
Privacy Primer: An Ethical Review in an
Information Systems and
Technology Curriculum
Alan R. Peslak
arp14@psu.edu
Information Sciences and Technology
Penn State University
120 Ridge View Drive
Dunmore, Pennsylvania  18512  USA
Abstract
One of the most important topics in modern information technology today is the impact of privacy ethics and laws on the design, development, and implementation of information systems and databases, including Internet and electronic commerce websites. Unfortunately, the ethical and legal issues associated with this important topic are rarely addressed formally in information systems or sciences education. This paper presents an overview of the major issues associated with information privacy, suggests relevant sources for instructional content, and develops a series of pedagogical exercises that can be used to instill in current students the key issues associated with the ethical construct of privacy. The background of privacy rights are reviewed as well as legal and regulatory implementations both in the US and internationally. As an example of a specific current technology privacy issue, radio frequency identification is discussed including its privacy ramifications. The report concludes with a call for others to participate in implementation of this important technology component as proposed by many including the 2002 model IS curriculum.
Keywords: privacy, information technology ethics, ethics, electronic commerce


1.  INTRODUCTION
One of the most critical issues in information systems today is information privacy.  Stone et al. (1983) define information privacy as “the ability of the individual to personally control information about one’s self”. Mason (1986) suggested that privacy is one of the “Four Ethical Issues of the Information Age.” Current researchers have not downgraded the importance of privacy. According to Shaw (2003) “the web… (has) the potential to threaten individual privacy at an unprecedented level.” Hardly a day goes by without some significant breach of privacy of personal information by some participant or interloper in the data domain. There are constantly new revelations about identity theft, security breaches, unauthorized collection of data from Internet websites, spamming, spyware, or other information technology privacy issues. As an example, Weiss (2005) reports on perhaps the biggest breach of information privacy and security in banking where a New Jersey cybercrime ring accessed customer account information on 676,000 customers. With the storage of all forms of electronic data, the difficulties of maintaining the integrity and privacy of that information becomes increasingly difficult. Despite the importance of privacy, the exploration of privacy in an information systems and sciences curriculum has been limited. Though often discussed there is little concise content to support the study of information privacy in our current environment.
2.  IMPORTANCE OF PRIVACY -
GENERAL
The 2002 model curriculum for undergraduate education in Information Systems jointly developed by the Association for Computing Machinery (ACM), the Association for Information Systems (AIS), and the Association of Information Technology Professionals (AITP) has specifically included ethics in general and privacy specifically as major topics which need to be included .Privacy ethics are a specific subset of the broader area of overall information technology ethics. The 2002 Information Systems model curriculum stresses the importance of information ethics and privacy in a number of areas.  In IS 2002.1 – Fundamentals of Information Systems, a topic area is “information security, crime, and ethics”. In IS 2002.2 – Electronic Business Strategy, Architecture and Design, “information privacy and security” is listed as a topic. In the discussion of the course, there is specific mention of “differences in privacy legislation”. Privacy is one of the nine learning units in the course with a learning unit goal “to explain and consider the obligations for protection of individual privacy as well as organizational security in interorganizational systems”. In IS 2002.6 – Networks and Telecommunication, privacy is again listed as a course topic. In this course, privacy is one of 11 learning units with a learning unit goal “to provide awareness of the responsibilities inherent in providing telecommunication services, including security, privacy, reliability, and performance” (Gorgone, et al., 2002). Despite the key role of privacy in the Information Systems model curriculum, there is little practical pedagogical research on the specific content which should be included related to information technology privacy. This study is an attempt to frame the relevant privacy content which can be contained within a series of classes. An overall framework is suggested as well as specific references, and suggested exercises to reinforce this content. It is hoped that this study will serve as both a reference for other IS and IT instructors as well begin a broader discussion on the rapidly evolving content within information technology ethics that deals with the critical issue of information privacy.
Very few schools have a specific course in information privacy, and the model curriculum does not propose this either. As a result, the topic of privacy and all its ramifications needs to be addressed as a part of other courses. There are several books that include information privacy as a major topic such as The Digital Person: Technology And Privacy In The Information Age by Daniel J. Solove and No Place to Hide: Behind the Scenes of Our Emerging Surveillance Society by Robert O'Harrow, but to require the purchase of these texts in addition to other course requirements may not be a practical solution. As a result, I have developed a self-contained privacy primer that includes many major components of a privacy framework and is sufficiently compact to be incorporated into any number of relevant courses. This work will detail the major components of this primer.
3.  REVIEW OF THE LITERATURE
There is an extremely limited amount of work which has been undertaken to illustrate how to constructively include privacy as a part of the information systems and sciences undergraduate curriculum. Educators that address privacy content are Settle, Berthiaume, Lulis, and Mirza (2003) include data privacy issues in an IT survey course via student led debate. There are limited details on suggested privacy content. Kim, Han, Kim, and Choi (2005) suggest that Privacy and Ethics, and Laws and Regulations be two courses of 27 in a comprehensive E-commerce security curriculum. Crews (2004) found Social and Ethical Issues (including privacy and information) as one of the nine major areas of telecommunications course content after a Delphi study of IT professionals. Stevens and Jamieson (2002) include one week on privacy in a postgraduate information systems security course. They rely heavily on readings from the literature to support all concepts in the course content. Finally, Kroger and Sena (2002) included a significant portion of a proposed MBA course in ethics, security, and privacy. The authors reviewed constitutional backgrounds of privacy and HIPAA (Health Insurance Portability and Accountability Act) as a major example of privacy legislation. Significant discussion was included that highlighted the threats of electronic information to privacy as well as topical issues such as identity theft, homeland security, and human genome mapping.
4.  METHODOLOGY AND FRAMEWORK
With little pedagogical background on this important information technology topic, this report is an attempt to develop and provide current relevant privacy background, content, and issues as well as suggested readings and sample exercises which can be utilized in class. The content can be logically included as a part of many courses including but not limited to the courses in the IS model curriculum, Fundamentals of Information Systems, Electronic Business Strategy, Architecture, and Design, and Networks and Telecommunications. The content can also be logically included in an introductory MIS course, a database course, information processing courses, HCI, or a stand-alone information ethics course. The overall framework proposed is to provide a background of issue or topic, provide sources of information for students in the form of relevant readings, and finally, include specific suggested exercises in the form of hands-on research and/or discussion. In terms of Bloom’s taxonomy, the exercises and objectives are centered primarily in the lower levels of knowledge, comprehension, and application. Some of the research exercises, however, do include the requirements of analysis, synthesis, and evaluation (University of Victoria, 2003).
5.  BACKGROUND OF
PRIVACY RIGHTS AND LAWS
The course content includes many specific elements in dealing with information privacy. The first is a review of the background of privacy rights and laws. The right to privacy in the US was first clearly articulated in a article in the Harvard Law Review in 1890 by Warren and Brandeis. In this article, the authors define the right to privacy simply as “the right to be left alone”. This definition though refined and expanded has remained the most commonly accepted meaning up to the present. The article was written at a time when modern forms of communication and publicity such as the telegraphy, photography, and mass market newspapers were in their infancy. The article, however, still holds relevance, in particular with regard to its description of the limits of freedom of speech and press which must be offset by a person’s privacy rights.
Warren and Brandeis (1890) start with the noted definition of privacy as the right to be left alone and suggest that the right of privacy is a natural extension of basic “right to life” principles. The progression evolves from the initial right of protection from physical threats, then protection from spiritual coercion, and finally, the right of liberty and enjoyment of life. From this extension has sprung the privacy protection that is generally regarded as natural today. The article presents an extensive discussion of the potential abuses of privacy from newspapers and photography. Also discussed are the unclear limits of the rights to privacy and the proper remedies for enforcement. The authors then outline six potential limits on the overall rights of privacy
“1.	The right to privacy does not prohibit any publication of matter which is of public or general interest. …
2.	The right to privacy does not prohibit the communication of any matter, though in its nature private, when the publication is made under circumstances which would render it a privileged communication …
3.	The law would probably not grant any redress for the invasion of privacy by oral publication in the absence of special damage.
4.	The right to privacy ceases upon the publication of the facts by the individual, or with his consent.
5.	The truth of the matter published does not afford a defence…
6.	The absence of "malice" in the publisher does not afford a defence. Personal ill-will is not an ingredient of the offence, any more than in an ordinary case of trespass to person or to property.”
These limits generally hold true today with perhaps the exception of three which may be interpreted differently in an era of mass media.
Warren and Brandeis next offer two remedies for violations of the right to privacy tort law and injunctions.
“1.	An action of tort for damages in all cases. Even in the absence of special damages, substantial compensation could be allowed for injury to feelings as in the action of slander and libel. 
2.	An injunction, in perhaps a very limited class of cases.”
In other words, suit could be brought to compensate for violations and also a court order to stop the privacy violation is possible.
The US Constitution is the fundamental support for privacy rights in the United States. The first ten amendments to the US Constitution specifically list rights of US citizens.  Amendments related to privacy include:
First – right to free speech and thought (privacy of speech and thought)
Third – right to not have troops quartered in private homes in peacetime (privacy in the home)
Fourth – right to not be subject to unreasonable search and seizure (privacy in the home)
Ninth – the declaration that there are other possible rights that people retain which certified that rights not specifically enumerated in the amendments did not preclude their existence.  (Glenn, 2003)
Most of these rights have a long history in common law and are based in legal philosophical roots including Locke who believed in life, liberty, and property. The Declaration of Independence suggested that our “unalienable rights” are life, liberty, and the pursuit of happiness. The US Constitution solidified these common law rights and legal interpretations, starting with Warren and Brandeis, have solidified privacy rights.
As a sample assignment related to exploring the history of privacy rights a review of Warren and Brandeis is suggested.
Assignment 1 – Privacy rights
Review the six principles found in the Warren and Brandeis privacy article and relate each to a modern day privacy issue. Suggest how Warren and Brandeis might view the issue. Be prepared to defend your comments in an active class discussion.
Suggested reading: see Warren and Brandeis (1890)
6.  US PRIVACY GUIDELINES AND
FAIR INFORMATION PRACTICES
Despite the strong theoretical and Constitutional support for privacy, actual laws and regulations in the United States are somewhat limited. The major areas where privacy regulations exist are in electronic commerce, consumer credit, drivers’ records, health records, and financial institutions.
In electronic commerce, the Federal Trade Commission has developed five fair information practices which are designed to protect users from inappropriate collection and use of their personal data. The five fair information practices are:
“(1)	Notice - data collectors must disclose their information practices before collecting personal information from consumers;
(2)	Choice - consumers must be given options with respect to whether and how personal information collected from them may be used for purposes beyond those for which the information was provided;
(3)	Access - consumers should be able to view and contest the accuracy and completeness of data collected about them; and
(4)	Security - data collectors must take reasonable steps to assure that information collected from consumers is accurate and secure from unauthorized use.” (Federal Trade Commission, 2000)
It also identified “Enforcement - the use of a reliable mechanism to impose sanctions for noncompliance with these Fair Information Practices” as a critical ingredient in any governmental or self-regulatory program to ensure privacy online. (Federal Trade Commission, 2000)
Though this list is relatively comprehensive, the requirements are self-regulatory. There is no requirement on the part of industry to comply with these regulations. As a result the protection of individual privacy in electronic commerce is limited. Most of the largest companies in the United States do not follow the five fair information practices of the FTC. In fact, only 16 percent of the US Fortune 50 companies have incorporated all five of the FTC fair information practice principles in their privacy policies (Peslak, 2005, b).
Assignment 2 - Privacy policies
Examine a major company’s privacy policy from their website.
Answer the following questions: Was it available as a direct link off the website? Did you understand it? Does it follow the Fair Information Practices of the FTC? How do you think it can be improved?
Suggested reading: see (Peslak, 2005, b)
7.  US PRIVACY LAWS
There are some limited areas where legislation has been enacted in the United States to protect US citizens’ privacy of personal information in an electronic age. The Fair Credit Reporting Act of 1970 and The Accurate Credit Transaction Act of 2003 provide protection for consumer credit reports. The 1994 Drivers Protection Act safeguards personal records of automobile drivers. The Health Insurance Portability Act of 1996 protects privacy of medical records. The Gramm-Leach-Billey Act of 1999 safeguards use of personal information by financial institutions (Swartz, 2005).  The suggested readings for this area are included in the assignment detail.
Assignment 3 – US Privacy laws
Review a major privacy law from the list below. Summarize the salient components of the law and determine how the law extends, limits, or clarifies established privacy rights.
Sources: Health Insurance Portability Act of 1996 (HIPPA) US Department of Health and Human Services http://www.hhs.gov /ocr/hipaa/consumer_summary.pdf
General overview of health information privacy follows in many ways the fair information practices of the FTC for electronic commerce.
Much more information is available at http://www.hhs.gov/ocr/hipaa/
Consumer credit - “It is the purpose of this title to require that consumer reporting agencies adopt reasonable procedures for meeting the needs of commerce for consumer credit, personnel, insurance, and other information in a manner which is fair and equitable to the consumer, with regard to the confidentiality, accuracy, relevancy, and proper utilization of such information in accordance with the requirements of this title.”  (The Fair Credit Reporting Act, 2004).
Full report at: http://www.ftc.gov/os /statutes/031224fcra.pdf
Drivers’ records – “ Except as provided in subsection (b), a State department of motor vehicles, and any officer, employee, or contractor, thereof, shall not knowingly disclose or otherwise make available to any person or entity personal information about any individual obtained by the department in connection with a motor vehicle record.” (Drivers Privacy Protection Act, 1994) Full report at http://www .accessreports.com/statutes/DPPA1.htm
Financial institutions – There are detailed rules and regulations on disclosure of information by financial institutions. Full details are at: http://banking.senate.gov /conf/grmleach.htm
Good source for general privacy information and sources for exploration is: http://www.consumerprivacyguide.org/
8.  INTERNATIONAL
PRIVACY RIGHTS AND LAWS
Privacy rights and laws in the US are not necessarily the same throughout the world.
The United Nations codified the fundamental human right of privacy in 1948 within their Universal Declaration of Human Rights.  Human privacy is included in several articles of the declaration.  A listing of the articles is shown in Table 1.
Table 1 UN Declaration of Rights
Related to Privacy
UN Article
Article 12.
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Article 3.
Everyone has the right to life, liberty and security of person.
Article 9.
No one shall be subjected to arbitrary arrest, detention or exile.
Article 13.
(1) Everyone has the right to freedom of movement and residence within the borders of each state.
(2) Everyone has the right to leave any country, including his own, and to return to his country.
Article 18.
Everyone has the right to freedom of thought, conscience and religion; this right includes freedom to change his religion or belief, and freedom, either alone or in community with others and in public or private, to manifest his religion or belief in teaching, practice, worship and observance.
Article 19.
Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.
Article 20.
(1) Everyone has the right to freedom of peaceful assembly and association.
(2) No one may be compelled to belong to an association.
Article 29.
(2) In the exercise of his rights and freedoms, everyone shall be subject only to such limitations as are determined by law solely for the purpose of securing due recognition and respect for the rights and freedoms of others and of meeting the just requirements of morality, public order and the general welfare in a democratic society.
(United Nations General Assembly, 1948)
A European Union (EU) regulation regulates data privacy with the EU. The European Union’s “REGULATION (EC) No 45/2001 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data” strongly regulates the collection and use of personal data. The Constitution of the European Union clearly provides for privacy of personal data. Article 3 section 3 states: “Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. Compliance with these rules shall be subject to control by an independent authority” (“The Europe,” 2002).
The Treaty of the European Union and the Charter of Fundamental Rights of the European Union contain detailed privacy provisions. Article 8 of the Treaty of the European Union states:
“Everyone has the right to respect for his private and family life, his home and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.” (European Communities, 2004). Article 8 of the Charter of Fundamental Rights of the European Union states:
“Protection of personal data:
1.	Everyone has the right to the protection of personal data concerning him or her.
2.	Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis lay down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3.	Compliance with these rules shall be subject to control by an independent authority.” (“Charter of Fundamental Rights”, 2000)
A detailed review of many countries privacy policies is available through the following website: http://www.privacyinternational .org/survey/phr2003/countries/
Assignment 4 – International privacy regulations
Select a country from the list found at Privacy International and review its privacy rights. Prepare a brief summary of the history of the country’s privacy rights. http:// www.privacyinternational.org/survey /phr2003/countries/
9.  EMERGING PRIVACY ISSUES
Finally, the last section of this privacy primer deals with the concept of emerging privacy issues. Just as photography ushered in a new era of privacy threats, technology is advancing so rapidly that new threats to the fundamental guarantees of personal privacy are created at a rapidly increasing pace. Ogburn’s cultural lag theory (Marshall, 1999) suggests that technology outpaces the ethical framework to deal with the issues created by the technology.
A significant portion of the class can be used to explore the ethical issues associated with these new technologies. An example of one such technology is radio frequency identification or RFID.
“Radio frequency identification is a technology that allows every manufactured item in the world to be uniquely identified.  Generally, it is an inexpensive passive electronic device that allows for the transmission of a distinctive signal from any product or artifact in which it is embedded or attached.”  (Peslak, 2005, a). The privacy challenges of RFID are presented in Table 2.
Table 2 RFID Privacy Issues
Peslak (2005, a)
Scenario 
Privacy Issues
Pre-sale
* Monitoring of items being examined
* Tracking of items being modeled
During sale
* Permanent record of item purchased
* Coordination of current item purchased with other past purchases
* Sales and item transaction information shared with internal or external entities
* Sales and item transaction information shared with government or taxing bodies
Post-sale
* Physical tracking of personal items purchased anywhere, anytime
* Reading of tags in external environments allowing for “custom marketing” 
* Tracking of personal movement via RFID tag readers
Assignment 5 –
Emerging privacy issues
Provide a summary of an emerging technology which poses an increased privacy threat. Develop a report on the threat and how it can be addressed. Support from popular and/or scholarly publications.
10.  CONCLUSION
According to a national poll, privacy is the most important issue for 90% of Internet users (Ulsch, 2000). And yet there is little in the way of concise curriculum content that can be used to support instruction in this most important issue. This article has been an attempt to provide suggested background and content to cover the area of information privacy in a limited time frame in a single or series of information technology classes. The pedagogical approach to achieve content objectives is to provide basic background, selected readings, and specific hands-on research exercises to follow the basic pattern of hear, know, do, and synthesize as suggested by Bloom’s educational taxonomy. The content reviews foundations for privacy rights and allows exploration of relevance to today’s issues. The next step is a review of specific information privacy guidelines, regulations and laws as they have been enacted in the United States. A review of current Internet privacy policies reinforces understanding of the current state of US privacy implementations. Finally, international regulations and laws are covered through review of European Union actions as well as independent exploration of global privacy statuses. Overall, a comprehensive review of privacy is incorporated into a relatively compact series of lessons. Since the arena of privacy rights remains in a state of evolution, some of this content may need to be modified to stay current. But this outline provides a workable framework to include the IS Model Curriculum proposal, as well as the practical need, for privacy and ethics content into a series of information systems, sciences and/or technology programs. Limited use of this framework has been performed by the author and feedback and empirical data are being to collected to measure the success of this approach. The author welcomes cooperative exchanges to refine and advance this course content.
11.  REFERENCES
“Charter of Fundamental Rights of the European Union” (2000) Official Journal of the European Communities.  Available at:  http://europa.eu.int/eur-lex/pri/en/oj/dat /2000/c_364/c_36420001218en00010022.pdf
Crews, T. (2004) “Telecommunications Course Content: Input from Information Technology Professionals.” Journal of Information Systems Education, 15 (4), pp. 417-425.
“Drivers Privacy Protection Act.” (1994) Available at:  http://www.accessreports .com/statutes/DPPA1.htm
European Communities (2004) “Treaty on the European Union.”  Available at: http://europa.eu.int/comm/internal_market/privacy/law/treaty_en.htm
Federal Trade Commission (2000) “Privacy Online:  Fair Information Practices in the Electronic Marketplace, A Report to Congress.”  Available at: http://www.Federal TradeCommission.gov/reports /privacy2000/privacy2000.pdf
Glenn, R. (2003) The Right to Privacy: Rights and Liberties under the Law. ABC- CLIO, Santa Barbara, CA.
Gorgone, J., G. Davis, J. Valacich, T. Heikki, D. Feinstein, H. Longenecker, Jr. (2002). “IS 2002 Model Curriculum and Guidelines for Undergraduate Degree Programs in Information Systems.” Available at: http:// www.acm.org/education/is2002.pdf
Kim, H., Y. Han, S. Kim, and M. Choi (2005) “A Curriculum Design for E-commerce Security.” Journal of Information Systems Education, 16 (1), pp. 55-64
Kroger, D. and M. Sena (2002) “An MBA Course in Ethics, Security, and Privacy.”  Proceedings of ISECON 2002, 19, §254a.
Marshall, K. (1999) “Has Technology Introduced New Ethical Problems?” Journal of Business Ethics, 19, pp. 81-90.
Mason, R. (1986) “Four Ethical Issues of the Information Age.” MIS Quarterly 10(1), pp. 5-12.
Peslak, A.  (2005, a) “An Ethical Exploration of Privacy and Radio Frequency Identification.” Journal of Business Ethics, 59 (4), pp. 327-346.
Peslak, A. (2005, b). “Privacy Policies:  A Framework and Survey of the Fortune 50.” Information Resources Management Journal, 18 (1), pp. 29-41.
“REGULATION (EC) No 45/2001 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 18 December2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.” (2000) Official Journal of the European Communities  Available at : http://europa.eu.int/eur-lex/pri/en/oj/dat/2001/l_008/l_00820010112en00010022.pdf
Settle, A., A. Berthiaume, E. Lulis, and A. Mirza (2003) “Informed Discussion in Information Technology Survey Courses.” Information Systems Education Journal, 1 (6). Available at: http://isedj.org/1/6/
Shaw, T. (2003) “The Moral Intensity of Privacy: An Empirical Study of Webmasters’ Attitudes.” Journal of Business Ethics. 46, pp. 301-318.
Stevens, K. and  R. Jamieson (2002) “A Popular Postgraduate Information Systems Security Course.” Journal of Information Systems Education. 13, (3), pp. 219-225.
Stone, E., D. Gardner, H. Gueutal, and S. McClure (1983) “A Field Experiment Comparing Information-Privacy Values, Beliefs, and Attitudes Across Several Types of Organizations.” Journal of Applied Psychology, 68(3), pp. 459-468.
Swartz, N. (2005) “Database Debacles.”  Information Management Journal, 39, pp. 20-23.
“The Europe We Need: Constitution of the European Union.” (2002) Available at: http://www.theepc.be/PDF/Basictreaty.pdf
“The Fair Credit Reporting Act.” (2004) Available at: http://www.ftc.gov/os /statutes/031224fcra.pdf
Ulsch, M. (2000) “EC Does It - The Perils of Privacy.”  Available at: http://www .pwcglobal.com/extweb/indissue.nsf/DocID/BD2CC40FF6E508648525696900530CEF
United Nations General Assembly (1948) “Universal Declaration of Human Rights.” Available at: http://www.un.org/Overview /rights.html
University of Victoria (2003) “Bloom’s Taxonomy.” Available at: http://www.coun .uvic.ca/learn/program/hndouts/bloom.html
Warren S. and L. Brandeis (1890) “The Right to Privacy.” Originally published in Harvard Law Review, 4(5).  Available at: http://www.lawrence.edu/fast/boardmaw/Privacy_brand_warr2.html
Weiss, T. (2005) “Scope of bank data theft grows to 676,000 customers.” Computerworld, Available at: http://www .computerworld.com/securitytopics/security/cybercrime/story/0,10801,101903,00.html