IP: CFP98 Conference Report

[Dave Farber <farber () cis upenn edu>]

From: Lorrie Faith Cranor <lorrie () research att com>




[For the past five years I have written a Computers, Freedom and
Privacy conference report (see the archive at=20


http://www.research.att.com/~lorrie/pubs/cfp.html).  This year, I=20
turned the job over to Danielle Gallo, an undergraduate student who=20
has been working with me.  Feel free to forward this report.
-- Lorrie Cranor]




Danielle Gallo's CFP98 Conference Report


Computers, Freedom and Privacy '98 was held February 18-20 at the
Austin, Texas Hyatt Regency Hotel. Although there have been eight in
total, this is the first CFP I attended. The program featured daily
single-track sessions, lunch breakout sessions, and several concurrent
tutorials.


I attended the Wednesday morning tutorial entitled, "An Introduction
to Copyright and Trademark Law." This tutorial, given by David
J. Loundy (http://www.Loundy.com) of Davis, Mannix and McGrath, was a
comprehensive and enlightening overview of the workings of copyright
and trademark law. An interesting question of public display was
addressed. If an image is displayed on a Web page that does not belong
to the owner of the image's copyright, are display rights violated?
Using several case studies as examples, Loundy suggested that the
answer depends on the type of browser being used. Is it a text-based
browser that will not display the image? If an image is present but
not displayed, is there a violation? If so, who is at fault, the
Internet Service Provider or the Web designer? This tutorial also
discussed trademark law, especially as it applies to metatags. Search
engines use metatags to help index Web sties. For example, the
playboyxxx.com site contains the keywords "playboy", "playmate", and
"centerfold" in its metatags. However, this is deceptive because the
surfer believes he is accessing a site supported by Playboy.


The remainder of the Wednesday session featured a keynote speech by
Brian Kahin of the White House Office of Science and Technology Policy
(http://www.whitehouse.gov/WH/EOP/OSTP/html/OSTP_Home-plain.html). Kahin
addressed the future of Internet policy and discussed the effects on
employment and productivity. He presented basic principles focusing on
recognizing the unique qualities of the Internet and creating policy
that will facilitate international commerce. One of Kahin's last
points was the need for industry self-regulation. Kahin suggests that
self-regulation creates more efficient markets. Kahin also cited the
need for well-defined principles and international agreements as
fundamental to success. International agreement appears to be a
difficult process, as all parts of the world do not necessarily agree


on major issues, such as privacy. Although Kahin strongly urged the
private sector to lead such a movement, it seemed doubt surfaced among
some attendees as to whether this is possible.


Anne Beeson of the ACLU, attorney Lance Rose, and UCLA school law
professor Eugene Volokh discussed the Communications Decency Act
decision. Volokh) argued that although the CDA was a victory for free
speech, the decision should be examined with scrutiny. Volokh felt the
CDA decision suffered from poor fact finding. Volokh's documentation
regarding the Reno v. ACLU decision is worth accessing
(http://www.law.ucla.edu/Faculty/volokh/index.htm). Ann Beeson
(http://www.aclu.org) claimed that celebration for the CDA was
significantly well justified. Beeson also stated that the architecture
of the Internet promotes freedom of expression, and threats to this
right lie in Senator McCain's bill, ratings/private censorship
(including PICS), and library filtering. One interesting example
Beeson cited was a student whose individual homepage was removed after
people complained about it. As expected, this raised a strong reaction
from the crowd.


A panel on 'Privacy Implications of Biometrics and Behavioral
Identifiers' outlined the implications of the use of biometrics
(thumbprints, retinal scans, etc) for identification purposes. Dr. Ann
Cavoukian, the Ontario Information and Privacy Commissioner, presented
the idea that biometrics are a threat to individual privacy when not
used carefully. Dr. George Tomko of Mytec Technologies discussed
combining biometrics with encryption in an effort to reduce privacy
concerns and increase security.


The last panel for the Wednesday session addressed Net Vengeance. The
"Kashpureff incident" was addressed and discussed in great detail. The
basic conclusion was that significant collateral damage resulted from
his offense; however, he accepted responsibility and offered
regret. This was not the highlight of the panel. Richard MacKinnon of
the University of Texas at Austin
(http://bertie.la.utexas.edu/depts/gov/home.htm) sparked a discussion
on the proper procedure when disciplining an offending online
user. Since people from all nations participate in computer-mediated
offenses, where and how should they be disciplined? The logical answer
appears to be in their country of residence. MacKinnon suggests,
though, that the offender may be judged by the standards of the group
the offense occurred in. This apparently promotes preservation of the
environment's integrity through punishment based on the environment
and its members.


Wednesday closed with dinner and live music at the Austin Music Hall.


The Thursday general session began with a panel on 'Pragmatism and
Principle in Online Advocacy." Danny Weitzner from the Center for
Democracy and Technology (http://www.cdt.org) joined Donald Haines
from the American Civil Liberties Union in a friendly discussion. Even
though the panelists were supposed to be arguing different points of
view there was much agreement. They agreed on the need for involvement
in the political process but differed on what approach to take.




Although many ideas and issues were raised in the panel on 'Privacy
and Encryption Law in France', there are only a few I would like to
touch on. Professor Joel Reidenberg of the Fordham University School
of Law (http://www.fordham.edu/law/faculty/reidenberg/main.htm) cited
the territorial impact of data protection. He suggested trans-border
data flows enable data passing to places with inferior
protection. This is of utmost concern to the French, who hold strong
views on privacy. The French position on data protection issues
prevents sensitive data such as political or religious beliefs to be
transmitted without consent. Reidenberg concedes that there is not
full respect for data privacy laws; therefore, organizations have been
created to supervise enforcement -- for example, the CNIL (Commission
Nationale Informatique et Libertes) in France. This part of the
discussion relates to Brian Kahin's keynote address, which cited the
need for international agreements and well-defined principles. I think
that compromise on these issues will be difficult because the French
are very stringent on privacy issues and may not agree with the rest
of the world.


The lunch breakout sessions offered a decent variety in subject
topics. I attended 'How to Do a Wiretap' with Shabbir J. Safdar from
The Voters Telecommunications Watch. This was an entertaining session
because the information was relayed in the form of a mock wiretap
involving lawyers, government agents, and snowboarders. The
snowboarders possessed illegal drugs and the FBI wanted to set up a
wiretap to monitor their conversations. Safdar outlined the process of
obtaining a wiretap, focusing on the necessary requirement, predicate
offense, and probable cause. He also outlined minimization, which is
the capture of material relevant to the investigation only. For
example, the wiretap was shut off when the snowboarders began
discussing the 'killer slopes, dude'. When the snowboarders began
using snowboarding lingo as code words for drug lingo, the taping was
resumed. Finally, a few interesting tidbits: computer fraud is not a
valid predicate offense; 8 out of 10 offenses involve gambling and the
Mafia; rules for data interception are less stringent when dealing
with equipment such as pagers.


Matt Blaze and Steve Bellovin from AT&T Labs Research
(http://www.research.att.com) discussed ways to 'Choke the Net.' Blaze
and Bellovin cited the Net's structure as the cause of
vulnerability. In addition, the technical characteristics of HTTP are
a mismatch with what the Internet was designed for. To choke the Net,
certain computers such as endpoints or central routers can be brought
down. The Net is not just susceptible to intended takedown,
however. Circumstances such as real-time multimedia and high bandwidth
data will disable the Net. Routing problems, specifically
misconfigured routers, were cited as a final threat. I agree with the
panelists' contention that protocols for secure DNS will decrease the
risk of malicious attacks, though it is questionable by what fraction
the risk will be decreased.




Thursday closed with a controversial panel on 'Crypto and Privacy at
the Fringes of Society' moderated by Michael Froomkin from the
University of Miami School of Law (http://www.law.miami.edu/). Patrick
Ball of the AAAS Science and Human Rights Program
(http://www.aaas.org) outlined security problems and provided crypto
solutions for human rights organizations. He stated that human rights
groups need encryption and digital signatures for protection. Ball
finds traffic analysis a major threat to privacy, and suggests the use
of anonymous remailers. Peter Toren from the United States Department
of Justice (http://www.usdoj.gov) took the opposing view (big surprise
there). Toren outlined the law enforcement perspective on crypto and
privacy. He stated that unbreakable encryption will threaten public
safety because it can be used to conceal criminal activity. He said,
"advances in technology should serve society not rule it."
Furthermore, Toren suggests that privacy and liberty must be protected
without leaving a harbor for criminality. Toren's comments created
strong response from the attendees and consequently, the question and
answer session was lengthy.


In addition to the many thanks to Toren for actually attending, the Q
& A featured predictable responses from each side. Matt Blaze
expressed an interesting analogy in describing a paper shredder that
created a digital copy of a document and sent it off to a central
database. When a document was accidentally shred, the user could
contact the database and have a copy faxed. Also, Toren was pressed
about the encryption issue and repeatedly cited the significant
increase in cases that involve unrecoverable evidence due to
encryption. The government's case is made at


http://www.fbi.gov/congress/encrypt/encrypt.htm . Audience members
complained that the government repeatedly gives misleading information
about the difficulty of cracking various encryption schemes.


Following the Thursday evening dinner reception and entertaining
speech by Nicholas Johnson, there were a number of BoFs held. I
attended the GILC (Global Internet Liberty Campaign) BoF. This
informal discussion group featured Mark Rotenberg from GILC
(http://www.gilc.org) and Barry Steinhardt, counsel to the EFF
(Electronic Frontier Foundation, http://www.eff.org). Among other
things, GILC has argued against PICS (Platform for Internet Content
Selection). The BoF had a surprise element in the attendance of Paul
Resnick, a professor at the University of Michigan School of
Information (http://www.si.umich.edu/). Resnick is one of the
developers of PICS. The discussion became a preview of the panel on
the neutrality of technology and the question of 'is PICS the devil?'.


I did not attend the Friday morning session in its entirety, so I will
glaze over these panels. 'Archiving the Web' was a rather uneventful
session that discussed online archives and their implications for
privacy and copyright. Among the services highlighted was Deja News
(http://www.dejanews.com/), a USENET archive.


I attended the lunch breakout session on video surveillance, "Is Big
Brother Watching You?" The answer is yes. Donald Haines of the ACLU


addressed the rise in usage of surveillance equipment due to decreases
in cost. An example is the ITS, or Intelligent Transportation
System. The ITS is designed for traffic analysis and management, yet
it is commonly used to facilitate the mass and routine surveillance of
crowds. Another example is E-Z Pass, a toll collecting service used in
New Jersey and New York. When a driver passes through the gate, his
account number is scanned and posted on a screen. Haines suggests that
any particular car can be monitored each day based on the account
number scanned when the driver passes though. Time lapses between
measurements can be used to observe the driver's speed and possibly
result in a speeding ticket. Hashing the account number so it was not
available at the second monitoring position would give the driver
anonymity. Haines concluded with an emphatic need to increase the
amount of privacy protection. He referred attendees to the Electronic
Privacy Information Center (http://www.epic.org -- an interesting but
unrelated paper on this site is
(http://www.epic.org/Reports/surfer-appendix.html).


The Friday afternoon session featured a lively panel on library
filtering. Susan Getgood was the first speaker; she is a
representative for The Learning Company (http://www.cyberpatrol.com/),
the makers of Cyber Patrol filtering software. Getgood stated that the
makers of Cyber Patrol will not market to libraries but will
definitely sell to them. I accept this point as the Learning Company
is in a business that wants to make a profit along with helping
children surf safely. I think, though, that if librarians are going to
purchase the product they need to know what limits filtering
has. Charles Harmon presented the opposing view and argued that
filters are against the library's mission of providing access to
information. Harmon said, "the use of filtering software to block
sites is against ALA (American Library Association,


http://www.ala.org) amendments." Harmon stated that NO software will
ever meet the standard for libraries, and filters impose the
producer's viewpoint on the community. For criticism of Cyber Patrol,
see http://www.spectacle.org/cwp/ada-yoyo.html. Many attendees lined
up to disagree with Susan Getgood during the question and answer
period. One attendee raised a good point in stating that many library
software users don't have a technical background, thus they are not
fully aware of how to use software products. Library users need to be
informed of how the technology works, its limitations, and how to use
it successfully. Finally, I felt Susan Getgood did an admirable job
defending her product despite the heated comments directed at her by
libertarians. She stated that she believes Cyber Patrol is a product
worth purchasing, and 68% of the parents in California who use
technology to monitor their children's surfing agree with her. And no,
they aren't going to publish the list of blocked sites.


Now, for the $64,000 question. Is PICS the devil? I don=92t think a
definite answer surfaced. Panelists included Paul Resnick and Andrew
Shapiro. Shaprio was highly opposed to PICS because it can be used to


facilitate censorship. Resnick rebutted by stating that tools for
censorship already existed before PICS. This question and answer
period was also lively, including many comments directed at
Resnick. Personally, I feel that PICS has provided a useful starting
point and foundation for the selection of Internet content.


Bruce Sterling's "Thoughts on the Future" was an entertaining speech
that contained a great deal of ranting. The part I found interesting
was when Sterling addressed the Monica Lewinsky scandal. He stated
that she poses no real threat to the country, is not a terrorist, and
there is no need to observe her. Following the speech, Sterling hosted
a party at his house for CFP attendees.


As a final note, I think that next year's conference should feature a
panel on taxing electronic commerce. President Clinton endorsed
no-new-Net-taxes legislation in his recent remarks to the Technology
98 Conference in San Francisco, but the future on this issue is
unclear. Although this area does not relate directly to privacy or
free speech, it is an interesting issue to examine within the realm of
e-commerce.


*Random notes by the author: I liked the hotel but was disappointed to
learn that the pool was outside. Could anyone tell me where to score a
pair of John Gilmore's cool tie-dye socks? Bruce Sterling throws a
good party. On Thursday, Richard Stallman explained that free software
is like free speech and not free beer, but CFP seemed to do well in
both departments. By Friday I felt like I had eaten my weight in
tortillas. You're all checking out Crowds
(http://www.research.att.com/projects/crowds/), right? Lastly, as this
was my first visit to Texas, I was strongly encouraged by my cab
driver to get a tattoo and eat a steak. I did not do either of these
things, but enjoyed myself anyway.


Danielle M. Gallo (fmdk () nji com) 03/01/98




********************************
See you at INET'98, Geneva 21-24, July 98   <http://www.isoc.org/inet98/>