Vicarious infringement creates a privacy ceiling

In high-tech businesses ranging from Internet service providers to e-commerce websites and music stores like Apple iTun-es, there is considerable potential for collecting personal information about customers, monitoring their usage habits, or even exerting control over their behavior - for example, restricting what can be done with a purchased song. A privacy ceiling is an effective limit to these privacy intrusions, created by the perceived or actual legal liability of possessing too much information or control. As we show in this paper, the risk is not simply that of customer backlash, but liability for a customer's actions, owing to the ability to identify, report, or prevent them from taking those actions. In some cases high-tech businesses have been obligated to divulge their store of personal information or to police their customers at the demand of third parties; this unwanted result derives from the possession of too much information or control for the company's own good. We argue that vicarious infringement liability in particular creates a privacy ceiling, a point beyond which there is no economic incentive to intrude on a user's privacy; and, indeed, there is an incentive to architect one's business so that such intrusions are difficult or impossible.