textfiles/politics/cfp1-sum

Date: Mon, 1 Apr 91 22:56:31 EST

[not an April Fool's joke] 

From: mercuri@grad1.cis.upenn.edu (Rebecca Mercuri)

Subject: Computers, Freedom, Privacy Trip Report

The following constitutes my trip report for the Computers, Freedom and 
Privacy Conference held March 26-28, Airport Marriott Hotel, 
Burlingame, California. Although I have made a sincere attempt to 
relate the events of the conference in a fair and unbiased manner, the 
nature of the material covered entails a certain amount of emotion and 
it is difficult, if not impossible, to separate one's own feelings from 
the subject matter. I therefore apologize for any inadvertent mistakes, 
omissions, or philosophical commentary. Readers are encouraged to send 
corrections to me at the email address below. No flames please!

Respectfully submitted, R. T. Mercuri

mercuri@gradient.cis.upenn.edu


No portion of this document may be copied or distributed for commercial 
purposes without the prior express written permission of the author. 
Non-commercial uses are permitted, but the author and source must be 
credited. 
Copyright (C) 1991 R. T. Mercuri. All Rights Reserved. [Edited lightly 
by PGN and included in RISKS with permission of the author.]

This work was partially supported by the University of Pennsylvania's 
Distributed Systems Laboratory as a part of its promotion of the 
professional activities of its students. Matching funds were also 
provided by Election Watch, a division of the Urban Policy Research 
Institute, a non-profit organization.


======================================================================
The First Conference on Computers, Freedom and Privacy was organized 
and chaired by Jim Warren, and sponsored by the Computer Professionals 
for Social Responsibility (CPSR). Numerous other organizations also 
lent their support to the conference, which was attended by 
approximately 400 individuals (described by Terry Winograd as ranging 
>from the sandals of Silicon Valley to the dark suits of Washington) 
covering the fields of law, investigation, programming, engineering, 
computer science, hacking, industry, media, academics, government, law 
enforcement, and civil rights. The crowd was about 75% male, with very 
few minorities in evidence (only ~10% of the speakers were female, and 
none were minorities). Attendees formed a veritable who's who of 
hacking with key figures such as Captain Crunch, Phiber Optik, Steve 
Jackson, Craig Neidorf, and other notables there, some accompanied by 
an entourage of defense and prosecuting attorneys. Cliff Stoll and Ted 
Nelson (separately) took the opportunity to distribute copies of their 
books and give autos. (Cliff was fond of playing with a brightly-
colored yo-yo and writing memos to himself on his hand, Ted appeared to 
be creating a video record of the conference by filming each speaker 
with a small hand-held camera for a few seconds as each talk began.) A 
list of attendees was distributed, providing all information that each 
participant marked as "open". The vast majority of participants 
provided their name, company, address, phone number and email address. 
Some people remarked privately that had they been more aware of the 
manner in which such information is currently being used, they likely 
would have "closed" more of their own data. (The list was printed in 
name-alphabetical order so it was unfortunately possible to derive the 
names of individuals who elected not to be listed.) 

Jim Warren, who described himself as a self-made multi-millionaire, 
entrepreneur, futures columnist, and member of the board of directors 
of MicroTimes and Autodesk, Inc., took a severe loss on the conference. 
He had estimated break-even at 500 participants, but had only achieved 
around 300 paid admissions as most of the media and some staff members 
attended for free. To his credit, he organized a fast-paced, well-run 
(on-time) conference which allowed many of the key figures in this 
field to present their thoughts and ideas. Audio and videotapes, as 
well as the conference proceedings (published by Springer-Verlag) will 
be available shortly [write to CFP Proceedings, 345 Swett Road, 
Woodside, CA 94062]. The conference was preceded by a day of tutorial 
sessions, but I was unable to attend those activities. 

My major criticism regarding the conference was that the sheer volume 
of speakers (over 20 per day) allowed little time for questioning from 
the audience. Many of those who were not wearing red speaker's badges 
began feeling like second-class citizens whose opinions were neither 
wanted nor recognized. If someone managed to obtain a microphone and 
used it to make a statement rather than to ask a question, they were 
routinely hissed by a large portion of the audience. The unresolved 
tension became most obvious on the last day of the conference when, 
during the panel discussion on Electronic Speech, Press & Assembly, a 
loud altercation broke out in the front of the room. This panel had a 
representative from Prodigy Services, but the person who was supposed 
to give opposing commentary (apparently regarding the email privacy 
issue) had been unable to appear. Certain attendees were prepared to 
present their views, but were informed that they would not be permitted 
to do so. A private meeting was arranged for those who wished to 
discuss the Prodigy matter, but many found this to be unacceptable.

An oft-heard word describing the material revealed during the 
conference was "chilling". After the second day of the conference I 
became aware of how invasive the monitoring systems have become. As I 
returned to my room within the hotel, I realized that my use of the 
electronic pass-key system could alert the hotel staff of my entry and 
exit times. People could leave messages for me, which would be reported 
on my television screen, all of this being recorded in some database 
somewhere, possibly not being erased after my departure. My entire 
hotel bill, including phone calls and meal charges could also be 
displayed on my television screen, along with my name, for anyone to 
access (without a password) if they were in my room. Chilling indeed. 
Pondering all of this, I left the room, lured to the hotel lobby by the 
sound of what I assumed to be a cocktail piano player. When I located 
the baby grand piano I realized that, through the high-tech wonders of 
Yamaha, no human sat at the keyboard. A sophisticated computerized unit 
rendered a seemingly- endless sequence of expertly arranged tunes, with 
no requests allowed from the audience. This ghostly image reemphasized, 
to me, the silent pervasion of computers into our daily lives, and the 
potential erosion of personal freedom and privacy.

Throughout the conference, many problems were posed, few answers were 
given. Factions developed --- some people felt we needed more laws, 
some people felt we needed fewer laws, some felt that all data 
(including program code) should be free and accessible to everyone, 
some felt that everything is personal property and should be 
specifically released by the owner(s) prior to general use. Certain 
people felt that all problems could be resolved by tightly encrypting 
everything at all times (the issue of password distribution and 
retention was ignored). What was resolved was to form an organization 
called the US Privacy Council which "will attempt to build a consensus 
on privacy needs, means, and ends, and will push to educate the 
industry, legislatures, and citizens about privacy issues." The first 
thing this organization did was form a newsgroup, called alt.privacy. I 
observed that at least 50 messages were posted to this newsgroup within 
the 3 days following the conference, most pertaining to privacy of 
emails. This was disappointing, to say the least. Presumably people 
will use the mailing list and the newsgroup to disseminate information, 
but whether this is merely a duplication of other existing newsgroups 
(such as RISKS), and whether the Privacy Council will have any impact 
at all, shall be left to be seen.

The conference opened with a comment by Jim Warren that this meeting 
could be "the first Constitutional Convention of the new frontier". He 
then introduced Harvard Law Professor Lawrence Tribe who used the 
analogy of cyberspace to describe some of the problems of a "virtual 
constitutional reality". He quoted Eli Noam as saying that "networks 
become political entities" and that there could conceivably be "data 
havens", private networks much like Swiss bank accounts, which are 
virtual governments in themselves. He asserted that a bulletin board 
sysop is not a publisher, in the same way that a private bookstore 
owner is not a publisher. The individual merely makes the products 
available, and has the responsibilities of a seller, not a publisher. 
Tribe then went on to delineate five major points. First, there is a 
vital difference between governmental (public) and private actions. 
Second, ownership is an issue that goes beyond that which may be 
technologically feasible. Property encourages productivity. You have a 
constitutional right to inhabit your own body. Free speech may be a 
luxury we can't afford (like yelling "fire" in a crowded theater, or 
viruses roaming the network). Third, the government cannot control 
speech as such. Recently it was ruled that answers to very simple 
questions (such as your name, age) are considered testimonial, as they 
require the use of the human mind. Fourth, the Constitution was founded 
on a normative understanding of humanity, and should not be subject to 
disproof by science and technology. The words of the 4th Amendment 
apply to material things, it defends people, not places. It is the task 
of law to inform and project an evolutionary reading of the bill of 
rights to new situations. Fifth, Constitutional principles should not 
vary with accidents of technology. In conclusion, Tribe proposed an 
additional amendment to the constitution which asserted that "this 
Constitution's protection for freedom of speech, press, 
assembly...shall be construed as fully applicable without regard to the 
technological medium used."

The first panel discussion of the conference was titled: Trends in 
Computers and Networks. Peter Denning of NASA Ames introduced the panel 
by stating that computers are now under attack due to security being 
added on as an afterthought. John Quarterman of Texas Internet 
Consulting then discussed the manner in which user/host names could be 
made more readable (accessable) on the network. Peter Neumann of SRI 
overviewed general issues surrounding the authorship of the "Computers 
at Risk" book, stating that the group involved with the text was 
primarily interested in motivating efforts towards evaluating safe, 
secure, reliable systems (and that they only proposed general 
guidelines in the text). He warned the listeners "don't wait for the 
catastrophe". Neumann also mentioned the issue of disenfranchization of 
the poor and lower class who will be unable to access the new 
technology, stating that "gaps are getting much bigger". Martin Hellman 
of Stanford University discussed cryptography. He stated that the 56 
bit DES standard was set not by technology, but instead by economics. 
He mentioned a study at Bell Labs that indicated that 70% of all 
passwords there could be cracked using a dictionary technique. He 
believes that technology will not solve all of our problems, and that 
persons who are concerned about social responsibility are not 
(necessarily) anti-technical. David Chaum of DigiCash spoke about 
informational rights and secure channels with regard to electronic 
money transactions. He believes that with an adequately encrypted 
system there is no necessity for a central, mutually trusted party. The 
problem is in finding a practical encryption protocol, or a 
distributed, mutually-trusted tamper-proof box solution. David Farber 
of the University of Pennsylvania expressed the view that protection 
schemes might not be "retrofittable" and should be part of the 
fundamental design of computer architecture, protocols and technology, 
rather than being tacked on, but he worried that people may not be 
willing to pay for these design features. Farber also mentioned the 
possibility of retroactive wiretapping, where archived data could be 
obtained through invasive means.

The second panel session was titled: International Perspectives and 
Impacts. Ronald Plesser of the Washington D.C. law firm of Piper & 
Marbury first mentioned that these issues impact on how international 
business is conducted. Many countries, particularly in Europe, have 
already established standards with which we must comply. Databases 
feeding Europe must be concerned with the processing of personal data 
of individuals. Certain directives have been authored that are so 
general in scope as to be difficult to apply ("to all files located in 
its territory" was one example). Tom Riley, of Riley Information 
Services in Canada, continued this discussion regarding data protection 
policies. He urged the authoring of a harmonized directive, similar to 
that for other exports. The United States, by lagging behind in 
establishing standards of its own, risks the possibility of losing the 
opportunity to affect these policies as they are being written. David 
Flaherty entertained the crowd with his "George Bush" speech, stressing 
that "privacy begins at home". Robert Veeder of the D.C. Office of 
Information Regulatory Affairs discussed the impact of the 30,000+ 
messages to Lotus which effectively stopped the production of their CD-
ROM database. This electronic lobbying had never been used to such 
great effect prior to that time. He believes the electronic forum will 
provide larger access to public concerns. (The impression I was left 
with was that certain governmental agencies are not wholly enthusiastic 
about this powerful method of expression, and that they are monitoring 
the situation.)
Next, we heard from a variety of speakers on the subject of Personal 
Information and Privacy. Janlori Goldman, of the ACLU, discussed the 
"library lending" project by the FBI. This was an attempt to track 
library usage habits of foreign nationals. The ACLU objects to this 
sort of surveillance as well as other similar broad-based methods. An 
audience member criticized the ACLU's own release of membership data, 
to which Janlori replied that she did not agree with her organization's 
policy to allow such releases, but was currently unable to do more than 
protest against it. John Baker, Senior Vice President of Equifax, 
described the benefits of information with regard to improved goods, 
services, prices, convenience and wider choices. (Equifax is an 
organization which supplies marketplace data with specific information 
about consumers.) He stressed that people need to understand their 
rights, responsibilities and opportunities with regard to their 
published data. He believes that the Lotus Marketplace product was 
flawed because of the delay involved when customers wanted to "opt-out" 
of the database. He portrayed a spectrum of controls over data usage, 
ranging from no restrictions (free speech), through some restrictions 
(based on impact, sensitivity, access, security and confidentiality), 
to absolute restrictions (where the available information would have 
little value). Equifax took a survey on consumer interest in 
availability of data for direct marketing purposes which revealed that 
75% would find it acceptable as long as there is a facility to opt-out. 
An audience member raised the point that the default is opt-out rather 
than opt-in.

These two speakers were followed by a debate between Marc Rotenberg, 
Washington Office Director of the Computer Professionals for Social 
Responsibility, and Alan Westin, Professor of Public Law and Government 
at Columbia University, with the subject "should individuals have 
absolute control over secondary use of their personal information?" 
Marc argued in favor of the statement, using an eloquent oratorial 
style, and Alan spoke in opposition with the demeanor of a seasoned 
litigator. Marc made such statements as "we are all privacy advocates 
about something in our personal lives", "it is the most fragile 
freedom" and "protect privacy, change the default", stressing that the 
individual should have the right to control the value and use of their 
personal information. Alan outlined four major issues: 1. Nature of the 
secondary use; 2. Society should decide on fair uses, not a nihilistic 
veto; 3. Underpinning of constitutional democracy; 4. Adequate control 
protects against potential misuse. He believes that the consumer 
benefits from the advantages of a knowledge society. No winner/loser of 
the debate was declared.

Speakers continued on the subject of Personal Information and Privacy. 
Lance Hoffman, of the EE & CS department at George Washington 
University, mentioned that Japan will be instituting a system of 
personal phone number calling --- basically you can send and receive 
calls at your "own" phone number wherever you happen to be situated. 
This permits very close tracking of individual movements and is a 
potential further invasion of privacy. He noted that no one has ever 
received the ACM Turing Award for a socially responsible system, and 
encouraged positive recognition of achievements along these lines. He 
also recommended that a "dirty dozen" list of worst systems be compiled 
and distributed.

Evan Hendricks, editor and publisher of Privacy Times, listed many 
records that are and are not currently protected by law from 
distribution. Interestingly, video rental records are protected, but 
medical records are not. He cited an interesting example of a 
circumstance where a man and woman living in the same home (but with 
different last names) were sent copies of each other's bills, urging 
them to encourage their "roommate" to pay. It turned out that the 
individuals were landlady and tenant. Another interesting fact that 
Evan revealed was that studies indicate ~30% of social security numbers 
in some databases are inaccurate. Lists of persons having filed 
Workmen's Compensation claims have, in some cases, been used to 
blacklist people from jobs. Hendricks urged people to ban the recording 
and distribution of human genome information --- some parents 
voluntarily provide cellular test results in case their child is later 
missing or kidnapped. There is no way to know how these records are 
likely to be used in the future.

Tom Mandel, director of the Values and Lifestyles Program (VALS) at 
SRI, spoke in favor of the Lotus Marketplace product. He felt that the 
30K response was not representative of the general public, and believes 
that a small percentage of "media sophisticates" can have apply greater 
leverage. He noted that VALS is currently involved with a joint venture 
with Equifax, who is currently involved with a joint venture with 
Lotus.

Willis Ware, of the RAND Corporation, chaired the HEW committee that 
led to the 1980 privacy act (a reporter preparing materials for 
publication can not be searched). He felt that the government 
previously was considered to be a threat to privacy, not a protector, 
and considers the privacy issue as one of social equity. He indicated 
that personal information should not be considered to be private 
property, and should be shared in an equitable manner. To apply 
royalties for usage would place a tremendous impact on costs. He noted 
that the databases behind airline, pharmacy and point-of-sale systems 
may be open to access by various groups including the Internal Revenue 
Service and Drug Enforcement personnel.

Simon Davies, a member of the law faculty at Australia's University of 
New South Wales, provided a sobering criticism of this conference and 
the United States' policy making processes, stating that the conference 
was too "nice" and "conciliatory" and that the "US is an embarrassment 
to the privacy issue". He used the term "pragvocate" (pragmatic 
advocate) to describe policy-makers who are well-trained, say the right 
things, and denounce extremes, giving environmentalists as an example. 
He reminded us that the basis of the US system is not to "opt-out" --- 
no one would write to the LA police asking "don't beat me up". Davies 
alerted us to the fact that Thailand, an oppressive military 
government, is currently purchasing US technology to provide smart ID 
cards for their citizens. He noted that the Smithsonian Institute 
awarded them a trophy for their use of technology. He stated that the 
United States is encouraging similar activities in the Philippines and 
Indonesia. 

A somewhat light-hearted after-dinner talk was delivered by Eli Noam, 
of Columbia University's School of Business, on the subject of 
"reconciling free speech and freedom of association". He suggested that 
phone systems be established whereby individuals can provide their 
friends and associates with special access codes so that they can dial 
them. Others can call, but at a higher rate. (Note that this would 
likely have an adverse impact on legitimate business and social calls 
as well as possibly reducing undesirable calls.) He stated that 
presently "no computer can write the 4-line plot capsules that appear 
in TV Guide", with regard to the failure of AI systems. Noam questioned 
the lack of policies concerning what happens to an information data 
base after an individual's death. He concluded with the statement that 
for "all digital systems --- 0's and 1's are created equal."

The second day of the conference opened with a session on Law 
Enforcement Practices & Problems. Glenn Tenney, well known as the 
organizer of the Hacker's Conference, chaired this panel with little 
comment. Don Ingraham, Assistant DA of Alameda County, Calif. (who, 
during a tutorial earlier in the week, distributed information on the 
writing of search warrants), gave a fantastically humorous 
presentation. He spoke of the "pernicious myth of cyberspace" and 
declared "you ARE the country". He mentioned that systems exist with 
"the security built in of a sieve" and that people have their 
information on these systems, but not necessarily because they want it 
to be there. He feels that the attitude of "don't worry, we don't need 
standards" is a poor one, and that laws should be written to let the 
people know what the rules are. He would rather see an organization 
formed called Sociable Professionals for Responsible Computing (instead 
of CPSR). He finished his talk by saying "if you don't do it, who will 
-- if not now, when" (a Talmudic quotation that he used without 
citation). 

Robert Snyder, of the Columbus Ohio Police Department, presented the 
view of the "cop on the street". He spoke of his naivete when first 
entering the field of computer law, and how much evidence was destroyed 
at first by listening to suspects who told him to type things like 
"format c:" in order to access the hard disk. He has encountered 
situations where the suspect actually does not know what is on the 
system --- some of these are cases where a parent is running a business 
and a child is using the machine for illicit hacking purposes. In these 
cases, even though he has a warrant to obtain all of the computer 
equipment, he often will not shut down a legitimate business. He 
brought up the issue of unregistered software sitting on a confiscated 
system. There are liability problems dealing with the return of such 
materials. Basically he stated that the law enforcement personnel 
require further education and training, and should operate within 
guidelines but with prudence.

Donald Delaney, Senior Investigator with the New York State Police, 
began his talk by relating how when his home was burglarized in 1985, 
he experienced a feeling of violation. This feeling is much the same 
with computer crime. Many firms experience a loss of income from such 
activities. In his experience, many of the people caught are engaged in 
more crimes than the ones they are charged with.

Dale Boll, Deputy Directory of the Fraud Division of the U.S. Secret 
Service, spoke of the various forms of access device fraud (credit 
card, ATM, passwords, phone access, frequent flyer numbers, etc.). He 
stated that it is illegal to posses counterfeit access devices and that 
if you have 15+ illegal access devices or numbers in your possession, 
you may be a subject of federal investigation. They have a 96% 
conviction rate. ATM cards can be manufactured illegally using 
cardboard and regular audio tape. The credit card industry is now 
losing $1 Billion per year. An audience member asked if they are using 
programs like Gofer (grep for UNIX hackers) to search for information 
they want on bulletin boards and networks. He replied that although 
they own this program, they use it personally and not for investigation 
purposes. 

The next session, on Law Enforcement and Civil Liberties, had seven 
participants, none of whom were given much time to present their views. 
I will briefly highlight what they said here. Sheldon Zenner, the 
Attorney for Craig Neidorf said that the prosecutors had originally 
sought a 2-year sentence, and that thanks to many of the people at this 
conference who rallied to Craig's support, they were able to get him 
off. Mark Rasch who defended the internet worm case stated that the 
expectation of privacy is changed because of the technology employed --
- technology affects behavior. Cliff Figallo, manager of the WELL 
(Whole Earth 'Lectronic Link, popular among many Bay Area participants 
as an alternative means of accessing the Internet) addressed his 
concerns about overuse of law enforcement. He wants his users to feel 
safe. Sharon Beckman, Litigation Council to the Electronic Freedom 
Foundation (EFF) and Attorney for Steve Jackson Games (whose computers 
were seized, when one of his fantasy games was perceived as being 
capable of training users to "hack" into computers) stated that 
underlying values of the constitution should be interpreted in terms of 
today's technology. Ken Rosenblatt, a District Attorney covering the 
Silicon Valley area, stated that he is charged with upholding civil 
liberties and feels that the laws are presently adequate. Mike Gibbons, 
Special Agent for the FBI, mentioned that he worked various white 
collar cases, including the 75 cent case (described in Cliff Stoll's 
book), and the Robert Morris case. He feels that there are various 
classes of computer crime, including impairment, data theft, and 
intrusion. Mitch Kapor, founder of EFF, stated that the "electronic 
frontier hasn't been settled yet" and that we should not stifle the 
"network petri dish inventing the future". He questioned the nature of 
reasonable search, stating that there haven't been enough cases yet to 
establish a meaning for this in computer law. Everyone should be 
protected from tyranny, not only hackers. He looks at the EFF as a 
means of civilizing cyberspace. The matter of free speech was discussed 
in the questioning session with the panel -- much speculation was 
directed towards the legality of discussions of bomb-making, system 
hacking, and the publication of other potentially lawless activities on 
the net or in technical papers. Other comments included the fact that 
law enforcement cannot seize an entire post office, their search must 
be limited to the mailbox of the suspect. This analogy applies to 
computer networks as well, although the volatility (ease of total 
destruction of evidence) of computer data is of concern to 
investigators.  As I had an extended and quite insightful conversation 
with Russ Brand over lunch, I returned a tad late to the next session, 
on Legislation and Regulation, and was only able to catch two of the 
speakers. Elliot Maxwell, Assistant Vice President at Pacific Telesis 
stated that it is "difficult to have simple and specific rules". Paul 
Bernstein, whose LawMUG BBS and Electronic Bar Association is well 
known among the legal community, stated that one should "use mediums 
that exist -- participate in fashioning the laws."

The most eye-opening session of the entire conference, in my opinion, 
was the following one on Computer-Based Surveillance of Individuals. It 
opened with Judith King describing the FBI Library Surveillance 
Program, where the reading habits of foreign nationals were 
investigated. She stated that many librarians want laws to protect the 
confidentiality of users, and some statutes have been passed. Karen 
Nussbaum, Executive Director of 9 to 5 (on which the film was based), 
gave an accounting of the monitoring of employees in the workplace. 
Currently over 26 Million employees are having their work tracked 
electronically, and over 10 Million have their pay based on computer 
evaluations. The personal habits of the worker can be monitored, one 
can look into a user's screen and see what they are doing or even send 
them messages. She described the "corporate plantation" as a place of 
stress, humiliation and harassment. Gary Marx, Sociology Professor at 
MIT, gave a whirlwind assessment of the importance of privacy, some 
technofallacies (like the Wizard of Oz "pay no attention to the little 
man behind the curtain"), and steps you can use to protect privacy (the 
bulk of these useful lists are published in the proceedings). He 
related how a telephone can be made "hot on the hook" so that you can 
silently monitor your babysitter, your children or your spouse, when 
you are not at home. Most devices, such as this one, are perfectly 
legal within your own house. David Flaherty spoke again, this time in a 
more serious vein, saying "we are living in a surveillant society" and 
"you have to make daily choices about what you are willing to give up 
about yourself." The second day's after-dinner speaker was William 
Bayse, Assistant Director, Technical Services Division of the FBI, who 
discussed a newly created national system called the NCIC-2000, under 
the topic of "balancing computer security capabilities with privacy and 
integrity". He began by asserting that crime has become more mobile and 
that conventional crime-tracking methods are inadequate. For example, 
he said, many missing persons actually want to remain missing. He feels 
that the accuracy of records is imperative. Various information bases 
have been formed, including lists of stolen items, vehicles, and wanted 
persons. Presently 65,000 officers are using this system, with 360M 
transactions annually, at a cost of 3 cents a transaction. For an 
example of effectiveness, over $1.1 Billion in vehicles have been 
recovered. Proposed, but not yet implemented is the portion of the 
system which provides a live scan of fingerprints at the scene of an 
arrest (or when someone is stopped for a motor vehicle violation) [with 
the intended purpose of considerably reducing false identifications... 
PGN]. Much criticism was generated from the audience regarding the 
potential misuse of this system for harassment, and the retention of 
fingerprints for future use. Marc Rotenberg addressed Bayse questioning 
why documents requested under the freedom of information act from his 
agency have still not been supplied, and stating that currently a 
lawsuit is pending to obtain their policies regarding monitoring of 
computer bulletin boards. Bayse refused comment.

The final day of the conference opened with a session on Electronic 
Speech, Press and Assembly. Jack Rickard of Boardwatch Magazine 
mentioned that bulletin boards are highly specialized, primarily funded 
by individuals, and are in their embrionic stage. David Hughes, 
Managing General Partner of Old Colorado City Communications, added 
some color to the conference with his western garb (10-gallon hat, bolo 
tie) and use of his laptop for the notes of his speech. He described 
himself as a "Citizen of the Western Frontier of the Information Age" 
and drawled, "Read my Cursor". He described electronic speech as 
"fingers of the tongue with the ear for the eye --- but it is still 
speech". In describing US history, were it to have occurred today, 
Jefferson would have used a Macintosh, Adams would have used a PC, but 
"Tom Paine would have put Common Sense on a private BBS with a 
Commodore 64". "Don't tread on my cursor!" he cried. George Perry, Vice 
President of Prodigy, began by saying that he did not want to engage in 
discussion on the dispute, but then stated that "Prodigy does not read 
private email". Prodigy is a privately owned and operated company which 
believes that the market should be allowed to decide what services need 
to be provided. The Constitution regulates free speech with respect to 
the government, Prodigy thinks of itself as a publisher. Lance Rose, a 
NY Attorney, enumerated the types of rights afforded to individuals and 
companies with regard to ownership, including trade secrets, 
confidentiality, trademark, copyright and patent. There is currently a 
great diversity of laws which service providers must adhere to, making 
the provider, in some instances, a law enforcement agent. During the 
open comment section, Hughes noted that very few legislators are 
currently on-line, and he thanked Prodigy for preparing the NAPLPS 
market (for his products). The notable talk in the Access to Government 
Information session was David Burnham's (Co-Director and Writer with 
the Transactional Records Access Clearinghouse [TRAC] in D.C.). He 
stated that "badly administered agencies are more damaging than rogue 
operations". The objectives of TRAC are to obtain transactional data 
>from federal enforcement agencies, such as the IRS, NRC, and Justice 
Department. He demonstrated how the raw statistics could be combined 
with additional figures regarding inflation, population, and margin of 
error, showing that the so-called "trends" of increasing crime, or 
increased non-compliance with tax law, were actually flat lines when 
the mitigating factors were added in.

The final panel discussion was on Ethics and Education. Richard 
Hollinger, Sociology Professor with the University of Florida, asserted 
that the "same officers who are investigating computer crimes are the 
ones who are protesting computers in their patrol cars because they 
feel it would be oppressive." He is concerned with the industry's 
encouragement of the use of computers in schools, before rules for 
their ethical use have been written. Donn Parker with SRI stated that 
laws are needed in order to convict hackers. Convictions have a "very 
good effect on our whole problem", he said. He referred back to the 
60's when the ACM and IEEE drafted codes of conduct, and said that 
these should be popularized. He believes that one can not teach ethics, 
that it comes from interpersonal relationships, and (for him) the 
Christian religion and the Bible. One can teach, he believes, the 
application of ethics, beyond the golden rule. He delineated three 
rules: 1. The Owner's Rule - you choose to issue your property into the 
public domain, or not; 2. The User's Rule - you assume everything 
belongs to something else, unless otherwise informed; 3. The Hacker's 
Rule - systems are free, everything should go to the people (which he 
rejected as childish, not worth considering). He suggested that we 
consider the dilemma of Descartes -- if it is OK to start by stealing 
pencils, where then can we draw the line? Dorothy Denning spoke briefly 
regarding the network uses by children (Kids Net). She speculated that 
we should teach them something about hacking in order to take the 
mystery out of it. She compared telephone fraud by children as a more 
sophisticated version of the "is your refrigerator running" prank.

The Education and Ethics panel continued with the softspoken John 
Gilmore, a "generalist" with Cygnus Support. He warned that we are 
losing the larger open society. The US is currently #1 in percentage of 
population in jail. He spoke of drug usage as a victimless crime. John 
asked the audience "who has not broken a law in the past month?" Only a 
few raised their hands. He then asked "who here has all their disks 
clean -- free from something you would not want them to find if you 
were investigated?" About 15% raised their hands, but after pondering 
it, a number of them lowered them (the person behind me muttered that 
he had some shareware for which he had not paid). Gilmore said "privacy 
is a means -- what is the end we are looking for? Tolerance." He urged 
real privacy of personal communications, financial transactions, things 
should be as "private as that thought held in our minds." He demanded 
that we stop building fake systems -- laws that dictate that you "can't 
listen to cellular phone calls" -- and instead build real protections 
into your systems and buy them from others. His talk received a 
standing ovation from the vast majority of the audience members.

The remaining panel speaker, Sally Bowman, a Child Psychologist with 
the Computer Learning Foundation, stated that her organization is 
working to raise awareness and solve a number of problem areas. The 
problems she outlined were: 1. Lack of awareness of the magnitude of 
the problem. Software industry is being hurt by piracy; 2. Many 
misimpressions -- confusion, lack of information; 3. Lack of teeth in 
software copying policies; 4. Lack of strategies in teaching ethics; 5. 
School budgets are too small to allow legal procurement of software. 
Her organization is presently educating parents as to the "tell-tale" 
signs which indicate whether a child is "abusing" computer systems.

The concluding session, entitled "Where Do We Go From Here" was staffed 
by a number of the conference speakers. They overviewed their feelings 
regarding the issues raised during the sessions and made general 
comments with respect to what they might do to raise awareness and 
resolve some of the problems. 

Throughout the conference many pamphlets, brochures and newsletters 
were distributed. Although it is infeasible for me to provide copies of 
this literature, interested parties can contact me or Jim Warren 
(jwarren@well.sf.ca.us) to provide source names and addresses. Some of 
the more interesting items (in no particular order, just how they 
happened to come out of my briefcase) included:
  - Brochures from the Cato Institute "Toward a Moral Drug Policy", 
"America's Counter-revolution", "The Semiconductor Industry and Foreign 
Competition", "The Promise of High-Definition Television: The Hype and 
the Reality", and their publication catalog.
  - Matrix Information and Directory Services Newsletter.
  - The Manifesto of Militant Humanism.
  - "Are you a Hacker?" by Robert Bickford, reprinted from MicroTimes.
  - Call for formation of a World Privacy Network.
  - An advertisement for SafeWord Software (password 
checking/protection).
  - Condom distributed by Anterior Technology (they market a system 
whereby you can retrieve the first 80 characters of emails while out of 
town).
  - "The Bill of Rights is Under Attack" from Committee for the Bill of 
Rights.
  - Hollywood Hacker Info, reprinted from Computer Underground Digest.
  - Calif. State Assembly Bill #1168 on Personal Information Integrity.
  - Computer Learning Month - from the Computer Learning Foundation.
  - The Equifax Report on Consumers in the Information Age - A reprint 
of John Barlow's article "Crime and Puzzlement" from Whole Earth 
Review, Fall 1990.
  - Various brochures from the First Amendment Congress, an 
organization providing educational materials on the First Amendment.
  - Policy papers from the League for Programming Freedom including 
"Against Software Patents", "Lotus Disinformation Forewarned is 
Forearmed", and the Effector (its newsletter).
  - CPSR reprints of newsarticles regarding the Lotus database.
  - Promotional literature for Ted Nelson's Xanadu.
  - Brochure for the Community Memory BBS, and its newsletter.
  - Brochure for the Art Com Electronic Network.
  - Brochure for the International Society for Individual Liberty.
  - Various copies of MicroTimes.
  - Application forms for CPSR and the League for Programming Freedom.
  - Rel-EAST, the east-west high-tech business report.
  - Suggested reading on how computer crime is investigated from Don 
Ingraham.
  - Book promotional literature including: "Rogue Programs" edited by 
Lance Hoffman, Van Nostrand Reinhold "Protecting Privacy in 
Surveillance Societies", David Flaherty, University of North Carolina 
Press "Spectacular Computer Crimes", Buck Bloombecker, Dow Jones-Irwin  
"Using the Public Library in the Computer Age", Westin & Finger, ALA.  
Directions & Implications of Advanced Computing, Vol. 1 and Proceedings   
>from 88 and 90, CPSR.
  - Flyer announcing "The Privacy Project" an NPR series (for which I 
was interviewed) to be broadcast in the Fall of 1991.
  - Flyer advertising "Your Expanding Infosphere" an NPR ComputerTalk 
Program.
  - Reason, a magazine for "free minds and free markets" whose cover 
story was on cryogenics.
  - Flyer on the National Apple Users Group Conference, June 7-9, 1991.
  - Flyer on the Silicon Valley Networking Conference, April 23-25, 
1991.
  - Flyer on the third Chugach Conference, University of Alaska, Oct. 
3-5, 1991. Plus Center for Information Technology News from U. Alaska.
  - Flyer on the Calif. Forum of the First Amendment Congress, May 6, 
1991, Stanford University (free to the public).
  - Flyer for the Electronic Democracy Conference, Sept 4-5, 1991.
  - Calls for Papers from:  The National Conference on Computing and 
Values (Aug. 12-16, 1991)  Directions & Implications of Advanced 
Computing (May 2-3, 1992)

I returned home with a broader idea of the many facets of the computer 
freedom and privacy issue. I must now admit to being more worried than 
I was before I attended this conference, as to the lack of solutions 
being offered by my colleagues. Perhaps this meeting of the minds is a 
first start. More work needs to be done. 

R. Mercuri mercuri@gradient.cis.upenn.edu The following are some 
addenda & corrections to my trip report on the Computers, Freedom and 
Privacy Conference, with thanks to the individuals who provided 
additional details and insights.

1. A second CFP conference has been scheduled for Spring 1992 in 
Washington, D.C. -- the general chairman will be Lance J. Hoffman.

2. Later figures for the first conference indicate that Jim Warren's 
losses may not have been as severe as he had indicated when I spoke 
with him.

3. Although the formation notice for alt.privacy indicated that the US 
Privacy Council was created AT the CFP conference, Lance Hoffman has 
informed me that this organization was actually formed PRIOR to the 
conference. Its first public meeting was held during the conference 
period but otherwise had no official conference involvement.

4. Robert Veeder works at the Office of Information Regulatory Affairs 
IN D.C., a branch of the federal Office of Management and Budget.

5. Mark Rasch prosecuted (not defended) the internet worm case.

6. Dorothy Denning wrote to me, mentioning that "the main point I tried 
to make in my talk was that we are letting our young people down by not 
taking responsibility for bringing them into the computing and network 
community as responsible users." My brief comments of her talk could 
lead a reader to believe that she was somewhat cavalier about the 
issue, which was certainly not the case.

7. The "sandals of Silicon Valley to the dark suits of Washington" 
quote should be accredited to Terry Winograd.

8. Judith Krug (not King) spoke in behalf of the American Library 
Association.

9. In Dave Hughes' talk, he had Franklin using an Apple and Jefferson 
using Word Perfect running under Windows (far more comical than what I 
had recalled).

 Considering the length of the conference and quantity of speakers, I 
am relieved that my errors and omissions were so few.

Yours in good journalism, R. Mercuri mercuri@gradient.cis.upenn.edu
 --