IP: Internet as Pawn in a Dangerous Euro-American Duel on Datamining and E-Commerce

[Dave Farber <farber@cis.upenn.edu>]

As others  foreign writers have said "an interesting note"  djf 

Date: Sun, 4 Oct 1998 19:04:20 -0400
From: Gordon Cook <cook@cookreport.com>



INTRODUCTION
FROM GORDON COOK


When I published my long explanation of the formation of ICANN on Thursday
October 2nd, I asked the rhetorical question of why Ira would force things
to such disagreeable conclusions - including the "I dare" NSI to go to
court on .com.

This essay seeks to find a plausible explanation for that question.  It
suggests that the only answer that makes any sense out of what is happening
is Magaziner's need to consolidate American control over the Internet in
order to use that control as a bargaining chip against the Europeans and
Asians to be able to force them to capitulate to American corporate demands
in the EC privacy disputes coming to a head October 25 and with this action
to gain leverage for the Clinton administration's crypto policies which
although, Ira says at home he does not support, he like a good soldier
carries out abroad.

HYPOTHESIS

I asked the question a few days ago: what could justify Ira's heavy handed
tactics.  What stakes could be large enough to risk the stability of the
net?  Here is an informed hypothesis based first on a 90 minute
conversation with an expert source in these areas who has a heavy
international background.  (I have also over the last three days reality
checked this hypothesis with a cross section of American and foreign
insiders.  I have now also documented it with articles drawn from the web.)
Ira, I fear, is using the internet as a pawn in a far bigger game.  The
game is inextricably linked with the privacy statutes of the EU and OECD
and the coming October 23th deadline for American companies doing business
in Europe and data mining on European citizens as part of their ordinary
activities.  It is also inextricably linked with the international
encryption debate which has resulted in policies that hamper European
ability to build competitive software for e-commerce in general.  This
hypothesis is increasingly reinforced by my private conversations with
European press and senior figures in the American internet who are not
pleased at what is happening.

1. Since 1995 Ira has shaped policy mechanisms being used to turn the
internet into an American-controlled, strategic vehicle for conducting
global economic commerce on American terms.

2.  He has done so in direct opposition to the 1995 European Privacy
Commission Directives prohibiting export of data from EU countries to
countries such as the United States who have no laws protecting the privacy
of their citizens.

3.  He has been saying to the Europeans since the release of his electronic
commerce paper in July 97 that the answer is industry self regulation.  And
asking that we should trust the data mining companies to regulate
themselves despite the fact that the global internet gives them the power
to leverage the results and impact of their data mining by an order of
magnitude.

4.  In May 1998 he promised the Europeans and Asians that he would prove to
them that industry "self-regulation" would be the way to go by saying that
he would deliver an industry formed and driven consensus model for the new
IANA corporation by Oct 1..

5.  As we crashed into the October 1 deadline last week, he had no choice
but to pull out all the stops in order to achieve what he had promised to
deliver --  even if it meant perverting the process and acting behind the
scenes to pick winners.

6.  At the same time he has created an ICANN with a Board that has no real
checks in its ability to set prices and policy for names (DNS), numbers
(IP) and protocols.  (A dissenting point of view says that while this may
be true, the IETF has already served notice on ICANN, that should it
interfere with IETF processes, it will take its protocol work elsewhere.
It adds that, if it demanded an unreasonable amount of money from ARIN for
IP space, ARIN would be screwed, but that the other two registries - RIPE
and APNIC could do just fine without complying for 18 to 24 months.)

7.  That ICANN has been established with a public authority financing model
subject to no outside fiscal restraint and with largely unknown corporate
board members with interests more in electronic commerce than in the
Internet itself.  He has declared that he will NOT allow that board to have
a foreign majority.  (The opposing point of view says that it effectively
has a foreign majority and that there are inherent possibilities built in
for disobedience on the part of the supporting organizations to policies of
fiscal profligacy.)

8.  Thus the Board and the by laws will be presented in Ottawa as a fait
accompli to the OECD next Weds.  The message will be: accept our self
regulation model and call off your the implementation of your October 25
Privacy Commission Directive and we'll give you a real seat at the ICANN
table.  Fail to do this and our new ICANN demonstrates that we can use the
device that we have created to increase our dominance of the internet as a
medium of commerce and do so at your expense.  (The opposing point of view
feels that we are right in the focus on the danger of the October 24th
deadline and on Ira's wanting to show that self regulation can work and
wrong in assuming that Ira is using ICANN as a bargaining chip.  It adds,
however, a warning that, in a year or two many critical decisions on the
conduct of e-commerce with likely gravitate to an d be made within ICANN.)

PRIVACY:  WHAT IS AT STAKE?

>From a Scott Bradner Network World column: "You have no right to privacy.
There is nothing in the US Constitution that guarantees that you have any
ability to protect yourself from those who want to know everything about
you and disclose it to the world. From the local supermarket chain that
requires a special card to get discounts and requires your social security
number to get the special card (then keeps track of everything you purchase
after you get the card) to credit card companies that sell the history of
your purchases to anyone with a few dollars -- personal information is now
a basic part of big business.

The potential for abuse was bad before the Internet explosion, when
corporations had isolated machines that did "data mining" to try and figure
out if you like pistachio ice cream, now with these machines linked the
implications are ominous indeed.

A simple case of potential privacy invasion on the Internet is the ability
of web servers to store facts about your web use in "cookies" in your
browser. Many people regularly run programs on their machines to remove
these cookies but Christian Huitema, the former chair of the Internet
Architecture Board (IAB) has proposed an alternate approach designed to let
histories be built up but to make them useless. You send any cookies you
get off to an Internet-based cookie bank, the bank returns a random cookie
to be used next time you connect to the web server, thus the histories of
many people get jumbled together, negating the reliability of the
information.

The Clinton administration's A Framework For Global Electronic Commerce
(http://www.iitf.nist.gov/eleccomm/ecomm.htm) argues against legal
protection for privacy as is done in many European countries. It argues in
favor of some vaguely defined industry "self-regulation." Somehow I do not
find it comforting to know that the data mining industry is in charge of
protecting my privacy. I'd rather make it so that people that improperly
disclose information go to jail. It would seem to me that a government
prosecutor would have a somewhat better chance against a billion dollar
corporation that I would in trying to right a wrong.

Those who claim that its all for our own good and enables corporations to
better target advertising that we want to see and, anyway, if you have
nothing to hide what are you worried about should take a lesson from recent
events. It was a general acquiesce to an environment of no individual
privacy rights that caused Diana and her companions to be hounded,
literally, to death in a tunnel in Paris. This may seem overly dramatic but
imagine what its like for someone who tests positive to a disease such as
HIV when that information leaks from the corporate doctor to management.
This type of thing is at the bottom of the slope we are going down as we
accept the assertion that an individual has a limited right to privacy.
See:   http://golem.sobco.com/nww/1997/36-privacy.html

>From another Bradner Network World column (late 1997): In general I'm
closer to the European point of view in most cases. The first big
difference is in the area of privacy. The European document supports the
"fundamental right to privacy and personal and business data" and calls for
laws to protect this right. The US view is quite different and implies that
privacy is subservient to business "needs" and only asks for a "voluntary
framework" to protect , at some level, individual privacy.   See:
http://golem.sobco.com/nww/1997/29-e-commerce.html

BACKGROUND ON THE PRIVACY STATUTES DISPUTE

>From an Australian privacy newsletter-- The now-completed 1995 European
Union Directive on privacy and free flow of personal data  .  .  .
prohibits the transfer of personal data from EU countries to any countries
which do not have 'adequate' data protection laws. .  . . .  The Directive
requires all EU member states to implement a Europe-wide standard of data
protection.  from
http://www.austlii.edu.au/au/other/plpr/Vol2No06/v02n06b.htm

"What's the single most important issue threatening worldwide electronic
commerce today? The stalemate between the U.S. and the European Union over
policy on online consumer privacy protection, according to U.S. Commerce
Secretary William Daley.  Daley, testifying today at a House Commerce
Committee hearing on global e-commerce, said that despite the differing
stances, he  is confident that the Europeans, who have issued a directive
that calls for strict protections over the transport of private data, will
ultimately be convinced that American companies "adequately" protect
consumer privacy.  The European directive goes into effect Oct. 25. It
calls for adequate privacy protections but doesn't define how that standard
will be measured. Meanwhile, the Clinton Administration  has adopted a
policy favoring industry self-regulation regarding the notification of
online collection and usage of personal data.  "This could have an impact
on millions of transactions," Daley testified. "It could have an impact on
the free flow of information."  IDG, Sept 20, 1998

In other words the European Union is saying to the US based corporations
like IBM and AOL and many others, if you want to do business in Europe
after October 25th 1998, your companies information systems *MUST* not
transfer personal data from EU countries to any countries which do not have
'adequate' data protection laws.  You do not have adequate data protection
laws.

This has been an issue since 1995. It is likely that major redesign of our
companies information technology systems would be entailed.  It is also
likely that many wouldn't be able to collect the data here if they did not
in Europe.  They have assumed that the Europeans are bluffing.  They are
not.  And we are less than 30 days from it become illegal to transfer
'personal data" from the EU to the US.

Now since the American response is: "self regulation will do therefore the
EC statutes are unnecessary," Ira stuck his neck last May 29 in an
interview when he said that:

If the Internet can be pushed into "effective self-regulation" in the next
few months, then the United States can appeal to the European Union to make
a case that such regulation can succeed.  Because of that, Magaziner is not
terribly worried about what might happen come October when the European
Privacy Directive is to take effect, particularly because the various
nations involved will administer and enforce the directive differently.
"Infoworld Electric, May 29 98"

Therefore Ira needs to deliver full blown "self regulation of the internet"
lest he go to the Canadian OECD meeting on the 7th of October with his own
confident assertion in tatters.

SECURITY ISSUES:  WHY AMERICAN CRYPTO POLICY STICKS IT TO THE REST OF THE WORLD

European Companies Threatened by US Export Controls on Encryption
Technology  (undated 1997 press release)

EEMA is actively lobbying the European Commission in Brussels to improve
competition in the Global Information Society.  .  .  EEMA has identified
that European companies are being severely disadvantaged by not being able
to use secure messaging transmission techniques in conducting legitimate
electronic trading. EEMA recognizes that the principal reasons for this are
the disparate European legislation controlling the use of encryption and
the fact that inter-working with dominant US-based computer software
(operating system and application software) is subject to US legislation
and restrictions.  **These Controls have inhibited European industry access
to effective security products and even worse, block European suppliers
from competing on equal terms with their non-European competitors. Even
more damaging is that EU suppliers are prohibited from supplying their own
products into their national markets.**

A large proportion of the products and services which support the
Information Society are of American origin. In order to integrate their
products into popular applications originating from the US (for example
those supplied by Microsoft), European companies currently need a Software
Development Kit containing the Application Programming Interface (API) or
Cryptographic API (CAPI). If this kit is to be used to produce a product
outside of the United States or Canada it is subject to export controls by
the US government.

The consequence of these controls is that European suppliers are
disadvantaged in comparison with US and Canadian suppliers because their
access to the necessary Software Development Kits is inhibited. European
suppliers must develop detailed plans for approval by the US government,
even if they plan to sell their products into the EU market only, prior to
obtaining the necessary Software Development Kit. There are no guarantees
that EU companies would actually receive such permission. Likewise there
are no indications of how long it might take to obtain such a permission.

Alex Drobik, Chairman of EEMA, comments: "If this is not solved it will
have severe implications for European companies ability to do business in
the international marketplace. Vendors are unable to develop effective
products and as a result users will not get the benefit of secure products.
This has serious knock-on effects right across the supply chain."
http://www.eema.org/prenc.html

European Business in Danger of Being Left Behind in Electronic Commerce
Digital Certification Taskforce Set to Drive European Market

"Amsterdam, June 3rd 1998 - EEMA, the leading forum for advanced business
communications, has today launched the European Certification Authority
Forum (ECAF) at its annual conference in Amsterdam. The main objective for
ECAF is to steer the European Digital Certification market to enable
European businesses to compete effectively in the global online
marketplace. Digital certificates, private and public keys are being used
more and more and are an essential ingredient in the future of Electronic
Commerce, however, until ECAF there was no co-ordinating body. ECAF's main
remit is to establish harmonized European Digital Signature Legislation by
getting the pan-European certification authorities to sign up to a common
way of working.

Roger Dean, Executive Director of EEMA, comments: "Digital certification
will open up real eCommerce opportunities for European businesses, however,
without proper control it will end up as lots of propriety systems that
don't talk to each other as vendors develop their own standards. ECAF will
prevent this by driving common standards across Europe. This is fundamental
if European businesses are to avoid slipping further behind their US
counterparts."

THE INTERNET - AMERICAN CONTROLLED AND ACCESSIBLE TO SNOOPING OF
INTELLIGENCE AND LAW ENFORCEMENT - AS PREMIER VEHICLE FOR ECONOMIC COMMERCE

At the same time Ira has for the past three years focused on his mission
with Tom Kalil and working through the National Economic and Security
Council to setting up the internet as a mechanism for global economic
commerce.....   touting the net as a means on which, in a few year's time,
the majority of the world's economy will depend.

It looks as though Ira's agenda is to do this in such a way that the
internet can be controlled by an American based, incorporated, non profit
public authority set up under American law with a Board, purposefully
established without fiscal restraints and without any oversight or
accountability. And with board members who with a smattering of
international representation can be made as subservient as possible to the
interests of the large American Corporations.  These Board members, through
the GIP, will be passing the cup to pay for the expenses of establishing
ICANN.  Consider Bill Burrington Director of Law and Public Policy and
Assistant General Counsel at AOL, a company which huge data holdings.  He
is the chair of the Washington DC Interactive Services Association which
went on to form the Internet Alliance with membership very similar to GIP.
Burrington is manning the barricades of the companies involved in the
privacy dispute with the OECD.  (Why should Burrington care? Consider AOL's
electronic profiles on its 12 million members) Consider also Andy Sernovitz
of AIM whose members have the same general interests and who helped Barb
Dooley of the CIX sell out the IFWP process.

So even if Ira looks heavy handed -- for this agenda to be used as the
White House intends-- Ira needs to have his ducks in order in time for the
OECD meeting in Canada that begins next week.  He needs to demonstrate that
he has enough power to have rammed through a solution at home.   That is
why things have turned nasty during the last week and why the iron fist is
becoming seen with the incorporation of ICANN , and Postel's submission of
the ICANN proposal  yesterday -- even though, by Ira's own allegedly free
process, ICANN should not yet be seen as the winner.

ICANN WITH ALL POWERFUL BOARD UNKNOWN TO MOST OF THE SENIOR PEOPLE WHO RUN
THE NET

Consider the new board that has also been handed down with the Postel
proposal to Commerce yesterday.  No one I have spoken to knows anything
about any of the board members save for Jun Murai and Esther Dyson.
Conrades is of course well known. Howerver a couple of the most savvy, long
time, well-connected people in the net have told me that they have no idea
from where Conrades will be coming on on key issues.  The Dun and
Bradstreet nominee is seen as a staunch defender of intellectual property
rights in the best Lynn Beresford WIPO and PTO tradition.  The Australian
is utterly unknown and as one of the two from Asia is perceived as a second
insult to Asians who view the Aussies as Europeans.  I have heard a
perception from more than one source that, though irrational as it may seem
to us, that having a Japanese serve on the board is a particular insult to
the other Asian nations.   The Europeans are unknowns here and the
President of Radcliffe, though regarded as a nice person, is seen as
knowing nothing about the issues on which she will have to decide.  This is
an interim board generally stacked with people who can not be expected to
have any appreciation of the decisions necessary to keep the Internet from
falling completely under the sway of American commercial, data gathering
and privacy invasive interests.  One must ask whether is a board that may
be counted on to be compliant to the interests of AIM, the GIP, and the
Internet Alliance.  Conrades, for example, is an ex IBM vice president.

DROP YOUR DEMANDS AND WE WILL GIVE YOU SOME INFLUENCE WITHIN ICANN

Ira is determined to confront the OECD next week with an Internet that *HE*
and the White House clearly controls and to do so as a bargaining chip to
use in getting our way against the Europeans and Asians and Canadians.....
on the issues of encryption and privacy statutes.  It would be instructive
to see the legal basis of the government's arguments being used to get NSI
to cave.  Could it be that their content might be embarrasing?  Several
people assert that the condition that NSI has been asked to agree to bear
no longer any relationship to the conditions of the legally binding 1993
cooperate agreement now in its last day of life.  That is why Becky and Ira
can't afford any leaks.

If SAIC doesn't order NSI to sign Ira's demands by the seventh, then Ira
and the White House will not be as in control of the internet, as they need
to demonstrate themselves to be, in order to use the internet as an
American dominated global commerce weapon against the other OECD
governments.  Given that the majority of SAIC's work is tied to the
intelligence community in the US, I am now convinced that SAIC will be
offered a big enough plum for signing and penalty for not that such that
although Gabe Batista certainly doesn't want to give in, he will be removed
by SAIC if he doesn't capitulate.  Then with .com firmly under the control
of a compliant ICANN Board and Ira insisting that there will be an American
majority the rest of the world can play on *OUR* terms with .com. The
American view is that with the Internet firmly in command of the White
House on American corporate terms, the Asians and Europeans will have no
choice but to back off their privacy and the American encryption demands in
order to get us to refrain from using our control against them.  One of the
experts with whom I have reviewed drafts of this article thinks that
although ICANN does not really extend American control where it was before
and indeed may give the Europeans a greater voice that they had before, the
Europeans may be too angry to see it this way.

Remember also that Europe is trying to launch the Euro in such a way that
it becomes the world's reserve currency. One would like to know whether the
White House orders are do what ever is necessary to see that this effort
fails.

The Europeans and Asians understand perfectly well the power play that Ira
is engaged in.  They are not surprisingly seething with anger.  American
arrogance could be doing dangerous things.  It is likely that Ira believes
that the EC won't dare to start a trade war over the October 25th deadline.
Other sources indicate that European national sovereignty and honor are at
stake and that Ira is making a big mistake to think that rationality will
be operative.  If we drive Europe and Asia into an economic and political
alliance against us, we all will lose.  Privacy, and the freedom to live
our lives without government and corporate political or economic
interference are at stake.
***************************************************************************
The COOK Report on Internet            White House Corrupts Formation of IANA
431 Greenway Ave, Ewing, NJ 08618 USA  Corporation. White Paper a Sham. See
(609) 882-2572 (phone & fax)           http://www.cookreport.com/sellout
cook@cookreport.com                    Index to 6 years of COOK Report, how to
subscribe, exec summaries, special reports, gloss at http://www.cookreport.com
***************************************************************************