We should have a few basic principles: - no private organization should be able to collect information about users that the government couldn't collect without a warrant. The information can not be used in a way the government couldn't use the information without Court approval. - all collection of user behavioral information or any tracking of a user on the Internet may only be done on an opt-in basis. The opt-in must be clear and separate and not be a condition of use of service. Exact and specific use of any date collected must be provided in plain English that a seventh grader can understand. And an easy to find opt-out must be provided. - anyone collecting information can not provide the collected information to a third party without explicit user consent. The consent must be provided for each party the information will be shared with. - techniques that claim to make record anonymous but still allow correlation of records or information are not to be considered anonymous collection and treated as though they were for an identifiable user unless the collector can prove, scientifically, that there is no possible way for a party having all the records to use the records to identify an individual. - anyone collecting private data or tracking a user on the Internet must provide a way for the user ro review all informaiton and data collected. - location tracking for a user cannot be retained for more than 24 hours. - if the government requires that data be collected for a user or retained about a user in a way that would not be allowed for commercial use under the rules adopted, only the government may access or use that data and once the government is through with its use the data must be permanently erased for all records and backup media - violations of the rules will be a felony and the officers of the company can be held personally criminally liable for allowing any systems to be implemented that violate the rules.