There are a number of statutes already in effect in the United States that can be applied to these privacy issues. There is for example, the Federal Wiretap Act of 1968, which limits the monitoring of private communications.(19) The Privacy Act of 1974 mandated guidelines for records collected by the federal government.(19) The Cable Act of 1984, the Video Privacy Protection Act, and the Electronic Communications Privacy Act of 1998 all contain privacy protection to consumers.(19) All of these statutes seem to be rooted in the same basic tenet - in the United States it is understood that privacy is a right protected by the Fourth Amendment in the Constitution.(19)

There is even more evidence that the right to privacy is inalienable. This evidence takes the form in a set of rules and norms known as the "Fair Information Practices."(20) Although the specific elements that make up Fair Information Practices may vary somewhat, what is significant is the "high degree of commonality of these principles, across subject matter, technologies, and jurisdictions."(19) The responsibilities implied in the "Fair Information Practices" help ensure that information collected is used for its intended purposes and determinations are based on accurate information. The uses of these practices are the cornerstone to privacy laws found across the United States as well as other parts of the world.(20)

While it is clear that privacy laws have a distinct place in our society, the laws in the United States pertaining specifically to "cookies" may not be so clear. By applying statutes such as the ones mentioned above, two federal cases filed last year raised the question - should a seventeen-year-old wiretapping law be applied to Internet privacy issues?(21) Filed in Denver, Colorado against Excite@Home subsidiary MatchLogic and in Redmond, Washington, against the online advertiser Avenue A, the suits complain the two companies planted cookies on consumers' hard drives to track their Wed habits for commercial purposes. By placing these devices on user's computers, these companies allegedly violated the Cable Act of 1984, passed by Congress to deter wiretapping, and the Computer Fraud and Abuse Act.(21)

From the court cases described above, one can see the need for clear guidelines regulating the use of Internet cookies. In the wake of the emerging controversy over Doubleclick, Senator Robert Torricelli, D-NJ, offered a bill in Congress last year that would make it unlawful for companies to collect personal information online without first getting permission from the consumer.(22) But as recently as last month, a New York Southern District judge declared that Doubleclick's collection of information through cookies was not an invasion of privacy.(23) Nevertheless, the 107th Congress has already offered two pieces of legislation outlawing cookies and attaching stiff civil penalties for those who violate the regulations.(25, 26)

If courts and the legislatures are in disagreement over the future of online advertising techniques, then where does the answer lie? The dot.com industry believes the answer lies in self-regulation.(20) Beginning in 1996 an effort began to develop a comprehensive self-regulatory approach to privacy protection.(19) E-Commerce sites posted their privacy policies online, new organizations were established to oversee privacy practices, and the Federal Trade Commission asserted its power in making sure firms adhered to their policies.(20) It was a clear effort by the dot.com industry to hold off burdensome legislation for as long as possible.

Are there other avenues one could take when attempting to regulate online advertising techniques? It would be impractical to require Websites to notify users by e-mail when they place a cookie on an individual's computer. Among other things, placing a cookie on a computer does not, in itself, give the Website that places the cookie access to the user's e-mail address. It is also unclear how that would be enforced. State legislatures could attempt to enhance their user's privacy rights by expanding the scope of consumer protection laws to include Website privacy policies. In the state of Maryland, however, attempts were made to that effect during the past General Assembly session and failed.(26)

It is interesting to note the European Union has adopted laws that ban the use of cookies all together.(27) Dai Davis, head of the IT Group at law firm Nabarro Nathanson in the United Kingdom called these mandates another "case of the European Commission shooting European companies in the foot and one which is potentially highly damaging."(27) He said the change in the laws placed European businesses at a competitive disadvantage to countries operating from outside Europe, which do not have to comply with the new legislation, like the United States.

Clearly there are two sides to the privacy argument. Businesses that make money using cookies are quick to tell you an Internet cookie is not an executable program and cannot do anything to your machine. Stanton McCandlish, program director of the Electronic Frontier Foundation stated, "There's nothing inherently bad about cookies. There are always ways to abuse this technology, but it's really difficult to imagine a technology that can't be abused."(28) Robert Gellman, a privacy consultant in Washington DC says, "Cookies do a lot of things. Some elements of cookies are not only harmless, but also useful. If a consumer had to give permission every time a site wanted to assign a cookie, it would be maddening. Going after cookies is not the answer."(5) But most users of e-commerce sites agree with Marc Rotenberg of the Electronic Privacy Information Center in his March 1, 2001 statement before Congress: "Privacy technologies should not hinder commerce but they should also not force consumers to trade privacy to participate in commerce."(19)