On the Internet, obscure information has a minimal risk of being discovered or understood by unintended recipients. Empirical research demonstrates that Internet users rely on obscurity perhaps more than anything else to protect their privacy. Yet, online obscurity has been largely ignored by courts and lawmakers. In this Article, we argue that obscurity is a critical component of online privacy, but it has not been embraced by courts and lawmakers because it has never been adequately defined or conceptualized. This lack of definition has resulted in the concept of online obscurity being too insubstantial to serve as a helpful guide in privacy disputes. In its place, courts and lawmakers have generally found that the unfettered ability of any hypothetical individual to find and access information on the Internet renders that information public, and therefore ineligible for privacy protection. Drawing from multiple disciplines, this Article develops a more focused, clear, and workable definition of online obscurity: information is obscure online if it lacks one or more key factors that are essential to discovery or comprehension. We have identified four of these factors: (1) search visibility, (2) unprotected access, (3) identification, and (4) clarity. This framework could be applied as an analytical tool or as part of an obligation. Viewing obscurity as a continuum could help courts and lawmakers determine if information is eligible for privacy protections. Obscurity could also serve as a compromise protective remedy: instead of forcing websites to remove sensitive information, courts could mandate some form of obscurity. Finally, obscurity could form part of an agreement where Internet users bound to a "duty to maintain obscurity" would be allowed to further disclose information so long as they kept the information generally as obscure as they received it.
Full PDF available here.