Internet Policy Issues Debated at 9th Conference on Computers, freedom and privacy

Internet Policy Issues Debated at 9th Conference on Computers, freedom and privacy

Barbara Glover

Introduction

The Conference on Computers, Freedom and Privacy (CFP99), held April 6-8, 1999 in Washington, DC, attracted more than 500 attendees from 20 countries, including Hong Kong, Australia, South Africa, and Russia. In addition to representing many different countries, speakers came from many different backgrounds, including higher education, the law, government, industry, the media, law enforcement, public interest groups, and industry watchdog organizations. With one of the speakers being named "Chuck D., Public Enemy," it is understandable why a journalist referred to those gathered at the conference as "hackers, crackers, policy wonks and government officials!" (Weise and Zuckerman, 1999). According to its Web site, (www.cfp99.org) programs addressed many issues which are of continuing concern to librarians and other Internet users, namely "access, anonymity, censorship, civil society, consumer protection, copyright, crime, culture, democracy, diversity, electronic commerce, encryption, free expression, freedom, governance, human rights, legislation, privacy, security, standards, and surveillance."

The first morning provided attendees with a choice of four tutorials including one on "Techniques for Circumventing Internet Censorship." The conference itself both opened and closed with plenary sessions on the topic "Freedom and Privacy and the Global Internet." In between, there were nine panel discussions, four keynote addresses, a public policy scenario called "Chemical Databases on the Internet", a mock trial entitled "Judging Privacy," and several opportunities for eight working groups to get together. Two of the panels were called "Free Speech and Cyber-Censorship" (I and II). Others covered "The Creation of a Global Surveillance Network," "Anonymity and Identity in Cyberspace," "Copyright on the Line: Blame It on Rio? Or Title 17?," "Privacy and Profiling," "Access and Equity and the Global Internet," "Is Escrow Dead? And What Is Wassenaar?," and "Self-Regulation Reconsidered."

The CFP99 Web site was well developed prior to the conference, containing the program and lists of speakers with links to submitted papers, in addition to the registration form and information on travel and accommodation. Following the conference, the Web site linked to issues of the daily conference newsletter and to 36 news articles from 12 different publications providing some coverage of conference activities. Unfortunately, several other features which promised to be "coming soon" never showed up, namely, RealAudio of conference sessions, video clips, and a CFP99 Conference Report. Therefore, this article will be based on second-hand reports and observation of the Web site rather than on audiotaped proceedings as in recent years.

CFP99 keynote speakers were Henrikas Yushkiavitshus, associate director of UNESCO; Tim Berners-Lee, director of the World Wide Web Consortium; Vinton G. Cerf, president of the Internet Society; congressman Ed Markey, sponsor of the Electronic Bill of Rights Act; and Commissioner Mozelle Thompson of the US Federal Trade Commission. According to the conference newsletter, Yushkiavitshus declared privacy to be an important component of the moral rights upheld in the Universal Declaration of Human Rights. He wants to see moral and societal concerns prevailing over economic and technological interests, a process that would be aided by the passage and implementation of national privacy laws. Web inventor Berners-Lee sounded an alarm over the "insidious" practice of some Internet search engines skewing searches to favor their biggest advertising partners by moving their Web sites into top positions in search result sets. This unfortunate development might make it necessary to develop a labeling system whereby unbiased search engines can identify themselves as such (Miller and Weise, 1999). Even though the Earth-bound Internet is troubled by many unsolved dilemmas and controversies, plans are under way for an "interplanetary" Internet. Cerf predicted that "a well-functioning network between Mars and Earth should be up by 2008" (Boodhoo, 1999a). He also announced that the Internet is experiencing its 11th consecutive year of doubled growth and the number of users is expected to grow to 300 million by the end of 2000 (Weise and Zuckerman, 1999).

Markey's speech on the privacy theme gathered the most press attention. After sponsoring the 1998 bill that became law protecting the online privacy of children, Markey, a ranking Democrat on the House Subcommittee for Telecommunications, Trade, and Consumer Protection, spoke about his upcoming proposal to introduce legislation being referred to as a national privacy policy or privacy bill of rights. This policy would have several features, allowing individuals:

• •

  to discover what information is being gathered about them;

• •

  to learn how that information will be used; and

• •

  to be able to block the gathering of that information.

At conference time, he was uncertain whether or not to add provisions giving individuals the right to view all information that had been collected about them and to correct errors. Violating the new privacy code would result in penalties, with enforcement provided by the Federal Trade Commission (FTC) and the Federal Communications Commission. In his keynote address, FTC Commissioner Thompson admitted that the Clinton Administration's support for privacy self-regulation has softened since a 1998 Federal Trade Commission survey revealed that only 14 percent of Web sites had posted privacy policies. At present, a company can be punished for failing to follow its own posted privacy policy, but it does not have to post a policy in the first place. Microsoft's recently-developed product, "Privacy Wizard," is expected to simplify the process of promulgating privacy policies. The Privacy Preferences Project (P3P) of the World Wide Web Consortium has already developed standards for the content of privacy policies. Despite simplifying the technology and witnessing increased participation in the self-regulatory plans constructed by the Better Business Bureau and the Online Privacy Alliance, Markey believes privacy legislation is required for the "10 to 20 percent of businesses that are going to exploit consumers." He wants to give "all the rights to individuals ... leaving nothing in doubt as to what the responsibilities of industry are" (Clausing, 1999).

Freedom and Privacy and the Global Internet

Although George Vradenberg of America Online spoke out in favor of the Clinton Administration's policy favoring self-regulation of privacy concerns in electronic commerce, many others agreed with Stephen Lau, Hong Kong Privacy Commissioner for Personal Data, who likened self-regulation to "Dracula looking after the blood bank!". The 1996 Hong Kong Personal Data Privacy Ordinance states that "consumers must be allowed to opt out of disclosing private data, have access to their records, and be able to correct any errors" and "companies can't collect data for one stated reason and then use it for another." Violating this ordinance is a crime. Barbara Simons, President of the Association for Computing Machinery, favors the imposition of similar privacy legislation in the USA. Librarians should appreciate Simons' remark that she longs to see "the same efforts to protect privacy that we've seen to protect intellectual property" (Macavinta, 1999a). Panelist Simon Davies, Fellow of the London School of Economics and founder of Privacy International, is so upset by widespread abuses of privacy that he is contemplating a rather drastic "outing" campaign. He would establish a bulletin board featuring a "most wanted" list of the biggest privacy offenders (i.e. those who are profiting by collecting and reselling personal data). Not only would the Web site name names, but it would also display information about the offenders, information freely gathered from public Internet databases, including photographs, addresses, and other personal information, even lists of assets (Johnston, 1999)!

The Creation of a Global Surveillance Network

Panelists described alarming developments, some internal to individual countries, others involving international cooperation. Privacy is most compromised in Russia where Internet service providers are required to enable police monitoring and blocking activities on their networks at their own expense. Needless to say, encryption is outlawed in Russia and Internet access costs will rise due to the added expense for providers to meet these new government directives. Sergei Smirnov represented Human Rights Online, one of the few groups willing to speak out against such governmental interference. Erich Moechel of Quintessenz described the frightening new Austrian regulations which allow police to wiretap without court orders. Ken Cukier of Communications Week International talked about a French surveillance network that is being shared by the German Government. Steve Wright of the UK's Omega Foundation sounded an alarm over the capabilities of Echelon, a surveillance system of the USA and the UK. Scott Charney of the US Justice Department's Computer Crimes Department reminded the audience of the need for systems to combat international crime, systems we would not need "if everyone were law abiding, but they're not" (McCullagh, 1999a).

Anonymity and Identity in Cyberspace

Austin Hill, President of Zero Knowledge Systems, suggested that Internet privacy depends upon the availability of several factors such as the freedom to use encryption software, the ability to browse anonymously, the separation of political discourse from the Internet commercial arena, and the possibility of "redemption" provided by the capability to remove embarrassing evidence from Internet archives. Philip Reitlinger of the US Justice Department referred to the difficulties posed for law enforcement by the use of anonymity, claiming "it's hard to put pseudonyms in jail." Others pointed out that law enforcers and intelligence services are themselves frequent users of anonymity. In any case, older digital privacy tools are becoming easier to locate and use while many new tools are being developed. Lance Cottrell, Anonymizer's chief executive, claims that these tools simply make the Internet more like the real world where anonymity is routine. No one keeps track of where you drive and park your automobile, but everything is "by default logged and tracked" on the Internet, so "you have to take special steps to achieve [anonymity]" (Lewis, 1999). Anonymizer, the oldest vendor in this field, offers services for modest fees. It's interesting to note that, while some companies prohibit employee access to the Anonymizer site, other companies use Anonymizer regularly while gathering information from the Web sites of competitors, and Anonymizer is a frequently used item in the toolkit of law enforcement agencies. Other speakers described AT&T's new product named "Crowds" and the "Onion Router" being developed by the US Naval Research Laboratory. Both Bell Labs' new system named "Lucent Personalized Web Assistant" and "Freedom," a Windows program being developed by Zero Knowledge Systems, would allow Internet users to create untraceable pseudonyms.

Free Speech and Cyber-Censorship

As usual, censorship and filtering were hot topics at CFP. Jagdesh Parikh of Human Rights Watch reported on China's desire to "filter" out the rest of the world's content by establishing its very own Internet restricted to China (Seminerio, 1999). Yaman Akdeniz of Cyber-Rights and Cyber-Liberties reported strong interest within the European Union in regulating "illegal and harmful content" such as child pornography. During another panel, American Civil Liberties Union counsel Ann Beeson argued against those who would restrict children's rights in order to protect them. On the other side were Bruce Taylor, President of the National Law Center for Children, and David Crain, assistant to Senator John McCain who sponsored the Child Online Protection Act. No agreement was reached on any issue, including the use of the term "harmful materials." Although a strong opponent of government censorship, Daniel Weitzner of the World Wide Web Consortium has reached the conclusion that filters have actually been good for the Internet. If filters had not been available, he believes that recent US court decisions would have favored restricting Net content.

Copyright on the Line: Blame It on Rio? Or Title 17?

Without a doubt, this was one of CFP99's liveliest sessions. According to a report in Wired News, putting "MP3 activists, disaffected musicians, and recording industry lobbyists in the same room ... [resulted in] expletives, arguments, and plenty of hard feelings to go around" (McCullagh, 1999b). The term "Rio" in the title refers to Rio players which allow Internet users to decompress and listen to downloaded MP3 audio files. Independent musicians joined forces with Michael Robertson, MP3.com President, favoring a market free of any restrictions. For musicians who want to be able to connect with small, specialized audiences without interference, MP3 is a godsend. Representatives of the American Association of Publishers and of the Recording Industry of America claim to have the interests of musicians at heart. In order to ensure that musicians will be paid while being protected from piracy, the recording industry has developed the Secure Digital Music Initiative (SDMI), a system that will help track usage, limit copying, and arrange for commission payments. MP3 advocates perceive SDMI as a mechanism by which the recording industry will maintain its control, throttling technology while interfering with creativity. In the absence of SDMI, cryptographic and watermarking techniques may be used to authenticate the content of recorded material available on the Internet.

Chemical Databases on the Internet: Risk to Public Safety or Government Accountability?

Panelists debated potential benefits and dangers of the recent US Environmental Protection Agency ruling that chemical plants must submit online accounts of "worst-case scenarios." Current plans were to allow state and national agencies to access these reports on the Internet, while individuals would have to request paper copies. Favoring an openly accessible database of these scenarios were Wired News, Community Right-to-Know, OMB Watch representatives, and all audience members who spoke out. Representatives of the US Government and members of the Chemical Manufacturers Association expressed fears that such openness would facilitate acts of terrorism.

Privacy and Profiling

Members of this panel confirmed that data mining is big business and warned of personal privacy loss as commercial and government databases are converging and being cross-referenced. Even with personal identifiers stripped out, Latanya Sweeney, Carnegie Mellon professor of public policy, demonstrated how easy it can be to identify individuals after cross-checking data from several different sources. While most consumers are oblivious as to the nature and quantity of personal data being collected about them, members of the legal community admit an inability to determine the full extent of data available to the government through court order. Professor Walter Effross of Washington University speculated that it is conceivable the Justice Department could subpoena all America Online e-mail messages containing a particular word (Beer, 1999). Strong laws are needed to protect citizens. This conclusion seemed to be supported by most CFP99 panelists who would urge the USA to emulate the privacy practices of European Union member countries by adopting a comprehensive privacy law. For now, instead of a privacy agency with a staff to handle complaints and initiate legal action, the USA has a "newly appointed privacy counselor, Peter Swire, who ... will not directly handle consumer redress and will have only two dedicated staff members" (Macavinta, 1999b).

Awards

Comic relief was provided at the expense of companies and agencies named recipients of the Big Brother awards. Privacy International, a British consumer advocacy group, sponsored the first American award ceremony. Held on the 50th anniversary of the publication of George Orwell's book, 1984, the awards are nicknamed the "Orwells." Judges selected winners and runners-up from hundreds of nominations submitted on Privacy International's Web site:

• •

  Elensys Inc. was named "Greatest Corporate Invader" for collecting and selling the records of millions of patients from 15,000 pharmacies.

• •

  Representative Bill McCollum won "Worst Public Official."

• •

  "Most Invasive Public Proposal" went to the "Know Your Customer" program developed by the Federal Deposit Insurance Corporation.

• •

  The Federal Bureau of Investigation got the "Lifetime Menace" Award.

Costumes and props enlivened the affair as mock representatives pretended to accept the awards until Microsoft employee Saul Klein astonished everyone by dashing to the podium to accept the "People's Choice" Award given to "honor" the "globally unique identifier" codes built into Microsoft's Office software. On a more serious note, Brandeis awards were presented to two individuals for their "positive contributions to combating invasions of privacy." One went to PGP encryption software developer and defender Phil Zimmerman; the other went to Diana Mey, the West Virginia housewife who used information from the Junkbusters Web site (www.junkbusters.com) in her prolonged and well-publicized battle against a persistent telemarketer (Boodhoo, 1999b).

The 10th Conference on Computers, Freedom, and Privacy is scheduled for April 4-7, 2000, in Toronto. Chairperson is Lorie Faith Cranor of AT&T Labs Research. The conference Web site may be found at www. cfp2000.org Look for a report in an upcoming issue of LHTN.

Barbara Glover is a Cataloger and Federal Depository Librarian at the Bruce T. Halle Library, Eastern Michigan University, Ypsilanti.lib_glover@ONLINE.EMICH.EDU