 935 F.2d 501 (2d Cir. 1991). But see United States v. Gerner, 5 F.3d 963 (1st Cir. 1995) (denying summary enforcement of summons against law firm on grounds that District Court finding that tax proceeding was pretext for anticipated investigation of client was not clearly erroneous). Federal law requires a U.S. bank involved in a cash transaction exceeding $10,000 to file a report with the Secretary of the Treasury. See 31 U.S.C. § 5313(a) (1995), 31 C.F.R. § 103.22(a) (1995). Federal law also makes it illegal to break up a single transaction above the reporting threshold into two or more separate transactions for the purpose of evading the reporting requirement. 31 U.S.C. § 5324(3) (1995). But see Ratzlaf v. United States, 114 S. Ct. 655 (1994) (reading strict scienter requirement into statute).

286. In earlier drafts I suggested that, regardless of the regulatory environment, even a bank willing to issue anonymous digital cash would be highly unlikely to allow anonymous accounts unless its clearing system was on-line. On-line clearing would allow the bank to prevent double-spending; off-line clearing, I suggested, would leave the bank vulnerable to an infinite amount of respending of the same coin since the anonymous account holder would know that the bank did not know her identity and would know that coins would only be cleared after a transaction was over.

As this article was in proofs, I received e-mail from Stefan Brands, one of the leading developers of digital cash protocols, in which he described an unpublished system he has invented that protects a bank wishing to engage in off-line clearing of anonymous digital cash issued to anonymous bank accounts. Under this protocol, the bank faces no more risk of multiple spending than if it issued "blinded" digital cash to an ordinary account with an identified account holder.

Brands's protocol works as follows:

1. Alice contacts the Bank. She identifies herself to the Bank's satisfaction and provides the Bank with a unique public key that she will use to identify herself in future communications.

2. The Bank issues Alice with a signed blinded credential (for a description of the "blinding" protocol, see supra Y III.B.3) that I will call a "ticket". The ticket has information about Alice's real identity, but the Bank cannot access that information in a computationally feasible manner unless the ticket is used to open more than one account or a coin backed by that ticket is double-spent.

3. Alice waits while the Bank issues similarly blinded tickets to other people. When there are enough other tickets in circulation, e.g. issued but not used, so as to fog her identity, Alice contacts the Bank anonymously and presents her ticket. The Bank opens an anonymous account, keeping the ticket on file instead of the normal customer information. (Alice could, of course, give the ticket to anyone else, and the Bank would be none the wiser, but since the Bank will be able to seek redress from her if coins issued to the account are double-spent she has a strong incentive not to do this.)

4. Alice purchases coins anonymously using funds in her anonymous account. Each coin issued to her encodes sufficient information about Alice's ticket that if the coin is double-spent it not only reveals the ticket, but also allows the Bank to decrypt the ticket and learn Alice's identity. Nevertheless, no matter how many coins Alice single-spends, the Bank cannot in a computationally feasible manner get this information. Furthermore, there is nothing that the first recipient of a coin, or the bank holding a coin, can do to make it appear a coin was double-spent. See E-mail from Stefan Brands to Michael Froomkin, 15 May 1996 (on file with author); E-mail from Stefan Brands to Michael Froomkin, 20 May 1996 (on file with author).

Anonymous digital cash that can be purchased from anonymous accounts and cleared off-line has many interesting possible applications. These coins could, for example, serve as anonymous digital postage stamps. The stamps could be used to compensate remailer operators for remailing anonymous communications. Without some means of compensation, few people are likely to be willing to operate remailers if there is any risk of liability for carrying anonymous messages. See supra text accompanying notes 88-94.

287. Jones Remarks, supra note 267. In a man in the middle attack, Mallet inserts himself into the communications channel between Alice and Bob. He relays all of Alice's messages to Bob and vice versa until Alice sends Bob the Mondex money; Mallet sends Bob random and worthless data and walks off with the cash.

288. See supra text at notes 240-41.

289. Although the implications of anonymous transactions for taxes, product liability, and copyright, remain to be worked out, it seems to me likely that the effects will be unevenly distributed. I do not believe that the tax system will be deeply affected, since most production and even more consumption involves transactions that are easily monitored for tax compliance. Furthermore, any transaction that encounters the banking system--for example, deposits placed on short-term interest--will be easily traceable for tax purposes so long as the bank is located in a jurisdiction that enlists banks as enforcers of its, or its treaty-partners', tax rules. My income, for example, comes from a salary paid by an institution that has no incentive to make it easy for me to engage in tax avoidance. My house is plainly visible from the street, and as easily taxed as it can be linked to me. Most of what I buy is tangible--things like groceries, diapers and shoes--and can easily be taxed under a VAT system if our current tax system should show signs of collapse. Though some knowledge workers may be able to demand that payment be routed to accounts held at untaxed off-shore addresses, thus causing an effect at the margin, these schemes seem likely to remain relatively small in comparison to traditional, more easily taxable, forms of labor and compensation for the foreseeable future.

290. Jones Remarks, supra note 267.

291. See generally Froomkin, supra note 228.

292. For one slightly over-enthusiastic suggestion that digital cash will not only internationalize money but that private currencies will crowd out national currencies, see Giles Keating, Electronic Money Is In Race With Emu, Fin. Times, Nov. 2, 1995, at 15.

293. Indeed, there are currently markets in CyberBucks, the currency issued by CyberCash for its test of its software. See Ecash Market, available online URL http://www.c2.org/~mark/ecash/ecash.html; see also Electronic Cash Marketing Mailing List, available online URL http://www.ai.mit.edu/people/lethin/ecm.html. On November 24, 1995, one shop offered to pay $5 for 100 cyberbucks and offered to pay 100 cyberbucks for $8. FireCloud Solutions EShop, available online URL http://www.firecloud.com/eshop/eshop.htm (accessed on Nov. 24, 1995, printout on file with author).

294. See generally Bray Hammond, Banks and Politics in America (1957); Glyn Davies, A History of Money 460-61, 465-66, 471-85 (1994). For an extremely interesting discussion of the market mechanics of private notes, see David G. Ordel, Private Interbank Discipline, 16 Harv. J. L. & Pub. Pol'y 327 (1993); see also Martin S. Eichenbaum & Neil Wallace, A Shred of Evidence on Public Acceptance of Privately Issued Currency, Federal Res. Bank of Minn. Qtrly. Rev. [unpag] (Winter 1995) (suggesting that Canadian experience with coupons suggests that private currency may be more acceptable to public then widely believed by economists and lawyers).

295. See Money Laundering, supra note 202.

296. As a result, money launderers use false invoicing, overpricing goods to camouflage the cash flows being laundered. See Money Laundering, supra note 202, at 9-10.

297. See supra text accompanying note 272 (allegations that Mondex scheme contains this feature).

298. Benjamin Wittes, Government Seeks a Way to Keep Tabs on Computer Cash, The Recorder, Feb. 2, 1995, at 1 (quoting cryptologist Dorothy Denning's suggestion that anonymous cash would be a boon to crime); see also Scott Charney, Chief of the Computer Crime Unit, Criminal Division, U.S. Dept. of Justice, Computer Crime 9 (Nov. 28, 1994) (unpublished manuscript) (stating "one particular group--criminals--often seek[s] anonymity as well").

299. "Military-grade cryptography plus anonymous re-mailers plus fully anonymous digital cash plus bad guys equals perfect crime," Wittes, supra note 298, at 1 (quoting American Banking Association official).

In a perfect crime, Alice commits an act of extortion (e.g., blackmail or kidnapping). Instead of demanding small unmarked bills, Alice demands that Bob force a bank to issue blinded digital cash based on numbers contained in Alice's ransom note, and publish the result. Because the payoff occurs via publication in a broadcast medium such as a newspaper, Alice faces no danger of being captured while attempting to pick up the ransom. If Alice used the right blinding protocol only she can unblind and spend the coins. (Or for extra security, Alice can demand that the blinded coins be encrypted with a public key generated for the occasion.) And because the blinded digital cash is anonymous and untraceable, Alice is able to spend it without fear of marked bills, recorded serial numbers, or other forms of detection. See Schneier, supra note 25, at 145; Sebastiaan von Solms & David Naccache, On Blind Signatures and Perfect Crimes, 11 Computers & Security 581, 582-83 (1992) (describing the mathematical steps that must be followed in order to effectuate a "perfect crime").

300. Fortunately for Alice, but unfortunately for her target, crypto-anarchist philosopher Tim May has thoughtfully described a protocol for a system involving a mutually trusted (and also anonymous) third party who makes a business of selling escrow services and thus needs to maintain a good reputation, who facilitates such transactions by holding on to the money until the hit is verified. See Timothy C. May, The Cyphernomicon Y§ 2.9, 2.13.9, 8.5, 16.16. (Sept. 10, 1994), available online URL ftp://ftp.netcom.com/pub/tc/tcmay/cyphernomicon (May's original version); available online URL http://www.apocalypse.org/pub/nelson/bin.cgi/cypernomicon (hypertext version by 3rd party).

301. Governments also have it in their power, at least for the foreseeable future, to limit the use of small-denomination anonymous digital cash, or the use of any blinded digital coins.

302. One can imagine exceptions to the generalization in the text, e.g., there may be a right to buy books anonymously, and there is clearly a right to purchase a membership in an organization or make contributions to it without having the government require that the transaction be disclosed.

303. See infra Part IV.C.3.

304. This often results in improved service: our local pizza delivery service recently installed caller ID, and linked it to a computerized data base. When I call up, I am greeted by name, and I no longer have to spell the easily misunderstood name of our street.

305. For a short history of the use and abuse of social security numbers, see William H. Minor, Identity Cards Databases in Health Care: the Need for Federal Privacy Protections, Colum. J.L. & Soc. Probs. 253, 261-68 (1995). Other countries are, or are considering, permitting or requiring citizens to carry electronic national ID cards. See, e.g., George Parker & Paul Taylor, IT Review Could Lead to Citizens' Transaction Card, Fin. Times, Nov. 9, 1995, p. 11 (describing British government study of multi-purpose "citizens' smart card" proposal).

306. See Oscar H. Gandy, Jr., The Panoptic Sort: A Political Economy of Personal Information (1993).

307. See generally Gandy, supra note 306; Gandy, supra note 210.

308. For an early prototype of such an intelligent agent, see Anderson Consulting, Bargain Finder Agent Prototype, available online URL http://bf.cstar.ac.com/bf/. Interestingly, several of the CD vendors being sampled by the agents adopted a strategy of "locking out" the agents to prevent their prices from being displayed in the prototype. Whether the non-cooperating stores' motive was to avoid excessive load on their Internet servers or to keep competitors from seeing their prices, or something else entirely, is unclear.

309. For an extreme example, see Moore v. Regents of Univ. of Calif., 793 P.2d 479 (Cal. 1990), cert. denied, 499 U.S. 936 (1991).

310. See Spiros Simitis, From the Market to the Polis: The EU Directive on the Protection of Personal Data, 80 Iowa L. Rev. 445, 446 (1995) (noting traditional view, now retreating in Europe, that "data . . . were perfectly normal goods and thus had to be treated in exactly the same way as all other products and services").

311. See Model Code of Professional Responsibility, Canon 4 (1995); Model Rules of Professional Conduct Rule 1.6 (1995).

312. Reidenberg, supra note 7, at 501.

313. David Lyon, The Electronic Eye 10 (1994).

314. Gandy, supra note 210, at 15-17, 20, 27-28.

315. I know this from personal experience, since I helped implement, albeit not design, such a campaign, using demographics, party registration, presumed national origin based on (Polish-sounding) last name, and party affiliation, in mail and telephone campaign aimed at voters in a 1984 (!) Congressional election. Responses to mail queries as to the household's views, and responses to similar telephone calls and visits by campaign workers, were used to decide which of over a dozen letters (each discussing a different issue) to send to the voter. If the survey found that the voter had no commonality of views with the candidate, but the demographics were favorable, the voter received a bland letter describing the candidate's personal biography and recent good works. The same survey data were used to prime the candidate when he made neighborhood tours. A campaign worker would tell the candidate which of the views expressed by or imputed to the household agreed with his positions, and he would emphasize those views when he spoke to the voters. The data were also used to generate lists of probably supportive voters, who were then contacted on the day of the election to remind them to vote. We offered to provide transportation to the polls if required. We won by less than one percent of the vote.

316. Lawrence O. Gostin, Health Information Privacy, 80 Cornell L. Rev. 451, 464 (1995); see also Spiros Simitis, Reviewing Privacy in an Information Society, 135 U. Pa. L. Rev. 707, 710-12 (1987) (discussing "the transparent patient"). Enactment of any comprehensive national healthcare program would accelerate the trend. See generally id.; Minor, supra note 305.

317. See Paul M. Schwartz, The Protection of Privacy in Health Care Reform, 48 Vand. L. Rev. 295, 300-06 (1995).

318. See Gostin, supra note 316, at 487-89.

319. Robert Gellman, Washington Perspectives On Genetics and Privacy, 3 Dick. J. Envtl. L. & Pol'y 71, 72 (1994).

320. See Gostin, supra note 316, at 488; Jonathan P. Graham, Note, Privacy, Computers, and the Commercial Dissemination of Personal Information, 65 Tex. L. Rev. 1395 (1987).

321. Outsiders in Health Care. A Cure for All Ills?, The Economist, Nov. 4, 1995, at 67.

322. Lois Rogers & David Leppard, For Sale: Your Secret Medical Records for £ 150, The Sunday Times (London), Nov. 26, 1995, at 1 (describing offer for sale of medical records of "politicians, celebrities and millions of other National Health Service patients").

323. See, e.g., Henry T. Greely, Health Insurance, Employment Discrimination, and the Genetics Revolution, in The Code of Codes: Scientific and Social Issues in the Human Genome Project 264 (Daniel J. Kevles & Leroy Hood eds., 1992).

324. Gellman, supra note 319, at 71.

325. Id.; Paul M. Schwartz, Privacy and Participation: Personal Information and Public Sector Regulation in the United States, 80 Iowa L. Rev. 553, 612 (1995) [hereinafter Privacy and Participation] (stating that "majority of states have traditionally released motor vehicle registration and driver license information"). In 1994, New York State made $8 million from the sale or rental of public records, primarily those furnished by drivers to the Department of Motor Vehicles. Big Bucks in DMV Data Sales, Privacy J., Sept. 1995, at 5. The data can be used for a variety of marketing with a little creativity,

Now, take a look at this information all over again and see how valuable it is. Suppose I have a catalog of big and tall clothing, who do I want to send it to? How am I going to find my market? Well, they're not going to send it to me. But I can go through the driver's license information and pick out people of a certain height and weight, and they're the ones I'm going to send my catalog to.

Suppose I am selling glasses or contact lenses. I can get a list of every potential customer in the state simply from the state government. Suppose I'm selling insurance policies aimed at people who just turned sixty-five. Well, if I want a list of people who turned sixty-five on April 15th, 1994, I can get that information from the state.

Gellman, supra note 319, at 71.

326. See Privacy and Participation, supra note 325, at 608. If you own a house, chances are the purchase price, addresses, and other information can be found on LEXIS, library ASSETS.

327. As states move to distributing benefits electronically, see, e.g., Texas Replaces Food Stamps With Food Cards, N.Y. Times, Nov. 27, 1995, at B5 (describing plan to distribute food stamps via electronic funds transfer at grocery check out), they will inevitably create new databases.

328. See generally Symposium: Privacy and ITS, 11 Santa Clara Computer & High Tech. L.J. 1 (1995).

329. Traffic flow can be managed by adjusting the times of traffic lights, or communicating to drivers the need to consider alternate routes. If the ITS includes a system by which the driver selects the destination but the ITS chooses the route, the system can route around bottlenecks without driver intervention.

330. See Margaret M. Russell, Privacy and IVHS: A Diversity of Viewpoints, 11 Santa Clara Computer & High Tech. L.J. 145, 163 (1995). The Government of Singapore requested bids on a road-pricing system that would communicate with cars and charge their smart cards as they passed various points on the road. Chaum, supra note 235, at 101.

331. Russell, supra note 330, at 164-65.

332. The famous "low speed chase" of OJ Simpson began when he was located by tracing the movement of his cellular telephone. Simpson, Under Suicide Watch, is Jailed After a Bizarre Chase, N.Y. Times, June 19, 1994, at 1.

333. See Timothy Egan, Police Surveillance of Streets Turns to Video Cameras and Listening Devices, N.Y. Times, Feb. 7, 1996, at A12.

334. American Express accumulated more than 500 billion bytes of data on how its customers used 35 million charge cards between 1991 and 1994. Laurie Hays, Using Computers to Divine Who Might Buy a Gas Grill, Wall St. J., Aug. 16, 1994, at B1. By 1993, the United States had more than 328 million general purpose (e.g., VISA, MasterCard, American Express, Discover, and Diners Club) credit cards in circulation. The cards were used for $223.92 billion worth of charges in the first six months of 1993. Matthews, supra note 215, at 233. Worldwide credit and debit card use continues to increase, although the number of card in use and the willingness of merchants to accept them varies greatly in different countries. See Paying With Plastic, The Economist, Nov. 4, 1995, at 115.

335. "Data mining is the process of discovering meaningful new correlations, patterns and trends by sifting through large amounts of data stored in repositories, using pattern recognition technologies as well as statistical and mathematical techniques." Commercial Parallel Processing Conference, The Computer Conference Analysis Newsletter, Oct. 11, 1995 available online LEXIS library Nexis, file Curnws (reporting on presentation of Erick Brethenoux, Gartner Group); see also Kevin Fogarty, Data Mining Can Help to Extract Jewels of Data, Network World, June 6, 1994, at 40 (describing the practice of 'data mining' by which corporations accumulate and manipulate enormous data bases). Cf. GTE, Knowledge Discovery Mine, available online URL http://info.gte.com/gtel/sponsored/kdd/Welcome.html (collecting links to various sources of information on data mining).

336. Commercial Parallel Processing Conference, supra note 335 (reporting on presentation of Douglas Newell, Tessera Enterprise Systems).

337. On the constitutional protection of the right to read anonymously see infra text accompanying note 397.

338. See Herbert N. Foerstel, Surveillance in the Stacks: The FBI's Library Awareness Program (1991); Ulrika E. Ault, Note, The FBI's Library Awareness Program: Is Big Brother Reading Over Your Shoulder?, 65 N.Y.U. L. Rev. 1532, 1532-39 (1990) (describing FBI library monitoring program); American Libraries, July/Aug. 1988, p. 562-63. When the program became public in 1987, and encountered heavy criticism, the FBI responded by running "index checks" on 266 critics to see if they were part of a Soviet campaign to discredit the library monitoring program. Gordon Conable, The FBI And You; Did The FBI Investigate You As Part Of Its Library Awareness Program? Here's How To Find Out, 3 Am. Libr. 245 (Mar. 1990), available online LEXIS library Nexis, file Arcnws.

339. The importance of this may decrease as services aimed at the home user increasingly move to dynamic IP numbers, in which IP numbers are temporarily assigned to users while logged in and then returned to a pool of available numbers.

340. I have received such advertisements.

341. See Greely, supra note 323.

342. Colin Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States 18 (1992); see also Lyon, supra note 313, at 84.

343. See David J. Curry, The New Marketing Research Systems 7-12 (1993).

344. See Inquiry on Privacy Issues Relating to Private Sector Use of Telecommunications-Related Personal Information, 59 Fed. Reg. 6842, 6842 (1994) [hereinafter Inquiry on Privacy Issues] ("As the [National Information Infrastructure] develops, Americans will be able to access numerous commercial, scientific, and business data bases . . . [and] engage in retail, banking and other commercial transactions . . . all from the comfort of their homes."); see also Microsoft and Visa to Provide Secure Transaction Technology for Electronic Commerce, PR Newswire, Nov. 8, 1994, available in WESTLAW, PRNews-C database (announcing plans to provide secure electronic bankcard transactions across global public networks using RSA encryption).

345. Inquiry on Privacy Issues, supra note 344; cf. Jeffrey Rothfeder, Privacy for Sale: How Computerization Has Made Everyone's Private Life an Open Secret 28 (1992); David Burnham, The Rise of the Computer State 20, 23-25 (1983).

346. "90% of large companies are building, or planning to build, a data warehouse." Commercial Parallel Processing Conference, supra note 328 (reporting on presentation of Scott F. Miller, VP High Performance Computing); cf. Cheryl D. Krivda, Data-Mining Dynamite, Byte, Oct. 1995, at 97 (describing creation of data warehouses).

347. See, e.g., Pilot Software Launches Major New Data Mining Initiative, Bus. Wire, Nov. 8, 1995, available online LEXIS library News file curnws (describing ambitious plan to design techniques to "discover and explore relevant hidden and predicative information housed in massive data warehouses").

348. See G. Bruce Knecht, Is Big Brother Watching Your Dinner and Other Worries of Privacy Watchers, Wall St. J., Nov. 9, 1995, at B1 (quoting warning by Rep. Jim Moran of Virginia).

349. Robert GarcXia, "Garbage In, Gospel Out": Criminal Discovery, Computer Reliability, and the Constitution, 38 UCLA L. Rev. 1043, 1065 (1991).

350. For an alarming account of FinCEN, see Steven A. Bercu, Toward Universal Surveillance in an Information Age Economy: Can We Handle Treasury's New Police Technology?, 34 Jurimetrics J. 383, 429 (1994).

351. Office of Technology Assessment, U.S. Congress, Making Government Work: Electronic Delivery of Federal Services 144 (OTA-TCT-578 1993).

352. Lyon, supra note 313, at 12; Simitis, supra note 316, at 707.

353. On public disclosure, see the magisterial discussion in Kreimer, supra note 84. For an interesting and skeptical account of the issues in private disclosure, see Lillian R. Bevier, Information About Individuals in the Hands of Government: Some Reflections on Mechanisms for Privacy Protection, 4 Wm. & Mary Bill Rts. J. 455 (1995).

354. See Paul Schwartz, Data Processing and Government Administration: The Failure of the American Legal Response to the Computer, 43 Hastings L.J. 1321, 1324 (1992) (stating that from an international perspective, the American legislative response to computer processing of personal data is incomplete); for a careful description and critique of European and Canadian data protection laws, see David H. Flaherty, Protecting Privacy in Surveillance Societies (1989).

355. See Privacy Act of 1974, 5 U.S.C. § 552a (1995).

356. Fair Credit Reporting Act, 15 U.S.C. § 1681 (1995).

357. See generally Priscilla M. Regan, Legislating Privacy (1995); Bennett, supra note 342.

358. Lyon, supra note 313, at 15.

359. Pub. L. No. 99-508, 100 Stat. 1860 (codified at 18 U.S.C. § 2710 (1988)).

360. Michael deCourcy Hinds, Personal But Not Confidential: A New Debate Over Privacy, N.Y. Times, Feb. 27, 1988, at 56.

361. See Flaherty, supra note 354, at 406-07 (concluding extensive comparative study with warning that while it is possible to have effective data protection commissions, it is also possible they will be viewed as "a rather quaint, failed effort").

362. Conversation with Peter Swire, Associate Professor of Law, University of Virginia, Jan. 4, 1996.

363. See Paul M. Schwartz, European Data Protection Law and the Restrictions on International Data Flows, 80 Iowa L. Rev. 471, 472 (1995) (noting that even Europe-wide controls on data flows are insufficient to protect privacy in an era of internationalized communications) [hereinafter European Data Protection Law]; Privacy and Participation, supra note 325, at 553 (same).

364. Common Position (EC) No/95 With a View to Adopting Directive 94/ /EC of the European Parliament and of the Council on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of Such Data, 1995, O.J. (C 93, Apr. 13, 1995), reprinted in Appendix, 80 Iowa L. Rev. 697 (1995). For a discussion of what constitutes an adequate level, see European Data Protection Law, supra note 363, at 480-88.

365. For a discussion of European efforts to prevent personal data from leaving Europe without guarantees that it will not be improperly distributed, see European Data Protection Law, supra note 363.

366. See, e.g., Simitis, supra note 316, at 734 (discussing West German Federal Constitutional Court's protection of "informational self-determination").

367. Cf. Associated Press, "Junk Mail" Suit Seen as Threat to Direct Marketers, Mar. 11, 1996, available online LEXIS, News Library, Curnws file (describing efforts by Ram Aurahami to sue U.S. News & World Report for selling his name to direct marketers without his permission).

368. See, e.g., Lyon, supra note 313, at 49 (describing lengthy delays introduced into purchase of washing machine by his refusal to supply personal data).

369. Others have reached similar conclusions in other contexts. For example, "[a]nonymity is the only sure defense" for those exercising upopular constitutional rights that might expose them to violence, Kreimer, supra note 84, at 40.

370. Whalen v. Roe, 429 U.S. 589 (1977).

371. See supra Part II.

372. The privacy provisions of the state constitution of California have been held to apply to private actors. See Hill v. National Collegiate Athletic Ass'n, 865 P.2d 633 (Cal. 1994).

373. See Tribe, supra note 132, § 15-1; Ken Gormley, One Hundred Years of Privacy, 1992 Wis. L. Rev. 1335, 1340.

374. 429 U.S. 589 (1977). For a scholarly analysis of the right to privacy outside the Fourth Amendment context, see Kreimer, supra note 84.

375. Olmstead v. United States, 277 U.S. 438, 478 (1928) (Brandeis, J., dissenting); see also Stanley v. Georgia, 394 U.S. 557, 564 (1969) (finding a constitutional right to 'receive information and ideas, regardless of their social worth').

376. Whalen v. Roe, 429 U.S. 589, 598-99 (1977) (acknowledging the existence of the right, but finding that it could be overcome by a narrowly-tailored program designed to serve the state's "vital interest in controlling the distribution of dangerous [prescription] drugs"); see Gary R. Clouse, Note, The Constitutional Right to Withhold Private Information, 77 Nw. U. L. Rev. 536, 547-57 (1982) (collecting and dissecting inconsistent circuit court cases dealing with the right to withhold private information). The right to be left alone, however, is insufficiently compelling to prevent a large number of physical intrusions to bodily integrity when the police seek forensic evidence relating to a criminal investigation. See Tribe, supra note 132, at 1331 nn.4-11 (collecting cases).

377. See Whalen, 429 U.S. at 593, 603-04.

378. Id. at 598.

379. See id. at 601-04.

380. Id. at 605.

381. See, e.g., Francis S. Chlapowski, Note, The Constitutional Protection of Informational Privacy, 71 B.U. L. Rev. 133, 155 (1991) (concluding that because most theories of personhood assume personal information is a crucial part of a person's identity, there must be a recognized "right to informational privacy based on personhood" and that information is property protected by the Fifth Amendment); Clouse, supra note 376, at 541-47 (tracing the development of the right to informational privacy, and noting the Supreme Court's use of a balancing test to determine whether an individual's constitutional rights have been infringed by a government-mandated disclosure of information).

382. In Nixon v. Administrator of Gen. Servs., 433 U.S. 425, 457 (1977), in which the Court rejected Nixon's claim that allowing government archivists to review and classify his presidential papers and effects violated his "fundamental rights . . . of privacy," the Court quoted from Whalen and applied Whalen's balancing test. Nixon's privacy interest was found insufficiently strong to outweigh the public interest in preserving his papers. Id. at 465. The issue has also been canvassed in several lower court cases. Long, supra note 25, at 1192 n.81 (collecting cases).

Perhaps of greater significance are the decisions in Cox Broadcasting Corp. v. Cohn, 420 U.S. 469 (1975), and Florida Star v. B.J.F., 491 U.S. 524 (1989), in which the Court struck down state law privacy claims arising from the accurate publication of arguably private facts that had become matters of public record. The Court did suggest that there "there is a zone of privacy surrounding every individual," 420 U.S. at 487, but it did not say what it was.

The closest thing to an expansion of Whalen is the unanimous decision in United States Dept. of Justice v. Reporters Comm. for Freedom of the Press, 489 U.S. 749 (1989). There the Supreme Court held that there was a heightened privacy interest in an FBI compilation of otherwise public information sufficient to overcome a FOIA application. Even if the data contained in a "rap sheet" were all available in public records located in scattered courthouses, the compilation itself, the "computerized summary located in a single clearinghouse" was not. 489 U.S. at 764.

383. See supra text at notes 302-03.

384. See, e.g., Fabulous Assoc. v. Pa. Public Util. Comm'n, 896 F.2d at 780, 786 (3d Cir. 1990) (noting testimony before FCC that telephone sex lines suffer enormous loss in calling volume if customers are required to identify themselves); Frederick Schauer, Fear, Risk and the First Amendment: Unravelling the "Chilling Effect," 58 B.U. L. Rev. 685, 693 (1978).

385. See supra Y III.B.5.

386. See supra Y III.B.3.

387. In an off-line clearing system, an attempt to spend a coin for a second time should disclose the identity of the double-spender. See supra Y III.B.3. This attempt at fraud waives any claim t o privacy.

388. See supra Y III.B.

389. Indeed to the extent that the speech was political speech, it would be directly covered by the First Amendment precedents discussed supra Y II.B.1.

390. See Simon & Schuster, Inc. v. Members of N.Y. State Crime Victims Bd., 502 U.S. 105 (1991); Arkansas Writers' Project, Inc. v. Ragland, 481 U.S. 221, 227-31 (1987); Minneapolis Star & Tribune Co. v. Minnesota Comm'r of Revenue, 460 U.S. 575 (1983).

391. United States v. National Employees Treasury Union, 115 S. Ct. 1003, 1014 (1995); see also Simon & Schuster, Inc. v. Members of N.Y. State Crime Victims Bd., 502 U.S. 105, 115 (1991) (stating that the imposition of financial burdens may have a direct effect on incentives to speak); Minneapolis Star & Tribune Co. v. Minnesota Comm'r of Revenue, 460 U.S. 575, 585 (1983) (observing that the threat of burdensome taxes "can operate as effectively as a censor to check critical comment").

392. Fox, 492 U.S. at 482; see also New York Times Co. v. Sullivan, 376 U.S. 254 (1964); Buckley v. Valeo, 424 U.S. 1 (1976) (per curiam).

393. Kreimer, supra note 84, at 49.

394. For example, people who were identified as recipients of unpopular information could be subject to various forms of social control, e.g., private blacklisting. See Kreimer, supra note 84, at 42-50.

395. The place of least-restrictive-means analysis as opposed to mere narrow tailoring in the analysis of content-neutral regulations of speech is a topic far beyond the scope of this article. Ordinarily used in evaluating the constitutionality of time-place-manner restrictions, least-restrictive-means analysis has achieved at least a toehold in content-neutral analysis also. See City of Ladue v. Gilleo, 114 S. Ct. 2038, 2044 n.11, 2045-47 (1994) (assuming that challenged regulation is content-neutral and then conducting alternative-channels-of-communication analysis); see also Geoffrey Stone, Content-Neutral Restrictions, 54 U. Chi. L. Rev. 46, 57-58 (1987); cf. Madsen v. Women's Health Ctr., 114 S. Ct. 2516 (1994) (using time-place-manner analysis to determine whether injunction should be issued that imposed content-neutral burden on speech); City of Los Angeles v. Taxpayers For Vincent, 459 U.S. 1199 (1983) (not requiring least restrictive means); Ward v. Rock Against Racism, 491 U.S. 781 (1989) (same).

396. See supra Y II.B.I.

397. See United States v. National Employees Treasury Union, 115 S. Ct. 1003, 1014-15 (1995) (declaring statute violates First Amendment in part because it "imposes a significant burden on the public's right to read"); Board of Educ. v. Pico, 457 U.S. 853, 867 (1981) ("[T]he right to receive ideas is a necessary predicate to the recipient's meaningful exercise of his own rights of speech, press and political freedom."); Virginia State Bd. of Pharmacy v. Virginia Citizens Consumer Council, Inc., 425 U.S. 748, 756-57 (1976); Procunier v. Martinez, 416 U.S. 396, 408 (1974) (holding that First Amendment right of recipient of prisoner's letter is violated by prison censorship policy, although disclaiming reliance on a "right to read"); Red Lion Broadcasting v. FCC, 395 U.S., 367, 390 (1969) (noting "right of the public to receive suitable access to social, political, esthetic, moral, and other ideas and experiences"); Stanley v. Georgia, 394 U.S. 557, 564 (1969) ("[i]t is now well established that the Constitution protects the right to receive information and ideas"); Griswold v. Connecticut, 381 U.S. 479, 482 (1965) (holding that "the right to receive, the right to read" are protected by the First Amendment); Martin v. City of Struthers, 319 U.S. 141, 143 (1943) (First Amendment 'necessarily protects the right to receive' information"); see also Ginsberg v. New York, 390 U.S. 629, 649 (1968) (Stewart, J., concurring) ("[t]he Constitution protects more than just a man's freedom to say or write or publish what he wants. It secures as well the liberty of each man to decide for himself what he will read and to what he will listen."); Lamont v. Postmaster Gen., 381 U.S. 301, 307-08 (1965) (Brennan, J., concurring).

398. United States v. National Employees Treasury Union, 115 S. Ct. 1003, 1014-15 (1995).

399. "The First Amendment serves not only the needs of the polity but also those of the human spirit--a spirit that demands self-expression. Such expression is an integral part of the development of ideas and a sense of identity. To suppress expression is to reject the basic human desire for recognition and affront the individual's worth and dignity." Procunier v. Martinez, 416 U.S. 396, 427 (1974) (Marshall, J., concurring).

400. In CBS v. Democratic National Committee, 412 U.S. 94 (1973), the Supreme Court upheld an FCC refusal to require broadcasters to sell time to anti-war organizations on the grounds that there was no constitutional right to access to broadcast media. Rejecting the vision of listener rights to receive specific information, the Court instead held that broadcasters had a right to determine what ideas are broadcast.

In Red Lion, the Court had previously ruled that listeners had a right to balanced information. In CBS v. DNC, however, Chief Justice Burger suggested that listeners could not be relied upon to speak articulately for themselves; broadcasters, although nominally proxies for the public interest, were thus essentially free to act on their own judgment of what best served the public's interest.

CBS v. DNC is often read to stand for the proposition that neither Red Lion nor the Constitution require "fairness" in broadcasting, or even as a rejection of the republican vision of a constitutionally protected national conversation. It is important to note, however, that Chief Justice Burger's opinion rests in part on the prudential grounds that were listeners rather than broadcasters to be entrusted with editorial discretion, there would be a danger of chaos. To the extent that this decision relies on a judgment that the public is not competent to speak for itself, it deserves to be rejected; to the extent that this judgment relies on the intermediation of broadcasters, the direct speaker-to-reader communication of the Internet is distinguishable.

401. Stanley v. Georgia, 394 U.S. 557, 564 (1969) (holding that First Amendment protects possession of obscene materials in the home).

402. The storm of protest that greeted the FBI's Library Awareness program suggests that public expectations and intuitions are offended by government monitoring of private reading matter. See supra note 338. The Library Awareness program was, however, more directly intrusive than a government policy that merely makes it more difficult for readers to hide their identities.

403. 381 U.S. 301 (1965).

404. Id. at 302.

405. See id. at 307.

406. Id. (quoting New York Times Co. v. Sullivan, 376 U.S. 254, 270 (1964)).

407. Id. at 308 (Brennan, J., concurring) ("the dissemination of ideas can accomplish nothing if otherwise willing addressees are not free to receive and consider them").

408. Yniguez v. Arizonans for Official English, 69 F.3d 920, 936 (9th Cir. 1995) (enjoining "English only" amendment to state constitution), cert. granted, 116 S. Ct. 1316 (1996).

409. Fabulous Assoc. v. Pa. Public Util. Comm'n, 896 F.2d 780, 785 (3d Cir. 1990) (citing Talley, 362 U.S. at 64-65).

410. Fabulous, 896 F.2d at 787-88. The Third Circuit distinguished F.C.C. v. Pacifica Found., 438 U.S. 726 (1978) (upholding FCC order granting complaint against radio station for broadcasting "patently offensive" language), on the grounds that the telephone was far less pervasive than broadcast media and required the active choice of the listener to receive it. Fabulous, 896 F.2d at 783. It is debatable whether that distinction applies to the Internet.

411. As Trotter Hardy pointed out in a discussion of this issue on the cyberia-l discussion list, recognition of a right to read anonymously might pose difficulties for the regulation of reading material that must be denied to particular classes of readers, e.g., material that cannot be furnished to minors. There is, however, a partial technical solution to this problem if a trusted third party can be found to issue anonymous age credentials. The third party would examine the person's proof of majority, then issue a certificate to that effect, signed with the certifying authority's public key. See Froomkin, supra note 228. The certificate need contain only the public key of the person whose age is being attested, not the person's name, making the credentials both unforgeable and anonymous. Alas, the system is not foolproof. If Alice, age 17, can persuade Bob, age 21, to give her the private key associated with the public key in Bob's certificate, Alice can impersonate Bob and no one on the Internet will be the wiser. It is possible to imagine versions of a digital signature infrastructure in which possession of another person's digital signature created such a risk for the original owner that signature sharing became rare, but this is not inevitable.

412. See Boos v. Barry, 485 U.S. 312 (1988); United States v. O'Brien, 391 U.S. 367 (1968); Clark v. Community for Creative Non-violence, 468 U.S. 288 (1984); see also United States v. Eichman, 110 S. Ct. 2404 (1990); Texas v. Johnson, 491 U.S. 397 (1989).

413. See Turner Broadcasting Sys., Inc. v. FCC, 114 S. Ct. 2445, 2459-62 (1994) (applying intermediate scrutiny after deciding that must-carry provision that distinguished between speakers solely by the technical means used to carry speech is not a content-based restriction); Clark v. Community for Creative Non-Violence, 468 U.S. 288, 293 (1984) (allowing reasonable time, place, and manner restrictions on speech, provided such restrictions are not content-based); City Council of L.A. v. Taxpayers for Vincent, 466 U.S. 789, 804 (1984) (describing an antisign ordinance as content-neutral); Heffron v. Int'l Soc'y for Krishna Consciousness, Inc., 452 U.S. 640, 648-49 (1981) (holding a time, place, and manner regulation on all solicitations at a state fair to be content-neutral); O'Brien, 391 U.S. at 367; see also David S. Day, The Incidental Regulation of Free Speech, 42 U. Miami L. Rev. 491 (1988) (discussing the development of the less-exacting incidental regulation doctrine for examining free speech concerns); Stone, supra note 395, at 46 (exploring the nature of content-neutral review); Ned Greenberg, Note, Mendelsohn v. Meese: A First Amendment Challenge to the Anti-Terrorism Act of 1987, 39 Am. U. L. Rev. 355, 369 (1990) (distinguishing between regulations that incidentally restrict speech, which are subject to a lower level of scrutiny, and those that directly curtail speech, which are subject to a higher level of scrutiny).

414. Turner Broadcasting, 114 S. Ct. at 2469 (quoting Ward v. Rock Against Racism, 491 U.S. 781, 799 (1989)); see also Ward v. Rock Against Racism, 491 U.S. 781, 799 (1989); Schad v. Mount Ephraim, 452 U.S. 61 (1981); Schneider v. State, 308 U.S. 147 (1939). Note that not "substantially more" is a less exacting standard than "there be no conceivable alternative." See Fox v. SUNY, 492 U.S. 469, 478; Geoffrey R. Stone, Autonomy and Distrust, 64 U. Colo. L. Rev. 1171 (1993) (discussing standards of review).

This intermediate scrutiny explains why public libraries can keep records of who checks out their books even if the First Amendment does protect a right to read anonymously. The library's record-keeping is a content-neutral rule that burdens no more speech than is necessary to further the government's legitimate interests in getting the books back from bibliophillic and larcenous patrons. Whether libraries can keep the information about the reading habits of their patrons once the books have been returned is a different question. It is difficult to see what interest the government has in this information; book usage statistics, for example, do not require that the identity of the patron be maintained. It may be that the First Amendment, like the American Library Association's cannons of ethics, requires that the library at least refuse to release this information, and perhaps requires that it be routinely erased.

One court rejected these arguments, albeit in a decidedly cursory fashion. See Brown v. Johnson, 328 N.W.2d 510 (Iowa 1983) (rejecting challenge to police subpoena for library circulation records based on chilling effect on First Amendment rights of library patrons); see also Carolyn M. Hinz, Note, Brown v. Johnson: The Unexamined Issue of Privacy in Public Library Circulation Records in Iowa, 69 Iowa L. Rev. 535 (1984) (criticizing Brown decision for ignoring relevant U.S. Supreme Court precedents, failing to apply strict scrutiny, importance of privacy rights at stake, and failing to consider objective and subjective reasonableness of public expectations of privacy). For a suggestion that library circulation records are valuable social history that should be preserved, see Shirley A. Wiegand, Library Records: A Retention and Confidentiality Guide 1-5 (1994). Indeed, state laws prohibiting the destruction of public records frequently apply to library circulation records. Id. at 11. Wiegand also reports a number of cases in which libraries have surrendered circulation information pursuant to court orders, id. at 139-44, and one case where the library itself voluntarily published potentially embarrassing patron circulation information in course of a campaign to shame patrons into returning overdue books. Id. at 141.

415. See supra note 299 (discussing "perfect crimes").

416. See supra note 288.

417. A fortiori it is also not evidence that the broad ban failed to find the least restrictive means, if that is the test.

418. See supra text accompanying note 300.

419. See City of Ladue v. Gilleo, 114 S. Ct. 2038, 2046 (1994) (applying the balancing test); Clark, 468 U.S. at 293 (same); Consolidated Edison Co. v. Public Serv. Comm'n, 447 U.S. 530, 535 (1980) (same); Tribe, supra note 132, § 12-23, at 979 (stating that the Supreme Court's balancing test examines "the degree to which any given inhibition . . . falls unevenly upon various groups").

420. City of Ladue, 114 S. Ct. at 2045 n.13 (1994) (quoting Stone, supra note 395, at 58; see also Wayte v. United States, 470 U.S. 598, 611 (1985) (noting that part of the test is whether an "incidental restriction on alleged First Amendment freedoms is no greater than is essential to the furtherance of that interest" (quoting United States v. O'Brien, 391 U.S. 367, 377 (1968))).

421. Metromedia v. City of San Diego, 453 U.S. 490, 501 (1981) (quoting Kovacs v. Cooper, 336 U.S. 77, 97 (1949) (Jackson, J., concurring)); see also Tinker v. Des Moines Indep. Community Sch. Dist., 393 U.S. 503, 506 (1969) (First Amendment guarantees must be "applied in light of the special characteristics of the . . . environment"); Healy v. James, 408 U.S. 169, 180 (1972) (same); Southeastern Promotions, Ltd. v. Conrad, 420 U.S. 546, 557 (1975) ("Each medium of expression, of course, must be assessed for First Amendment purposes by standards suited to it, for each may present its own problems.").

422. Milwaukee Social Democratic Publishing Co. v. Burleson, 255 U.S. 407, 437 (1921) (Holmes, J., dissenting); cf. Blount v. Rizzi, 400 U.S. 410, 416 (1971) (quoting Holmes's description with approval).

423. 115 S. Ct. 1511, 1529 (1995) (Thomas, J., concurring).

424. In this context, it is also interesting to return to Justice Scalia's dissent in McIntyre:

Principles of liberty fundamental enough to have been embodied within constitutional guarantees are not readily erased from the Nation's consciousness. A governmental practice that has become general throughout the United States, and particularly one that has the validation of long, accepted usage, bears a strong presumption of constitutionality.

. . . .

Where the meaning of a constitutional text (such as "the freedom of speech") is unclear, the widespread and long-accepted practices of the American people are the best indication of what fundamental beliefs it was intended to enshrine.

Id. at 1532-34.

425. A 1995 Harris poll found that 80% of those surveyed agreed that "consumers have lost all control over how personal information about them is circulated and used by companies." Knecht, supra note 348, at B1, B7.

426. The lack of accountability in anonymous communication enables a certain type of fresh start that may otherwise be hard to come by. See Graham, supra note 300, at 1395, 1411 (noting that allowing persons to conceal information about their past allows them to avoid unfavorable assumptions otherwise made by others). Indeed, people can reinvent their online persona over and over again.

When and whether people should be allowed fresh starts--or multiple fresh starts--is an interesting legal and philosophical question. For those who came to these shores of their own free will (unlike those who were already here or came in chains), the decision to come to America was itself a choice to start anew. Similarly, during the frontier period, the decision to head out West was for many a new beginning. Short of joining the witness protection program, fresh starts of that type are today more rare, and appear to be institutionalized only in an economic context, via discharge of debt in bankruptcy, see Thomas H. Jackson, The Logic and Limits of Bankruptcy Law 225-52 (1986) (surveying economic and ethical arguments for discharge). But see F.H. Buckley, The American Fresh Start, 4 S. Cal. Interdisciplinary L.J. 67 (1994) (arguing that American fresh start rule is too generous to defaulting debtor and does not well serve efficiency goals).

Several moral philosophers, including Kant, Bentham, and Hegel, opposed official pardons. Kant, for example, suggested that pardons have no place in a democratic society, since for the community to fail to punish would be a breach of moral duty. See Kathleen Dean Moore, Pardons: Justice, Mercy, and the Public Interest 28-49 (1989). Nevertheless, despite criticisms that they undermine the deterrent effect of the law, pardons and more general amnesties have been persistent features of the U.S. legal landscape. See, e.g., Leo Martinex, Federal Tax Amnesty: Crime and Punishment Revisited, 10 Va. Tax. Rev. 535 (1991) (arguing against tax amnesty as ineffective and likely to reduce tax compliance). Conversely, forgiveness and charity are considered virtues by several major religions.

427. Lyon, supra note 313, at 87.

428. See Steven V. Roberts et al., New Diplomacy by Fax Americana, U.S. News & World Rep., June 19, 1989, at 32.

429. See, e.g., Matthew J. Jacobs, Assessing the Constitutionality of Press Restrictions in the Persian Gulf War, 44 Stan. L. Rev. 675 (1992).