Virtual Guest Speakers

March 14:

What Privacy Regulation Can Learn from Environmental Law
Professor Dennis D. Hirsch, Capital University Law School
Virtual Lecture
Other links
Discussion List   (Professor Hirsch will join the discussion list from March 14-18)


Dennis D. Hirsch is Professor and Director of the Environmental Law Concentration Program at Capital University Law School in Columbus, Ohio.  Professor Hirsch teaches courses on environmental law, the Clean Air Act, environmental law practice and property law.  Prior to commencing his academic career, Professor Hirsch was an associate in the environmental and appellate practice groups at Sidley, Austin, Brown & Wood, and clerked for the Hon. John M. Walker, Jr. of the United States Court of Appeals for the Second Circuit.

Professor Hirsch specializes in the study of alternative forms of environmental regulation and their potential for enhancing environmental protection.  He has written and lectured widely on the topic.  His current research is interdisciplinary in nature.  It examines whether the “next generation” regulatory tools developed in the environmental field might also be adapted for use in the field of privacy protection.

Professor Hirsch earned his J.D. from Yale Law School, where he served as Articles Editor for the Yale Law Journal.  He received his B.A., summa cum laude, Phi Beta Kappa, from Columbia University.   Professor Hirsch is Vice-Chair of the Committee on Innovation, Management Systems and Trading of the American Bar Association, Section of Environment, Energy and Resources.   He is a co-founder of the Sustainability Roundtable of Central Ohio.  He is admitted to the bars of Ohio, New York and the District of Columbia.


The Industrial Revolution of the 18th and 19th centuries introduced technologies and methods of production that profoundly affected the larger society.  During the past fifteen years, the world has experienced another major economic transformation, the Information Revolution.   The first Revolution generated environmental pollution at unprecedented levels.  Eventually, a new form of law – environmental law – emerged to address these injuries.   The Information Revolution, too, is causing new sorts of damage to individuals.  This time, however, the harm is not to the external environment but to the internal one.  The damage is to our privacy.

As with environmental  pollution, the law is now seeking to respond to these new injuries to privacy.  Legal scholars have drawn on property law,  contract law,  even  trade secret law  to develop strategies for protecting privacy.  However, they have largely ignored environmental law.   This chapter argues that environmental law can contribute to this discussion. On the level of theory, two of the main constructs that have been used to understand environmental damage  – the ideas of negative externalities, and the tragedy of commons – can be effectively applied to privacy injuries.  One the level of policy, the regulatory instruments that have, through much trial and error, been developed in environmental field can provide useful models for regulation to protect privacy.


The Information Revolution injures personal privacy in at least two major ways.  First, as many have recognized, the increased generation, availability and use of personal information diminishes an individual’s ability to control access to such information.   This impairs “informational privacy.”  Second, spam invades privacy.  While many have analyzed the problem of spam, few have talked about it as a privacy issue.   This chapter will argue that spam, by invading our virtual space, infringes on our privacy.

1.1    Damage to informational privacy

In their foundational 1890 law review article, Louis Brandeis and Samuel Warren conceived of privacy as “the right of the individual to be let alone.”   They argued that this right protects an individual against unwarranted intrusion into her personal realm and, if violated, gives rise to an action in tort.   In the years that have followed, this right has taken strong root in the law and has branched out in several directions.   One of these has been the recognition of “informational privacy.”   This branch responds to modern society’s tendency to generate and make available increased quantities of personal information.  It treats this as an invasion of the personal realm.  It provides individuals with certain rights over the “collection, use and disclosure” of their personal information.

The Information Revolution increases the threat to informational privacy in a number of ways.   The increasing digitization of personal records, and the relative ease and speed with which they can now be searched, has made it possible to put together “computer profiles” of individuals that offer a snapshot of their purchases, health issues, financial situation, habits and the like.   The rise of the Internet, e-commerce and “cookies” have made it possible to track an individual’s travels through cyberspace and so to learn even more about that person.   Finally, data mining uncovers, and brings to light, the latent information that can be gleaned from the relationships between disparate pieces of data about an individual.   In these ways, and others, the Information Revolution has expanded access to and use of personal information and so has harmed informational privacy.

1.2   Damage to spatial privacy

Brandeis and Warren’s right to privacy has also given rise to legal doctrines that protect an individual against invasions of her personal spaces.  For example, the Restatement (Second) of Torts recognizes the tort of “intrusion upon seclusion” where one “intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns.”   Unauthorized entry into another’s private home violates this right.   So do “telephone calls [which] are repeated with such persistence and frequency as to amount to a course of hounding the plaintiff, that becomes a substantial burden on his existence.”

Today, the  in-box is as important a personal space as a phone line.  The spammer’s daily invasion of this virtual, personal space is as intrusive as the caller’s harassment over the telephone.  If privacy is, as Brandeis and Warren defined it, the right “to be let alone,” then the incessant hounding by spammers should be recognized as an invasion of that right.    The information revolution thus harms personal privacy in two ways: by capturing, using and mining  our personal information; and by intruding into our personal space through spam.


The damage to privacy is conceptually similar to environmental injuries.  Two of the principal constructs that have been employed to understand environmental damage  – the notions of negative externalities, and the tragedy of the commons – can be usefully applied to privacy injuries  as well.

Negative externalities are costs of an activity that are borne, not by the actor herself, but by others in society.   For example, consider a company that uses steel to make a product.  The company must pay for this commodity; it must bear the cost of using up that amount of steel.  If the company emits air pollutants from its smokestack, thereby causing respiratory problems and other illnesses among the surrounding populace, this too creates a social cost.  But it is one that, in the absence of regulation or a successful tort suit, the company does not have to bear.  It is able to “externalize” this cost onto the surrounding community.  Since it does not have bear the cost of this pollution, the company has little incentive to minimize it.  Instead, it will wastefully “use up” the clean air resource in the way that it would never consume a resource, such as steel, that it had to pay for.

The “tragedy of the commons,” another core construct used to understand environmental injuries, applies to commonly owned resources.  The classic example, drawn from an essay by Garrett Hardin, is of cattle herders who graze their animals on a grass field that is open to all.    A cattle herder gets the full benefit of adding another animal to the pasture.  However, the herder shares the cost of adding that additional animal, in terms of the increased exploitation of the grass field, with all others who have rights to the field.  It is rational for the individual herder to keep bringing more and more cattle to graze in the field. The same is true for all the other herders. This leads to the field being so overgrazed that it cannot regenerate and becomes useless for grazing purposes.  All the cattle herders lose this valuable resource.  What was individually rational turns out to be collectively destructive.

2.1 Spam as an environmental harm

These constructs, often used with reference to environmental injuries, can advance the understanding of spam.  Spam  imposes social costs.  These include the time spent downloading and deleting spam messages, the cost of a phone line while performing this activity (the majority of Americans still use a dial-up modem), the cost of installing filters to screen out unwanted messages, and the loss of desired messages that are mistakenly deleted as a result of the filtering process.   These costs are not borne by the spammer.  Instead, they are externalized onto the recipients of the spam.  Spam spewed from a computer thus creates a negative externality in much the same way that air emissions emitted from a smokestack do.
If left unchecked, spam will also generate a tragedy of the commons.  Here, the commons is the in-box which is accessible by almost anyone who learns of the corresponding e-mail address.   When a spammer sends a message, she gets all the benefit of that communication in terms of selling or advertising a product.  By contrast, she bears only a small fraction of the cost, most of it having been externalized onto the recipient as described above.   Much as the cattle herders in Garrett Hardin’s essay have an incentive to keep adding more head of cattle until the common area is overgrazed and destroyed, so each spammer has incentive to continue sending more and more spam messages in the hope of securing one more customer.  This is, in fact, what we see: 140 billion spam messages sent in 2001, 260 billion in 2002, and nearly 2 trillion in 2003, with no end in sight.   The tragedy, which is already beginning to occur, will be when excessive spam makes e-mail unattractive to the user and people seek alternatives to this communications medium.   This will destroy e-mail for all of us, including the spammers.  Like the cattle herders who overgraze the common pasture, spammers will have destroyed the very resource on which they themselves rely.

2.2   Invasion of informational privacy as an environmental harm

These concepts also apply to injuries to informational privacy.    When a web merchant or data miner collects and uses someone’s personal information it diminishes that person’s personal privacy and thereby imposes a cost.  The marketer or data miner does not bear this cost; it puts it, instead, on the individuals whose personal information is being used.  The cost thereby qualifies as a negative externality.    Whereas smokestack pollution affects the world around us, the injuries here are to our inner environment, our sense of privacy.  One might even refer to them –  if the phrase is not too glib –  as “internal externalities.”

Once again, tragedy lurks around the corner.  Here, the commons is the collective willingness of individuals to share their own personal information on the web. Businesses that use this information claim most of the benefits of doing so and bear only a small fraction of the costs.   Each such business accordingly has an incentive to use more and more personal information.  This will eventually lead to a point where individuals feel so insecure about sharing their information on the web that they turn away from e-commerce.  This dynamic is already beginning to occur.   If it continues, the willingness of individuals to provide personal information on the web – a resource on which e-commerce and much other web-based activity depends – will have been over-exploited and used up.   All of us will lose, including the websites, web marketers and data miners themselves.  Much like the cattle herders, they too will have destroyed the resource on which their livelihood depends.


The conceptual similarity between environmental and privacy harms raises an intriguing possibility.  Might the regulatory strategies developed over the past decades to address the environmental damage of the smokestack era be similarly applied to the privacy injuries of the information age?  The answer is a qualified “yes.”  Emission fees, a market-based approach that has been used to address a variety of environmental problems, could be adapted for use in controlling spam.  Two other contemporary environmental policy instruments – environmental covenants, and government promotion of environmental management systems – could be converted into tools for protecting personal information.

3.1 An emission fee system for spam

Under an emission fee approach, the government requires each polluter to pay a fee equal to the cost that its emissions are imposing on society and the environment.   If the fee is set accurately, it should force the polluter to bear (“internalize”) the costs that it would otherwise be externalizing onto others.    This gives the polluter an incentive to reduce its emissions if the costs of doing so are less than the amount of the fee that it would otherwise have to pay.  Under such a system, companies that are able to reduce their emissions relatively cheaply will tend to do so.  Businesses for which pollution reduction would be extremely costly will either pay the fee, or shut down.  The emission fee approach thus creates a framework in which those who can most cheaply reduce pollution tend to undertake the bulk of the reductions.   It also gives a competitive advantage to those firms that can reduce their emissions for less than the cost of paying the fee.

Here, the emissions-fee approach would consist of a government-imposed charge for each e-mail sent.  To send an e-mail, one would first need to pay the small fee.   Further empirical research will be required to determine the level at which this fee should be set.  For present purposes, assume that a federally-required, uniform fee were set at a tenth of a cent per e-mail.  This would dramatically change a spammer’s incentives.  A seller of Viagra or “fine Rolex watches” who has been sending a million messages each day would now have to pay $1000 per day, or $365,000 per year, for a privilege that previously had been all but free.  This would give such a business a strong incentive to target its messages to individuals with a higher likelihood of interest in the product, rather than to spread them with abandon to all valid e-mail addresses.  If we treat spam as a form of pollution, this more refined targeting of messages could be thought of as a kind of pollution prevention.  Recent research suggests that it should be technically feasible to implement an e-mail fee system.

Three objections to this idea come immediately to mind.  Such a fee may chill beneficial communication within organizations.  It may prevent non-profit, educational and religious groups from sending out mass e-mails to members, or to the general public.  Finally, it may disrupt socially useful communication among friends, family members and business associates who have grown accustomed to free e-mail.

These concerns, while important, can be addressed.  The system could apply only to e-mail that travels through an Internet Service Provider (ISP) with facilities in the United States.  The ISP’s could be required to deliver only e-mail for which the sender had paid the fee.  This would resolve the problem of intra-organizational communication, since messages that travel via an organization’s own server would remain free. The concerns about non-profit, educational and religious institutions could largely be addressed by exempting those 501(c)(3) organizations that are already excused from paying federal income taxes.  Finally, a small fee should not deter most personal e-mail.  Consider the individual who sends 100 e-mails a day.  A fee of a tenth of a cent per e-mail would amount to 10 cents per day, or roughly $36.50 per year.  This is about the same as the cost of a month of broadband Internet service.  To reduce the burden on individuals almost to zero the federal government could create an income tax credit, to be claimed on the individual’s annual income tax form, equal to the amount of e-mail fees that the person paid that year.  Designed in this way, the system should not deter individual use of e-mail.

As to the fees collected from commercial entities, they would go  to the federal treasury.  Part could be earmarked for enforcing the fee system and tracking down those who try undermine it.  Another portion could be devoted to providing computers and  computer training, including instruction on how to use e-mail, to low-income people without e-mail access.  This investment would generate more users of e-mail and so would replenish the commons on which the spammers, and the system of e-mail itself,  depend.

3.2 Using covenants and management systems to protect personal information

Environmental regulatory instruments can serve as a model for protecting informational privacy.  The current policy climate with respect to protection of personal information is something like the following. There is a broad recognition that advances in information technology are significantly compromising informational privacy.  The public is beginning to demand better protection.  Congress has acted to safeguard personal information in some limited areas and is contemplating further legislation.   Despite these trends, there is a  strong feeling among many in government, industry and academia that the government should not intrude too forcefully into this area.   It is thought that information industries are too varied, and are changing too rapidly, to be effectively governed by centralized decision-makers.   Moreover, some are concerned that information industries are central to the nation’s economic future and that ill-conceived governmental intervention could do great damage to them.  There is at once a recognition of the need for additional regulation, and a reluctance to impose rules from the top.

The environmental field has faced this very situation and has developed an approach to it known as an “environmental covenant.”  Traditionally, environmental regulation has consisted of centrally-mandated technology and/or performance specifications that industries subject to the rule must meet.  This method is often referred as “command-and-control” regulation.   Regulation of this sort is not appropriate for all situations.  Where industries are rapidly changing and centralized decision-makers have a hard time keeping up, environmental policymakers have sought to use other tools.   One of these is the environmental covenant,  an agreement between government, the regulated industry and, sometimes, interested NGOs, that defines the steps that industry will take to achieve environmental  goals.    In contrast to traditional command-and-control regulation, covenants give the regulated industry a direct say in what the regulatory requirements will look like.  They also frequently provide long lead times and flexible methods for achieving the agreed-upon social ends.   Government regulators and interested non-profits also must sign the covenant.  Before they will do so, they often ask that the industry agree to ambitious environmental performance goals.

The covenant approach thus follows Coasian bargaining principles.  If all the relevant parties agree to forego traditional regulation and replace it with the covenant, then the negotiated approach must be presumed to be superior to traditional regulation from all perspectives.    In theory, the government and public benefit by obtaining steeper reductions than they would have through traditional mechanisms.   Industry benefits by being given direct input into how the standards are shaped, longer lead times and implementation flexibility.  The United States is still experimenting with environmental covenants.   The Netherlands, the European Union, and Japan have all made wide use of this tool.

The covenant approach might prove to be an effective regulatory instrument for protecting personal information.  The growing public concern about informational privacy, and the increasing pressure on the government to take action, should give the relevant industries an incentive to come to the negotiating table.  The concerns about top-down intervention should motivate government officials to try a non-traditional approach.  Finally, the United States is home to several strong and knowledgeable privacy-related NGOs.  These organizations would have the expertise and resources to participate in such a process and provide it with greater accountability and legitimacy.  The stage is set for the federal government to negotiate a covenant with industry trade associations and the relevant NGOs that will offer strong protections of personal information, while providing industry with the flexibility and extended time frame necessary to meet these objectives in a smart way.

There is even a rough model on which to build.  In 1998, the Federal Trade Commission informed a group of major companies that utilize personal information in their on-line operations, that if they did not take steps to protect privacy better they would face regulation.  The group, organized as the Online Privacy Alliance, voluntarily agreed to a set of guidelines to protect informational privacy.   While these guidelines were not formally negotiated with the government or NGO’s, they show the potential of  the covenanting approach for the protection of personal information.  Future efforts could  build on this initial one.

The precise contours of such a covenant can only be spelled out by the parties themselves.  That said, the negotiators of such an agreement should consider requiring companies in the relevant industries to implement the equivalent of an environmental management system, one of the latest, and potentially most effective, tools being used in environmental management today.

An environmental management system (EMS) is a company-designed approach to managing the environmental side of a business.   In  the past, most companies proactively managed many areas of their operation  (e.g. inventory, production or marketing) but, when it came to environmental matters, largely reacted to governmental regulations or public outcry.   An EMS applies advanced business management practices to the environmental aspects of the operation.   It consists of an organizational plan for: assessing the company’s environmental impacts and auditing its compliance status; setting goals for improved performance and compliance;  systematically generating ideas on how to meet these goals; monitoring progress towards the objectives; and committing to continuous improvement in performance and compliance over time.      The Environmental Protection Agency (EPA) has credited  EMS’s with achieving better environmental performance, compliance and pollution prevention at the source.   The agency has developed programs that support, and give incentives for, the adoption of EMS’s by private entities and governmental organizations.  For example, the EPA has developed a national database of information on how companies across the country have fared with EMS implementation.   The agency has also offered to impose lower penalties on companies that uncover a violation through a compliance audit conducted as part of a bona fide EMS and disclose the violation.

The EMS approach would represent an improvement over current privacy protection practices.  At present, most companies who use their customers’ personal information seek to reassure them with a published privacy policy.  This policy statement typically discloses how the organization plans to use its customers’ personal information and the circumstances under which it will share this information with other commercial entities.  While such a policy may stipulate to useful limits on the spreading or use of such information, it hardly constitutes an affirmative and continually improving  system for protecting it.
The privacy equivalent of an EMS – it might be called a Personal Information Management System, or PIMS – would offer greater protection.  A company, through its PIMS, would commit to assessing its impact on personal privacy, setting ambitious goals for protecting personal information, systematically developing strategies to meet these goals, monitoring progress and continually improving in its protection of personal information.  The government or a private body might develop a general standard against which such a PIMS could be evaluated.   Third-party auditors could then certify that a given company’s PIMS was in compliance with this standard.  Such a certification would reassure individuals more than a privacy policy and would make them more willing to share their information.  Government regulators could create further incentives for adopting a PIMS, and could provide information and technical assistance to those companies interested in doing so.  In addition, the negotiated covenant described above could require adoption of a PIMS as one of its terms.

Environmental management systems have a major blind spot.  They  create a process for setting and attaining an organization’s environmental goals, but they have nothing to say about what these goals are.  The risk is that a company will set extremely modest goals, implement an EMS to achieve them, and appear as worthy as the one that has set out to achieve much better performance.   A PIMS, too, will be a management framework devoid of substantive content.  In the environmental field, regulatory requirements often provide the substance that fills out the EMS.  But such requirements do not yet exist for many businesses that impact personal information privacy.  Where can the substantive content of the PIMS be found?
Perhaps in the covenant.  This government-industry-NGO agreement could set standards for the protection of personal information that an individual company could, in turn, incorporate into its PIMS.    Under this approach, the covenant would establish the goals and the management system would provide the mechanism for achieving them.   Working together, these two regulatory instruments would help to protect personal information and so to preserve people’s willingness to share this material on the Web.


The privacy law of today shares much with the environmental law of thirty years ago.  Injuries caused by current business practices are just coming into the public eye and pressure is growing on governments to protect their citizens from  them.  The theory and practice of environmental law, developed through hard experience over the past three decades, provides a resource on which emerging privacy regulation can draw.  In particular, this chapter has suggested that emission fees, regulatory covenants and the promotion of management systems may be transferable from the environmental arena to the privacy field.  If implemented, these strategies should decrease the likelihood of a tragedy of the commons  in the areas of e-mail and e-commerce, and so should help to preserve these highly useful activities for future generations.  Using environmental language, one might say that these measures would contribute to the “sustainable development” of the information age economy.

Other links of interest

Virtual Guest Speaker Program Home