of certain types of electronic information to forestall requests for such records? Many electronic networks produce vast and unique traces of both verbatim communications and transactional data (e.g., who called whom when, network usage statistics, user credit histories). What traces count as a record?
A second issue is that the many network interconnections give rise to potential conflicts across international boundaries. Different nation-states have different approaches to the protection of privacy (e.g., the United States takes a sectoral case-by-case approach, protecting different types of information in distinct ways, whereas Europeans focus on umbrella rules covering all personal information, according to Metalitz), and there is no international privacy law.11
A third issue is that the meaning of the legal term "the reasonable expectation of privacy" (the foundation for U.S. privacy law as enunciated by the Supreme Court in 1967) is not clear in the electronic environment. For example, it is clear that electronic networks tend to encourage frank if not imprudent speech, thus magnifying the confusion over what circumstances provide a "reasonable expectation of privacy." Even today, conversations on cordless telephones tied to a base station are not afforded the same legal protection from eavesdropping as cellular telephones that are truly mobile. The perceptions of the "man on the street" about what is "fair'' may conflict with basic assumptions regarding the conduct of business. Matters such as the extent of computer literacy in the public may affect profoundly what constitutes reasonable expectations of privacy.
Given all the dilemmas, a variety of new measures—both technical and legal—likely will be needed to ensure electronic privacy and security. Technology will not be able to provide perfect privacy or security, but technological fixes can provide preventive measures to help reduce the range of risks that are faced by users of electronic networks. Legal measures will be necessary to help deal (remedially, if nothing else) with those circumstances in which it is impractical or undesirable to use the technical measures.
Of course, there is little international criminal law, tort law, or intellectual property law either. However, international cooperation on developing common approaches to privacy is not entirely absent. Guidelines for developed nations were issued in 1981 by the Organization for Economic Cooperation and Development (OECD). The OECD guidelines have become the basis for national law in 17 of the 24 member states (which are located in North America, Europe, Japan and Australia), and the guidelines also have been used by new democracies in Eastern Europe, according to Marc Rotenberg. More recently, the European Community (EC) issued a draft data protection directive, which if adopted would ban export of data from the 12 EC member states to countries lacking adequate privacy protection.