💾 Archived View for spam.works › mirrors › textfiles › politics › cfp1-sum captured on 2023-06-16 at 19:57:03.
-=-=-=-=-=-=-
Date: Mon, 1 Apr 91 22:56:31 EST
[not an April Fool's joke]
From: mercuri@grad1.cis.upenn.edu (Rebecca Mercuri)
Subject: Computers, Freedom, Privacy Trip Report
The following constitutes my trip report for the Computers, Freedom and
Privacy Conference held March 26-28, Airport Marriott Hotel,
Burlingame, California. Although I have made a sincere attempt to
relate the events of the conference in a fair and unbiased manner, the
nature of the material covered entails a certain amount of emotion and
it is difficult, if not impossible, to separate one's own feelings from
the subject matter. I therefore apologize for any inadvertent mistakes,
omissions, or philosophical commentary. Readers are encouraged to send
corrections to me at the email address below. No flames please!
Respectfully submitted, R. T. Mercuri
mercuri@gradient.cis.upenn.edu
No portion of this document may be copied or distributed for commercial
purposes without the prior express written permission of the author.
Non-commercial uses are permitted, but the author and source must be
credited.
Copyright (C) 1991 R. T. Mercuri. All Rights Reserved. [Edited lightly
by PGN and included in RISKS with permission of the author.]
This work was partially supported by the University of Pennsylvania's
Distributed Systems Laboratory as a part of its promotion of the
professional activities of its students. Matching funds were also
provided by Election Watch, a division of the Urban Policy Research
Institute, a non-profit organization.
======================================================================
The First Conference on Computers, Freedom and Privacy was organized
and chaired by Jim Warren, and sponsored by the Computer Professionals
for Social Responsibility (CPSR). Numerous other organizations also
lent their support to the conference, which was attended by
approximately 400 individuals (described by Terry Winograd as ranging
>from the sandals of Silicon Valley to the dark suits of Washington)
covering the fields of law, investigation, programming, engineering,
computer science, hacking, industry, media, academics, government, law
enforcement, and civil rights. The crowd was about 75% male, with very
few minorities in evidence (only ~10% of the speakers were female, and
none were minorities). Attendees formed a veritable who's who of
hacking with key figures such as Captain Crunch, Phiber Optik, Steve
Jackson, Craig Neidorf, and other notables there, some accompanied by
an entourage of defense and prosecuting attorneys. Cliff Stoll and Ted
Nelson (separately) took the opportunity to distribute copies of their
books and give autos. (Cliff was fond of playing with a brightly-
colored yo-yo and writing memos to himself on his hand, Ted appeared to
be creating a video record of the conference by filming each speaker
with a small hand-held camera for a few seconds as each talk began.) A
list of attendees was distributed, providing all information that each
participant marked as "open". The vast majority of participants
provided their name, company, address, phone number and email address.
Some people remarked privately that had they been more aware of the
manner in which such information is currently being used, they likely
would have "closed" more of their own data. (The list was printed in
name-alphabetical order so it was unfortunately possible to derive the
names of individuals who elected not to be listed.)
Jim Warren, who described himself as a self-made multi-millionaire,
entrepreneur, futures columnist, and member of the board of directors
of MicroTimes and Autodesk, Inc., took a severe loss on the conference.
He had estimated break-even at 500 participants, but had only achieved
around 300 paid admissions as most of the media and some staff members
attended for free. To his credit, he organized a fast-paced, well-run
(on-time) conference which allowed many of the key figures in this
field to present their thoughts and ideas. Audio and videotapes, as
well as the conference proceedings (published by Springer-Verlag) will
be available shortly [write to CFP Proceedings, 345 Swett Road,
Woodside, CA 94062]. The conference was preceded by a day of tutorial
sessions, but I was unable to attend those activities.
My major criticism regarding the conference was that the sheer volume
of speakers (over 20 per day) allowed little time for questioning from
the audience. Many of those who were not wearing red speaker's badges
began feeling like second-class citizens whose opinions were neither
wanted nor recognized. If someone managed to obtain a microphone and
used it to make a statement rather than to ask a question, they were
routinely hissed by a large portion of the audience. The unresolved
tension became most obvious on the last day of the conference when,
during the panel discussion on Electronic Speech, Press & Assembly, a
loud altercation broke out in the front of the room. This panel had a
representative from Prodigy Services, but the person who was supposed
to give opposing commentary (apparently regarding the email privacy
issue) had been unable to appear. Certain attendees were prepared to
present their views, but were informed that they would not be permitted
to do so. A private meeting was arranged for those who wished to
discuss the Prodigy matter, but many found this to be unacceptable.
An oft-heard word describing the material revealed during the
conference was "chilling". After the second day of the conference I
became aware of how invasive the monitoring systems have become. As I
returned to my room within the hotel, I realized that my use of the
electronic pass-key system could alert the hotel staff of my entry and
exit times. People could leave messages for me, which would be reported
on my television screen, all of this being recorded in some database
somewhere, possibly not being erased after my departure. My entire
hotel bill, including phone calls and meal charges could also be
displayed on my television screen, along with my name, for anyone to
access (without a password) if they were in my room. Chilling indeed.
Pondering all of this, I left the room, lured to the hotel lobby by the
sound of what I assumed to be a cocktail piano player. When I located
the baby grand piano I realized that, through the high-tech wonders of
Yamaha, no human sat at the keyboard. A sophisticated computerized unit
rendered a seemingly- endless sequence of expertly arranged tunes, with
no requests allowed from the audience. This ghostly image reemphasized,
to me, the silent pervasion of computers into our daily lives, and the
potential erosion of personal freedom and privacy.
Throughout the conference, many problems were posed, few answers were
given. Factions developed --- some people felt we needed more laws,
some people felt we needed fewer laws, some felt that all data
(including program code) should be free and accessible to everyone,
some felt that everything is personal property and should be
specifically released by the owner(s) prior to general use. Certain
people felt that all problems could be resolved by tightly encrypting
everything at all times (the issue of password distribution and
retention was ignored). What was resolved was to form an organization
called the US Privacy Council which "will attempt to build a consensus
on privacy needs, means, and ends, and will push to educate the
industry, legislatures, and citizens about privacy issues." The first
thing this organization did was form a newsgroup, called alt.privacy. I
observed that at least 50 messages were posted to this newsgroup within
the 3 days following the conference, most pertaining to privacy of
emails. This was disappointing, to say the least. Presumably people
will use the mailing list and the newsgroup to disseminate information,
but whether this is merely a duplication of other existing newsgroups
(such as RISKS), and whether the Privacy Council will have any impact
at all, shall be left to be seen.
The conference opened with a comment by Jim Warren that this meeting
could be "the first Constitutional Convention of the new frontier". He
then introduced Harvard Law Professor Lawrence Tribe who used the
analogy of cyberspace to describe some of the problems of a "virtual
constitutional reality". He quoted Eli Noam as saying that "networks
become political entities" and that there could conceivably be "data
havens", private networks much like Swiss bank accounts, which are
virtual governments in themselves. He asserted that a bulletin board
sysop is not a publisher, in the same way that a private bookstore
owner is not a publisher. The individual merely makes the products
available, and has the responsibilities of a seller, not a publisher.
Tribe then went on to delineate five major points. First, there is a
vital difference between governmental (public) and private actions.
Second, ownership is an issue that goes beyond that which may be
technologically feasible. Property encourages productivity. You have a
constitutional right to inhabit your own body. Free speech may be a
luxury we can't afford (like yelling "fire" in a crowded theater, or
viruses roaming the network). Third, the government cannot control
speech as such. Recently it was ruled that answers to very simple
questions (such as your name, age) are considered testimonial, as they
require the use of the human mind. Fourth, the Constitution was founded
on a normative understanding of humanity, and should not be subject to
disproof by science and technology. The words of the 4th Amendment
apply to material things, it defends people, not places. It is the task
of law to inform and project an evolutionary reading of the bill of
rights to new situations. Fifth, Constitutional principles should not
vary with accidents of technology. In conclusion, Tribe proposed an
additional amendment to the constitution which asserted that "this
Constitution's protection for freedom of speech, press,
assembly...shall be construed as fully applicable without regard to the
technological medium used."
The first panel discussion of the conference was titled: Trends in
Computers and Networks. Peter Denning of NASA Ames introduced the panel
by stating that computers are now under attack due to security being
added on as an afterthought. John Quarterman of Texas Internet
Consulting then discussed the manner in which user/host names could be
made more readable (accessable) on the network. Peter Neumann of SRI
overviewed general issues surrounding the authorship of the "Computers
at Risk" book, stating that the group involved with the text was
primarily interested in motivating efforts towards evaluating safe,
secure, reliable systems (and that they only proposed general
guidelines in the text). He warned the listeners "don't wait for the
catastrophe". Neumann also mentioned the issue of disenfranchization of
the poor and lower class who will be unable to access the new
technology, stating that "gaps are getting much bigger". Martin Hellman
of Stanford University discussed cryptography. He stated that the 56
bit DES standard was set not by technology, but instead by economics.
He mentioned a study at Bell Labs that indicated that 70% of all
passwords there could be cracked using a dictionary technique. He
believes that technology will not solve all of our problems, and that
persons who are concerned about social responsibility are not
(necessarily) anti-technical. David Chaum of DigiCash spoke about
informational rights and secure channels with regard to electronic
money transactions. He believes that with an adequately encrypted
system there is no necessity for a central, mutually trusted party. The
problem is in finding a practical encryption protocol, or a
distributed, mutually-trusted tamper-proof box solution. David Farber
of the University of Pennsylvania expressed the view that protection
schemes might not be "retrofittable" and should be part of the
fundamental design of computer architecture, protocols and technology,
rather than being tacked on, but he worried that people may not be
willing to pay for these design features. Farber also mentioned the
possibility of retroactive wiretapping, where archived data could be
obtained through invasive means.
The second panel session was titled: International Perspectives and
Impacts. Ronald Plesser of the Washington D.C. law firm of Piper &
Marbury first mentioned that these issues impact on how international
business is conducted. Many countries, particularly in Europe, have
already established standards with which we must comply. Databases
feeding Europe must be concerned with the processing of personal data
of individuals. Certain directives have been authored that are so
general in scope as to be difficult to apply ("to all files located in
its territory" was one example). Tom Riley, of Riley Information
Services in Canada, continued this discussion regarding data protection
policies. He urged the authoring of a harmonized directive, similar to
that for other exports. The United States, by lagging behind in
establishing standards of its own, risks the possibility of losing the
opportunity to affect these policies as they are being written. David
Flaherty entertained the crowd with his "George Bush" speech, stressing
that "privacy begins at home". Robert Veeder of the D.C. Office of
Information Regulatory Affairs discussed the impact of the 30,000+
messages to Lotus which effectively stopped the production of their CD-
ROM database. This electronic lobbying had never been used to such
great effect prior to that time. He believes the electronic forum will
provide larger access to public concerns. (The impression I was left
with was that certain governmental agencies are not wholly enthusiastic
about this powerful method of expression, and that they are monitoring
the situation.)
Next, we heard from a variety of speakers on the subject of Personal
Information and Privacy. Janlori Goldman, of the ACLU, discussed the
"library lending" project by the FBI. This was an attempt to track
library usage habits of foreign nationals. The ACLU objects to this
sort of surveillance as well as other similar broad-based methods. An
audience member criticized the ACLU's own release of membership data,
to which Janlori replied that she did not agree with her organization's
policy to allow such releases, but was currently unable to do more than
protest against it. John Baker, Senior Vice President of Equifax,
described the benefits of information with regard to improved goods,
services, prices, convenience and wider choices. (Equifax is an
organization which supplies marketplace data with specific information
about consumers.) He stressed that people need to understand their
rights, responsibilities and opportunities with regard to their
published data. He believes that the Lotus Marketplace product was
flawed because of the delay involved when customers wanted to "opt-out"
of the database. He portrayed a spectrum of controls over data usage,
ranging from no restrictions (free speech), through some restrictions
(based on impact, sensitivity, access, security and confidentiality),
to absolute restrictions (where the available information would have
little value). Equifax took a survey on consumer interest in
availability of data for direct marketing purposes which revealed that
75% would find it acceptable as long as there is a facility to opt-out.
An audience member raised the point that the default is opt-out rather
than opt-in.
These two speakers were followed by a debate between Marc Rotenberg,
Washington Office Director of the Computer Professionals for Social
Responsibility, and Alan Westin, Professor of Public Law and Government
at Columbia University, with the subject "should individuals have
absolute control over secondary use of their personal information?"
Marc argued in favor of the statement, using an eloquent oratorial
style, and Alan spoke in opposition with the demeanor of a seasoned
litigator. Marc made such statements as "we are all privacy advocates
about something in our personal lives", "it is the most fragile
freedom" and "protect privacy, change the default", stressing that the
individual should have the right to control the value and use of their
personal information. Alan outlined four major issues: 1. Nature of the
secondary use; 2. Society should decide on fair uses, not a nihilistic
veto; 3. Underpinning of constitutional democracy; 4. Adequate control
protects against potential misuse. He believes that the consumer
benefits from the advantages of a knowledge society. No winner/loser of
the debate was declared.
Speakers continued on the subject of Personal Information and Privacy.
Lance Hoffman, of the EE & CS department at George Washington
University, mentioned that Japan will be instituting a system of
personal phone number calling --- basically you can send and receive
calls at your "own" phone number wherever you happen to be situated.
This permits very close tracking of individual movements and is a
potential further invasion of privacy. He noted that no one has ever
received the ACM Turing Award for a socially responsible system, and
encouraged positive recognition of achievements along these lines. He
also recommended that a "dirty dozen" list of worst systems be compiled
and distributed.
Evan Hendricks, editor and publisher of Privacy Times, listed many
records that are and are not currently protected by law from
distribution. Interestingly, video rental records are protected, but
medical records are not. He cited an interesting example of a
circumstance where a man and woman living in the same home (but with
different last names) were sent copies of each other's bills, urging
them to encourage their "roommate" to pay. It turned out that the
individuals were landlady and tenant. Another interesting fact that
Evan revealed was that studies indicate ~30% of social security numbers
in some databases are inaccurate. Lists of persons having filed
Workmen's Compensation claims have, in some cases, been used to
blacklist people from jobs. Hendricks urged people to ban the recording
and distribution of human genome information --- some parents
voluntarily provide cellular test results in case their child is later
missing or kidnapped. There is no way to know how these records are
likely to be used in the future.
Tom Mandel, director of the Values and Lifestyles Program (VALS) at
SRI, spoke in favor of the Lotus Marketplace product. He felt that the
30K response was not representative of the general public, and believes
that a small percentage of "media sophisticates" can have apply greater
leverage. He noted that VALS is currently involved with a joint venture
with Equifax, who is currently involved with a joint venture with
Lotus.
Willis Ware, of the RAND Corporation, chaired the HEW committee that
led to the 1980 privacy act (a reporter preparing materials for
publication can not be searched). He felt that the government
previously was considered to be a threat to privacy, not a protector,
and considers the privacy issue as one of social equity. He indicated
that personal information should not be considered to be private
property, and should be shared in an equitable manner. To apply
royalties for usage would place a tremendous impact on costs. He noted
that the databases behind airline, pharmacy and point-of-sale systems
may be open to access by various groups including the Internal Revenue
Service and Drug Enforcement personnel.
Simon Davies, a member of the law faculty at Australia's University of
New South Wales, provided a sobering criticism of this conference and
the United States' policy making processes, stating that the conference
was too "nice" and "conciliatory" and that the "US is an embarrassment
to the privacy issue". He used the term "pragvocate" (pragmatic
advocate) to describe policy-makers who are well-trained, say the right
things, and denounce extremes, giving environmentalists as an example.
He reminded us that the basis of the US system is not to "opt-out" ---
no one would write to the LA police asking "don't beat me up". Davies
alerted us to the fact that Thailand, an oppressive military
government, is currently purchasing US technology to provide smart ID
cards for their citizens. He noted that the Smithsonian Institute
awarded them a trophy for their use of technology. He stated that the
United States is encouraging similar activities in the Philippines and
Indonesia.
A somewhat light-hearted after-dinner talk was delivered by Eli Noam,
of Columbia University's School of Business, on the subject of
"reconciling free speech and freedom of association". He suggested that
phone systems be established whereby individuals can provide their
friends and associates with special access codes so that they can dial
them. Others can call, but at a higher rate. (Note that this would
likely have an adverse impact on legitimate business and social calls
as well as possibly reducing undesirable calls.) He stated that
presently "no computer can write the 4-line plot capsules that appear
in TV Guide", with regard to the failure of AI systems. Noam questioned
the lack of policies concerning what happens to an information data
base after an individual's death. He concluded with the statement that
for "all digital systems --- 0's and 1's are created equal."
The second day of the conference opened with a session on Law
Enforcement Practices & Problems. Glenn Tenney, well known as the
organizer of the Hacker's Conference, chaired this panel with little
comment. Don Ingraham, Assistant DA of Alameda County, Calif. (who,
during a tutorial earlier in the week, distributed information on the
writing of search warrants), gave a fantastically humorous
presentation. He spoke of the "pernicious myth of cyberspace" and
declared "you ARE the country". He mentioned that systems exist with
"the security built in of a sieve" and that people have their
information on these systems, but not necessarily because they want it
to be there. He feels that the attitude of "don't worry, we don't need
standards" is a poor one, and that laws should be written to let the
people know what the rules are. He would rather see an organization
formed called Sociable Professionals for Responsible Computing (instead
of CPSR). He finished his talk by saying "if you don't do it, who will
-- if not now, when" (a Talmudic quotation that he used without
citation).
Robert Snyder, of the Columbus Ohio Police Department, presented the
view of the "cop on the street". He spoke of his naivete when first
entering the field of computer law, and how much evidence was destroyed
at first by listening to suspects who told him to type things like
"format c:" in order to access the hard disk. He has encountered
situations where the suspect actually does not know what is on the
system --- some of these are cases where a parent is running a business
and a child is using the machine for illicit hacking purposes. In these
cases, even though he has a warrant to obtain all of the computer
equipment, he often will not shut down a legitimate business. He
brought up the issue of unregistered software sitting on a confiscated
system. There are liability problems dealing with the return of such
materials. Basically he stated that the law enforcement personnel
require further education and training, and should operate within
guidelines but with prudence.
Donald Delaney, Senior Investigator with the New York State Police,
began his talk by relating how when his home was burglarized in 1985,
he experienced a feeling of violation. This feeling is much the same
with computer crime. Many firms experience a loss of income from such
activities. In his experience, many of the people caught are engaged in
more crimes than the ones they are charged with.
Dale Boll, Deputy Directory of the Fraud Division of the U.S. Secret
Service, spoke of the various forms of access device fraud (credit
card, ATM, passwords, phone access, frequent flyer numbers, etc.). He
stated that it is illegal to posses counterfeit access devices and that
if you have 15+ illegal access devices or numbers in your possession,
you may be a subject of federal investigation. They have a 96%
conviction rate. ATM cards can be manufactured illegally using
cardboard and regular audio tape. The credit card industry is now
losing $1 Billion per year. An audience member asked if they are using
programs like Gofer (grep for UNIX hackers) to search for information
they want on bulletin boards and networks. He replied that although
they own this program, they use it personally and not for investigation
purposes.
The next session, on Law Enforcement and Civil Liberties, had seven
participants, none of whom were given much time to present their views.
I will briefly highlight what they said here. Sheldon Zenner, the
Attorney for Craig Neidorf said that the prosecutors had originally
sought a 2-year sentence, and that thanks to many of the people at this
conference who rallied to Craig's support, they were able to get him
off. Mark Rasch who defended the internet worm case stated that the
expectation of privacy is changed because of the technology employed --
- technology affects behavior. Cliff Figallo, manager of the WELL
(Whole Earth 'Lectronic Link, popular among many Bay Area participants
as an alternative means of accessing the Internet) addressed his
concerns about overuse of law enforcement. He wants his users to feel
safe. Sharon Beckman, Litigation Council to the Electronic Freedom
Foundation (EFF) and Attorney for Steve Jackson Games (whose computers
were seized, when one of his fantasy games was perceived as being
capable of training users to "hack" into computers) stated that
underlying values of the constitution should be interpreted in terms of
today's technology. Ken Rosenblatt, a District Attorney covering the
Silicon Valley area, stated that he is charged with upholding civil
liberties and feels that the laws are presently adequate. Mike Gibbons,
Special Agent for the FBI, mentioned that he worked various white
collar cases, including the 75 cent case (described in Cliff Stoll's
book), and the Robert Morris case. He feels that there are various
classes of computer crime, including impairment, data theft, and
intrusion. Mitch Kapor, founder of EFF, stated that the "electronic
frontier hasn't been settled yet" and that we should not stifle the
"network petri dish inventing the future". He questioned the nature of
reasonable search, stating that there haven't been enough cases yet to
establish a meaning for this in computer law. Everyone should be
protected from tyranny, not only hackers. He looks at the EFF as a
means of civilizing cyberspace. The matter of free speech was discussed
in the questioning session with the panel -- much speculation was
directed towards the legality of discussions of bomb-making, system
hacking, and the publication of other potentially lawless activities on
the net or in technical papers. Other comments included the fact that
law enforcement cannot seize an entire post office, their search must
be limited to the mailbox of the suspect. This analogy applies to
computer networks as well, although the volatility (ease of total
destruction of evidence) of computer data is of concern to
investigators. As I had an extended and quite insightful conversation
with Russ Brand over lunch, I returned a tad late to the next session,
on Legislation and Regulation, and was only able to catch two of the
speakers. Elliot Maxwell, Assistant Vice President at Pacific Telesis
stated that it is "difficult to have simple and specific rules". Paul
Bernstein, whose LawMUG BBS and Electronic Bar Association is well
known among the legal community, stated that one should "use mediums
that exist -- participate in fashioning the laws."
The most eye-opening session of the entire conference, in my opinion,
was the following one on Computer-Based Surveillance of Individuals. It
opened with Judith King describing the FBI Library Surveillance
Program, where the reading habits of foreign nationals were
investigated. She stated that many librarians want laws to protect the
confidentiality of users, and some statutes have been passed. Karen
Nussbaum, Executive Director of 9 to 5 (on which the film was based),
gave an accounting of the monitoring of employees in the workplace.
Currently over 26 Million employees are having their work tracked
electronically, and over 10 Million have their pay based on computer
evaluations. The personal habits of the worker can be monitored, one
can look into a user's screen and see what they are doing or even send
them messages. She described the "corporate plantation" as a place of
stress, humiliation and harassment. Gary Marx, Sociology Professor at
MIT, gave a whirlwind assessment of the importance of privacy, some
technofallacies (like the Wizard of Oz "pay no attention to the little
man behind the curtain"), and steps you can use to protect privacy (the
bulk of these useful lists are published in the proceedings). He
related how a telephone can be made "hot on the hook" so that you can
silently monitor your babysitter, your children or your spouse, when
you are not at home. Most devices, such as this one, are perfectly
legal within your own house. David Flaherty spoke again, this time in a
more serious vein, saying "we are living in a surveillant society" and
"you have to make daily choices about what you are willing to give up
about yourself." The second day's after-dinner speaker was William
Bayse, Assistant Director, Technical Services Division of the FBI, who
discussed a newly created national system called the NCIC-2000, under
the topic of "balancing computer security capabilities with privacy and
integrity". He began by asserting that crime has become more mobile and
that conventional crime-tracking methods are inadequate. For example,
he said, many missing persons actually want to remain missing. He feels
that the accuracy of records is imperative. Various information bases
have been formed, including lists of stolen items, vehicles, and wanted
persons. Presently 65,000 officers are using this system, with 360M
transactions annually, at a cost of 3 cents a transaction. For an
example of effectiveness, over $1.1 Billion in vehicles have been
recovered. Proposed, but not yet implemented is the portion of the
system which provides a live scan of fingerprints at the scene of an
arrest (or when someone is stopped for a motor vehicle violation) [with
the intended purpose of considerably reducing false identifications...
PGN]. Much criticism was generated from the audience regarding the
potential misuse of this system for harassment, and the retention of
fingerprints for future use. Marc Rotenberg addressed Bayse questioning
why documents requested under the freedom of information act from his
agency have still not been supplied, and stating that currently a
lawsuit is pending to obtain their policies regarding monitoring of
computer bulletin boards. Bayse refused comment.
The final day of the conference opened with a session on Electronic
Speech, Press and Assembly. Jack Rickard of Boardwatch Magazine
mentioned that bulletin boards are highly specialized, primarily funded
by individuals, and are in their embrionic stage. David Hughes,
Managing General Partner of Old Colorado City Communications, added
some color to the conference with his western garb (10-gallon hat, bolo
tie) and use of his laptop for the notes of his speech. He described
himself as a "Citizen of the Western Frontier of the Information Age"
and drawled, "Read my Cursor". He described electronic speech as
"fingers of the tongue with the ear for the eye --- but it is still
speech". In describing US history, were it to have occurred today,
Jefferson would have used a Macintosh, Adams would have used a PC, but
"Tom Paine would have put Common Sense on a private BBS with a
Commodore 64". "Don't tread on my cursor!" he cried. George Perry, Vice
President of Prodigy, began by saying that he did not want to engage in
discussion on the dispute, but then stated that "Prodigy does not read
private email". Prodigy is a privately owned and operated company which
believes that the market should be allowed to decide what services need
to be provided. The Constitution regulates free speech with respect to
the government, Prodigy thinks of itself as a publisher. Lance Rose, a
NY Attorney, enumerated the types of rights afforded to individuals and
companies with regard to ownership, including trade secrets,
confidentiality, trademark, copyright and patent. There is currently a
great diversity of laws which service providers must adhere to, making
the provider, in some instances, a law enforcement agent. During the
open comment section, Hughes noted that very few legislators are
currently on-line, and he thanked Prodigy for preparing the NAPLPS
market (for his products). The notable talk in the Access to Government
Information session was David Burnham's (Co-Director and Writer with
the Transactional Records Access Clearinghouse [TRAC] in D.C.). He
stated that "badly administered agencies are more damaging than rogue
operations". The objectives of TRAC are to obtain transactional data
>from federal enforcement agencies, such as the IRS, NRC, and Justice
Department. He demonstrated how the raw statistics could be combined
with additional figures regarding inflation, population, and margin of
error, showing that the so-called "trends" of increasing crime, or
increased non-compliance with tax law, were actually flat lines when
the mitigating factors were added in.
The final panel discussion was on Ethics and Education. Richard
Hollinger, Sociology Professor with the University of Florida, asserted
that the "same officers who are investigating computer crimes are the
ones who are protesting computers in their patrol cars because they
feel it would be oppressive." He is concerned with the industry's
encouragement of the use of computers in schools, before rules for
their ethical use have been written. Donn Parker with SRI stated that
laws are needed in order to convict hackers. Convictions have a "very
good effect on our whole problem", he said. He referred back to the
60's when the ACM and IEEE drafted codes of conduct, and said that
these should be popularized. He believes that one can not teach ethics,
that it comes from interpersonal relationships, and (for him) the
Christian religion and the Bible. One can teach, he believes, the
application of ethics, beyond the golden rule. He delineated three
rules: 1. The Owner's Rule - you choose to issue your property into the
public domain, or not; 2. The User's Rule - you assume everything
belongs to something else, unless otherwise informed; 3. The Hacker's
Rule - systems are free, everything should go to the people (which he
rejected as childish, not worth considering). He suggested that we
consider the dilemma of Descartes -- if it is OK to start by stealing
pencils, where then can we draw the line? Dorothy Denning spoke briefly
regarding the network uses by children (Kids Net). She speculated that
we should teach them something about hacking in order to take the
mystery out of it. She compared telephone fraud by children as a more
sophisticated version of the "is your refrigerator running" prank.
The Education and Ethics panel continued with the softspoken John
Gilmore, a "generalist" with Cygnus Support. He warned that we are
losing the larger open society. The US is currently #1 in percentage of
population in jail. He spoke of drug usage as a victimless crime. John
asked the audience "who has not broken a law in the past month?" Only a
few raised their hands. He then asked "who here has all their disks
clean -- free from something you would not want them to find if you
were investigated?" About 15% raised their hands, but after pondering
it, a number of them lowered them (the person behind me muttered that
he had some shareware for which he had not paid). Gilmore said "privacy
is a means -- what is the end we are looking for? Tolerance." He urged
real privacy of personal communications, financial transactions, things
should be as "private as that thought held in our minds." He demanded
that we stop building fake systems -- laws that dictate that you "can't
listen to cellular phone calls" -- and instead build real protections
into your systems and buy them from others. His talk received a
standing ovation from the vast majority of the audience members.
The remaining panel speaker, Sally Bowman, a Child Psychologist with
the Computer Learning Foundation, stated that her organization is
working to raise awareness and solve a number of problem areas. The
problems she outlined were: 1. Lack of awareness of the magnitude of
the problem. Software industry is being hurt by piracy; 2. Many
misimpressions -- confusion, lack of information; 3. Lack of teeth in
software copying policies; 4. Lack of strategies in teaching ethics; 5.
School budgets are too small to allow legal procurement of software.
Her organization is presently educating parents as to the "tell-tale"
signs which indicate whether a child is "abusing" computer systems.
The concluding session, entitled "Where Do We Go From Here" was staffed
by a number of the conference speakers. They overviewed their feelings
regarding the issues raised during the sessions and made general
comments with respect to what they might do to raise awareness and
resolve some of the problems.
Throughout the conference many pamphlets, brochures and newsletters
were distributed. Although it is infeasible for me to provide copies of
this literature, interested parties can contact me or Jim Warren
(jwarren@well.sf.ca.us) to provide source names and addresses. Some of
the more interesting items (in no particular order, just how they
happened to come out of my briefcase) included:
- Brochures from the Cato Institute "Toward a Moral Drug Policy",
"America's Counter-revolution", "The Semiconductor Industry and Foreign
Competition", "The Promise of High-Definition Television: The Hype and
the Reality", and their publication catalog.
- Matrix Information and Directory Services Newsletter.
- The Manifesto of Militant Humanism.
- "Are you a Hacker?" by Robert Bickford, reprinted from MicroTimes.
- Call for formation of a World Privacy Network.
- An advertisement for SafeWord Software (password
checking/protection).
- Condom distributed by Anterior Technology (they market a system
whereby you can retrieve the first 80 characters of emails while out of
town).
- "The Bill of Rights is Under Attack" from Committee for the Bill of
Rights.
- Hollywood Hacker Info, reprinted from Computer Underground Digest.
- Calif. State Assembly Bill #1168 on Personal Information Integrity.
- Computer Learning Month - from the Computer Learning Foundation.
- The Equifax Report on Consumers in the Information Age - A reprint
of John Barlow's article "Crime and Puzzlement" from Whole Earth
Review, Fall 1990.
- Various brochures from the First Amendment Congress, an
organization providing educational materials on the First Amendment.
- Policy papers from the League for Programming Freedom including
"Against Software Patents", "Lotus Disinformation Forewarned is
Forearmed", and the Effector (its newsletter).
- CPSR reprints of newsarticles regarding the Lotus database.
- Promotional literature for Ted Nelson's Xanadu.
- Brochure for the Community Memory BBS, and its newsletter.
- Brochure for the Art Com Electronic Network.
- Brochure for the International Society for Individual Liberty.
- Various copies of MicroTimes.
- Application forms for CPSR and the League for Programming Freedom.
- Rel-EAST, the east-west high-tech business report.
- Suggested reading on how computer crime is investigated from Don
Ingraham.
- Book promotional literature including: "Rogue Programs" edited by
Lance Hoffman, Van Nostrand Reinhold "Protecting Privacy in
Surveillance Societies", David Flaherty, University of North Carolina
Press "Spectacular Computer Crimes", Buck Bloombecker, Dow Jones-Irwin
"Using the Public Library in the Computer Age", Westin & Finger, ALA.
Directions & Implications of Advanced Computing, Vol. 1 and Proceedings
>from 88 and 90, CPSR.
- Flyer announcing "The Privacy Project" an NPR series (for which I
was interviewed) to be broadcast in the Fall of 1991.
- Flyer advertising "Your Expanding Infosphere" an NPR ComputerTalk
Program.
- Reason, a magazine for "free minds and free markets" whose cover
story was on cryogenics.
- Flyer on the National Apple Users Group Conference, June 7-9, 1991.
- Flyer on the Silicon Valley Networking Conference, April 23-25,
1991.
- Flyer on the third Chugach Conference, University of Alaska, Oct.
3-5, 1991. Plus Center for Information Technology News from U. Alaska.
- Flyer on the Calif. Forum of the First Amendment Congress, May 6,
1991, Stanford University (free to the public).
- Flyer for the Electronic Democracy Conference, Sept 4-5, 1991.
- Calls for Papers from: The National Conference on Computing and
Values (Aug. 12-16, 1991) Directions & Implications of Advanced
Computing (May 2-3, 1992)
I returned home with a broader idea of the many facets of the computer
freedom and privacy issue. I must now admit to being more worried than
I was before I attended this conference, as to the lack of solutions
being offered by my colleagues. Perhaps this meeting of the minds is a
first start. More work needs to be done.
R. Mercuri mercuri@gradient.cis.upenn.edu The following are some
addenda & corrections to my trip report on the Computers, Freedom and
Privacy Conference, with thanks to the individuals who provided
additional details and insights.
1. A second CFP conference has been scheduled for Spring 1992 in
Washington, D.C. -- the general chairman will be Lance J. Hoffman.
2. Later figures for the first conference indicate that Jim Warren's
losses may not have been as severe as he had indicated when I spoke
with him.
3. Although the formation notice for alt.privacy indicated that the US
Privacy Council was created AT the CFP conference, Lance Hoffman has
informed me that this organization was actually formed PRIOR to the
conference. Its first public meeting was held during the conference
period but otherwise had no official conference involvement.
4. Robert Veeder works at the Office of Information Regulatory Affairs
IN D.C., a branch of the federal Office of Management and Budget.
5. Mark Rasch prosecuted (not defended) the internet worm case.
6. Dorothy Denning wrote to me, mentioning that "the main point I tried
to make in my talk was that we are letting our young people down by not
taking responsibility for bringing them into the computing and network
community as responsible users." My brief comments of her talk could
lead a reader to believe that she was somewhat cavalier about the
issue, which was certainly not the case.
7. The "sandals of Silicon Valley to the dark suits of Washington"
quote should be accredited to Terry Winograd.
8. Judith Krug (not King) spoke in behalf of the American Library
Association.
9. In Dave Hughes' talk, he had Franklin using an Apple and Jefferson
using Word Perfect running under Windows (far more comical than what I
had recalled).
Considering the length of the conference and quantity of speakers, I
am relieved that my errors and omissions were so few.
Yours in good journalism, R. Mercuri mercuri@gradient.cis.upenn.edu
--