Subject: RISKS DIGEST 14.21 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Thurs 31 December 1992 Volume 14 : Issue 21 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: 3rd Conference on Computers, Freedom and Privacy (Bruce R Koball) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@cv.vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Thu, 31 Dec 1992 00:21:00 -0800 From: Bruce R Koball Subject: Third Conference on Computers, Freedom and Privacy -- CFP'93 The Third Conference on Computers, Freedom and Privacy -- CFP'93 9-12 March 1993, San Francisco Airport Marriott Hotel, Burlingame, CA Sponsored by: Association for Computing Machinery, Special Interest Groups on: Communications (SIGCOMM) Computers and Society (SIGCAS) Security, Audit and Control (SIGSAC) Co-Sponsors and Cooperating Organizations: American Civil Liberties Union American Library Association Asociacion de Technicos de Informatica Commission for Liberties and Informatics Computer Professionals for Social Responsibility Electronic Frontier Foundation Freedom to Read Foundation IEEE Computer Society IEEE-USA Committee on Communications and Information Policy Internet Society Library and Information Technology Association Privacy International USD Center for Public Interest Law U.S. Privacy Council The WELL (Whole Earth 'Lectronic Link) Patrons and Supporters (as of 24 December 1992): American Express Corp. Apple Computer, Inc. Dun & Bradstreet Corp. Equifax, Inc. Information Resource Service Company Mead Data Central, Inc. National Science Foundation (pending) RSA Data Security, Inc. CFP'93 Electronic Brochure 1.1 SCOPE: The advance of computer and telecommunications technologies holds great promise for individuals and society. From convenience for consumers and efficiency in commerce to improved public health and safety and increased participation in democratic institutions, these technologies can fundamentally transform our lives. At the same time these technologies pose threats to the ideals of a free and open society. Personal privacy is increasingly at risk from invasion by high-tech surveillance and eavesdropping. The myriad databases containing personal information maintained in the public and private sectors expose private life to constant scrutiny. Technological advances also enable new forms of illegal activity, posing new problems for legal and law enforcement officials and challenging the very definitions of crime and civil liberties. But technologies used to combat these crimes can pose new threats to freedom and privacy. Even such fundamental notions as speech, assembly and property are being transformed by these technologies, throwing into question the basic Constitutional protections that have guarded them. Similarly, information knows no borders; as the scope of economies becomes global and as networked communities transcend international boundaries, ways must be found to reconcile competing political, social and economic interests in the digital domain. The Third Conference on Computers, Freedom and Privacy will assemble experts, advocates and interested people from a broad spectrum of disciplines and backgrounds in a balanced public forum to address the impact of computer and telecommunications technologies on freedom and privacy in society. Participants will include people from the fields of computer science, law, business, research, information, library science, health, public policy, government, law enforcement, public advocacy and many others. General Chair ------------- Bruce R. Koball, CFP'93, 2210 Sixth Street, Berkeley, CA 94710 510-845-1350 (voice) 510-845-3946 (fax) bkoball@well.sf.ca.us Steering Committee ------------------ John Baker Mitch Ratcliffe Equifax MacWeek Magazine Mary J. Culnan Peter G. Neumann Georgetown University SRI International Dorothy Denning David D. Redell Georgetown University DEC Systems Research Center Les Earnest Marc Rotenberg GeoGroup, Inc. Computer Professionals for Social Responsibility Mike Godwin Electronic Frontier Foundation C. James Schmidt San Jose State University Janlori Goldman American Civil Liberties Union Barbara Simons IBM Mark Graham Pandora Systems Lee Tien Attorney Lance J. Hoffman George Washington University George Trubow John Marshall Law School Donald G. Ingraham Office of the District Attorney Willis Ware Alameda County, CA Rand Corp. John McMullen Jim Warren NewsBytes MicroTimes & Autodesk, Inc. Simona Nass Student - Cardozo Law School Affiliations are listed for identification only. Pre-Conference Tutorials: On Tuesday 9 March, the day before the formal conference begins, CFP'93 is offering a number of in-depth tutorials on a wide variety of subjects on four parallel tracks. These presentations will range from interesting and informative to thought-provoking and controversial. The tutorials are available at a nominal additional registration cost. Conference Reception: Following the Tutorials on Tuesday evening, you are invited to meet new and old friends and colleagues at an opening reception. Single Track Main Program: The technological revolution that is driving change in our society has many facets and we are often unaware of the way they all fit together, especially the parts that lie outside of our own expertise and interest. The primary goal of CFP'93 is to bring together individuals from disparate disciplines and backgrounds, and engage them in a balanced discussion of all CFP issues. To this end our main program, starting on Wednesday 10 March, is on a single track enabling our attendees to take part in all sessions. Registration is Limited: CFP'93 registration will be limited to 550 attendees, so we advise you to register as early as possible and take advantage of the early registration discounts. Luncheons and Banquets: A key component of the CFP conferences has been the interaction between the diverse communities that constitute our attendees. To promote this interaction CFP'93 is providing three luncheons and evening two banquets with the cost of conference registration. EFF Pioneer Awards All conference attendees are invited to the Awards Reception sponsored by the Electronic Frontier Foundation (EFF) on Wednesday evening, 10 March. These, the second annual EFF Pioneer Awards, will be given to individuals and organizations that have made distinguished contributions to the human and technological realms touched by computer-based communications. Birds of a Feather Sessions: CFP'93 will provide a limited number of meeting rooms to interested individuals for special Birds of a Feather sessions after the formal program each evening. These sessions will provide an opportunity for special interest discussions that were not included in the formal program and will be listed in the conference materials. For further information contact CFP'93 BoF Chair: C. James Schmidt, University Librarian San Jose State University, One Washington Square San Jose, CA 95192-0028 schmidtc@sjsuvm1.sjsu.edu voice 408-924-2700 voice mail 408-924-2966 ==== CFP'93 Featured Speakers: Nicholas Johnson Nicholas Johnson was appointed head of the Federal Communications Commission by President Johnson in 1966, serving a seven year term. In his role as commissioner, he quickly became an outspoken consumer advocate, attacking network abuses and insisting that those who use the frequencies under the FCC license are the public's trustees. He has been a visiting professor of law at the College of Law at the University of Iowa since 1981 and is currently co-director of the Institute for Health, Behavior and Environmental Policy at the University of Ohio. Willis H. Ware Willis H. Ware has devoted his career to all aspects of computer science--hardware, software, architectures, software development, public policy and legislation. He chaired the "HEW committee" whose report was the foundation for the Federal Privacy Act of 1974. President Ford appointed him to the Privacy Protection Study Commission whose report remains the most extensive examination of private sector record-keeping practices. Dr. Ware is a member of the National Academy of Engineering, a Fellow of the Institute of Electronic and Electrical Engineers, and a Fellow of the American Association for Advancement of Science. John Perry Barlow John Perry Barlow is a retired Wyoming cattle rancher, a lyricist for the Grateful Dead, and a co-founder of the Electronic Frontier Foundation. He graduated from Wesleyan University with an honors degree in comparative religion. He writes and lectures on subjects relating to digital technology and society, and is a contributing editor of numerous publications, including Communications of the ACM, NeXTworld, MicroTimes, and Mondo 2000. Cliff Stoll Cliff Stoll is best known for tracking a computer intruder across the international networks in 1987; he told this story in his book, "The Cuckoo's Egg" and on a Nova television production. He is less known for having a PhD in planetary science, piecing quilts, making plum jam, and squeezing lumps of bituminous coal into diamonds. ==== CFP'93 Tutorials: Tuesday 9 March - Morning Tutorials Information Use in the Private Sector Jack Reed, Information Resource Service Company Diane Terry, TransUnion Corp. Dan Jones, D.Y. Jones & Assoc. This tutorial will deal with the use of personal information from the point of view of some private sector information vendors and users. It will include a discussion of the Fair Credit Reporting Act and the "Permissible Purposes" for obtaining a consumer credit report. Information used for purposes outside the FCRA will be discussed in relationship to privacy and societal needs for businesses and individuals. Access to Government Information: James Love, Director, Taxpayer Assets Project The tutorial will examine a wide range of problems concerning citizen access to government information, including how to ask for and receive information under the federal Freedom of Information Act, what types of information government agencies store on computers, what the barriers are to citizen access to these information resources, and how citizens can change government information policy to expand access to taxpayer- funded information resources. Exploring the Internet -- a guided journey Mark Graham, Pandora Systems Tim Pozar, Late Night Software This tutorial will give participants a practical introduction to the most popular and powerful applications available via the world's largest computer network, the Internet. There will be hands-on demonstrations of communications tools such as e-mail, conferencing, Internet Relay Chat, and resource discovery and navigation aids such as Gopher, WAIS, Archie and World Wide Web. Extensive documentation will be provided. Constitutional Law for Non-lawyers (1/2 session): Mike Godwin, Staff Counsel, Electronic Frontier Foundation This tutorial is designed to inform non-lawyers about the Constitutional issues that underlie computer-crime and computer civil-liberties cases. The tutorial focuses on the First and Fourth Amendments, but includes a discussion of the Fifth Amendment and its possible connection to the compelled disclosure of cryptographic keys. It also includes a discussion of the appropriateness of "original intent" as a method for applying the Constitution in the modern era. Civil Liberties Implications of Computer Searches & Seizures (1/2 ses.): Mike Godwin, Staff Counsel, Electronic Frontier Foundation This tutorial assumes only a very basic knowledge of Constitutional law (the prior tutorial provides an adequate background), and outlines how searches and seizures of computers may raise issues of First and Fourth Amendment rights, as well as of federal statutory protections. It includes a discussion of what proper search-and-seizure techniques in such cases may be. Tuesday 9 March - Afternoon Tutorials Practical Data Inferencing: What we THINK we know about you. Russell L. Brand, Senior Computer Scientist, Reasoning Systems What do your transaction trails reveal about you? Are you a good risk to insure? Are you worth kidnapping, auditing or suing? Which products should I target at you? Are you a member of one of those groups that I would want to harass or discriminate against? This tutorial will be a hands-on approach to digging for data and to piecing it back together. Time will be divided between malicious personal invasions and sweeping searches that seek only profit, followed by a brief discussion about improper inferences and their practical impact on innocent files and lives. Legal and moral issues will not be addressed. Telecommunications Fraud Donald P. Delaney, Senior Investigator, New York State Police Illegal call sell operations in New York City are estimated to be a billion dollar industry. This tutorial will provide an overview of the problem, from finger hacking to pay phone enterprises, and will include an up-to-date assessment of the computer cracker/hacker/phone phreak impact on telephone company customer losses. Also discussed will be unlawful access of telephone company switches; unlawful wiretapping and monitoring; cards, codes and 950 numbers; New York State law and police enforcement; methods of investigation and case studies. Private Sector Marketplace and Workplace Privacy Ernest A. Kallman, Bentley College, H. Jeff Smith, Georgetown University This tutorial will give participants a general overview of privacy issues affecting uses of personal information (e.g., medical information, financial information, purchase histories) in the marketplace as well as privacy concerns in the workplace (e.g., privacy of electronic and voice mail, work monitoring). The tutorial will also set the boundaries for privacy arguments in the middle and latter 1990s. SysLaw Lance Rose, Attorney and Author "SysLaw" The SysLaw tutorial session will explore in depth the freedom and privacy issues encountered by computer bulletin boards (BBS), their system operators and their users. BBSs are estimated to number over 45,000 today (not counting corporate systems), and range from small, spare-time hobby systems to systems with thousands of users, grossing millions of dollars. BBSs are a grassroots movement with an entry cost of $1,000 or less, and the primary vehicles for new forms of electronic communities and services. Subjects covered will include: First Amendment protection for the BBS as publisher/distributor; data freedom and property rights on the BBS; how far can sysops control BBS user activities?; and user privacy on BBSs today. Note: Tutorial presenters will offer expert opinions and information. Some may advocate particular viewpoints and thus may put their own "spin" on the issues. Caveat Listener. ==== CFP'93 Main Program Sessions: Wednesday 10 March Electronic Democracy Chair - Jim Warren, MicroTimes and Autodesk, Inc. The effects of computer and telecommunications technologies on democratic processes and institutions are increasing dramatically. This session will explore their impacts on political organizing, campaigning, access to representatives and agencies, and access to government information that is essential for a free press and an informed electorate. Electronic Voting -- Threats to Democracy Chair - Rebecca Mercuri, University of Pennsylvania This panel session will invite representatives covering a broad spectrum of involvement with the controversial subject of electronic vote tallying to address such issues as: Is a secure and reliable electronic voting system feasible? What threats to these systems are identifiable? Should electronic voting systems be open for thorough examination? Can auditability be assured in an anonymous ballot setting? Can voting by phone be practical and confidential? Did Congress exempt voting machines from the Computer Security Act? Censorship and Free Speech on the Networks Chair - Barbara Simons, IBM As online forums become increasingly pervasive, the notion of "community standards" becomes harder to pin down. Networks and BBSs will link--or create--diverse, non-geographic communities with differing standards, laws, customs and mores. What may be frank discussion in one forum may be obscenity or defamation or sexual harassment in another. This session will explore the questions of what kinds of freedom-of-speech problems face us on the Net and what kinds of legal and social solutions we need. Portrait of the Artist on the Net Chair - Anna Couey, Arts Wire Computer forums and networks make possible both new artforms and new ways of remote collaboration and exhibition. The growth of the Net creates opportunities for the blossoming of dynamic and interactive artforms and of artistic cultures -- provided that networks become widely accessible and remain open to artistic expression without political interference. This session will examine the potentials and the problems of art and artists on the Net. Thursday 11 March Digital Telephony and Crypto Policy Chair - John Podesta, Podesta and Associates The increasingly digital nature of telecommunications potentially threatens the ability of law enforcement agencies to intercept them when legally authorized to do so. In addition, the potential widespread use of cryptography may render the ability to intercept a communication moot. This session will examine these issues and the proposals that have been put before Congress by law enforcement agencies to address these perceived problems. Health Records and Confidentiality Chair - Janlori Goldman, American Civil Liberties Union As the new Administration and Congress consider proposals to reform the United States health care system, it is imperative that confidentiality and security safeguards be put in place to protect personal information. Currently, no comprehensive legislation exists on the confidentiality of health information. This session will explore the current and potential uses of health care information, and proposals to safeguard the information. The Many Faces of Privacy Chair - Willis Ware, Rand Corp. Privacy at any cost is foolish, unwise and an untenable position, and privacy at zero cost is a myth. This two-part session will explore the balancing act between the two extremes and the costs and benefits that accrue. The first part will present several examples of systems and applications in the public and private sectors that stake out a position in this continuum. The second part will be a panel discussion exploring the issues raised by the examples previously presented. The Digital Individual Chair - Max Nelson-Kilger, San Jose State University We are all represented by personal records in countless databases. As these records are accumulated, disseminated and coalesced, each of us is shadowed by an ever larger and more detailed data alter-ego, which increasingly stands in for us in many situations without our permission or even awareness. How does this happen? How does it affect us? How will it develop in the future? What can we do? This session will investigate these questions. Friday 12 March Gender Issues in Computing and Telecommunications Chair - Judi Clark, Bay Area Women in Telecommunications Online environments are largely determined by the viewpoints of their users and programmers, still predominantly white men. This panel will discuss issues of freedom and privacy that tend to affect women -- such as access, identity, harassment, pornography and online behavior -- and provide recommendations for gender equity policies to bulletin board operators and system administrators. The Hand That Wields the Gavel Chair - Don Ingraham, Asst. District Attorney, Alameda County, CA An inevitable result of the settlement of Cyberspace is the adaptation of the law to its particular effects. In this session a panel of criminal lawyers addresses the fallout from a hypothetical computer virus on the legal responsibilities of system managers and operators. The format will be a simulated court hearing. Attendees will act as advisory jurors in questioning and in rendering a verdict. The Power, Politics, and Promise of Internetworking Chair- Jerry Berman, Electronic Frontier Foundation This session will explore the development of internetworking infrastructures, domestically and worldwide. How will this infrastructure and its applications be used by the general public? What will the global network look like to the average user from Kansas to Kiev? How will politics, technology and legislation influence the access to, and cost of, the Net? How can the potential of this powerful medium be fully realized? International Data Flow Chair - George Trubow, John Marshall Law School The trans-border flow of information on international computer networks has been a concern for governments and the private sector. In addition to concerns for privacy and data security, the economic and national security implications of this free flow of information among scientists, engineers and researchers around the world are also cause for concern. This session will assemble a number of speakers to compare the various perspectives on the problem. ==== Some of the Speakers in the CFP'93 Main Program: Phillip E. Agre, Department of Communication, University of California, San Diego Jonathan P. Allen, Department of Information and Computer Science, University of California, Irvine Sheri Alpert, Policy Analyst, author: "Medical Records, Privacy, and Health Care Reform" William A. Bayse, Assistant Director, Federal Bureau of Investigation William Behnk, Coordinator, Legislative Information System, State of California Jerry Berman, Acting Executive Director, Electronic Frontier Foundation Paul Bernstein, Attorney Kate Bloch, Hastings College of the Law Richard Civille, Computer Professionals for Social Responsibility Roger Clarke, Reader in Information Systems, Department of Commerce, Australian National University Dorothy Denning, Chair, Computer Science Department, Georgetown University Robert Edgar, Simon and Schuster Technology Group Kathleen Frawley, American Health Information Management Association Emmanuel Gardner, District Manager, Government Affairs, AT&T Mike Godwin, Staff Counsel, Electronic Frontier Foundation Joe Green, University of Minnesota Sarah Grey, computer department, We The People, Brown presidential campaign organization (invited) Will Hill, Bellcore Carl Kadie, co-editor, Computers and Academic Freedom News newsletter Mitch Kapor, Chairman, Electronic Frontier Foundation David Lewis, Deputy Registrar, Department of Motor Vehicles, Commonwealth of Massachusetts James Love, Director, Taxpayers Assets Project Judy Malloy, Associate Editor, Leonardo Electronic News Irwin Mann, Mathematician, New York University David McCown, Attorney Rob Mechaley, Vice President, Technology Development, McCaw Cellular Communications, Inc. Robert Naegele, Granite Creek Technology Inc., Voting Machine Examiner, consultant to NY State Barbara Peterson, Staff Attorney, Joint Committee on Information Technology Resources, Florida Legislature Jack Reed, Chairman, Information Resource Service Company Virginia E. Rezmierski, Assistant for Policy Studies to the Vice Provost for Information Technology, University of Michigan Jack Rickard, Editor, Boardwatch Magazine Randy Ross, American Indian Telecommunications Roy Saltman, National Institute of Standards and Technology Barbara Simons, IBM Robert Ellis Smith, Publisher, Privacy Journal David Sobel, Computer Professionals for Social Responsibility Ross Stapleton, Research Analyst, Central Intelligence Agency Jacob Sullum, Associate Editor, Reason Magazine Mark Trayle, composer Greg Tucker, Coordinator, David Syme Faculty of Business, Monash University, Australia Joan Turek-Brezina, Chair, Health and Human Services Task Force on Privacy of Private-Sector Health Records ==== Registration: Register for the conference by returning the Conference Registration Form along with the appropriate payment. The registration fee includes conference materials, three luncheons (Wednesday, Thursday and Friday), two banquet dinners (Wednesday and Thursday) and evening receptions (Tuesday, Wednesday and Thursday). Payment must accompany registration. Registration Fees are: If mailed by: 7 February 8 March on site Conference Fees: $300 $355 $405 Tutorial Fees: $135 $165 $195 Conference & Tutorial $435 $520 $600 Registration is limited to 550 participants, so register early and save! By Mail: By Fax: (with Check or Credit Card) (with Credit Card only) CFP'93 Registration Send Registration Form 2210 Sixth Street (510) 845-3946 Berkeley, CA 94710 Available 24 hours By Phone: By E-Mail: (with Credit Card only) (with Credit Card only) (510) 845-1350 cfp93@well.sf.a.us 10 am to 5 pm Pacific Time CFP'93 Scholarships: The Third Conference on Computers, Freedom and Privacy (CFP'93) will provide a limited number of full registration scholarships for students and other interested individuals. These scholarships will cover the full costs of registration, including three luncheons, two banquets, and all conference materials. Scholarship recipients will be responsible for their own lodging and travel expenses. Persons wishing to apply for one of these fully-paid registrations should contact CFP'93 Scholarship Chair, John McMullen at: mcmullen@mindvox.phantom.com Hotel Accommodations: The Third Conference on Computers, Freedom and Privacy will be held at the San Francisco Airport Marriott Hotel in Burlingame, CA. This facility is spacious and comfortable, and is easily accessible from the airport and surrounding cities. Because of the intensive nature of the conference, we encourage our attendees to secure their lodging at the conference facility. Special conference rates of $99/night, single or multiple occupancy, are available. Our room block is limited and these conference rates are guaranteed only until 9 February 1993, so we urge you to make your reservations as early as possible. When calling for reservations, please be sure to identify the conference to obtain the conference rate. Hotel Reservations: (415) 692-9100 or (800) 228-9290. Refund Policy: Refund requests received in writing by February 19, 1993 will be honored. A $50 cancellation fee will be applied. No refunds will be made after this date; however, you may send a substitute in your place. ==== Registration Form Name (Please print):__________________________________________________ Title:________________________________________________________________ Affiliation:__________________________________________________________ Mailing Address:______________________________________________________ City, State, Zip:_____________________________________________________ Country:______________________________________________________________ Telephone:_____________________________Fax:___________________________ E-mail:_______________________________________________________________ Privacy Locks: We will not sell, rent, loan, exchange or use this information for any purpose other than official Computers, Freedom and Privacy Conference activities. A printed roster will be distributed to attendees. Please indicate the information you wish to be excluded from the roster: __Print only name, affiliation and phone number __Print name only __Omit all information about me in the roster Registration Fees (please indicate your selections): If mailed by: 7 February 8 March on site Conference Fees: $300__ $355__ $405__ Tutorial Fees $135__ $165__ $195__ Conference & Tutorial $435__ $520__ $600__ If you have registered for the Tutorials, select one from each group: 9:00 AM - 12:00 Noon __Information Use in Private Sector __Constitutional Law for Non-lawyers & Civil-liberties Implications of Computer Searches and Seizures __Access to Government Information __Exploring the Internet 1:30 PM - 4:30 PM __Practical Data Inferencing: What we THINK we know about you. __Telecommunications Fraud __Private Sector Marketplace and Workplace Privacy __SysLaw Payments: Total Amount____________ Please indicate method of payment: __Check (payable to CPF'93) (payment must accompany registration) __VISA __MasterCard Credit card #______________________________Expiration date____________ Name on card__________________________________________________________ Signature_____________________________________________________________ ------------------------------ End of RISKS-FORUM Digest 14.21 ************************