With stored instant messages at the center of Washington’s two hottest scandals, many Internet users are rightly asking questions about the privacy of the medium, which is designed to encourage candid, unguarded interactions.

In the case of disgraced former Congressman Mark Foley, a string of stored instant messages were the smoking gun that revealed his improper dealings with congressional pages. In the Hewlett Packard “pretexting” case, the company is alleged to have logged the outgoing messages of its employees under the auspices of tracking down press leaks. Both incidents have heightened the focus on instant messaging.

Although we have no polling data to support this assumption, it’s probably fair to say that, because of the conversational nature of IM, the majority of ordinary users don’t spend much time pondering what happens to their past messages when they close their chat windows. What many people don’t know is that either party in a chat can easily log entire IM conversations without informing the other party in the chat. Some instant-messaging software even logs conversations automatically.

When composing an email message, most people think twice (or at least once) before clicking the send button. We know that those messages are likely to be stored, and that a poor choice of words or a sensitive tidbit of information may come back to hurt us. Now people around the country are asking themselves whether they should be taking the same sort of precautions with their instant messaging.

This new scrutiny is probably a good thing. Users should research the logging capacities and procedures of the instant messaging software they use. Companies that provide instant messaging clients should provide clear disclosures about their software’s default behavior, including information about what is collected and how long it is stored. IM client developers should also seriously consider following the lead of some of their competitors by making automatic storage a user choice rather than the default and adding “off the record” buttons to stop automatic storage in some cases.

Our February 2006 paper Digital Search & Seizure provides some good background on the privacy issues that can arise from stored Internet communications.

If one small good can come out of two troubling ethical breaches, a renewed focus on the privacy of Internet communications is not a bad place to start.

After a weekend of disturbing revelations and recriminations, there appears to be an emerging consensus in Washington as to who is responsible for the scandal involving former Congressman Mark Foley and underage Congressional pages. In the last 72 hours, there have been a number of suspects: the Congressman of course; the House Republican leadership charged with ignoring mounting evidence, the page program itself, and of course the Democrats who have been accuses of leaking the story. But by yesterday morning the true culprit had been unmasked: the Internet.

In true Washington style, the Foley scandal produced a stampede among lawmakers to the podium — not to announce reform of the House Page Program or the long broken ethics process, but rather to propose new laws aimed at the Internet. Yesterday’s edition of National Journal’s Tech Daily quotes one Internet safety advocate who said she was “deluged” with phone calls from Congressional staffers seeking information to bolster the need for new laws.

Lawmakers and advocates rushed to characterize the Foley incident as an instance of Internet predation (sweeping aside the obvious fact that the relationships began in the physical world, under the less than watchful eye of Congress) and many have called for a new law to stop online sexual “grooming” of young people, ambiguously described as the act of befriending a minor online with the intention of eventually introducing sexual activity, a proposal fraught with constitutional dangers.

Others have zeroed in on the fact that instant messages are not retained by Internet Service Providers in the ordinary course, threatening to broaden the already troubling push in Congress to impose mandatory data retention to the content of communications.

With an election coming up, we can expect members of Congress to churn out new proposals that threaten free expression and privacy on the Internet until the last vote is counted. And we can only hope that the lame duck session that follows will take a more cautious approach.

Last week, the U.S. Government renewed the deal under which the nonprofit, non-governmental Internet Corporation for Assigned Names and Numbers (ICANN) oversees the Internet’s global addressing system. The three-year Joint Project Agreement calls for ICANN to work toward establishing the openness and accountability necessary to stand on its own as the sole operator of the Domain Name System (DNS). But for the next three years at least, the U.S. Government will continue to have the final say over changes ICANN makes to DNS.

Although we’re still reviewing the details of the agreement, this looks like the right decision. In recent years the U.S. Government’s unique role in Internet governance has become a sore spot for members of the international community who feel that the United States exerts too much control over Internet communication. But while these concerns are valid, the realistic alternatives to the U.S. Government retaining its special role in ICANN are neither viable nor appealing.

Very few people in the Internet community believe that ICANN is ready to stand on its own, without any governmental ties. Too many questions remain about the organization’s ability to maintain a transparent, accountable and properly representative decision-making process. The other major alternative that’s been presented is for the U.S. Government’s role to be transferred to a multi-governmental body such as the International Telecommunications Union (ITU). This is troubling also. While U.S. Government involvement is suboptimal, we don’t think the answer is more government. We detailed our concerns and recommendations in comments to the NTIA submitted earlier this year.

The key now will be working actively to address the issues limiting ICANN from standing on its own. In the meantime the U.S. Government would do well to build on the admirable restraint it has shown as ICANN’s steward by reducing to whatever extent possible its role in the Internet governance process.