13th Conference on Computers, Freedom and Privacy

13th Conference on Computers, Freedom and Privacy

Barbara Glover and Mary Meernik

The 2003 CFP conference convened April 1-4 in New York City. On April 1 the Usage Log Data Management Working Group met in order to develop a model policy for organizations that would protect individual privacy during the process of capturing and analyzing Web site usage statistics. The following three days featured 14 plenary sessions, three keynote addresses, 21 topical discussion periods, a session honoring the winners of this year's Electronic Freedom Foundation Pioneer Awards, and a program deriding the "winners" of the Orwell Awards. This is the first year that the conference Web site, www.cfp2003.org, has provided downloadable mp3 files in addition to streaming audio files in wma and mp3 formats for all keynote addresses and plenary sessions.

Plenary session topics reflect serious concern over governmental actions taken in response to September 11, including Total Information Awareness and Patriot II. Continuing concerns are electronic surveillance, copyright, Internet filtering, data retention policies, human rights, and Internet architecture. Radio frequency identification is a new topic we are sure to hear much more about in the future. As always, speakers on each panel represent varying points of view while the conference subtitle, "Freedom to move think and speak!" indicates the primary motivation of conference organizers.

The first keynote speaker, Bruce Schneier, founder and Chief Technical Officer of Counterpane Internet Security, Inc., provides a five-point scheme for evaluating the trade-offs of any new program designed to increase security:

1. 1.

   What assets are you trying to protect?

2. 2.

   What are the risks to those assets?

3. 3.

   How well does the security solution mitigate those risks?

4. 4.

   What other risks does the security solution cause?

5. 5.

   What costs and trade-offs does the security solution impose?

His main point is that there is no way to eliminate all risks of crime or terrorism – "we can mitigate the risk but can't make it go away." The second keynote speaker, George Radwanski, Privacy Commissioner of Canada, reminds us of the following chilling remark made by Osama bin Laden one month after September 11: "Freedom and human rights in the US are doomed." Final keynoter, Lawrence Lessig, Professor of Law at Stanford, expresses grave concern over the increasing concentration of media ownership and the increasingly restrictive copyright provisions in the USA, by remarking, "Never has there been more control over the creation and distribution of culture." He reminds us that "the ideal of freedom in the First Amendment took hundreds of years to build and takes extraordinary energy to keep." Fortunately the Conference on Computers, Freedom and Privacy convenes each spring to energize participants for the ongoing work of defending First Amendment freedoms while protecting the right to privacy.

The remainder of this article summarizes the content of the 14 plenary sessions.

A moment in time: putting computers, freedom and privacy in context

Dan Gillmor (Moderator), San Jose Mercury NewsIra Glasser, former Executive Director, American Civil Liberties Union(1978-2001)Ed Tenner, Independent Writer, Speaker, and Consultant

This session is billed as a history lesson. Glasser provides convincing evidence in support of Thomas Jefferson's belief that, during a climate of fear, Americans would "resort for repose and security to institutions which have a tendency to destroy their civil and political rights. To be more safe they would be willing to run the risk of being less free." Governments utilize war and fear of war as an opportunity to expand their power, offering safety in exchange for limits on liberty. Although history shows that governments are unable to guarantee anything more than the appearance of safety, it is nearly impossible to argue that liberty and dissent are important when people are afraid because "fear turns logic on its head."

In 1798, only 11 years after Jefferson's quoted remarks, the government took advantage of a climate of fear to pass several laws regarding aliens. These laws required immigrants to wait 14 years before they could obtain citizenship, allowed the President to deport anyone for no reason, and enabled government to incarcerate non-citizens for indefinite periods of time without hearings. This series of legislation culminated in the Sedition Act which actually outlawed criticism of elected officials. Almost 120 years later, the First World War's climate of fear led to the passage of the Espionage Act in 1917 followed by another Sedition Act in 1918. As in 1798, thousands of people were prosecuted for dissent, especially people of foreign descent. A similar climate of fear during the Second World War led to the internment of thousands of Japanese Americans, despite the fact that no accusations were ever made. Years later, President Reagan apologized to the Japanese Americans for this injustice, admitting that it had been an act of "racism and war hysteria." Glasser emphasizes that the targeting of feared minorities is always part of the response to irrational fears. He suggests that we learn from these "cautionary tales" and "greet all claims of enhanced security with skepticism."

Agreeing that "a lot of the world is really governed by emotion," Tenner urges us to figure out ways to use emotion for the worthwhile purpose of counteracting irrational fear and xenophobia. The concept of data mining frightens him because "vast accumulations of data are invitations to incredible amounts of mischief." He fears that public officials will concoct spurious theories, claiming that they are proven by various clusters of the data that they gathered without even knowing what they were looking for.

Computers, freedom and privacy after September 11

Peter Swire (Moderator), Professor of Law, Ohio State UniversityJim Dempsey, Executive Director, Center for Democracy and TechnologyAnthony Romero, Executive Director, American Civil Liberties Union (ACLU)Nawar Shora, Legal Advisor, American-Arab Anti-Discrimination Committee

This second plenary session is a perfect follow-up to the opening session summarized above. Romero describes how the ACLU is currently framing a discussion about the impact of the war on terror on civil liberties. Its "Safe and free campaign" emphasizes what citizens should be fighting for, rather than dwelling on what they are fighting against. Their campaign slogan supports the beliefs that "safety without freedom can mean dictatorship [and] freedom without safety can mean anarchy." According to Romero, recent policy changes have resulted in the following four trends:

1. 1.

   increased use of race and ethnicity as a proxy for suspicion;

2. 2.

   lowered judicial standards of review for surveillance;

3. 3.

   a reduction in the effectiveness of checks and balances between the three branches of the federal government; and

4. 4.

   the shutting down of dissent and debate in the aftermath of September 11.

He strongly urges us "to remain vigilant and to connect the issues across these different spheres," noting that "the war on terror has very much been turned into a war on immigrants."

Shora provides details of the impact on minority groups, particularly Arabs, of the war on terrorism. Racial profiling is practiced under several new federal programs. The National Security Entry Exit Registration System (NSEERS) has two main thrusts:

1. 1.

   special registration of non-immigrants from 25 countries, 24 of which are Muslim; and

2. 2.

   border registration designed to prohibit entry to high-risk individuals.

Thousands of young men of Middle Eastern descent have been subjected to two phases of questioning by the Department of Justice. Shora also reports well-organized attacks on the Web site and e-mail of the American-Arab Anti-Discrimination Committee. Pointing out that he is addressing the CFP audience 18 months after September 11 and that the Japanese internment camps were opened 18 months after Pearl Harbor, he asks if it might not be too far-fetched to imagine that the next phase of Department of Justice questioning of Muslim and Arab men will require them to spend time in a camp. It seems to Shora that the prevailing fearful attitude is "take his freedom, take his rights; I just want to feel secure."

Dempsey urges citizens to constantly be on guard, questioning in detail how specific government programs could possibly be effective in increasing safety. He wants scientists and technologists to get involved in the fight against total information awareness, hoping they will be able to discourage the government from such a program on the grounds that it is not technologically feasible. He also urges concerned parties to join forces to overturn the set of 1970s Supreme Court decisions that held "you have no constitutional privacy interest in the records that you voluntarily disclose to other businesses."

On a positive note, Romero refers to some progress that has been made on the civil liberties front despite the chilling political climate. Communities have enacted ordinances opposing the federal government's increased surveillance and police powers, while police departments and college administrators are refusing to cooperate with FBI and Immigration and Nationalization Service directives. He reserves his highest praise for librarians who are speaking out against the Patriot Act and warning patrons that their reading habits might come under surveillance by the federal government. Romero says that mail from a local librarian is "often the best mail I can open in a day!"

Total information awareness

Herbert Lin (Moderator), Computer Science and Telecommunications Board, National Research Council, National AcademiesHeather McDonald, Manhattan InstituteKatie Corrigan, Legislative Counsel, American Civil Liberties UnionMichael Scardaville, Policy Analyst, Heritage FoundationBarbara Simons, Association for Computing Machinery

This session is organized as a debate between advocates and opponents of the proposed Total Information Awareness (TIA) program. Moderator Lin emphasizes that both technology and policy issues need to be addressed. This plan to link distributed government and commercial databases into a "giant virtual database" raises legitimate concerns about the program's objectives, the accuracy and completeness of the data, misuse of the information and privacy implications.

McDonald, arguing in support of TIA, is baffled by the "hysterical, vociferous opposition" to the government's efforts "to try to prevent another catastrophic attack." She insists that the opposition's arguments are based on "patent falsehoods," stressing that "everything within the program is currently legal" and simply allows the government to search and analyze the information in its own intelligence databases. Scardaville, also speaking in favor of TIA, reiterates McDonald's concerns about the "direct threat to our national security from foreign operatives embedded within our society." In order to fight this war on terrorism, both data mining, which facilitates the separation of useful from irrelevant information, and the sharing of information in distributed databases is absolutely essential. Current restrictions are preventing the government from electronically sharing crucial information quickly and efficiently. He believes that privacy safeguards can be built into the system and that the government "must seek to advance security and liberty hand in hand."

Equally passionate in their opposition to TIA are panelists Corrigan and Simons, with Corrigan stressing the difficulty of debating "an amorphous, secret concept" of a program that does not even exist. She speculates about the actual motives of the Defense Advanced Research Projects Agency (DARPA) in developing TIA – is the intent to merely "connect the dots or find the dots to connect?" If it is the latter, then she warns that the outcome will be "general surveillance" and "generalized warrants" that do not require probable cause or judicial review. In February 2003, Congress put the brakes on TIA, leaving Corrigan to hope that our legislators will carefully examine the goals and parameters of such a program and assume a significant oversight role if the program goes forward. Simons focuses on the security and privacy risks of what she characterizes as a total information access program. Under TIA, the government would have the power to compile information from financial, medical, education, telephone and travel records. This information will likely be targeted not only by terrorists but also by employees seeking to sell the data. Information will be collected without knowledge or consent, and individuals will have no way to verify or correct data which is often inaccurate. Searching and analyzing information in databases of this scale will also result in thousands of false positive matches.

The two sides then pose questions to each other, with much of the discussion focusing on how the TIA approach differs from "traditional investigation-based models." The opponents assert that TIA would utilize new data mining techniques that search for patterns of behavior rather than focusing on activities of specific individuals. The proponents counter that it is necessary to search for patterns that help identify suspects when law enforcement does not know their identity. Scardaville claims that the current process of pulling together data about terrorists is long and arduous; TIA would enable the process to occur electronically and would "only extract information on suspected individuals" (i.e. those on watch lists, etc.).

In conclusion, McDonald stresses that data mining has enormous power and is not inherently "a negative or a positive technology," and with sufficient Congressional oversight, it can be used to prevent future terrorist attacks. Simons emphasizes the futility of applying data mining techniques to commercial and government databases that are full of errors and that will generate "hundreds of thousands of false positives." She urges a "rigorous and independent review of the technology and its impact on our society."

Role play the moral maze: security and freedom in a dangerous world

Simon Davies, Specialist in Privacy and the Impact of Technology on Society and the IndividualJim Dempsey, Executive Director, Center for Democracy and TechnologyDeclan McCullagh, Chief Political Correspondent for CNET's News.comEli Noam, Professor of Economics and Finance, Columbia Business SchoolNadine Strossen, Professor, New York Law SchoolPeter Swire, Professor of Law, Ohio State University

Participants in this session have a terrific time playing various roles in an imaginary Texas town named Podunk in the year 2005. The Iraq war is still raging, George Bush is serving his third term as President, and Total Information Awareness is fully implemented. Among the characters are the owner of a chain of regional newspapers, a reporter who is over-qualified for the local paper, the police chief, and the mayor who happens to be married to the technical officer of the largest company in the area. The chief of police and the journalist are uncomfortable and suspicious when a Middle Eastern stranger named Saddam Oscar Hussein comes to town. Discomfort turns into alarm when a small plane crashes, the pilot is missing, a contaminant is discovered on the plane, and contagion spreads in town. After a deep throat telephone call points to a connection between the stranger, the plane, and the corporation, phone calls are traced and there is talk of secretly performing DNA testing on blood samples taken for the purpose of determining illness. Before long, the company pulls out of the country, disgusted with the atmosphere of suspicion, the invasive data-gathering, and the publicity that was undermining some of its sensitive business negotiations.

The Patriot II and electronic surveillance

Lauren Gelman (Moderator), Assistant Director for the Center for Internet and Society, Stanford Law SchoolDavid Sobel, General Counsel for the Electronic Privacy Information CenterKate Martin, Director of the Center for National Security StudiesAnn Beeson, Associate Legal Director, American Civil Liberties Union

Going back to the beginning of CFP, Sobel provides a sobering historical and technical overview of the government's ever increasing use of electronic surveillance. Initial efforts in 1991 focused on encryption with attempts to force companies to build government backdoors into their encryption systems. Failure to gain this early foothold led to the introduction of the Digital Telephony Act (CALEA) in 1994 which the FBI hoped to "exploit for an encryption fix." During the mid-1990s, the FBI and CIA insisted that digital telephony was "targeted purely to the telephone environment" and that it would not affect the Internet. At this same time, law enforcement was also making extensive use of pen register orders which, because they only gave the right to monitor incoming and outgoing phone numbers, were much easier to obtain than wiretap orders, which gave access to content of calls. In 1999, the FCC, although acknowledging the serious privacy issues raised, ordered that the FBI be provided with the content of packet mode communications when it obtained a pen register order. Again it was claimed that the Internet was off limits, but by the next year, the FBI was demonstrating a pen register device for the Internet, CARNIVORE. Although insisting that the technology enabled separation of addressing data from content, information received through Freedom of Information Act requests have revealed just how problematic it is to avoid intercepting content information. The Patriot Act, passed in the aftermath of September 11, "codified the FBI practice of conducting pen register surveillance on the Internet." Recent efforts by Congress and privacy organizations to monitor how the Patriot Act is being used are hampered by the FBI's "persistent secrecy." Two recent alarming developments are the FBI's push to bring cable modems under the purview of CALEA and the proposed Patriot II provision that would give law enforcement the authority to intercept all communications, including phone calls and e-mails, coming through multi-function devices.

Martin's presentation focuses on how the Foreign Intelligence and Surveillance Act (FISA), passed in 1978, is now being used to target non-citizens living and working in the USA. Court cases have interpreted FISA to be limited to wiretapping US residents and non-residents suspected of involvement with foreign groups engaged in terrorist activities. Martin stresses that although FISA "is not intended to give the government a tool to use against individuals" based on their religion or political activity, the government is indeed using its surveillance powers to identify and target non-citizens who fit such profiles. These individuals are arrested on immigration violations, put in jail with no right to a court-appointed lawyer, and then frequently deported. Martin pointedly reminds us that although these people are not citizens, the "Fourth Amendment applies to everyone inside the United States." In April 2003 a Senate bill will be introduced that would "eviscerate the already low standards of FISA as it applies to non-citizens who are not legal, permanent US residents." The bill would allow the government to use surveillance on such a person even in the absence of evidence "that the individual is in anyway connected to a foreign terrorist group." Amazingly, except for senators Kennedy and Leahy, no one has objected to this proposed bill; and in fact, the draft of Patriot II incorporates this bill and modifies it so that it would apply to everyone, citizen as well as non-citizen.

Beeson discusses ACLU's recent litigation pertaining to FISA and the Patriot Act. Prior to the Patriot Act, the government had to certify that the key purpose of doing a wiretap under FISA was to obtain foreign intelligence. A Patriot Act amendment to FISA now permits wiretapping when only a significant purpose is foreign intelligence gathering. Attorney General Ashcroft issued guidelines that reflected the broadest possible interpretation of this new provision. The FISA Court actually rejected this interpretation, but its ruling was overturned by the FISA Court of Review. Concerned that the provision would enable the government to bypass the Fourth Amendment, the ACLU did manage to file a petition in the case, despite the intensely secretive nature of the proceedings. In addition, the ACLU, in addition to groups whose members have been placed under surveillance, have been filing petitions in various cases around the country, although it is difficult to find clients when the government does not have to release names. Unless FISA evidence is used in a criminal proceeding, there is nothing that "innocent targets can do to challenge to law," and currently only 1 percent of the data gathered under FISA is actually used in criminal cases.

Internet architecture and free speech

Jay Stanley (Moderator), Communications Director of the Technology and Liberty Program, American Civil Liberties UnionJeff Chester, Executive Director, Center for Digital DemocracyPaula Boyd, Regulatory Counsel, MicrosoftMichael Schooler, General Counsel, National Cable and Telecommunications Association

In his introductory remarks, Stanley discusses the significance of the evolution from dial-up to broadband Internet access. Common carrier dial-up access was characterized by minimal regulation, competition, numerous service options, and the ability to easily switch providers. Broadband access, monopolized by one or two providers, will threaten open access and consequently, "free speech will be jeopardized if the forums where free speech take place are not themselves free."

Chester agrees that the "Internet is being reshaped by very powerful corporate interests." The era of competitive common carrier access with over 7,000 Internet service providers (ISPs) is now history with the Federal Communication Commission (FCC) determining that ISPs have no right to connect to the broadband network. Chester echoes Stanley's philosophy that the Internet "must be preserved as a medium for democratic discourse." This requires that the Internet continue as a two-way medium of communication with open access and lack of content control. However, he predicts that telephone companies (telcos) offering DSL service and cable companies will impose their television model which is "all about transmitting advertising and programming" to consumers. These companies "will ensure that their bits, their services, their partners will get preferential treatment."

Chester's Center for Digital Democracy and Microsoft both belong to the Coalition of Broadband Users and Innovators, but Boyd stresses that the group's members do not share all the same objectives. Microsoft does not support the common carrier model requiring continued ISP interconnection with the network. Instead Microsoft supports FCC regulations that would give consumers "unfettered access to content" and the right to connect Internet ready devices, such as Microsoft's gaming console, to the network. Microsoft has the resources to negotiate with broadband service providers to ensure that the company's software and hardware will make it to the Internet marketplace; however, Boyd expresses concern that smaller companies lack the resources to develop products without prior assurance that broadband service providers will allow access to them. She worries that currently there is "not enough competition to discipline behavior (of the service providers) in the marketplace."

Schooler professes amazement over the gloomy scenarios posited by the previous speakers. He contends that high speed access, now available to 80 percent of US households, has greatly expanded the services (news, sports, movies) that are available over the Internet. He claims that there are no instances of cable providers blocking access to any lawful services and that the role of the cable company or telco "as a content provider is really negligible." The only problem that he is aware of is that popular high bandwidth services can slow down service to other users on the same node. He argues that forcing the cable industry to replicate the dial-up model where multiple ISPs could offer service would substantially raise costs and degrade service quality. He also rejects the need at this time for any FCC ruling to ensure access to content and the use of third party hardware on the network. He insists that any regulations now would somehow be manipulated by dominant retailers such as Amazon "to remain dominant in the marketplace." Chester counters that without safeguards in place, "industry business models will prevail," and he cites some legally questionable concessions that Comcast extracted from America Online in allowing AOL access to its network. Boyd favors the FCC adopting the "least intrusive approach," but does want a ruling "that allows traffic to move where consumers want it to move."

Human rights and the Internet

Dinah PoKempner, Deputy General Counsel, Human Rights WatchBobson Wong, Executive Director, Digital Freedom NetworkElisa Munoz, Director, Crimes of War ProjectPatrick Ball, Deputy Director, Science and Human Rights Program, American Association for the Advancement of Science

PoKempner profiles dissidents in China, Tunisia, and Vietnam who have been jailed for merely sending e-mail or hosting Web sites that promote democracy and human rights. She urges those who want to help these individuals to write their representatives rather than to send e-mails which do not have "high impact."

Wong discusses his organization's efforts to use the Internet for human rights education. The Digital Freedom Network publishes articles, provides Internet tools for activists, hosts online chats with human rights experts and so on. In dealing primarily with smaller organizations, the Network has discovered that these groups, particularly those in developing countries, have very limited technological expertise and "need help in using the Internet effectively." He stresses the need for software tools, such as cryptography applications, that are inexpensive and "cater to the audience." Wong urges more interaction between those activists who are well versed in cyber-rights and the traditional type of human rights activists who are not only faced with Internet censorship but also with barriers to obtaining Internet access.

Munoz's Crimes of War Project was formed by journalists who, while covering the wars in the Balkans, felt their work suffered because of their lack of knowledge about the Geneva Convention and the laws of war. In order to educate their colleagues and hopefully "increase compliance with international humanitarian law," these journalists published Crimes of War: What the Public Should Know and have made it available online. In addition to hosting a Web site which is the Project's main source of outreach, the group also runs a 24 hour hotline staffed by legal experts, organizes seminars for journalists and has produced a video. She stresses that journalists covering the war in Iraq are frequently confronted with possible law of war violations by both sides, and these correspondents must either be familiar with or have easy access to legal information in order to report situations as accurately as possible.

Ball's presentation focuses on how critical it is for human rights activists to encrypt and back up their Internet files and databases. Activists have been urged for years to use cryptography for their own personal safety, although Ball does acknowledge that the difficulty of using such software severely curtailed its use. However, in addition to using encryption, activists should also guard against loss of data by having an off-site backup in the event their computers are confiscated. Thankfully, Ball reports that both objectives are now readily accomplished with the use of free, easy-to-use software. The Martis Project, using an interface similar to Microsoft Outlook, automatically sends and saves files in encrypted form to a remote location when the user logs in. The Guatemala Data Mirror Project transparently encrypts and backs up everything in a user specified folder to a directory on a server in the USA.

The great firewall of China: Internet filtering and free expression

Will Doherty, Media Relations Director, Electronic Frontier Foundation (Moderator)Ben Edelman, Harvard Law Student and Fellow, Berkman Center for Internet & SocietyKimberley Heitman, Attorney and President, Western Australian Internet AssociationKijoong Kim, Lawyer, JinbonetArturo Quirantes, Professor, University of Granada (Spain)

After Moderator Doherty explains that the title of this session is misleading because it is intended to be a tour of Internet censorship worldwide, Heitman takes us to Australia where she claims the government is quite authoritarian. The Broadcasting Services Act, passed two years ago, requires ISPs to make an array of approved filtering products available for download to their customers. Since less than 1 percent of users have chosen to download filtering software, the government is now considering requiring ISPs to perform the actual filtering at the server level. Australian cyber crime law requires people to provide their encryption keys to the government on demand. Through these various examples Heitman makes it clear that freedom of expression is not constitutionally guaranteed in Australia.

Edelman, who has served as an expert witness in the Children's Internet Protection Act case, is a researcher on the technical aspects of Internet filtering. He has tested millions of Web sites through servers in various countries to learn what is available to their citizens. Saudi Arabia has only one gateway to the Internet so it is able to practice proxy-based filtering, the most granular filtering tool. A total of 1,000 proxy servers check Web requests against block lists and decide which ones to let through, denying access to most pornography and many sites with religious and political content. On the other hand, China practices router-based filtering, so it can only look at ISP addresses and block entire Web servers. China performs extensive blocking of Western news sites and political sites. Because China's filtering is so imprecise, Edelman notes that a staggering amount of content is unavailable to its citizens.

Kim is legal counsel for an organization representing South Korean ISPs. Until recently, the South Korean government could order revision of motion pictures, sound recordings, and video products, while the government-controlled Information and Communication Ethics Committee regulated Internet content, blocking prurient material and sites critical of the government. A June 2002 court ruling favored freedom of speech, but encouraged use of filters based on Web site rating systems. According to Quirantes, Internet freedom is deteriorating in Spain. A recent electronic commerce law has produced a chilling effect. Ever since a judge forbade ten ISPs to show a particular political Web site to their customers, preemptive censorship is becoming more common. Now all ISPs are required to retain a PEN register of Internet traffic for up to a year.

Wrapping up the panel discussion, moderator Doherty bemoans the fact that ineffective or overactive filtering is having an adverse effect on millions of US schoolchildren. He is alarmed to see the federal government's practices of seizing the domain names whose owners are being prosecuted, posting a notice explaining that the Web site is now the property of the US government, and listing the details of the case against the owners. However, he derives hope from the development of software which can route Web page requests around firewalls and from the introduction of the Global Internet Freedom Act in the US House of Representatives. As politicians buy into the idea of fighting Internet censorship by the governments of other countries, perhaps they will be more supportive of Internet freedom for schools and libraries within their own country.

Data retention in Europe and America

Henry Farrell (Moderator), Assistant Professor, Department of Political Science, University of TorontoMaria Farrell, International Chamber of CommerceMarco Cappato, European ParliamentIan Brown, Foundation for Information Policy Research (London)Cedric Laurant, Electronic Privacy Information Center

In his opening remarks, Farrell explains the difference between the two concepts that will frame the panel's discussion. Data retention is the "routine and preventive storage by all covered providers of large categories of data for a specified period so that it is available for subsequent retrieval and use as evidence or intelligence by law enforcement." Data preservation is much more narrowly focused on collecting and storing information about a specific individual for a specified period of time with access to the data subject to legal and constitutional safeguards. Prior to the September 11, 2001 terrorist attack, Europe had a very strong data protection regime, but now privacy protections are being eroded and Farrell fears that mandatory data retention policies are on the horizon in many European countries. He is very critical of the behind the scenes machinations at the international level that are "sidestepping around the democratic process" and presenting these new policies as a "fait accompli." He strongly criticizes the US government for pressuring European countries to "roll back privacy protections."

Maria Farrell, who is Henry Farrell's sister, discusses the roles of the public and private sectors in Europe regarding data retention and preservation. The interested governmental bodies include justice and home ministries, communication ministries, and data protection authorities. The affected private sector players include the telecommunications industry and Internet service providers, businesses that are users of telecommunication services, hardware equipment manufacturers, and intellectual property holders. She stresses that the private sector parties focus primarily on how much data retention requirements will cost them, followed by concerns about feasibility, liability, and impact on public confidence. Unfortunately, the last issue is of little consequence to business and the "civil liberties people will be left outside" when the real negotiations begin. Like her brother, she sees the USA as the "greatest threat to our privacy in Europe" and accuses the UK of "acting as a proxy for US policies."

As a member of the European Parliament, Cappato has pushed to limit the data retention practices of member countries. He warns that the outcome of a new ruling that allows states to enforce data retention measures will enable the "transfer of data without any judicial or democratic oversight." Pointing out that the security and intelligence agencies in many of these countries already have "literally unfettered powers of surveillance" in pursuing cases, Cappato is now seeking "explicit guidelines and safeguards against general surveillance measures."

Brown discusses the history and current status of data retention policies in the UK. When the Anti-Terrorism, Crime and Security Act was passed in November 2001, only furious lobbying secured the concession that data retention was only to be used for purposes directly or indirectly related to national security. Currently the UK has a voluntary code for data retention that stipulates that data be retained for periods of six months or 12 months depending on the circumstances. Brown reports, however, that all types of agencies, including police, customs and tax officials, are seeking access to Internet traffic data for a wide range of purposes unrelated to national security and without any judicial intervention. Because Internet service providers are uncertain about their liability in cases other than national security situations, they are choosing, in many instances, to not comply with the voluntary code.

Laurant discusses the data preservation policy of the USA and compares it to the data retention regime of the European Union. He notes, that even after September 11, the US government did not mandate data retention; in fact, law enforcement agencies can only request traffic data from ISPs and telecommunication companies on a case by case basis. So, currently in the USA, ISPs and telcos are free to store whatever data they choose depending on business, marketing and financial considerations. In European Union countries, data retention is mandatory and is therefore guided by law enforcement needs rather than by commercial interests. However, Laurant warns that the US government is secretly planning to implement a data retention regime, and he claims that European countries were pressured to adopt data retention policies so that the USA could claim that it was compelled to follow suit. In conclusion, he stresses that data retention regimes breach both the presumption of innocence and freedom of expression.

Moot court – beyond LICRA vs Yahoo!: free speech in a world without borders

Ann Brick, Attorney, American Civil Liberties Union Foundation of Northern CaliforniaChristopher Chiu, American Civil Liberties UnionClaire Kelly, Professor, Brooklyn Law SchoolCedric Laurant, Policy Counsel, Electronic Privacy Information CenterPaul Levy, Attorney, Public Citizen Litigation GroupMary Wirth, International Counsel, Yahoo!

During this session, panelists role-play the parts of chief justice and of attorneys representing both sides in a theoretical case involving a US-based Web site that violates Belgian law. A Belgian student at a US university has mounted a Flemish language Web site called VRB.com on the Internet server of a small Internet service provider. Similar to other European countries still reacting to the horrors of the holocaust, Belgium outlaws racist speech and discrimination. VRB.com not only propounds the view that Belgium should deny Jews and Muslims citizenship because they are inferior races, but it also pushes banner ads with these views on to the screens of anyone logging on from a Belgian ISP. An anti-racist Belgian student group has won a judgment in a Belgian court that the "mom-and-pop" ISP must remove offensive content from the VRB.com Web site and stop the racist banner ads. This theoretical case has landed in a US court. The doctrine of comity generally results in one nation upholding the judgments of another nation.

Arguments flare on both sides. Who has the right to regulate Internet content that is hosted in any particular country? Someone argues that freedom of speech is a relative right, that the Belgian banning of racist speech is similar to US law promoting affirmative action, in that both aim to correct historical wrong doing. Another speaker points out that the doctrine of comity never requires a country to enforce a judgment that violates one of their fundamental policies. Obviously, freedom of speech is a fundamental policy in the USA, where even the advocacy of unlawful conduct is normally protected by the First Amendment. Someone proposes that the ISP implement geo-locational filtering that would forbid Belgian users access to its site. Others say that the burden should rest with Belgian authorities to filter this Web site from its citizens. It is inconceivable that Internet service providers all over the world might be required to evaluate all of the content on their servers in the light of the laws of all other countries of the world. That would most likely result in the laws of the nations that are most restrictive of speech coming to govern speech on the Internet.

Terrorizing rights: international cooperation and international anti-terrorism policies

Gus Hosein (Moderator), Privacy International, LondonTracy Cohen, Graduate Fellow, Centre for Innovation Law and Policy, University of TorontoToshi Ogura, Professor, Toyama University, JapanDavid Banisar, Director, Freedom of Information Project, Privacy InternationalJohn Wadham, Director, Liberty

The pervasive theme of this session is how differently terrorism is defined around the world and how difficult it is to achieve international consensus on how to fight it. Moderator Hosein provides a broad overview of policies being implemented on the national and international level. He points out that Canada and countries in the European Union have overbroad definitions of terrorism that could conceivably prohibit public protests. International cooperation has encountered numerous obstacles such as Germany's initial refusal to extradite Moussaoui, the so-called 20th hijacker of September’11, to the USA because of the two countries' differing views on the death penalty. Hosein criticizes the USA for its practice of leaving terrorist suspects in or transferring them to countries such as Morocco that employ torture to extract confessions. Although countries and international organizations are developing some of their own policies to fight terrorism, there is no doubt that the USA is applying so much pressure that it is often difficult to determine "where policy is coming from." However, Hosein expresses optimism that the USA, Canada and India are revisiting some of their anti-terrorism legislation and enacting sunset clauses "that make up for the lack of discourse and deliberation that we encountered after September 11."

Cohen discusses anti-terrorism developments in Africa, stressing that several agreements were in place prior to September 11, 2001. African countries, acting under the umbrella of the Organization of African Unity, recognized the link between instability and a broad range of social and economic problems, including organized crime, money laundering, and arms dealing. The Algiers Convention, drafted in 2002, and as of April 2003, signed by 41 African countries, provides a framework to fight terrorism by facilitating information exchange on terrorist groups, providing for extradition, and encouraging mutual legal assistance. However, Cohen is concerned about both the implementation and policy issues related to the plan. Many African countries simply do not have the infrastructure or resources to provide increased police and border control, to prevent financing of terrorism, and to establish a common terrorism activity database. On the policy side, Cohen points out that the Convention's definition of terrorism could apply to "any act intended to disrupt public or essential service." She warns that the "rubric of counter-terrorism [should not be used] to further political agendas, consolidate power, eliminate political opponents, or inhibit legitimate dissent."

Ogura covers Japan's anti-terrorism efforts, including that country's cooperation and compliance with international measures to regulate the transport of security and financial data. In accordance with the Cybercrime Convention, Japan is introducing legislation pertaining to computer viruses, hacking, and data retention and preservation. Ogura next considers human rights issues particularly as they relate to the crime of human trafficking. This is an extremely serious problem that did not receive adequate attention prior to September 11. Now with the institution of strict new immigration controls in many countries, the victims of human trafficking are more easily being identified through forged documents and profiling based on ethnicity and religion. Finally, Ogura discusses improvements in Japan's airport security system, including measures to prevent forgery of passports and visas, the sharing of passenger data with other countries, and the introduction of biometrics in public and check-in areas.

Banisar attempts to summarize anti-terrorism developments in Europe which is difficult given governments which range from democratic to autocratic. Some European countries passed terrorism laws years ago to deal with groups like the Irish Republican Army and the Red Brigades. He stresses that most European countries do not have the same constitutional protections and level of judicial review that exist in the USA. He describes the European Union as "incredibly undemocratic" with the justice and home ministries of the most conservative states setting the policies for all. The European Union has mounted a number of counter-terrorism initiatives, including facilitating the extradition of criminals, instituting tougher immigration controls, easing restrictions for wiretapping and interception of traffic data, imposing mandatory data retention, and placing more restrictions on financial privacy.

Wadham is exceptionally critical of how anti-terrorism laws in the UK are being used to circumvent the legal process. Ironically, individuals accused of crimes such as murder and rape can be detained for only four days while those suspected of terrorism can be held for seven days without being charged. He cites a number of examples that might cause a person to be labeled a terrorist, such as participating in a political or religious protest that results in some type of property damage or professing, even if untrue, to be a member of a terrorist group. He complains that much of the legislation "isn't specific to terrorism-related offenses"; the provisions can "kick in merely on the investigation of any type of crime." In Wadham's opinion, the main issue at this time is the detention without trial since December 2001 of 13 foreign citizens in the UK. These individuals are being held on the grounds that they pose "an emergency that threatens the life of the nation," and as Wadham points out, there is no indication as to when this emergency will end. Subjecting anyone to this type of abuse is "a scar on the constitutional as well as the human rights reputation of the UK."

Auto ID: tracking everywhere

J.D. Abolins (Moderator), Network Support SpecialistKatherine Albrecht, Director of CASPIAN (Consumers against Supermarket Privacy Invasion and Numbering)Mark Roberti, Editor, RFID JournalRichard M. Smith, Internet Privacy and Security Consultant

Roberti explains that radio frequency identification (RFID) originated during the Second World War when the British needed a system to prevent them from shooting down their own planes. Since then, RFID has been used for numerous purposes including securing radioactive materials, enabling automated tollgate pass systems, and identifying cattle. Under the auspices of the Auto-ID Center (www.autoidcenter.org), a commercial/academic partnership is developing an "Internet of things," a global network capable of tracking every item manufactured anywhere in the world through the use of electronic product codes. Costs have come down from $10 per chip three years ago to $0.40 per chip this year and the industry is working toward a cost of $0.05 per chip. RFID technology will help companies save money by reducing theft, tracking inventory, and improving efficiency. Consumers might benefit in the future from chips that authenticate drugs, clothing tags with chips that can be read by laundry equipment, and grocery "sell-date" chips that produce warning messages in intelligent refrigerators!

Both Albrecht and Smith refer to the grave threats to privacy posed by RFID technology and the $7 billion customer relations management industry. Store loyalty cards have facilitated the creation of enormous databases of consumer information but they are the "tip of the iceberg." According to Albrecht, "the marketing industry views everything you do in a store to be their property." Sensors have been planted on shelves and in floors, microphones have been hidden in potted plants, and security cameras register consumer traffic patterns and responses to product placement. When data on consumer behavior and product usage is linked to information on specific consumers, we are on the road to creating a "national dossier about US citizens," a database of great interest to the federal government in its mandate to provide for national security. Albrecht describes some frightening future scenarios made possible by current technological developments. She has formed a public interest organization, CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering), which is working to ban consumer applications of RFID until regulations are in place to prevent the creation of a seamless network of readers capable of tracking every activity of US consumers. In order to prevent chips from being used as "people-trackers," Smith and many privacy advocates insist that all chips come with a "kill switch" that allows them to be turned off or disabled.

Keynote from the right and left

Barry Steinhardt (Moderator), Associate Director, American Civil Liberties UnionJerrold Nadler, US Congressman from New YorkBob Barr, Former US Congressman from Georgia

Not withstanding the title of this session, Nadler stresses that privacy is "not a right/left issue" and he describes Barr during their years in Congress as a "partner in protecting online privacy." Unfortunately as Nadler points out, the trampling of civil liberties during wartime is all too common, and in times of crisis these rights are actually viewed as threats to our national security. He recounts the troubling process surrounding the passage of the Patriot Act which was rammed through Congress the same day it was introduced. The executive branch's determination to quash debate on legislation like this is continuing with the secret drafting of the so-called Patriot II bill. Although a draft proposal of this bill was leaked and is getting intense scrutiny, Nadler warns that we continue to face the prospect of "dangerously unjustifiable breaches of our liberties." He is very critical of the Total Information Awareness (TIA) program which would enable the government to mine information from a variety of sources, even without specific evidence of wrong-doing. The CAPPs II program would allow the government to run background checks on airline passengers and to prevent travel by individuals simply based on their patterns of activity. Nadler is concerned about increased collusion and data sharing between law enforcement agencies and the military, which up to this point has been prohibited from doing domestic surveillance. Finally, he criticizes the President's power to detain citizens and non-citizens on suspicion of being an enemy combatant. Pointing out that such individuals can be jailed indefinitely with no right to a lawyer or to judicial review, Nadler stresses that the exercise of such power has been "unprecedented since Magna Carta." So we are currently confronting a variety of threats from our own government to not only our privacy but also the "liberty and security of the person."

Barr explains why privacy, although not mentioned in the US constitution, is a "fundamental principle on which our constitution and the individual components of the Bill of Rights are based." Equally important is access to information, which Barr describes as this century's "currency of power." And it is an immutable law of nature that governments always want more power regardless of how much they have. Our executive branch, using terrorist attacks or threats as rationale, seeks more and more information about citizens and non-citizens. As Barr reminds us, the executive branch will never surrender any of its power, direct or implied, and will never admit error in its use of existing power and resources. Instead, the response is always to demand more power and more money and to resist any type of Congressional oversight. Barr uses these precepts to frame his criticisms of the Patriot Act and the proposed Patriot II, TIA and CAPPS II programs. The executive branch's position that "the best way to catch terrorists is to collect information on everybody" is in direct violation of the Fourth Amendment. Barr is also concerned that the government's definition of domestic terrorism will be expanded to include opposition to activities unrelated to terrorism. He urges all of us to communicate with our representatives in order to focus more attention on these issues, hopefully leading to more thorough hearings and congressional oversight of the proposed programs.

Can free speech survive the new intellectual property regimes: a debate

Jane Ginsburg (Moderator), Professor, Columbia Law SchoolYochai Benkler, Professor, New York University School of LawChuck Sims, Attorney, Proskauer Rose

Moderator Ginsburg would prefer to reword the title into the less "tendentious" question, "What are the new intellectual property regimes and do they threaten or advance free speech or a little of both?" She introduces the session by reviewing the three main sections of the Digital Millennium Copyright Act (DMCA) of 1998. A quite uncontroversial section protects service providers who simply provide a conduit for subscribers or who rent space to Web site operators. If they comply with a notice and takedown system described in the law, they will not be held liable for infringements in the communications or Web content of their subscribers. Another section of the DMCA makes it unlawful to tamper with copyright management information. The controversial section of the law declares that acts of circumventing an access control and acts of selling or distributing a device primarily designed to circumvent an anti-copy control are illegal.

Sims has no problem with the so-called anti-circumvention and anti-trafficking section of the DMCA. Copyright law uses the word "secure," not only securing exclusive rights to authors but also entitling Congress to enact further provisions to secure income streams for authors. Because modern technology permits instantaneous copying, distributing, and storage of perfect copies, copyright owners' income streams had become insecure and needed the protections provided by the Digital Millennium Copyright Act. Sims claims the law did not eliminate fair use, although "some fair use might have become a little more difficult to perform … It is not a violation of the First Amendment merely because something that computer technology allows you to do is unlawful to do."

Wishing to keep the emphasis on First Amendment rights, Benkler prefers the official title of this session to the rewording suggested by Ginsburg. He does not advocate abandonment of copyright law but insists that "the boundaries of copyright must be policed by the First Amendment." It is not surprising that corporate giants in the information business want to restrict people in their use of the copying and distribution tools put into their hands by the digital revolution but, "when you extend copyright law in any particular way, you must justify every burden that you are creating on the freedom of people to use technology to speak as they wish." He takes some comfort and hope from seeing that the attempt to replicate DMCA provisions in the realm of hardware has stalled, that the Uniform Computer Information Transactions Act (UCITA) has only been adopted in two states, and that there have been attempts to enact fair use exemptions to the DMCA. He is also heartened to observe a cultural movement toward self-publication and distribution, promoting an open environment of shared information outside the boundaries of the commercial copyright-protected infrastructure. Ginsburg seems to agree when she suggests that "there could be a great cultural revolt and the market for these hyper-protected copies will collapse and we will have a completely irrelevant law" if the exercise of fair use becomes too burdensome.

Barbara Glover barbara.glover@emich.edu) is Federal Depository Librarian, andMary Meernik (mary.meernik@emich.edu) is Cataloging Librarian, both at Bruce T. Halle Library, Eastern Michigan University, Ypsilanti, Michigan, USA.