In high-tech businesses ranging from Internet service providers to e-commerce websites and music stores like Apple iTunes, there is considerable potential for collecting personal information about customers, monitoring their usage habits, or even exerting control over their behavior - for example, restricting what can be done with a purchased song. A privacy ceiling is an effective limit to these privacy intrusions, created by the perceived or actual legal liability of possessing too much information or control. As we show in this paper, the risk is not simply that of customer backlash, but liability for a customer's actions, owing to the ability to identify, report, or prevent them from taking those actions. In some cases high-tech businesses have been obligated to divulge their store of personal information or to police their customers at the demand of third parties; this unwanted result derives from the possession of too much information or control for the company's own g...
Janice Y. Tsai, Lorrie Faith Cranor, Scott Craver