Bankruptcy law does not deal well with website promises to protect personal information. The legal treatment of privacy policies in bankruptcy currently turns on whether such policies are viewed as creating contract rights or property rights. Neither characterization fits well, and any attempt to shoehorn information privacy into either category has significant costs. Contract obligations are subject to discharge in bankruptcy, and any consumer expectations of privacy (contractual or otherwise) are likely to be defeated. By contrast, if personal information is deemed property of the website customer, information transfers that might benefit consumers will be stifled. This Article develops an approach, based on "muddy property rights," that has the potential to strike an appropriate balance between these two extremes. The property /contract distinction within bankruptcy law mirrors a broader discussion in the legal academy, begun by Calabresi and Melamed, about the proper domain of property and liability. The debate among privacy scholars about data privacy similarly tracks the Calabresian divide. Larry Lessig favors propertization of personal information, while other privacy advocates, such as Marc Rotenberg and Jessica Litman, oppose Lessig's proposal because they believe commodifying personal information will ultimately be destructive rather than protective of privacy. All three misunderstand the effect of property on privacy: Lessig ex ante, and Rotenberg and Litman ex post. Lessig's focus on remedy (following both Calabresi and Coase) assumes that the content of the substantive right to information privacy is irrelevant, because an efficient allocation of rights will ultimately be reached, one way or another, by private negotiation. However, contractual negotiation is not always an efficient mechanism for allocating entitlements. Adhesion, information asymmetries, and coordination problems raise thorny issues where e-commerce transactions are concerned. In these transactions, one cannot rely on private negotiation or markets to generate the appropriate terms for data sharing. Rotenberg and Litman, by contrast, ignore the fact that without the status of "property," information privacy norms will go entirely unenforced in bankruptcy. By focusing on remedy, the information privacy literature has failed to explore the interaction between substantive rights (which can be crystalline or muddy), and remedies (which can be based in property or liability). I argue that "muddy property rights" based on fair information practices point the way toward a more nuanced approach to the interaction between right and remedy. As I have discussed in earlier work, muddy rules serve a dual function: (1) they deter troubling transactions; and (2) they force contracting parties, ex ante, to recognize that they might have to justify their contractual terms ex post. In the information privacy context, however, muddy entitlements, and muddy property rights in particular, could serve a third purpose. They would force information into the legal system about norm-related behavior, and allow judges and the judiciary to enforce and articulate privacy norms through the incremental development of common law rules. In short, if privacy norms for e-commerce transactions are to be enforced in bankruptcy, they need to be protected by property rights, and if they are to be generated by public dialogue and public processes, those property rights should be muddy.