CFG summary for interesting-people (if you're interested)

[David Farber <farber@central.cis.upenn.edu>]

appear in their medical records.  In response to a question from the
audience about the use of social security numbers as medical
identification numbers, the panelists gave conflicting responses.
Goldman opposed the use of the SSN for identification purposes because
it is not a unique identifier and because it is already used for other
purposes and thus easy to cross reference.  However, Gellman argued
that if a new identification number is introduced, it will soon have
the same problems as the SSN.  He said the SSN should be used, but
there should be restrictions on its use.  Lee Ledbetter of HDX added
that most databases can do cross references based on telephone
numbers.  The panelists also discussed the problem of informed
consent.  Gellman explained that people often sign away privacy rights
through informed consent because they think they have to, not because
they really are informed or consenting.


The next panel was titled, "Can Market Mechanisms Protect Consumer
Privacy?"  This discussion, which centered around whether privacy is a
right or good, was probably most easily understood by the lawyers and
economists (I am neither) in the audience.  Of note, panelist Eli Noam
suggested that consumers could reduce intrusion on their privacy by
telemarketers if telemarketers could only reach them through personal
900 numbers.  Mark Rotenberg explained that the real problem with
caller ID is that the phone companies use it to sell rights to
consumers.  One audience member challenged a panelist's proposal that
people should own the information about themselves asking, "Who owns
your birthday -- you or your mother?"


The lunch lecture was eloquently delivered by Phil Zimmermann, author of
Pretty Good Privacy (PGP), a public key encryption tool.  Zimmermann,
who is being investigated for export control violations but has not been
indicted, told the audience that the future of privacy in America
is not hopeless.  Referring to the Clipper proposal he said, "We
live in a democracy here... we ought to be able to stop it."
Zimmermann explained why he developed PGP and allows it to be distributed
free of charge.  He also spoke out against the fact that all public
key cryptography patents are in the hands of one company (thus
those who use PGP without licensing the cryptographic algorithm may
be breaking the law).


The next panel discussion focused on "Creating an Ethical Community
in Cyberspace."  Computer science professor Martin van Swaay began by
explaining the importance of trust in a free society.  "Freedom is not
the absence of restraint, but the presence of self restraint," he
stated.  He said freedom is necessary to earn trust, and trust is
necessary to give laws meaning.  Philosophy professor Bruce
Umbaugh then discussed anonymity and pseudonymity in cyberspace.
He gave some examples of cases where pseudonymity is useful but
anonymity is not and explained why anonymity is much more
of a threat than pseudonymity.  Steven Levy, author of Hackers,
then discussed the hacker ethic and how it is helping to shape
cyberspace.  In response to a question, van Swaay said he reserves
the right to ignore anonymous messages because, "If you have
something real to say, why do you want to hide?  And if you want
to hide, it makes me wonder why."


Most non-computer-scientists skipped the next panel discussion,
"Standards for Certifying Computer Professionals."  However, among
computer scientists, the panel was quite controversial.  Professor
Donald Gotterbarn explained that both ACM and IEEE are considering
licensing proposals.  He discussed one proposal that would impose
mandatory licensing on computer professionals.  The proposal called
for various levels of licensing, based on skill and areas of
competence.  Attorney Steve Barber explained some of the problems with
a licensing model, including the fact that licensing is usually
handled by the states and thus varies from state to state.  John
Marciniak of CTA Inc. stated that the computer industry does not need
licensing because the companies, not the programmers, stand behind their
products.  He suggested that a voluntary certification program be
considered instead.  Another panelist (whose name was not in the
program) insisted that "when a B777 [a plane with completely
computerized controls] goes down, we will have licensing."  He
suggested that computer professionals come to a consensus about what
kind of licensing they want so that they can tell congress when
congress demands licensing.  Gotterbarn urged people interested in
working on a licensing proposal to contact him at d.gotterbarn@computer.org.


The final panel of the day, "Hackers and Crackers: Using and Abusing
the Networks," was led by Emmanuel Goldstein, publisher of 2600
magazine.  Goldstein hung a sign reading "hackers" on the table where
the four other panelists sat.  He hung a sign reading "crackers" on an
empty table at the opposite side of the podium.  "One thing that
distinguishes hackers from crackers is that hackers are here and
crackers are not," said Goldstein.  After rattling off several other
differences he looked under the empty table and retrieved three boxes
of crackers (the edible kind).  "Alright I stand corrected," he
quipped.  As Goldstein spoke admiringly about hackers and their quest
for knowledge, several audience members were mumbling that they didn't
understand.  Goldstein then unveiled a large photograph of hacker
Phiber Optik and played a taped message that Phiber recorded from
prison.  Panelist Bruce Fancher of Mindvox said he used to think there
was no problem with breaking into other peoples' computer systems.  "I
think my opinion changed when I started running a public access
Internet site....[I discovered that a breakin] wasn't that
charming."  He encouraged hackers to explore and learn about computer
systems, but urged them not to break into other peoples' systems.
Panelist Robert Steele described hacking as "elegance."  He explained,
"Hacking is doing it better than it has ever been done before," no
matter what "it" is.  He added that hackers should not be blamed for
breaking into systems because most systems are wide open to attack.
"Ethics is nice.  Engineering is better," he stated.  Panelist Bob
Strantton of UUNET discussed the need for an electronic "place" people
can go to learn things without disrupting the work of others.  During
the Q&A session Goldstein illustrated how unsecure computer and
telecommunication systems are by picking up a cellular phone call on a
hand-held scanner, much to the amazement of some audience members.


The day's program concluded with a dinner reception at Chicago's
Museum of Science and Industry.  The food was tasty (finally a decent
meal) and the museum exhibits were both educational and enjoyable.


The final day of the conference began with a 9 a.m. panel on "The Role
of Libraries on the Information Superhighway."  Carl Kadie, editor of
Computers and Academic Freedom News, described several cases in which
he had turned to library policies when recommending solutions to
computers and academic freedom problems.  Kadie explained that
libraries have adopted policies that protect free speech and free
access to information.  Next Bernard Margolis, director of Pikes Peak
Library District discussed the roles of libraries on the information
superhighway, describing libraries as on ramps, filling stations, and
driver training schools.  He also noted that as electronic resources
have been added to the Pikes Peak libraries, the demand for
traditional resources has not decreased.  Elaine Albright of the
University of Maine library described some of the issues related to
electronic information delivery currently being discussed by
librarians.  A pamphlet discussing these issues is available from the
American Library Association by contacting u58552@uicvm.uic.edu.


The next panel, "International Governance of Cyberspace: New Wine in
Old Bottles -- Or is it Time for New Bottles?" was another discussion
for the lawyers in attendance.  I got lost in the legal jargon as
panelist discussed whether cyberspace has sovereignty and what sort
of laws could be practically enforced there.  Panelist Herbert Burkett
described the net as "the greatest threat to national sovereignty
since the opening of the first McDonalds in Paris."  In the Q&A period,
cypherpunk Eric Hughes put the whole conversation in perspective (for me
at least) when, referring to people who use cryptography to hide their
identities, he asked "How is national sovereignty going to have
any effect if you can't find us?"


The final conference lunch featured more squash and short
presentations from three of the student paper competition winners (the
fourth winner, a student from the computers and society course I
taught last semester, was not able to attend the conference).


The first panel after lunch discussed "The Electronic Republic:
Delivery of Government Services over the Information Superhighway."
This was an interesting, but relatively low bandwidth session about
how governments can use information technology to collect and
disseminate information.  Panelists from information "kiosk" vendors
had nothing but praise for pilot projects in several states.  However,
Jeff Arnold of the Cook County circuit court raised a number of
concerns about allowing the public to access computerized court
records.  In particular he was concerned about people who want to use
court records to generate advertising mailing lists (a list of recent
divorcees or traffic offenders for example) and liability for
incorrect information.


The next panel, "Education and NREN, K-12" was quite interesting, but
not well attended.  (By this time most conference participants were
networking in the hallway outside the main conference room.)  The
panelists generally agreed that most schools are organized in a way
that is not reflected in the organization of the Internet.  Panelist
Steve Hodas explained that schools are usually organized into tidy
departments and that information flows mostly in one direction (from
book to student).  In addition schools generally regard the absence of
censorship as a system failure.  The Internet, on the other hand, is
not tidy, allows a two-way flow of information, and views censorship
as a system failure.  Hodas warned, as people rush in to protect schools
from the net, "we must remember to protect the net from the schools."
Panelist Philip Agre added, "American democracy is suffering, in part
because of educational practices."  Janet Murray, a school librarian,
gave a humorous presentation in which she emphasized the importance of
freedom of access to information.  "If you're worried about what students
can access on the Internet, think about what else they have access to," she
said as she displayed slides of racy material found in popular
news publications.


The final CFP94 session was titled "Guarding the Digital Persona."
The panelists first discussed the problem of too much personal
information finding its way into the hands of direct marketers.
Possible solutions discussed included requiring yellow-page style
advertising and creating a new legal fiction -- an electronic person
with the right to own money, communicate electronically, and not be
arbitrarily deleted.  The legal fiction suggestion was motivated by
the idea that it would be impossible to create useful profiles of
people if all the information about them was compartmentalized and
each compartment had a separate identity.  This idea seemed to be
bordering on science fiction, and thus the final speaker, science
fiction writer Bruce Sterling, seemed an appropriate choice to bat
cleanup.


I had considered writing an abstract for this lengthy report, but I
don't think I could do as good a job as Sterling did in his remarks.
I have read some of Sterling's books, but this was the first time I
have heard him speak.  I must say, the man can speak as well as he
writes, and he writes pretty darned well.  Sterling began his talk by
stating his general lack of concern about privacy.  "Being afraid of
monolithic organizations, especially when they have computers, is like
being afraid of really big gorillas, especially when they are on
fire," he explained.  "How can privacy abuses be kept a secret?"  He
then proceeded to describe what he will remember about CFP94.  He
characterized this conference (the fourth CFP) as "the darkest CFP by
far."  Referring to the administration's proposed encryption policy he
stated, "I see nothing but confrontation ahead."  Sterling reminded
the audience of David Lytel's unsettling key note address ("Who was
briefing that guy?") and Stewart Baker and the seven myths that the
NSA wants you to believe are not true ("a tone of intolerable
arrogance").  And he mentioned Dorothy Denning, one of the few Clipper
supporters in the computer science community.  Denning was not in
attendance this year, but she was worth mentioning because she was
certainly present in spirit.  Read the talk yourself if you see it
posted on the net.


I think Sterling identified what was on the minds of most conference
attendees.  While some attendees were extremely concerned about their
privacy, most had never really considered that they had anything to
hide, or even anything that anyone else really wanted to know.  And
yet, almost everyone was bothered by the Clipper proposal and the fact
that it would treat them as if they had something to hide.  Last
year's conference was much more animated and controversial.  People
were constantly complaining that there wasn't enough time for all
views to be heard.  This year there was much more harmony; but it
was a dark harmony.  The disagreements among panelists seemed
relatively insignificant when compared to the disagreement between
the people and their government.


Epilogue: As I rode the train out to the airport, I noticed an
advertisement for the Chicago Sun-Times "Social Security Sweepstakes."
It seems the Sun-Times is asking people to send in their names and
social security numbers for a chance to win a trip to Hawaii.  Is this
informed consent?


                             -- Lorrie Faith Cranor
                                March 27, 1994


/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Lorrie Faith Cranor                 Engineering and Policy, Computer Science
Washington University        http://dworkin.wustl.edu/pub/lorracks/home.html
1 Brookings Dr Box 1045
St. Louis, MO 63130        "UNLESS someone like you cares a whole awful lot,
lorracks@cs.wustl.edu   nothing is going to get better. It's not." -Dr.Seuss
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/