The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 11 Issue 39

Thursday 4 April 1991

Contents

o Computers, Freedom, Privacy Trip Report
Rebecca Mercuri
o Info on RISKS (comp.risks)

Computers, Freedom, Privacy Trip Report

Rebecca Mercuri <mercuri@grad1.cis.upenn.edu>
Mon, 1 Apr 91 22:56:31 EST
The following constitutes my trip report for the Computers, Freedom and Privacy
Conference held March 26-28, Airport Marriott Hotel, Burlingame, California.
Although I have made a sincere attempt to relate the events of the conference
in a fair and unbiased manner, the nature of the material covered entails a
certain amount of emotion and it is difficult, if not impossible, to separate
one's own feelings from the subject matter. I therefore apologize for any
inadvertent mistakes, omissions, or philosophical commentary. Readers are
encouraged to send corrections to me at the email address below. No flames
please!

Respectfully submitted, R. T. Mercuri        mercuri@gradient.cis.upenn.edu

No portion of this document may be copied or distributed for commercial
purposes without the prior express written permission of the author.
Non-commercial uses are permitted, but the author and source must be credited.
Copyright (C) 1991 R. T. Mercuri. All Rights Reserved.  [Edited lightly by PGN
and included in RISKS with permission of the author.]

   ======================================================================

The First Conference on Computers, Freedom and Privacy was organized and
chaired by Jim Warren, and sponsored by the Computer Professionals for Social
Responsibility (CPSR). Numerous other organizations also lent their support to
the conference, which was attended by approximately 400 individuals (described
by Terry Winograd as ranging from the sandals of Silicon Valley to the dark
suits of Washington) covering the fields of law, investigation, programming,
engineering, computer science, hacking, industry, media, academics,
government, law enforcement, and civil rights. The crowd was about 75% male,
with very few minorities in evidence (only ~10% of the speakers were female,
and none were minorities). Attendees formed a veritable who's who of hacking
with key figures such as Captain Crunch, Phiber Optik, Steve Jackson, Craig
Neidorf, and other notables there, some accompanied by an entourage of defense
and prosecuting attorneys. Cliff Stoll and Ted Nelson (separately) took the
opportunity to distribute copies of their books and give autographs. (Cliff
was fond of playing with a brightly-colored yo-yo and writing memos to himself
on his hand, Ted appeared to be creating a video record of the conference by
filming each speaker with a small hand-held camera for a few seconds as each
talk began.) A list of attendees was distributed, providing all information
that each participant marked as "open". The vast majority of participants
provided their name, company, address, phone number and email address. Some
people remarked privately that had they been more aware of the manner in which
such information is currently being used, they likely would have "closed" more
of their own data. (The list was printed in name-alphabetical order so it was
unfortunately possible to derive the names of individuals who elected not to
be listed.)

Jim Warren, who described himself as a self-made multi-millionaire,
entrepreneur, futures columnist, and member of the board of directors of
MicroTimes and Autodesk, Inc., took a severe loss on the conference. He had
estimated break-even at 500 participants, but had only achieved around 300
paid admissions as most of the media and some staff members attended for free.
To his credit, he organized a fast-paced, well-run (on-time) conference which
allowed many of the key figures in this field to present their thoughts and
ideas. Audio and videotapes, as well as the conference proceedings (published
by Springer-Verlag) will be available shortly [write to CFP Proceedings, 345
Swett Road, Woodside, CA  94062]. The conference was preceded by a day of
tutorial sessions, but I was unable to attend those activities.

My major criticism regarding the conference was that the sheer volume of
speakers (over 20 per day) allowed little time for questioning from the
audience. Many of those who were not wearing red speaker's badges began feeling
like second-class citizens whose opinions were neither wanted nor recognized.
If someone managed to obtain a microphone and used it to make a statement
rather than to ask a question, they were routinely hissed by a large portion of
the audience. The unresolved tension became most obvious on the last day of the
conference when, during the panel discussion on Electronic Speech, Press &
Assembly, a loud altercation broke out in the front of the room. This panel had
a representative from Prodigy Services, but the person who was supposed to give
opposing commentary (apparently regarding the email privacy issue) had been
unable to appear. Certain attendees were prepared to present their views, but
were informed that they would not be permitted to do so. A private meeting was
arranged for those who wished to discuss the Prodigy matter, but many found
this to be unacceptable.

An oft-heard word describing the material revealed during the conference was
"chilling". After the second day of the conference I became aware of how
invasive the monitoring systems have become. As I returned to my room within
the hotel, I realized that my use of the electronic pass-key system could alert
the hotel staff of my entry and exit times. People could leave messages for me,
which would be reported on my television screen, all of this being recorded in
some database somewhere, possibly not being erased after my departure. My
entire hotel bill, including phone calls and meal charges could also be
displayed on my television screen, along with my name, for anyone to access
(without a password) if they were in my room. Chilling indeed.  Pondering all
of this, I left the room, lured to the hotel lobby by the sound of what I
assumed to be a cocktail piano player. When I located the baby grand piano I
realized that, through the high-tech wonders of Yamaha, no human sat at the
keyboard. A sophisticated computerized unit rendered a seemingly- endless
sequence of expertly arranged tunes, with no requests allowed from the
audience. This ghostly image reemphasized, to me, the silent pervasion of
computers into our daily lives, and the potential erosion of personal freedom
and privacy.

Throughout the conference, many problems were posed, few answers were given.
Factions developed --- some people felt we needed more laws, some people felt
we needed fewer laws, some felt that all data (including program code) should
be free and accessible to everyone, some felt that everything is personal
property and should be specifically released by the owner(s) prior to general
use. Certain people felt that all problems could be resolved by tightly
encrypting everything at all times (the issue of password distribution and
retention was ignored). What was resolved was to form an organization called
the US Privacy Council which "will attempt to build a consensus on privacy
needs, means, and ends, and will push to educate the industry, legislatures,
and citizens about privacy issues." The first thing this organization did was
form a newsgroup, called alt.privacy. I observed that at least 50 messages were
posted to this newsgroup within the 3 days following the conference, most
pertaining to privacy of emails. This was disappointing, to say the least.
Presumably people will use the mailing list and the newsgroup to disseminate
information, but whether this is merely a duplication of other existing
newsgroups (such as RISKS), and whether the Privacy Council will have any
impact at all, shall be left to be seen.

The conference opened with a comment by Jim Warren that this meeting could be
"the first Constitutional Convention of the new frontier". He then introduced
Harvard Law Professor Lawrence Tribe who used the analogy of cyberspace to
describe some of the problems of a "virtual constitutional reality". He quoted
Eli Noam as saying that "networks become political entities" and that there
could conceivably be "data havens", private networks much like Swiss bank
accounts, which are virtual governments in themselves. He asserted that a
bulletin board sysop is not a publisher, in the same way that a private
bookstore owner is not a publisher. The individual merely makes the products
available, and has the responsibilities of a seller, not a publisher. Tribe
then went on to delineate five major points. First, there is a vital difference
between governmental (public) and private actions. Second, ownership is an
issue that goes beyond that which may be technologically feasible. Property
encourages productivity. You have a constitutional right to inhabit your own
body. Free speech may be a luxury we can't afford (like yelling "fire" in a
crowded theater, or viruses roaming the network). Third, the government cannot
control speech as such. Recently it was ruled that answers to very simple
questions (such as your name, age) are considered testimonial, as they require
the use of the human mind. Fourth, the Constitution was founded on a normative
understanding of humanity, and should not be subject to disproof by science and
technology. The words of the 4th Amendment apply to material things, it defends
people, not places. It is the task of law to inform and project an evolutionary
reading of the bill of rights to new situations. Fifth, Constitutional
principles should not vary with accidents of technology. In conclusion, Tribe
proposed an additional amendment to the constitution which asserted that "this
Constitution's protection for freedom of speech, press, assembly...shall be
construed as fully applicable without regard to the technological medium used."

The first panel discussion of the conference was titled: Trends in Computers
and Networks. Peter Denning of NASA Ames introduced the panel by stating that
computers are now under attack due to security being added on as an
afterthought. John Quarterman of Texas Internet Consulting then discussed the
manner in which user/host names could be made more readable (accessable) on the
network. Peter Neumann of SRI overviewed general issues surrounding the
authorship of the "Computers at Risk" book, stating that the group involved
with the text was primarily interested in motivating efforts towards evaluating
safe, secure, reliable systems (and that they only proposed general guidelines
in the text). He warned the listeners "don't wait for the catastrophe". Neumann
also mentioned the issue of disenfranchization of the poor and lower class who
will be unable to access the new technology, stating that "gaps are getting
much bigger". Martin Hellman of Stanford University discussed cryptography. He
stated that the 56 bit DES standard was set not by technology, but instead by
economics. He mentioned a study at Bell Labs that indicated that 70% of all
passwords there could be cracked using a dictionary technique. He believes that
technology will not solve all of our problems, and that persons who are
concerned about social responsibility are not (necessarily) anti-technical.
David Chaum of DigiCash spoke about informational rights and secure channels
with regard to electronic money transactions. He believes that with an
adequately encrypted system there is no necessity for a central, mutually
trusted party. The problem is in finding a practical encryption protocol, or a
distributed, mutually-trusted tamper-proof box solution. David Farber of the
University of Pennsylvania expressed the view that protection schemes might not
be "retrofittable" and should be part of the fundamental design of computer
architecture, protocols and technology, rather than being tacked on, but he
worried that people may not be willing to pay for these design features. Farber
also mentioned the possibility of retroactive wiretapping, where archived data
could be obtained through invasive means.

The second panel session was titled: International Perspectives and Impacts.
Ronald Plesser of the Washington D.C. law firm of Piper & Marbury first
mentioned that these issues impact on how international business is conducted.
Many countries, particularly in Europe, have already established standards with
which we must comply. Databases feeding Europe must be concerned with the
processing of personal data of individuals. Certain directives have been
authored that are so general in scope as to be difficult to apply ("to all
files located in its territory" was one example). Tom Riley, of Riley
Information Services in Canada, continued this discussion regarding data
protection policies. He urged the authoring of a harmonized directive, similar
to that for other exports. The United States, by lagging behind in establishing
standards of its own, risks the possibility of losing the opportunity to affect
these policies as they are being written. David Flaherty entertained the crowd
with his "George Bush" speech, stressing that "privacy begins at home". Robert
Veeder of the D.C. Office of Information Regulatory Affairs discussed the
impact of the 30,000+ messages to Lotus which effectively stopped the
production of their CD-ROM database. This electronic lobbying had never been
used to such great effect prior to that time. He believes the electronic forum
will provide larger access to public concerns.  (The impression I was left with
was that certain governmental agencies are not wholly enthusiastic about this
powerful method of expression, and that they are monitoring the situation.)

Next, we heard from a variety of speakers on the subject of Personal
Information and Privacy. Janlori Goldman, of the ACLU, discussed the "library
lending" project by the FBI. This was an attempt to track library usage habits
of foreign nationals. The ACLU objects to this sort of surveillance as well as
other similar broad-based methods. An audience member criticized the ACLU's own
release of membership data, to which Janlori replied that she did not agree
with her organization's policy to allow such releases, but was currently unable
to do more than protest against it. John Baker, Senior Vice President of
Equifax, described the benefits of information with regard to improved goods,
services, prices, convenience and wider choices. (Equifax is an organization
which supplies marketplace data with specific information about consumers.) He
stressed that people need to understand their rights, responsibilities and
opportunities with regard to their published data. He believes that the Lotus
Marketplace product was flawed because of the delay involved when customers
wanted to "opt-out" of the database. He portrayed a spectrum of controls over
data usage, ranging from no restrictions (free speech), through some
restrictions (based on impact, sensitivity, access, security and
confidentiality), to absolute restrictions (where the available information
would have little value). Equifax took a survey on consumer interest in
availability of data for direct marketing purposes which revealed that 75%
would find it acceptable as long as there is a facility to opt-out.  An
audience member raised the point that the default is opt-out rather than
opt-in.

These two speakers were followed by a debate between Marc Rotenberg, Washington
Office Director of the Computer Professionals for Social Responsibility, and
Alan Westin, Professor of Public Law and Government at Columbia University,
with the subject "should individuals have absolute control over secondary use
of their personal information?"  Marc argued in favor of the statement, using
an eloquent oratorial style, and Alan spoke in opposition with the demeanor of
a seasoned litigator. Marc made such statements as "we are all privacy
advocates about something in our personal lives", "it is the most fragile
freedom" and "protect privacy, change the default", stressing that the
individual should have the right to control the value and use of their personal
information. Alan outlined four major issues: 1. Nature of the secondary use;
2. Society should decide on fair uses, not a nihilistic veto; 3. Underpinning
of constitutional democracy; 4. Adequate control protects against potential
misuse. He believes that the consumer benefits from the advantages of a
knowledge society. No winner/loser of the debate was declared.

Speakers continued on the subject of Personal Information and Privacy. Lance
Hoffman, of the EE & CS department at George Washington University, mentioned
that Japan will be instituting a system of personal phone number calling ---
basically you can send and receive calls at your "own" phone number wherever
you happen to be situated. This permits very close tracking of individual
movements and is a potential further invasion of privacy. He noted that no one
has ever received the ACM Turing Award for a socially responsible system, and
encouraged positive recognition of achievements along these lines. He also
recommended that a "dirty dozen" list of worst systems be compiled and
distributed.

Evan Hendricks, editor and publisher of Privacy Times, listed many records that
are and are not currently protected by law from distribution.  Interestingly,
video rental records are protected, but medical records are not. He cited an
interesting example of a circumstance where a man and woman living in the same
home (but with different last names) were sent copies of each other's bills,
urging them to encourage their "roommate" to pay. It turned out that the
individuals were landlady and tenant. Another interesting fact that Evan
revealed was that studies indicate ~30% of social security numbers in some
databases are inaccurate. Lists of persons having filed Workmen's Compensation
claims have, in some cases, been used to blacklist people from jobs. Hendricks
urged people to ban the recording and distribution of human genome information
--- some parents voluntarily provide cellular test results in case their child
is later missing or kidnapped. There is no way to know how these records are
likely to be used in the future.

Tom Mandel, director of the Values and Lifestyles Program (VALS) at SRI, spoke
in favor of the Lotus Marketplace product. He felt that the 30K response was
not representative of the general public, and believes that a small percentage
of "media sophisticates" can have apply greater leverage. He noted that VALS is
currently involved with a joint venture with Equifax, who is currently involved
with a joint venture with Lotus.

Willis Ware, of the RAND Corporation, chaired the HEW committee that led to the
1980 privacy act (a reporter preparing materials for publication can not be
searched). He felt that the government previously was considered to be a threat
to privacy, not a protector, and considers the privacy issue as one of social
equity. He indicated that personal information should not be considered to be
private property, and should be shared in an equitable manner. To apply
royalties for usage would place a tremendous impact on costs. He noted that the
databases behind airline, pharmacy and point-of-sale systems may be open to
access by various groups including the Internal Revenue Service and Drug
Enforcement personnel.

Simon Davies, a member of the law faculty at Australia's University of New
South Wales, provided a sobering criticism of this conference and the United
States' policy making processes, stating that the conference was too "nice" and
"conciliatory" and that the "US is an embarrassment to the privacy issue".  He
used the term "pragvocate" (pragmatic advocate) to describe policy-makers who
are well-trained, say the right things, and denounce extremes, giving
environmentalists as an example. He reminded us that the basis of the US system
is not to "opt-out" --- no one would write to the LA police asking "don't beat
me up". Davies alerted us to the fact that Thailand, an oppressive military
government, is currently purchasing US technology to provide smart ID cards for
their citizens. He noted that the Smithsonian Institute awarded them a trophy
for their use of technology. He stated that the United States is encouraging
similar activities in the Philippines and Indonesia.

A somewhat light-hearted after-dinner talk was delivered by Eli Noam, of
Columbia University's School of Business, on the subject of "reconciling free
speech and freedom of association". He suggested that phone systems be
established whereby individuals can provide their friends and associates with
special access codes so that they can dial them. Others can call, but at a
higher rate. (Note that this would likely have an adverse impact on legitimate
business and social calls as well as possibly reducing undesirable calls.) He
stated that presently "no computer can write the 4-line plot capsules that
appear in TV Guide", with regard to the failure of AI systems. Noam questioned
the lack of policies concerning what happens to an information data base after
an individual's death. He concluded with the statement that for "all digital
systems --- 0's and 1's are created equal."

The second day of the conference opened with a session on Law Enforcement
Practices & Problems. Glenn Tenney, well known as the organizer of the
Hacker's Conference, chaired this panel with little comment. Don Ingraham,
Assistant DA of Alameda County, Calif. (who, during a tutorial earlier in the
week, distributed information on the writing of search warrants), gave a
fantastically humorous presentation. He spoke of the "pernicious myth of
cyberspace" and declared "you ARE the country". He mentioned that systems
exist with "the security built in of a sieve" and that people have their
information on these systems, but not necessarily because they want it to be
there. He feels that the attitude of "don't worry, we don't need standards" is
a poor one, and that laws should be written to let the people know what the
rules are. He would rather see an organization formed called Sociable
Professionals for Responsible Computing (instead of CPSR). He finished his
talk by saying "if you don't do it, who will -- if not now, when" (a Talmudic
quotation that he used without citation).

Robert Snyder, of the Columbus Ohio Police Department, presented the view of
the "cop on the street". He spoke of his naivete when first entering the field
of computer law, and how much evidence was destroyed at first by listening to
suspects who told him to type things like "format c:" in order to access the
hard disk. He has encountered situations where the suspect actually does not
know what is on the system --- some of these are cases where a parent is
running a business and a child is using the machine for illicit hacking
purposes. In these cases, even though he has a warrant to obtain all of the
computer equipment, he often will not shut down a legitimate business. He
brought up the issue of unregistered software sitting on a confiscated system.
There are liability problems dealing with the return of such materials.
Basically he stated that the law enforcement personnel require further
education and training, and should operate within guidelines but with prudence.

Donald Delaney, Senior Investigator with the New York State Police, began his
talk by relating how when his home was burglarized in 1985, he experienced a
feeling of violation. This feeling is much the same with computer crime. Many
firms experience a loss of income from such activities. In his experience, many
of the people caught are engaged in more crimes than the ones they are charged
with.

Dale Boll, Deputy Directory of the Fraud Division of the U.S. Secret Service,
spoke of the various forms of access device fraud (credit card, ATM, passwords,
phone access, frequent flyer numbers, etc.). He stated that it is illegal to
posses counterfeit access devices and that if you have 15+ illegal access
devices or numbers in your possession, you may be a subject of federal
investigation. They have a 96% conviction rate. ATM cards can be manufactured
illegally using cardboard and regular audio tape. The credit card industry is
now losing $1 Billion per year. An audience member asked if they are using
programs like Gofer (grep for UNIX hackers) to search for information they want
on bulletin boards and networks. He replied that although they own this
program, they use it personally and not for investigation purposes.  The next
session, on Law Enforcement and Civil Liberties, had seven participants, none
of whom were given much time to present their views. I will briefly highlight
what they said here. Sheldon Zenner, the Attorney for Craig Neidorf said that
the prosecutors had originally sought a 2-year sentence, and that thanks to
many of the people at this conference who rallied to Craig's support, they were
able to get him off. Mark Rasch who defended the internet worm case stated that
the expectation of privacy is changed because of the technology employed ---
technology affects behavior. Cliff Figallo, manager of the WELL (Whole Earth
'Lectronic Link, popular among many Bay Area participants as an alternative
means of accessing the Internet) addressed his concerns about overuse of law
enforcement. He wants his users to feel safe.  Sharon Beckman, Litigation
Council to the Electronic Freedom Foundation (EFF) and Attorney for Steve
Jackson Games (whose computers were seized, when one of his fantasy games was
perceived as being capable of training users to "hack" into computers) stated
that underlying values of the constitution should be interpreted in terms of
today's technology. Ken Rosenblatt, a District Attorney covering the Silicon
Valley area, stated that he is charged with upholding civil liberties and feels
that the laws are presently adequate. Mike Gibbons, Special Agent for the FBI,
mentioned that he worked various white collar cases, including the 75 cent case
(described in Cliff Stoll's book), and the Robert Morris case. He feels that
there are various classes of computer crime, including impairment, data theft,
and intrusion. Mitch Kapor, founder of EFF, stated that the "electronic
frontier hasn't been settled yet" and that we should not stifle the "network
petri dish inventing the future".  He questioned the nature of reasonable
search, stating that there haven't been enough cases yet to establish a meaning
for this in computer law. Everyone should be protected from tyranny, not only
hackers. He looks at the EFF as a means of civilizing cyberspace. The matter of
free speech was discussed in the questioning session with the panel -- much
speculation was directed towards the legality of discussions of bomb-making,
system hacking, and the publication of other potentially lawless activities on
the net or in technical papers. Other comments included the fact that law
enforcement cannot seize an entire post office, their search must be limited to
the mailbox of the suspect. This analogy applies to computer networks as well,
although the volatility (ease of total destruction of evidence) of computer
data is of concern to investigators.

As I had an extended and quite insightful conversation with Russ Brand over
lunch, I returned a tad late to the next session, on Legislation and
Regulation, and was only able to catch two of the speakers. Elliot Maxwell,
Assistant Vice President at Pacific Telesis stated that it is "difficult to
have simple and specific rules". Paul Bernstein, whose LawMUG BBS and
Electronic Bar Association is well known among the legal community, stated
that one should "use mediums that exist -- participate in fashioning the
laws."

The most eye-opening session of the entire conference, in my opinion, was the
following one on Computer-Based Surveillance of Individuals. It opened with
Judith King describing the FBI Library Surveillance Program, where the reading
habits of foreign nationals were investigated. She stated that many librarians
want laws to protect the confidentiality of users, and some statutes have been
passed. Karen Nussbaum, Executive Director of 9 to 5 (on which the film was
based), gave an accounting of the monitoring of employees in the workplace.
Currently over 26 Million employees are having their work tracked
electronically, and over 10 Million have their pay based on computer
evaluations. The personal habits of the worker can be monitored, one can look
into a user's screen and see what they are doing or even send them messages.
She described the "corporate plantation" as a place of stress, humiliation and
harassment. Gary Marx, Sociology Professor at MIT, gave a whirlwind assessment
of the importance of privacy, some technofallacies (like the Wizard of Oz "pay
no attention to the little man behind the curtain"), and steps you can use to
protect privacy (the bulk of these useful lists are published in the
proceedings). He related how a telephone can be made "hot on the hook" so that
you can silently monitor your babysitter, your children or your spouse, when
you are not at home. Most devices, such as this one, are perfectly legal within
your own house. David Flaherty spoke again, this time in a more serious vein,
saying "we are living in a surveillant society" and "you have to make daily
choices about what you are willing to give up about yourself."  The second
day's after-dinner speaker was William Bayse, Assistant Director, Technical
Services Division of the FBI, who discussed a newly created national system
called the NCIC-2000, under the topic of "balancing computer security
capabilities with privacy and integrity". He began by asserting that crime has
become more mobile and that conventional crime-tracking methods are inadequate.
For example, he said, many missing persons actually want to remain missing. He
feels that the accuracy of records is imperative. Various information bases
have been formed, including lists of stolen items, vehicles, and wanted
persons. Presently 65,000 officers are using this system, with 360M
transactions annually, at a cost of 3 cents a transaction. For an example of
effectiveness, over $1.1 Billion in vehicles have been recovered. Proposed, but
not yet implemented is the portion of the system which provides a live scan of
fingerprints at the scene of an arrest (or when someone is stopped for a motor
vehicle violation) [with the intended purpose of considerably reducing false
identifications... PGN].  Much criticism was generated from the audience
regarding the potential misuse of this system for harassment, and the retention
of fingerprints for future use. Marc Rotenberg addressed Bayse questioning why
documents requested under the freedom of information act from his agency have
still not been supplied, and stating that currently a lawsuit is pending to
obtain their policies regarding monitoring of computer bulletin boards. Bayse
refused comment.

The final day of the conference opened with a session on Electronic Speech,
Press and Assembly. Jack Rickard of Boardwatch Magazine mentioned that bulletin
boards are highly specialized, primarily funded by individuals, and are in
their embrionic stage. David Hughes, Managing General Partner of Old Colorado
City Communications, added some color to the conference with his western garb
(10-gallon hat, bolo tie) and use of his laptop for the notes of his speech. He
described himself as a "Citizen of the Western Frontier of the Information Age"
and drawled, "Read my Cursor". He described electronic speech as "fingers of
the tongue with the ear for the eye --- but it is still speech". In describing
US history, were it to have occurred today, Jefferson would have used a
Macintosh, Adams would have used a PC, but "Tom Paine would have put Common
Sense on a private BBS with a Commodore 64". "Don't tread on my cursor!" he
cried. George Perry, Vice President of Prodigy, began by saying that he did not
want to engage in discussion on the dispute, but then stated that "Prodigy does
not read private email". Prodigy is a privately owned and operated company
which believes that the market should be allowed to decide what services need
to be provided. The Constitution regulates free speech with respect to the
government, Prodigy thinks of itself as a publisher. Lance Rose, a NY Attorney,
enumerated the types of rights afforded to individuals and companies with
regard to ownership, including trade secrets, confidentiality, trademark,
copyright and patent. There is currently a great diversity of laws which
service providers must adhere to, making the provider, in some instances, a law
enforcement agent. During the open comment section, Hughes noted that very few
legislators are currently on-line, and he thanked Prodigy for preparing the
NAPLPS market (for his products).

The notable talk in the Access to Government Information session was David
Burnham's (Co-Director and Writer with the Transactional Records Access
Clearinghouse [TRAC] in D.C.). He stated that "badly administered agencies are
more damaging than rogue operations". The objectives of TRAC are to obtain
transactional data from federal enforcement agencies, such as the IRS, NRC, and
Justice Department. He demonstrated how the raw statistics could be combined
with additional figures regarding inflation, population, and margin of error,
showing that the so-called "trends" of increasing crime, or increased
non-compliance with tax law, were actually flat lines when the mitigating
factors were added in.

The final panel discussion was on Ethics and Education. Richard Hollinger,
Sociology Professor with the University of Florida, asserted that the "same
officers who are investigating computer crimes are the ones who are protesting
computers in their patrol cars because they feel it would be oppressive." He is
concerned with the industry's encouragement of the use of computers in schools,
before rules for their ethical use have been written. Donn Parker with SRI
stated that laws are needed in order to convict hackers. Convictions have a
"very good effect on our whole problem", he said. He referred back to the 60's
when the ACM and IEEE drafted codes of conduct, and said that these should be
popularized. He believes that one can not teach ethics, that it comes from
interpersonal relationships, and (for him) the Christian religion and the
Bible. One can teach, he believes, the application of ethics, beyond the golden
rule. He delineated three rules: 1. The Owner's Rule - you choose to issue your
property into the public domain, or not; 2. The User's Rule - you assume
everything belongs to something else, unless otherwise informed; 3.  The
Hacker's Rule - systems are free, everything should go to the people (which he
rejected as childish, not worth considering). He suggested that we consider the
dilemma of Descartes -- if it is OK to start by stealing pencils, where then
can we draw the line? Dorothy Denning spoke briefly regarding the network uses
by children (Kids Net). She speculated that we should teach them something
about hacking in order to take the mystery out of it. She compared telephone
fraud by children as a more sophisticated version of the "is your refrigerator
running" prank.

The Education and Ethics panel continued with the softspoken John Gilmore, a
"generalist" with Cygnus Support. He warned that we are losing the larger open
society. The US is currently #1 in percentage of population in jail. He spoke
of drug usage as a victimless crime. John asked the audience "who has not
broken a law in the past month?" Only a few raised their hands. He then asked
"who here has all their disks clean -- free from something you would not want
them to find if you were investigated?" About 15% raised their hands, but after
pondering it, a number of them lowered them (the person behind me muttered that
he had some shareware for which he had not paid). Gilmore said "privacy is a
means -- what is the end we are looking for? Tolerance." He urged real privacy
of personal communications, financial transactions, things should be as
"private as that thought held in our minds." He demanded that we stop building
fake systems -- laws that dictate that you "can't listen to cellular phone
calls" -- and instead build real protections into your systems and buy them
from others. His talk received a standing ovation from the vast majority of the
audience members.

The remaining panel speaker, Sally Bowman, a Child Psychologist with the
Computer Learning Foundation, stated that her organization is working to raise
awareness and solve a number of problem areas. The problems she outlined were:
1. Lack of awareness of the magnitude of the problem. Software industry is
being hurt by piracy; 2. Many misimpressions -- confusion, lack of information;
3. Lack of teeth in software copying policies; 4. Lack of strategies in
teaching ethics; 5. School budgets are too small to allow legal procurement of
software. Her organization is presently educating parents as to the "tell-tale"
signs which indicate whether a child is "abusing" computer systems.

The concluding session, entitled "Where Do We Go From Here" was staffed by a
number of the conference speakers. They overviewed their feelings regarding
the issues raised during the sessions and made general comments with respect
to what they might do to raise awareness and resolve some of the problems.
Throughout the conference many pamphlets, brochures and newsletters were
distributed. Although it is infeasible for me to provide copies of
this literature, interested parties can contact me or Jim Warren
(jwarren@well.sf.ca.us) to provide source names and addresses. Some of the
more interesting items (in no particular order, just how they happened to come
out of my briefcase) included:
- Brochures from the Cato Institute "Toward a Moral Drug Policy", "America's
        Counter-revolution", "The Semiconductor Industry and Foreign
        Competition", "The Promise of High-Definition Television: The Hype
    and the Reality", and their publication catalog.
- Matrix Information and Directory Services Newsletter.
- The Manifesto of Militant Humanism.
- "Are you a Hacker?" by Robert Bickford, reprinted from MicroTimes.
- Call for formation of a World Privacy Network.
- An advertisement for SafeWord Software (password checking/protection).
- Condom distributed by Anterior Technology (they market a system whereby
        you can retrieve the first 80 characters of emails while out of town).
- "The Bill of Rights is Under Attack" from Committee for the Bill of Rights.
- Hollywood Hacker Info, reprinted from Computer Underground Digest.
- Calif. State Assembly Bill #1168 on Personal Information Integrity.
- Computer Learning Month - from the Computer Learning Foundation.
- The Equifax Report on Consumers in the Information Age
- A reprint of John Barlow's article "Crime and Puzzlement" from Whole Earth
        Review, Fall 1990.
- Various brochures from the First Amendment Congress, an organization
        providing educational materials on the First Amendment.
- Policy papers from the League for Programming Freedom including "Against
        Software Patents", "Lotus Disinformation Forewarned is Forearmed",
        and the Effector (its newsletter).
- CPSR reprints of newsarticles regarding the Lotus database.
- Promotional literature for Ted Nelson's Xanadu.
- Brochure for the Community Memory BBS, and its newsletter.
- Brochure for the Art Com Electronic Network.
- Brochure for the International Society for Individual Liberty.
- Various copies of MicroTimes.
- Application forms for CPSR and the League for Programming Freedom.
- Rel-EAST, the east-west high-tech business report.
- Suggested reading on how computer crime is investigated from Don Ingraham.
- Book promotional literature including:
        "Rogue Programs" edited by Lance Hoffman, Van Nostrand Reinhold
        "Protecting Privacy in Surveillance Societies", David Flaherty,
                University of North Carolina Press
        "Spectacular Computer Crimes", Buck Bloombecker, Dow Jones-Irwin
    "Using the Public Library in the Computer Age", Westin & Finger, ALA.
    Directions & Implications of Advanced Computing, Vol. 1 and Proceedings
        from 88 and 90, CPSR.
- Flyer announcing "The Privacy Project" an NPR series (for which I was
        interviewed) to be broadcast in the Fall of 1991.
- Flyer advertising "Your Expanding Infosphere" an NPR ComputerTalk Program.
- Reason, a magazine for "free minds and free markets" whose cover story
        was on cryogenics.
- Flyer on the National Apple Users Group Conference, June 7-9, 1991.
- Flyer on the Silicon Valley Networking Conference, April 23-25, 1991.
- Flyer on the third Chugach Conference, University of Alaska, Oct. 3-5,
        1991. Plus Center for Information Technology News from U. Alaska.
- Flyer on the Calif. Forum of the First Amendment Congress, May 6, 1991,
        Stanford University (free to the public).
- Flyer for the Electronic Democracy Conference, Sept 4-5, 1991.
- Calls for Papers from:
    The National Conference on Computing and Values (Aug. 12-16, 1991)
    Directions & Implications of Advanced Computing (May 2-3, 1992)

I returned home with a broader idea of the many facets of the computer freedom
and privacy issue. I must now admit to being more worried than I was before I
attended this conference, as to the lack of solutions being offered by my
colleagues. Perhaps this meeting of the minds is a first start. More work
needs to be done.

R. Mercuri          mercuri@gradient.cis.upenn.edu

Please report problems with the web pages to the maintainer

Top