The RISKS Digest
Volume 14 Issue 21

Thursday, 31st December 1992

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o 3rd Conference on Computers, Freedom and Privacy
Bruce R Koball
o Info on RISKS (comp.risks)

Third Conference on Computers, Freedom and Privacy — CFP'93

Bruce R Koball <>
Thu, 31 Dec 1992 00:21:00 -0800
  The Third Conference on Computers, Freedom and Privacy — CFP'93
  9-12 March 1993, San Francisco Airport Marriott Hotel, Burlingame, CA

Sponsored by:
  Association for Computing Machinery,
  Special Interest Groups on:
  Communications (SIGCOMM)
  Computers and Society (SIGCAS)
  Security, Audit and Control (SIGSAC)

Co-Sponsors and Cooperating Organizations:

  American Civil Liberties Union
  American Library Association
  Asociacion de Technicos de Informatica
  Commission for Liberties and Informatics
  Computer Professionals for Social Responsibility
  Electronic Frontier Foundation
  Freedom to Read Foundation
  IEEE Computer Society
  IEEE-USA Committee on Communications and Information Policy
  Internet Society
  Library and Information Technology Association
  Privacy International
  USD Center for Public Interest Law
  U.S. Privacy Council
  The WELL (Whole Earth 'Lectronic Link)

Patrons and Supporters (as of 24 December 1992):

  American Express Corp.
  Apple Computer, Inc.
  Dun & Bradstreet Corp.
  Equifax, Inc.
  Information Resource Service Company
  Mead Data Central, Inc.
  National Science Foundation (pending)
  RSA Data Security, Inc.

CFP'93 Electronic Brochure 1.1


The advance of computer and telecommunications technologies holds great
promise for individuals and society. From convenience for consumers and
efficiency in commerce to improved public health and safety and
increased participation in democratic institutions, these technologies
can fundamentally transform our lives.

At the same time these technologies pose threats to the ideals of a free
and open society. Personal privacy is increasingly at risk from invasion
by high-tech surveillance and eavesdropping. The myriad databases
containing personal information maintained in the public and private
sectors expose private life to constant scrutiny.

Technological advances also enable new forms of illegal activity, posing
new problems for legal and law enforcement officials and challenging the
very definitions of crime and civil liberties. But technologies used to
combat these crimes can pose new threats to freedom and privacy.

Even such fundamental notions as speech, assembly and property are being
transformed by these technologies, throwing into question the basic
Constitutional protections that have guarded them. Similarly,
information knows no borders; as the scope of economies becomes global
and as networked communities transcend international boundaries, ways
must be found to reconcile competing political, social and economic
interests in the digital domain.

The Third Conference on Computers, Freedom and Privacy will assemble
experts, advocates and interested people from a broad spectrum of
disciplines and backgrounds in a balanced public forum to address the
impact of computer and telecommunications technologies on freedom and
privacy in society. Participants will include people from the fields of
computer science, law, business, research, information, library science,
health, public policy, government, law enforcement, public advocacy and
many others.

General Chair
Bruce R. Koball, CFP'93, 2210 Sixth Street, Berkeley, CA 94710
510-845-1350 (voice)  510-845-3946 (fax)

Steering Committee
Mary J. Culnan                      Peter G. Neumann
Georgetown University               SRI International

Dorothy Denning                     David D. Redell
Georgetown University               DEC Systems Research Center

Les Earnest                         Marc Rotenberg
GeoGroup, Inc.                      Computer Professionals
                                    for Social Responsibility
Mike Godwin
Electronic Frontier Foundation      C. James Schmidt
                                    San Jose State University
Janlori Goldman
American Civil Liberties Union      Barbara Simons
Mark Graham
Pandora Systems                     Lee Tien
Lance J. Hoffman
George Washington University        George Trubow
                                    John Marshall Law School
Donald G. Ingraham
Office of the District Attorney     Willis Ware
Alameda County, CA                  Rand Corp.

John McMullen                       Jim Warren
NewsBytes                           MicroTimes & Autodesk, Inc.

Simona Nass
Student - Cardozo Law School

Affiliations are listed for identification only.

Pre-Conference Tutorials:
On Tuesday 9 March, the day before the formal conference begins, CFP'93
is offering a number of in-depth tutorials on a wide variety of subjects
on four parallel tracks. These presentations will range from interesting
and informative to thought-provoking and controversial. The tutorials
are available at a nominal additional registration cost.

Conference Reception:
Following the Tutorials on Tuesday evening, you are invited to meet new
and old friends and colleagues at an opening reception.

Single Track Main Program:
The technological revolution that is driving change in our society has
many facets and we are often unaware of the way they all fit together,
especially the parts that lie outside of our own expertise and interest.
The primary goal of CFP'93 is to bring together individuals from
disparate disciplines and backgrounds, and engage them in a balanced
discussion of all CFP issues. To this end our main program, starting on
Wednesday 10 March, is on a single track enabling our attendees to take
part in all sessions.

Registration is Limited:
CFP'93 registration will be limited to 550 attendees, so we advise you
to register as early as possible and take advantage of the early
registration discounts.

Luncheons and Banquets:
A key component of the CFP conferences has been the interaction between
the diverse communities that constitute our attendees. To promote this
interaction CFP'93 is providing three luncheons and evening two banquets
with the cost of conference registration.

EFF Pioneer Awards
All conference attendees are invited to the Awards Reception sponsored
by the Electronic Frontier Foundation (EFF) on Wednesday evening, 10
March. These, the second annual EFF Pioneer Awards, will be given to
individuals and organizations that have made distinguished contributions
to the human and technological realms touched by computer-based

Birds of a Feather Sessions:
CFP'93 will provide a limited number of meeting rooms to interested
individuals for special Birds of a Feather sessions after the formal
program each evening. These sessions will provide an opportunity for
special interest discussions that were not included in the formal
program and will be listed in the conference materials. For further
information contact CFP'93 BoF Chair:

  C. James Schmidt, University Librarian
  San Jose State University, One Washington Square
  San Jose, CA 95192-0028
  voice  408-924-2700        voice mail 408-924-2966


CFP'93 Featured Speakers:

Nicholas Johnson

Nicholas Johnson was appointed head of the Federal Communications
Commission by President Johnson in 1966, serving a seven year term. In
his role as commissioner, he quickly became an outspoken consumer
advocate, attacking network abuses and insisting that those who use the
frequencies under the FCC license are the public's trustees. He has been
a visiting professor of law at the College of Law at the University of
Iowa since 1981 and is currently co-director of the Institute for
Health, Behavior and Environmental Policy at the University of Ohio.

Willis H. Ware

Willis H. Ware has devoted his career to all aspects of computer
science--hardware, software, architectures, software development, public
policy and legislation. He chaired the "HEW committee" whose report was
the foundation for the Federal Privacy Act of 1974. President Ford
appointed him to the Privacy Protection Study Commission whose report
remains the most extensive examination of private sector record-keeping
practices.  Dr. Ware is a member of the National Academy of Engineering,
a Fellow of the Institute of Electronic and Electrical Engineers, and a
Fellow of the American Association for Advancement of Science.

John Perry Barlow

John Perry Barlow is a retired Wyoming cattle rancher, a lyricist for
the Grateful Dead, and a co-founder of the Electronic Frontier
Foundation. He graduated from Wesleyan University with an honors degree
in comparative religion. He writes and lectures on subjects relating to
digital technology and society, and is a contributing editor of numerous
publications, including Communications of the ACM, NeXTworld,
MicroTimes, and Mondo 2000.

Cliff Stoll

Cliff Stoll is best known for tracking a computer intruder across the
international networks in 1987; he told this story in his book, "The
Cuckoo's Egg" and on a Nova television production. He is less known for
having a PhD in planetary science, piecing quilts, making plum jam, and
squeezing lumps of bituminous coal into diamonds.


CFP'93 Tutorials:

Tuesday 9 March - Morning Tutorials

Information Use in the Private Sector
Jack Reed, Information Resource Service Company
Diane Terry, TransUnion Corp.    Dan Jones, D.Y. Jones & Assoc.

This tutorial will deal with the use of personal information from the
point of view of some private sector information vendors and users. It
will include a discussion of the Fair Credit Reporting Act and the
"Permissible Purposes" for obtaining a consumer credit report.
Information used for purposes outside the FCRA will be discussed in
relationship to privacy and societal needs for businesses and

Access to Government Information:
James Love, Director, Taxpayer Assets Project

The tutorial will examine a wide range of problems concerning citizen
access to government information, including how to ask for and receive
information under the federal Freedom of Information Act, what types of
information government agencies store on computers, what the barriers
are to citizen access to these information resources, and how citizens
can change government information policy to expand access to taxpayer-
funded information resources.

Exploring the Internet — a guided journey
Mark Graham, Pandora Systems    Tim Pozar, Late Night Software

This tutorial will give participants a practical introduction to the
most popular and powerful applications available via the world's largest
computer network, the Internet.  There will be hands-on demonstrations
of communications tools such as e-mail, conferencing, Internet Relay
Chat, and resource discovery and navigation aids such as Gopher, WAIS,
Archie and World Wide Web. Extensive documentation will be provided.

Constitutional Law for Non-lawyers (1/2 session):
Mike Godwin, Staff Counsel, Electronic Frontier Foundation

This tutorial is designed to inform non-lawyers about the Constitutional
issues that underlie computer-crime and computer civil-liberties cases.
The tutorial focuses on the First and Fourth Amendments, but includes a
discussion of the Fifth Amendment and its possible connection to the
compelled disclosure of cryptographic keys. It also includes a
discussion of the appropriateness of "original intent" as a method for
applying the Constitution in the modern era.

Civil Liberties Implications of Computer Searches & Seizures (1/2 ses.):
Mike Godwin, Staff Counsel, Electronic Frontier Foundation

This tutorial assumes only a very basic knowledge of Constitutional law
(the prior tutorial provides an adequate background), and outlines how
searches and seizures of computers may raise issues of First and Fourth
Amendment rights, as well as of federal statutory protections. It
includes a discussion of what proper search-and-seizure techniques in
such cases may be.

Tuesday 9 March - Afternoon Tutorials

Practical Data Inferencing: What we THINK we know about you.
Russell L. Brand, Senior Computer Scientist, Reasoning Systems

What do your transaction trails reveal about you?  Are you a good risk
to insure?  Are you worth kidnapping, auditing or suing?  Which products
should I target at you?  Are you a member of one of those groups that I
would want to harass or discriminate against? This tutorial will be a
hands-on approach to digging for data and to piecing it back together.
Time will be divided between malicious personal invasions and sweeping
searches that seek only profit, followed by a brief discussion about
improper inferences and their practical impact on innocent files and
lives. Legal and moral issues will not be addressed.

Telecommunications Fraud
Donald P. Delaney, Senior Investigator, New York State Police

Illegal call sell operations in New York City are estimated to be a
billion dollar industry. This tutorial will provide an overview of the
problem, from finger hacking to pay phone enterprises, and will include
an up-to-date assessment of the computer cracker/hacker/phone phreak
impact on telephone company customer losses. Also discussed will be
unlawful access of telephone company switches; unlawful wiretapping and
monitoring; cards, codes and 950 numbers; New York State law and police
enforcement; methods of investigation and case studies.

Private Sector Marketplace and Workplace Privacy
Ernest A. Kallman, Bentley College, H. Jeff Smith, Georgetown University

This tutorial will give participants a general overview of privacy
issues affecting uses of personal information (e.g., medical
information, financial information, purchase histories) in the
marketplace as well as privacy concerns in the workplace (e.g., privacy
of electronic and voice mail, work monitoring).  The tutorial will also
set the boundaries for privacy arguments in the middle and latter 1990s.

Lance Rose, Attorney and Author "SysLaw"

The SysLaw tutorial session will explore in depth the freedom and
privacy issues encountered by computer bulletin boards (BBS), their
system operators and their users.  BBSs are estimated to number over
45,000 today (not counting corporate systems), and range from small,
spare-time hobby systems to systems with thousands of users, grossing
millions of dollars.  BBSs are a grassroots movement with an entry cost
of $1,000 or less, and the primary vehicles for new forms of electronic
communities and services. Subjects covered will include: First Amendment
protection for the BBS as publisher/distributor; data freedom and
property rights on the BBS; how far can sysops control BBS user
activities?; and user privacy on BBSs today.

Note: Tutorial presenters will offer expert opinions and information.
Some may advocate particular viewpoints and thus may put their own
"spin" on the issues. Caveat Listener.


CFP'93 Main Program Sessions:

Wednesday 10 March

Electronic Democracy
Chair - Jim Warren, MicroTimes and Autodesk, Inc.

The effects of computer and telecommunications technologies on
democratic processes and institutions are increasing dramatically. This
session will explore their impacts on political organizing, campaigning,
access to representatives and agencies, and access to government
information that is essential for a free press and an informed

Electronic Voting — Threats to Democracy
Chair - Rebecca Mercuri, University of Pennsylvania

This panel session will invite representatives covering a broad spectrum
of involvement with the controversial subject of electronic vote
tallying to address such issues as: Is a secure and reliable electronic
voting system feasible? What threats to these systems are identifiable?
Should electronic voting systems be open for thorough examination? Can
auditability be assured in an anonymous ballot setting? Can voting by
phone be practical and confidential? Did Congress exempt voting machines
from the Computer Security Act?

Censorship and Free Speech on the Networks
Chair - Barbara Simons, IBM

As online forums become increasingly pervasive, the notion of "community
standards" becomes harder to pin down. Networks and BBSs will link--or
create--diverse, non-geographic communities with differing standards,
laws, customs and mores. What may be frank discussion in one forum may
be obscenity or defamation or sexual harassment in another. This session
will explore the questions of what kinds of freedom-of-speech problems
face us on the Net and what kinds of legal and social solutions we need.

Portrait of the Artist on the Net
Chair - Anna Couey, Arts Wire

Computer forums and networks make possible both new artforms and new
ways of remote collaboration and exhibition. The growth of the Net
creates opportunities for the blossoming of dynamic and interactive
artforms and of artistic cultures — provided that networks become
widely accessible and remain open to artistic expression without
political interference. This session will examine the potentials and the
problems of art and artists on the Net.

Thursday 11 March

Digital Telephony and Crypto Policy
Chair - John Podesta, Podesta and Associates

The increasingly digital nature of telecommunications potentially
threatens the ability of law enforcement agencies to intercept them when
legally authorized to do so. In addition, the potential widespread use
of cryptography may render the ability to intercept a communication
moot. This session will examine these issues and the proposals that
have been put before Congress by law enforcement agencies to address
these perceived problems.

Health Records and Confidentiality
Chair - Janlori Goldman, American Civil Liberties Union

As the new Administration and Congress consider proposals to reform the
United States health care system, it is imperative that confidentiality
and security safeguards be put in place to protect personal information.
Currently, no comprehensive legislation exists on the confidentiality of
health information. This session will explore the current and potential
uses of health care information, and proposals to safeguard the

The Many Faces of Privacy
Chair  - Willis Ware, Rand Corp.

Privacy at any cost is foolish, unwise and an untenable position, and
privacy at zero cost is a myth. This two-part session will explore the
balancing act between the two extremes and the costs and benefits that
accrue. The first part will present several examples of systems and
applications in the public and private sectors that stake out a position
in this continuum.   The second part will be a panel discussion
exploring the issues raised by the examples previously presented.

The Digital Individual
Chair - Max Nelson-Kilger, San Jose State University

We are all represented by personal records in countless databases. As
these records are accumulated, disseminated and coalesced, each of us is
shadowed by an ever larger and more detailed data alter-ego, which
increasingly stands in for us in many situations without our permission
or even awareness. How does this happen? How does it affect us? How will
it develop in the future? What can we do? This session will investigate
these questions.

Friday 12 March

Gender Issues in Computing and Telecommunications
Chair - Judi Clark, Bay Area Women in Telecommunications

Online environments are largely determined by the viewpoints of their
users and programmers, still predominantly white men. This panel will
discuss issues of freedom and privacy that tend to affect women — such
as access, identity, harassment, pornography and online behavior — and
provide recommendations for gender equity policies to bulletin board
operators and system administrators.

The Hand That Wields the Gavel
Chair - Don Ingraham, Asst. District Attorney, Alameda County, CA

An inevitable result of the settlement of Cyberspace is the adaptation
of the law to its particular effects. In this session  a panel of
criminal lawyers addresses the fallout from a hypothetical computer
virus on the legal responsibilities of system managers and operators.
The format will be a simulated court hearing. Attendees will act as
advisory jurors in questioning and in rendering a verdict.

The Power, Politics, and Promise of Internetworking
Chair- Jerry Berman, Electronic Frontier Foundation

This session will explore the development of internetworking
infrastructures, domestically and worldwide. How will this
infrastructure and its applications be used by the general public?  What
will the global network look like to the average user from Kansas to
Kiev?  How will politics, technology and legislation influence the
access to, and cost of, the Net?  How can the potential of this powerful
medium be fully realized?

International Data Flow
Chair - George Trubow, John Marshall Law School

The trans-border flow of information on international computer networks
has been a concern for governments and the private sector. In addition
to concerns for privacy and data security, the economic and national
security implications of this free flow of information among scientists,
engineers and researchers around the world are also cause for concern.
This session will assemble a number of speakers to compare the various
perspectives on the problem.


Some of the Speakers in the CFP'93 Main Program:

Phillip E. Agre, Department of Communication, University of California,
      San Diego
Jonathan P. Allen, Department of Information and Computer Science,
      University of California, Irvine
Sheri Alpert, Policy Analyst, author: "Medical Records, Privacy, and
      Health Care Reform"
William A. Bayse, Assistant Director, Federal Bureau of Investigation
William Behnk, Coordinator, Legislative Information System, State of
Jerry Berman, Acting Executive Director, Electronic Frontier Foundation
Paul Bernstein, Attorney
Kate Bloch, Hastings College of the Law
Richard Civille, Computer Professionals for Social Responsibility
Roger Clarke, Reader in Information Systems, Department of Commerce,
      Australian National University
Dorothy Denning, Chair, Computer Science Department, Georgetown University
Robert Edgar, Simon and Schuster Technology Group
Kathleen Frawley, American Health Information Management Association
Emmanuel Gardner, District Manager, Government Affairs, AT&T
Mike Godwin, Staff Counsel, Electronic Frontier Foundation
Joe Green, University of Minnesota
Sarah Grey, computer department, We The People, Brown presidential
      campaign organization (invited)
Will Hill, Bellcore
Carl Kadie, co-editor, Computers and Academic Freedom News newsletter
Mitch Kapor, Chairman, Electronic Frontier Foundation
David Lewis, Deputy Registrar, Department of Motor Vehicles,
      Commonwealth of Massachusetts
James Love, Director, Taxpayers Assets Project
Judy Malloy, Associate Editor, Leonardo Electronic News
Irwin Mann, Mathematician, New York University
David McCown, Attorney
Rob Mechaley, Vice President, Technology Development, McCaw Cellular
      Communications, Inc.
Robert Naegele, Granite Creek Technology Inc., Voting Machine Examiner,
      consultant to NY State
Barbara Peterson, Staff Attorney, Joint Committee on Information
      Technology Resources, Florida Legislature
Jack Reed, Chairman, Information Resource Service Company
Virginia E. Rezmierski, Assistant for Policy Studies to the Vice
      Provost for Information Technology, University of Michigan
Jack Rickard, Editor, Boardwatch Magazine
Randy Ross, American Indian Telecommunications
Roy Saltman, National Institute of Standards and Technology
Barbara Simons, IBM
Robert Ellis Smith, Publisher, Privacy Journal
David Sobel, Computer Professionals for Social Responsibility
Ross Stapleton, Research Analyst, Central Intelligence Agency
Jacob Sullum, Associate Editor, Reason Magazine
Mark Trayle, composer
Greg Tucker, Coordinator, David Syme Faculty of Business,
      Monash University, Australia
Joan Turek-Brezina, Chair, Health and Human Services Task Force on
      Privacy of Private-Sector Health Records


Register for the conference by returning the Conference Registration
Form along with the appropriate payment. The registration fee includes
conference materials, three luncheons (Wednesday, Thursday and Friday),
two banquet dinners (Wednesday and Thursday) and evening receptions
(Tuesday, Wednesday and Thursday). Payment must accompany registration.

Registration Fees are:
      If mailed by:       7 February        8 March         on site
      Conference Fees:      $300             $355             $405
      Tutorial Fees:        $135             $165             $195
      Conference & Tutorial $435             $520             $600

Registration is limited to 550 participants, so register early and save!

By Mail:                               By Fax:
(with Check or Credit Card)            (with Credit Card only)
CFP'93 Registration                    Send Registration Form
2210 Sixth Street                      (510) 845-3946
Berkeley, CA 94710                     Available 24 hours

By Phone:                              By E-Mail:
(with Credit Card only)                (with Credit Card only)
(510) 845-1350               
10 am to 5 pm Pacific Time

CFP'93 Scholarships:
The Third Conference on Computers, Freedom and Privacy (CFP'93) will
provide a limited number of full registration scholarships for students
and other interested individuals. These scholarships will cover the full
costs of registration, including three luncheons, two banquets, and all
conference materials. Scholarship recipients will be responsible for
their own lodging and travel expenses. Persons wishing to apply for one
of these fully-paid registrations should contact CFP'93 Scholarship
Chair, John McMullen at:

Hotel Accommodations:
The Third Conference on Computers, Freedom and Privacy will be held at
the San Francisco Airport Marriott Hotel in Burlingame, CA. This
facility is spacious and comfortable, and is easily accessible from the
airport and surrounding cities. Because of the intensive nature of the
conference, we encourage our attendees to secure their lodging at the
conference facility. Special conference rates of $99/night, single or
multiple occupancy, are available. Our room block is limited and these
conference rates are guaranteed only until 9 February 1993, so we urge
you to make your reservations as early as possible. When calling for
reservations, please be sure to identify the conference to obtain the
conference rate. Hotel Reservations: (415) 692-9100 or (800) 228-9290.

Refund Policy:
Refund requests received in writing by February 19, 1993 will be
honored. A $50 cancellation fee will be applied. No refunds will be made
after this date; however, you may send a substitute in your place.


Registration Form

Name (Please print):__________________________________________________



Mailing Address:______________________________________________________

City, State, Zip:_____________________________________________________




Privacy Locks:
We will not sell, rent, loan, exchange or use this information for any
purpose other than official Computers, Freedom and Privacy Conference
activities. A printed roster will be distributed to attendees. Please
indicate the information you wish to be excluded from the roster:
      __Print only name, affiliation and phone number
      __Print name only
      __Omit all information about me in the roster

Registration Fees  (please indicate your selections):
      If mailed by:       7 February         8 March         on site
      Conference Fees:      $300__            $355__          $405__
      Tutorial Fees         $135__            $165__          $195__
      Conference & Tutorial $435__            $520__          $600__

If you have registered for the Tutorials, select one from each group:
9:00 AM - 12:00 Noon
      __Information Use in Private Sector
      __Constitutional Law for Non-lawyers & Civil-liberties
          Implications of Computer Searches and Seizures
      __Access to Government Information
      __Exploring the Internet

1:30 PM - 4:30 PM
      __Practical Data Inferencing: What we THINK we know about you.
      __Telecommunications Fraud
      __Private Sector Marketplace and Workplace Privacy

Payments:        Total Amount____________

Please indicate method of payment:     __Check (payable to CPF'93)
(payment must accompany registration)  __VISA

Credit card #______________________________Expiration date____________

Name on card__________________________________________________________


Please report problems with the web pages to the maintainer